Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.

Published byRussell Bates Modified over 9 years ago

Similar presentations

Presentation on theme: "The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University."— Presentation transcript:

1 The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University of Washington

2 Context and Challenges  Large institution, diverse populations Three Campuses 43,000 students – Undergraduate, Graduate and Professional Extension Enrollment – 27,000 28,000 Faculty and Staff Two Medical Centers, Neighborhood Clinics, SCCA K-20 network  Result: over 512,000 UW NetIDs in use

3 Environment  Tension between central and decentralized governance Central IT (C&C), also much departmental computing  IT Strategic Plan: No ERP solution build on the legacy use best of breed niche solutions  IAM solutions: Open Source + Professionally-developed In-House

4 Foundation  UW NetID  Kerberos : MIT KDC deployed 1997  LDAP: Netscape Directory Server 1998 (switched to OpenLDAP in 2005)  Web ISO/SSO: pubcookie UW NetID "weblogin" service introduced on campus in 1999  Person Registry: 1999  Privilege Management: ASTRA v1 released 2003

5 Guiding Principles GGray’s Network Security Credo Open networks/Closed servers/Protected sessions Key elements of security architecture: Authn/Authz SSingle, ubiquitous identifier SSSO LLowest latency IIntegration VVisibility PPragmatism

6 Solution: Authentication

7 Solution: Authorization

8 Good outcomes  Roles Adapt to application needs Learn and limit  Authorization Management Central Distributed  Legacy Applications Publish Authorizations Manage Authorizations

9 Recent successes, upcoming challenges  UW Windows Infrastructure: course groups to AD  Treat Exchange population as a Subscription  Generate organizational groups by Budget  Push ASTRA Role occupants to Groups?  Web Service interfaces to LDAP directories  Greater federation via Shibboleth  Grouper  Global IdM  Levels of Assurance … and … of course …

10 Governance and Policy  IT and IM (OIM)  Data Management Committee  Minimum Data Security Standards  Roles Sub-committee

11 The Security Middleware Team (without which …)  Rupert Berk  Heidi Berrysmith  Donn Cave  Nathan Dors  Jim Fox  Anne Hopkins  Ken Lowe  Zephyr McLaughlin  RL ‘Bob’ Morgan  Bob Salnick  Tracy Stenvik  Ann Testroet

Download ppt "The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University."

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; 2004. This work is the intellectual property of the authors. Permission is granted for.

CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; This work is the intellectual property of the authors. Permission is granted for.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Plugging the Policy Gap: If You Build It, Governance Will Follow Ian Taylor University of Washington Copyright Ian Taylor, 2007. This work is the intellectual.

Plugging the Policy Gap: If You Build It, Governance Will Follow Ian Taylor University of Washington Copyright Ian Taylor, This work is the intellectual.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
1 The Evolving Definition of Student: Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.

Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.

Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Graduate Catalog Automation & Publication Project Graduate Catalog Automation & Publication Project.

Graduate Catalog Automation & Publication Project Graduate Catalog Automation & Publication Project.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Security Middleware Update IS Development Staff Forum December 8, 2004.

Security Middleware Update IS Development Staff Forum December 8, 2004.
ASTRA Authorization Management at the University of Washington Rupert Berk Lead, Security Middleware CAMP, Denver, June 27, 2005.

ASTRA Authorization Management at the University of Washington Rupert Berk Lead, Security Middleware CAMP, Denver, June 27, 2005.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.

Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Copyright Copyright Ian Taylor 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Similar presentations

Ads by Google