Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Published byEthan Hensley Modified over 9 years ago

Similar presentations

Presentation on theme: "Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007."— Presentation transcript:

1 Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007

2 Agenda Disclaimer Disclaimer About Penn State About Penn State Level Set on Levels of Assurance Level Set on Levels of Assurance –Delivering of the package Uses for LOA Uses for LOA –Both Internal and External to the university Points to Ponder Points to Ponder Discussion, Q&A Discussion, Q&A

3 Penn State

4 Established 1855, PA’s Land Grant Established 1855, PA’s Land Grant 24 campus locations 24 campus locations 80K students, 10K faculty, 10K staff 80K students, 10K faculty, 10K staff $640M annual research expenditure $640M annual research expenditure

5 Penn State IAM - Technology Kerberos, DCE, Active Directory Kerberos, DCE, Active Directory LDAP (eduPerson) LDAP (eduPerson) Cosign (WebAccess) Cosign (WebAccess) Shibboleth Shibboleth Member of InCommon Member of InCommon 2 nd Factor Authentication 2 nd Factor Authentication “Access Account” - branding for Penn State identity ~120K “Access Account” - branding for Penn State identity ~120K “Short Term Access Accounts” “Short Term Access Accounts” “Friends of Penn State” - branding for external identity, ~450K “Friends of Penn State” - branding for external identity, ~450K

6 Level Set - Delivering of the Package….

7 It’s all about how certain you are…

8 And how Certain you need to be…

9 Scenario 1… deleted image of favorite web site here…

10 deleted photo of well known delivery vehicle.

11 deleted photo of individual from well known delivery service

12 deleted image of nicely wrapped gift here….

13 Scenario 2… deleted image of favorite website

14

15

16

17

18 Risk Identity Proofing Logical & Physical Control Indemnification Liability Laws & Regulations Data Intellectual Property Transaction Identifying and Mitigating Risk

19 Uses for Levels of Assurance

20

21 eCommerce Compliance Payment Card Industry Questionnaire 8.11 Payment Card Industry Questionnaire 8.11 –Is there an account-lockout mechanism that blocks a malicious user from obtaining access to an account by multiple password retries or brute force? Yes No Card Industry following bank industry requirement for 2 nd Factor Authentication Card Industry following bank industry requirement for 2 nd Factor Authentication

22 Business Transactions Electronic Signatures Promissory Notes

23 W-2 Information Online

24 “THE” Demo (at least the boss’s part) Internet2 FastLane Demo

25 Points to Ponder Decreasing of LOA Password Resets

26 In Person Proofing

27 It’s a big, big world Not all university affiliates are located on the campus In fact, there are some we never see

28 Remote Proofing Notary Forms of Id

29 Self Service - Ask Questions? ? ? ? ? ? ? ? ? ? Mother’s Maiden Name Favorite Color Favorite Pet’s Name Create own Q & A Spouse’s Nickname First Concert Attended

30 www.londonstimes.us Distribution At times snail mail is still preferred and more trusted…

31 Points to Ponder Multiple Registration Authorities

32 Multiple Registration Authorities World Campus Registrar Admissions Human Resources Accounts Office Hershey Medical

33 Multiple Registration Authorities Registration Authority’s need to change their requirements to meet identity provider requirements. Registration Authority’s need to change their requirements to meet identity provider requirements. Understand processes tied to business such as the activation of accounts, resetting of passwords, etc Understand processes tied to business such as the activation of accounts, resetting of passwords, etc Applications relying on these processes Applications relying on these processes –Applications need to change –Processes for proofing, notification, etc all need to be changed –Activation of accounts and resetting of passwords needs to change

34 Multiple Registration Authorities Multi-factor Authentication multi-factor remote network authentication. identity proofing procedures require verification of identifying materials and information. based on proof of possession of a key or a one-time password through a cryptographic protocol.

35 Points to Ponder Changing the Culture

36 Changing the Culture Identifying & Adding new applications and services Identifying & Adding new applications and services Risk Assessment Risk Assessment –Ownership –Data, Transaction, Function Access control = authentication + LoA + attributes Access control = authentication + LoA + attributes

37 To Summarize: It’s All about how certain you are… And How Certain you need to be…

38 Questions/Comments Contact Information Renee Shuey ITS Emerging Technologies Group Pennsylvania State University RSHUEY@PSU.EDU

39 Copyright Renee Shuey 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Download ppt "Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007."

Similar presentations

Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.

Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
Social Networking Technologies: A “Poke” for Campus Services Joanne Berg, Vice Provost and Registrar Lori Berquam, Dean of Students Kathy Christoph, Director,

Social Networking Technologies: A “Poke” for Campus Services Joanne Berg, Vice Provost and Registrar Lori Berquam, Dean of Students Kathy Christoph, Director,
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April.

EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.

On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
Seeing the Forest and the Acorns in the Decision Tree Sandy Burke Computing Center HelpDesk Manager Copyright Sandy Burke, 2003. This work is the intellectual.

Seeing the Forest and the Acorns in the Decision Tree Sandy Burke Computing Center HelpDesk Manager Copyright Sandy Burke, This work is the intellectual.
Pace University Rebounding from the World Trade Center Disaster Copyright Barbara Cunningham, 2001. This work is the intellectual property of the author.

Pace University Rebounding from the World Trade Center Disaster Copyright Barbara Cunningham, This work is the intellectual property of the author.
Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland

Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey 2007. This work is the intellectual property.

Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey This work is the intellectual property.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
1 Penn State’s Identity & Access Management Initiative “It’s all about who you know … and what you know about them”

1 Penn State’s Identity & Access Management Initiative “It’s all about who you know … and what you know about them”
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.

JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College Copyright Penn State University-2008. This work is the intellectual.

Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College "Copyright Penn State University This work is the intellectual.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Similar presentations

Ads by Google