Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,

Published byNoelia Jewell Modified over 9 years ago

Similar presentations

Presentation on theme: "Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,"— Presentation transcript:

1 Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager, Identity Management Michigan State University © Michigan State University Board of Trustees

2 Toward InCommon Silver Certification at MSU Jim Green Manager, Identity Management MSU – Academic Technology Services jfgreen@msu.edu © Michigan State University Board of Trustees

3 Why? Use cases – research, government, sensitive data Shibboleth proliferation CIC sharing Opportunity to influence the process Worth doing Can be a driver

4 What we’ve done so far Study IAP and related documents Establish a weekly meeting with IdM, ATS, and Internal Audit Participate in CIC InC Silver conference calls Presented project proposal to ATS management Use a spreadsheet (based on InCommon checklist) to tally gap analysis bullets Summarized issues for Phase 1 report by answering Tom Barton’s questions © Michigan State University Board of Trustees

5 IAP areas Policy – Privacy policy – Policy on disabling netids Business processes – Netid provisioning process Technical infrastructure – Network security

6 Issue categories Documentation lacking – Policy, process, or infrastructure probably OK Policy lacking or doesn’t comply Process lacking or doesn’t comply Technical infrastructure lacking or doesn’t comply

7 Documents lacking 4.2.1.5 appropriate staffing 4.2.2.3 identity proofing 4.2.4.3 credential issuance process Many, many examples of processes that are not well documented

8 Policy lacking or doesn’t comply 4.2.1.3 – privacy policy 4.2.4 – credential issuance and management - -policy on disabling netids, end of lifecycle management of netids 4.2.5.7 – mitigate risk of sharing credentials

9 Process lacking or doesn’t comply 4.2.1.8 – IT audit 4.2.3.4 – strong resistance to guessing shared secret – our password complexity rules likely do not rise to Silver level 4.2.1.9 – Risk management methodology – Background checks not retroactive – Strong digital credentials (?)

10 Technical infrastructure lacking or doesn’t comply 4.2.5.2 – end-to-end secure communication 4.2.4.5.2 – 10 or more successive failed authentication attempts in 10 minutes 4.2.8.3 – physical security – log entrance and exit

11 Approaches New ID Office will manage physical ID cards and digital credentials – reports to central IT Considering two factor authentication Affiliates system in development – System of record for non-HR, non-SIS – Owned by Enterprise Information Stewardship – Operated by Identity Management

Download ppt "Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,"

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Appropriate Access: Levels of Assurance Stefan Wahe Office of Campus Information Security.

Appropriate Access: Levels of Assurance Stefan Wahe Office of Campus Information Security.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Going for the Silver Winter 2010 CSG January 13, 2010.

Going for the Silver Winter 2010 CSG January 13, 2010.
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.

InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.
Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.

Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.
Security and Personnel

Security and Personnel
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Enterprise Architecture 2014 EAAF as a vehicle for LoA Using EAAF processes to incrementally approach InCommon/UCTrust certification.

Enterprise Architecture 2014 EAAF as a vehicle for LoA Using EAAF processes to incrementally approach InCommon/UCTrust certification.
EDUCAUSE Best Practices Build Better Systems Ann West, InCommon Dedra Chamberlin, UC Berkeley.

EDUCAUSE Best Practices Build Better Systems Ann West, InCommon Dedra Chamberlin, UC Berkeley.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.

1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Similar presentations

Ads by Google