Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007."— Presentation transcript:

1 Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007

2 Topics Background Governance Business Policies Business Practices Central SP Strategy Departmental SP Strategy

3 Background Legacy intra-campus Web SSO service –Pubcookie 3.3.2d; two login flavors –Uses UW NetID, Kerberos, SecurID services –Over 1,000 registered legacy service providers UW Shibboleth Identity Provider system –Production deployment in 2005 –Over 20 Central / Departmental Shibboleth service providers –Current InCommon member –InCommon SP sponsor (ProtectNetwork, Cdigix, Refworks)

4 Yesterday’s Scores Stage 1 Scores from Self-Assessment Checklist –Policy Steps, 1/7 (14%) –Business Practices 5/6 (83%)

5 Web SSO Governance Questions raised by self-assessment –Who governs the Web SSO service? –Who governs other authentication services? –Who governs application integration? –Who governs UW NetID credential? –And what specifically do they govern?

6 Web SSO Governance Privacy and Security Terms of Use Obligations Liabilities Records Retention & Access What apps must use the service Capabilities (e.g. 2- factor, reauth, logout) Policies (e.g. 8hr SSO duration) Usability Application design

7 UW Shib IdP Business Policies CA trust policy: UW CA, InCommon CA Default ARP for *.washington.edu –eduPersonAffiliation –eduPersonPrincipalName –eduPersonScopedAffiliation UW DNS name contacts can register new SPs

8 UW Shib IdP Business Practices Self-service registration for UW DNS name contacts –Pre-approved status for Central system admins –But SP lifecycles currently unmanaged Allow use on central web-hosting environments –e.g. faculty.washington.edu, staff.washington.edu, students.washington.edu? “Quarter of interest” changes 1st Thursday before quarter start

9 Central Service Provider Strategy No strategy, just highly responsive tactics with partners Central/Partner successes –DRAM, CreateHope, WebAssign, Cdigix, E-academy.com, Confluence, iTunesU (Fall ‘07) Innovation and Discovery –UW NetID sign-up: Cascadia CC, SCCA –NSF Fastlane inter-federation interop work –Shib interop with Microsoft CardSpace –Google Apps (vs Microsoft Windows Live)

10 Departmental Service Provider Strategy Create a Web SSO service roadmap –Legacy vs Shibboleth vs Windows Authentication Create local deploy, migrate guides –Extract knowledge from local Shib team –Set install bar: system admins should be able to install/activate SP in under 1.75 hours Offer Install Fest(s) thru UW Computer Training –For Customer Support staff –For SP “frequent flyers” –For interested admins… seed a community. And trust that Attribute Delivery is the carrot

11 End (Klara … you’re up.)

Download ppt "Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Brown University Shibboleth at Brown University James Cramton April 2, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Brown University Shibboleth at Brown University James Cramton April 2, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.

The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.
Representatives Jon Brickman, Chief Commercial Officer Scott Wymer, Chief Technology Officer L. K. Williams, President.

Representatives Jon Brickman, Chief Commercial Officer Scott Wymer, Chief Technology Officer L. K. Williams, President.
Spring 2012 Internet2 Member Meeting April 25, 2012 Russell Beall, University of Southern California Brendan Bellina, University of Southern California.

Spring 2012 Internet2 Member Meeting April 25, 2012 Russell Beall, University of Southern California Brendan Bellina, University of Southern California.
US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.

US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.
ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.

ARCHER’s Security Requirements within the AAF. 2 Research Repository Requirements (relevant to AAF) Identity Management provided by the Federation  Single-sign-on.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Brown University Shibboleth at Brown University James Cramton May 28, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Brown University Shibboleth at Brown University James Cramton May 28, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Brown University Shibboleth at Brown University James Cramton March 5, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.

Brown University Shibboleth at Brown University James Cramton March 5, 2009 Copyright © James Cramton 2009 This work is the intellectual property of the.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
To Authentication and Beyond An update on C&C’s authentication-related middleware services UW Computing Support Staff Meeting December 16, 2004

To Authentication and Beyond An update on C&C’s authentication-related middleware services UW Computing Support Staff Meeting December 16, 2004
The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.

The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Shibboleth Case Studies: Shibboleth as the Campus Web SSO Albert Wu, UCLA Datta Mahabalagiri, UCLA.

Shibboleth Case Studies: Shibboleth as the Campus Web SSO Albert Wu, UCLA Datta Mahabalagiri, UCLA.
(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,

(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.

Similar presentations

Ads by Google