Presentation is loading. Please wait.

Presentation is loading. Please wait.

CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; 2004. This work is the intellectual property of the authors. Permission is granted for.

Published byShelby Crowthers Modified over 10 years ago

Similar presentations

Presentation on theme: "CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; 2004. This work is the intellectual property of the authors. Permission is granted for."— Presentation transcript:

1 CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; 2004. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 After Pubcookie, Now What? The Authorization Layer at the University of Washington Ian Taylor, Rupert Berk, Heidi Berrysmith

3 Pubcookie Single sign-on to all Web resources a.k.a. WebISO http://www.pubcookie.org/

4 University of Washington Public research institution 3 campuses Student Enrollment (Autumn 2003) of 42,757 (39,136 on Seattle campus) 23,462 Faculty and Staff Decentralized administration No mandating of standard authorization practices No Office of Access & Data Management

5 Authorization history Scores of administrative applications Most created by Computing & Communications Dating from 1970 & each decade since As the technology changed, new applications tended to re-invent Authorization Result: multitudes of mechanisms & procedures Headaches for Administrators & others Now: vendor apps increasingly popular…

6 Integrated Authorization Project Goals: Coherent Authorization mechanism Central system Distributed management Single point of entry on the web

7 Integrated Authorization Project Timeline August 2000: Integrated Authorization Project kickoff IAP Planning Group: visions, rules, designs, 9 months. May 2001: First developer hired... September 2002: Second developer hired... Result: ASTRA: Access to Systems, Tools, Resources and Applications January 2003: ASTRA v. 1.00.00 released to production

8 ASTRA Approach to Development Meet the local needs first; dont ignore approaches and solutions at other institutions Take an incremental, stepping-stone approach Continue to respond to the changing needs of the community of users (application developers, campus users, etc.)

9 ASTRA Authority Attributes Initial Theory –Party –Domain (affiliation) –Role –Privilege –Action Current Practice –Party –Privilege (application) –Role –Action –Span of Control –Qualifier

10 ASTRA Concepts & Rules An Attribute Authority service Consuming applications No self-authorization allowed Distributed Management of Authorization –User: uses the consuming application –Authorizer: uses ASTRA to create Users –Delegator: uses ASTRA to create Authorizers Post Entry Review Messages (PERMs)

11 ASTRA Concepts & Rules Complete history of authorization activity preserved for an audit trail Spans of Control (access restrictions) –Budget Numbers, Payroll Unit Codes, Curriculum Codes, Facility Numbers, etc. –Source is always external to ASTRA –Encourage use of shared, institutional sets of values vs. private, idiosyncratic sets

12 ASTRA Demo Over to Heidi …

13 Technical: Architecture Web user interface –Microsoft ASP –J++ COM+ Data store –SQL Server APIs –Campus-wide Web service (.NET) –Trusted server farm environment COM.NET/COM+ Batch export

14 Technical : Architecture

15 Technical: APIs

16 Technical: Security User Authentication –PubCookie (Authentication Service) –Two-factor authentication (SecurID) required by web interface Application Authentication –X.509 certificate authentication required by web service (UWSCA) –Domain name authentication required by COM+ API Applications retrieve only data to which they are authorized

17 Technical: Performance Performance is sufficient for now Recommended usage of ASTRA service: one request per user session. Applications are asked to cache that data. Future: Push authorization data to an LDAP store for improved speed and availability

18 What Did it Take to build ASTRA? Resources, effort, staffing –1-3 developers –1 part-time project manager –1 part-time business analyst –1 very part-time UI designer Infrastructural support: System and DB administration provided Funding

19 What Did it Take to implement ASTRA? High level buy-in from the Administration Training: jointly with Application Client Support teams ASTRA Client Support: low level of activity Empowerment and education: rights and responsibilities of Authorizers/Delegators Open Door Approach: invite & encourage applications to participate

20 Lessons learned Evolutionary path, incremental development, adaptive approach: this works Dont let the technology overwhelm the business realities (e.g. the Roles issue) Sell the big picture and the long-term perspective to application developers Authorization is difficult to talk about Need successful partnerships

21 Results After 15 months in production, 8 client applications –In active development: 3 –In discussion: 15 –Prospective: 14 6 Delegators 314 Authorizers 4464 Users

22

23 Benefits No attempt yet to measure cost or time savings Developers: no need to invent access control for their applications Administrators: single point of entry, more control, more visibility of authorizations University enterprise: auditable, accessible data Future: Personalized MyWork portal

24 The Future So bright … More consuming applications More application features Shibboleth, and so on …

25 Contacts and Resources www.washington.edu/computing/astra astra@washington.edu

26 Contributors Ian Taylor Rupert Berk Ann Testroet Heidi Berrysmith Gabe Florentino Alexis Raphael Tracy Monaghan Advisory Committee

Download ppt "CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; 2004. This work is the intellectual property of the authors. Permission is granted for."

Similar presentations

How to Implement an Enterprise Portal at a Small Campus MWRC06 Ilya V. Yakovlev, Ph.D. University of Wisconsin-Superior.

How to Implement an Enterprise Portal at a Small Campus MWRC06 Ilya V. Yakovlev, Ph.D. University of Wisconsin-Superior.
Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.

Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.
Culture Change: What IT Takes to Create a Quality Customer Service Environment Presented By: Anne Agee, Executive Director, Division of Instructional and.

Culture Change: What IT Takes to Create a Quality Customer Service Environment Presented By: Anne Agee, Executive Director, Division of Instructional and.
A Successful Help Desk Process for all IT Support

A Successful Help Desk Process for all IT Support
WebISO PanelEducause SAC 2003 1 Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.

WebISO PanelEducause SAC Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman 2004. This.

Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman This.
Communication Problems Re-solved Copyright Tom Kruse and Jeanne Skul 2005. This work is the intellectual property of the author(s). Permission is granted.

Communication Problems Re-solved Copyright Tom Kruse and Jeanne Skul This work is the intellectual property of the author(s). Permission is granted.
Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,

The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,
Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.

Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.
A Web-based Bibliography Management Initiative: Collaborating for Classroom and Library Technology Integration Brian Nielsen, Academic Technologies Denise.

A Web-based Bibliography Management Initiative: Collaborating for Classroom and Library Technology Integration Brian Nielsen, Academic Technologies Denise.
University of Washington CUMREC 2003 A Self Sustaining IS Consulting Unit - Client Services Project Consulting University of Washington CUMREC 2003 Copyright.

University of Washington CUMREC 2003 A Self Sustaining IS Consulting Unit - Client Services Project Consulting University of Washington CUMREC 2003 Copyright.
Copyright Dickinson College 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Dickinson College This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
IT Strategic Planning From Technical Dreams to Institutional Reality

IT Strategic Planning From Technical Dreams to Institutional Reality
Providing and Managing Technology Training Providing & Managing Technology Training Susan McKibben The University of Akron.

Providing and Managing Technology Training Providing & Managing Technology Training Susan McKibben The University of Akron.

Similar presentations

Ads by Google