1. Identity and Access Management IST Retreat 2008

2. WATIAM Basic Timeline Licence, agreement, SOW, initial training, scope (Jun-Sep 07) Requirements phase (Oct-Nov 07) Design phase (Dec-Jan 08) Development, test, prototype infrastructure (Jan 08) Build phase (Mar-May 08) Production environment (Jun 08) Acceptance testing (Jul-Aug 08 TBD) Go-live (Aug-Oct 08 TBD)

3. Phase I Scope UWdir (“ego”) replacement, redesign and enhancements: interfaces for Quest, HR, CECS, ODAA, Telephone Services constituencies to include faculty, staff, students, applicants, employers, alumni, guests, etc. provisioning for identity and accounts in IDM to ADS, files shares and user profiles, Unix delegated administration (e.g., reports and monitoring, sponsored accounts) extracts for Faculties (e.g., email loads, class provisioning) white pages deprovisioning services (e.g., in-use data in expiry) self-service (e.g., registration, password changes, key data element synchronization) SOAP/XML service layer for CECS Special Projects Blackbaud Netcommunity support for ODAA

4. UWdir versus WATIAM Workflow (automated creates and deletes, identity merges, workflow for changes) Real-Time Connectors (HR, Quest) Policy Review (initial cleanup) New Constituencies (employers, alumni) Department Coding (cleanup of codes, labels) CSO/PH Removal Virtual Identity (multiple roles and extended information) Extended Group and Role Information (ADS/bang accounts) SOAP/XML Services Layer Self-Service (email synchronization, challenge questions) JobMine / E-Community Authentication Removal Account Reconciliation / Verification Technical Stack (Oracle, Java, XML/Express, SUN/JES) Authoritative Sources (new definition)

5. Current Status Iterative Builds (latest) i.Provisioning (ADS, Unix) ii.OpenLDAP (online inquiry) iii.HR, Quest, TS connectors iv.User self-service v.Delegated admin and privileged access vi.Life Cycle (create user, update, delete), Precedence and Matching rules Work Pending i.Extract files (Faculty, HR, etc.) ii.CECS & ODAA interface iii.New hardware

6. Good, Bad, Ugly … lessons learned, challenges, … resource changes training course availability “virtual” concept leading edge (evolving product) initial scoping exercise and terminology consultants and tools proof of concept value toolkit (Express, workflow)

7. Other Project Activities Audit (de/provisioning, account reconciliation, technical stack, security) Hardware (T5520s) Training Web Site http://www.adm.uwaterloo.ca/infoidm/

8. SUN User Group 1 st Canadian meeting – Toronto May 2008 Presentations / Topics Examples Bell (36 HR systems, contractors) WSIB (version control, upgrade cycles)

9. User Group Themes / Tidbits I.Go slowly II.Lots of discussion around Federation III.Not much “out of the box” (lots of configuration) IV.Common pitfalls (trying to get all the roles, going it alone, clean data) V.OpenID initiative (self-managed ID) VI.ERP

10. Product Roadmap We have release 7.1 Release 8.0 (Summer 2008) Role manager Release 9.0 (TBD 2010) Decoupled connectors Open source Full Suite (Access/Fed, ID Mgr, Directory Serv, Open SSO, Role Mgr, Open DS)

11. Peer (SUN) Institutions Western (business analysis June 2007 to present) Guelph (postponed due to CIO re-org, reinitiation imminent) Queens (initial focus on staff/faculty, student work beginning)

12. Phase II Access Manager (web authentication, SSO) Federation (edupass, TUG, BBNC) Faculty Provisioning

13. More Phase II Quest post-upgrade (real-time) Synch-back (accounts and data for HR, Quest, Telephone) MS Exchange (provisioning) Continuing Ed (campus view) Enhanced matching (address, etc.)

14. Links http://www.adm.uwaterloo.ca/infoidm/ http://www.sun.com/software/products/identity/index.jsp

15. Questions & Discussion