Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert."— Presentation transcript:

1 Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert Wu, UCLA Paul Main, UCI UCCSC – August 9, 2005

2 Information Resources and Communications University of California, Office of the President Overview ● Background – What are we building? – UCTrust ● Campus Implementation Experiences – UCLA – UCI

3 Information Resources and Communications University of California, Office of the President What are we building? ● Trustworthy exchange of identity attributes ● Trustworthy identity attributes ● Create a trust environment – Services trust campuses to provide correct identity information – Campuses trust services not to misuse information they receive – Participants trust campuses not to reveal information in appropriately and application snot to misuse that information

4 Information Resources and Communications University of California, Office of the President Federations ● Federations authenticate locally, share identity information globally – Sharing is controlled by policy – Good fit for UC

5 Information Resources and Communications University of California, Office of the President InCommon ● Defines technology for trustworthy exchange of identity attributes. ● Defines common identity attributes ● Emphasis is on broad membership. – Specific agreements (e.g., requirements for identity management) are pairwise.

6 Information Resources and Communications University of California, Office of the President UCTrust ● Establishes global requirements to facilitate system-wide agreements. ● Creates trust in identity attributes through policy. – Policy controls the release of information – Technology enforces that policy – Technology ensures secure transit of identity attributes ● Extends InCommon

7 Information Resources and Communications University of California, Office of the President InCommon Requirements ● InCommon criteria – IdM systems “fall under the purview of organization’s executive management” – Appropriate risk management practices for issuing end-user credentials – Must be documented ● UCTrust requires greater assurance in identity management practices for conformance with existing UC policies

8 Information Resources and Communications University of California, Office of the President UCTrust Requirements ● Campuses must provide authoritative and accurate attribute assertions ● Campuses must have practices that meet minimum standards – establishing electronic credentials and – maintaining individual identity information ● Providers receiving individual identity attributes must ensure its protection and respect privacy constraints defined by the campus

9 Information Resources and Communications University of California, Office of the President Identity Provider Responsibilities ● Identification, registration, and authentication processes – Accuracy and timeliness of identity information; tools to update – Availability of access to enterprise directory, authentication, etc. – Audit logs to enable investigation – Support for end-users, service providers and UCTrust Administration ● Dissemination of policy and best practices

10 Information Resources and Communications University of California, Office of the President Service Provider Responsibilities ● Secure operation of services – Awareness of Identity Provider service levels – Audit logs to enable investigations – Compliance with Identity Provider standards and best practices – Support for end-users, identity providers, and UCTrust administration

11 Information Resources and Communications University of California, Office of the President Community Member Responsibilities ● Community members are the individuals who have officially established an affiliation with a campus ● Community members are responsible for – assurance that their credentials are not given to others – compliance with Identity Provider standards and best practices

12 Information Resources and Communications University of California, Office of the President How Shibboleth Works - Simple Version ● User browses to SP (Target) ● Target asks user's institution's IdP (Origin) for Affiliation ● IdP returns "Student" (for example) to SP ● SP returns requested information to user

13 Information Resources and Communications University of California, Office of the President How Shibboleth Works - Simple Version Institution's Shibboleth IdP Science Magazine SP (User requests to view last month's issue of Science.)

14 Information Resources and Communications University of California, Office of the President How Shibboleth Works - Simple Version Institution's Shibboleth IdP Science Magazine SP Science asks the user's institution, "What is this person's affiliation with you?"

15 Information Resources and Communications University of California, Office of the President How Shibboleth Works - Simple Version Institution's Shibboleth IdP Science Magazine SP The user's institution answers, "This person is a student here."

16 Information Resources and Communications University of California, Office of the President How Shibboleth Works - Simple Version Institution's Shibboleth IdP Science Magazine SP The table of contents for last month's Science is returned to the user.

17 Information Resources and Communications University of California, Office of the President How Shibboleth Works - Real Version Enterprise Directory

18 Information Resources and Communications University of California, Office of the President Campus Identity Management Components ● Enterprise Directory – Business processes – Integration with Payroll and student information systems ● Authentication ● Shibboleth IdP

Download ppt "Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert."

Similar presentations

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,

Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.

InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.
Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.

Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Information Resources and Communications University of California, Office of the President Information Technology Services The California State University.

Information Resources and Communications University of California, Office of the President Information Technology Services The California State University.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.

Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March

Similar presentations

Ads by Google