Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust."— Presentation transcript:

1 Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust UCCSC – August 8, 2005 David Walker Office of the President University of California

2 Information Resources and Communications University of California, Office of the President What is the problem? ● How can services of one UC campus be accessed by users of another UC campus? ● Moving toward a new business environment – UC employee self-service and benefits – access to any UC campus library system – Inter-campus access to course management systems – collaboration within the Academic Senate – administrative applications

3 Information Resources and Communications University of California, Office of the President Federations ● Federations authenticate locally, share identity information globally – Sharing is controlled by policy – Good fit for UC

4 Information Resources and Communications University of California, Office of the President What are we building? ● Trustworthy exchange of identity attributes ● Trustworthy identity attributes ● Create a trust environment – Services trust campuses to provide correct identity information – Campuses trust services not to misuse information they receive – Participants trust campuses not to reveal information inappropriately and applications not to misuse that information

5 Information Resources and Communications University of California, Office of the President InCommon ● Defines technology for trustworthy exchange of identity attributes. ● Defines common identity attributes ● Emphasis is on broad membership. – Specific agreements (e.g., requirements for identity management) are pairwise.

6 Information Resources and Communications University of California, Office of the President UCTrust ● Establishes global requirements to facilitate system-wide agreements. ● Creates trust in identity attributes through policy. – Policy controls the release of information – Technology enforces that policy – Technology ensures secure transit of identity attributes ● Extends InCommon

7 Information Resources and Communications University of California, Office of the President UCTrust ● Pilot project with three campuses – UC San Diego – UC Los Angeles – UC Irvine ● UCOP applications – Your Benefits Online – California Digital Library

8 Information Resources and Communications University of California, Office of the President InCommon Requirements ● InCommon criteria – IdM systems “fall under the purview of organization’s executive management” – Appropriate risk management practices for issuing end-user credentials – Must be documented ● UCTrust requires greater assurance in identity management practices for conformance with existing UC policies

9 Information Resources and Communications University of California, Office of the President UCTrust Requirements ● Campuses must provide authoritative and accurate attribute assertions ● Campuses must have practices that meet minimum standards – establishing electronic credentials and – maintaining individual identity information ● Providers receiving individual identity attributes must ensure its protection and respect privacy constraints defined by the campus

10 Information Resources and Communications University of California, Office of the President Identity Provider Responsibilities ● Identification, registration, and authentication processes – Accuracy and timeliness of identity information; tools to update – Availability of access to enterprise directory, authentication, etc. – Audit logs to enable investigation – Support for end-users, service providers and UCTrust Administration ● Dissemination of policy and best practices

11 Information Resources and Communications University of California, Office of the President Service Provider Responsibilities ● Secure operation of services – Awareness of Identity Provider service levels – Audit logs to enable investigations – Compliance with Identity Provider standards and best practices – Support for end-users, identity providers, and UCTrust administration

12 Information Resources and Communications University of California, Office of the President Community Member Responsibilities ● Community members are the individuals who have officially established an affiliation with a campus ● Community members are responsible for – assurance that their credentials are not given to others – compliance with Identity Provider standards and best practices

13 Information Resources and Communications University of California, Office of the President Identity Provider Minimum Requirements - 1 ● Restricted and Essential, according to IS-3 ● Employees identified by UC hiring process, students by UC admissions process, others according to campus policy ● Re-verification of “legacy” identities ● Encrypted authentication ● UC-specific attributes (e.g., UcnetID)

14 Information Resources and Communications University of California, Office of the President Identity Provider Minimum Requirements - 2 ● Registration either in-person or remote with a confirmation step ● Checks for easily-guessed passwords ● Timeouts for single sign-on ● Documentation ● Help desk

15 Information Resources and Communications University of California, Office of the President Service Provider Minimum Requirements ● Compliance with University policy for security, privacy, and application development ● Security of the service ● Usability testing ● Help desk

16 Information Resources and Communications University of California, Office of the President Best Practices ● Synchronization with Repositories of Record ● Multi-Factor Authentication ● User Interface Design

17 Information Resources and Communications University of California, Office of the President What's Next? ● UCFY/YBO ● Library resources ● Guest wireless access? ● Collaboration services? ● Your ideas?

Download ppt "Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust."

Similar presentations

Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.

Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,

Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,
Confidentiality, Ethics, Privacy, and Access REPORT FROM CONFIDENTIALITY, ETHICS, PRIVACY AND ACCESS Group B.

Confidentiality, Ethics, Privacy, and Access REPORT FROM CONFIDENTIALITY, ETHICS, PRIVACY AND ACCESS Group B.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Information Resources and Communications University of California, Office of the President Information Technology Services The California State University.

Information Resources and Communications University of California, Office of the President Information Technology Services The California State University.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Mary Dunker Common Solutions Group January 12, 2010.

Mary Dunker Common Solutions Group January 12, 2010.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.

Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Similar presentations

Ads by Google