Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant.

Published byAmber Daniel Modified over 9 years ago

Similar presentations

Presentation on theme: "1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant."— Presentation transcript:

1 1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant Vice President and University Registrar

2 2 Shared Secrets, Shared Vision, Shared Governance, Shared Technologies Life-cycle: A Shared Vision Policies and practices Reusable and scalable infrastructure and tools Governance Needs Everyone – not just an IT concern

3 3 A Life Cycle Point of View High school to Undergraduate to Alumni to Graduate to Employee and Friends > 100,000 applicants > 350,000 alumni, friends, guests! Around-the-world sites – Ithaca, NY; New York City, and Washington, D.C. Doha, Qatar, Singapore, Beijing; Paris, France; Rome, Italy; Seville, Spain; London, England; Dublin, Ireland; and Geneva, Switzerland and Geneva, NY, and others. Around-the-world connecting points – faculty collaborators; students, employees, alumni, parents

4 4 Simplify connecting people in our community Provide access for the right people to the right information, anytime, any place Process entry and access to information services, securely and efficiently Connecting from the very beginning

5 5 Link people and services – Anytime, Anywhere, Securely Adopting commonly developed technology tools – Shibboleth, InCommon – Grouper, Signet, Federated IdM Inter-institution collaboration – faculty research, document transmission, international exchange and study abroad Business partners – Inter-Library Services (ILIAD), National Student Clearinghouse, Law School Admissions Council (LSAC), Veterinary Medical College Application Service (VMCAS), American Medical School Application Service (AMCAS), CollegeBoard, Educational Testing Service, and others

6 6 Improve management of risk Provide appropriate level of access into transactional systems Facilities and other resource access Protect university and college reputation

7 7 Reusable and Extendable Tools Provision identity from the beginning Common policies and procedures Reusing best practices and technologies

8 8 Use Case: Student Identity Life Cycle

9 9 Identity Management goals for student services “Instant” onboarding –Establish applicant/student relationship with Cornell as early as possible –No lines on day 1 for students Replace paper-based, manual processes with online self-service options Improve user experience when accessing services –Across Cornell administrative units and colleges –Across institutional boundaries Protect security and privacy

10 10 Infrastructure in support of these goals Policy Technology Authentication of IT Resources Information Security of Institutional Data Training and awareness Account management Identification and registration Authentication Authorization & Access Mgmt Provisioning Directory Services Ensuring students have ready access to information and resources they are entitled to Data access standards Business process Organization Governance Data Stewardship and Custodianship Access to Student Information Federation Infrastructure

11 11 Student identity life cycle Applicant Accepted applicant Deposited applicant Student Alumnus 1 2 3 4 5 Business Challenges Delivery of ID and initial password Service entitlements at each step Data access decisions at each step Seamless transition from one step to the other Correct handling of people with multiple relationships Anticipating future business needs such as federated access to services Understanding where business process and organizational changes are needed Building awareness among staff with the need to know

12 12 Applicant onboarding: business view Business needs Fast, cost-effective, reliable way of conveying ID and password Ease of transition from applicant to student Online access to application status and financial aid award Online access to other services in future anticipated Players Director of Admissions University Registrar IT Security Director Data Steward Identity Management IT staff Business decisions Use centrally-issued ID which can be used for multiple applications NetID reserved for community members and is for life ApplicantID is unique, but temporary Applicants can only access information about the status of the application until risk concerns associated with delivery method addressed Consider change in business process to require applicants to answer security questions during application process Begin exercise to map constituent groups to service entitlements

13 13 Applicant onboarding: IT implementation Security considerations NetID as “gold” standard, implications for federated access Clear-text passwords via email represents risk Resetting forgotten passwords for this large a group in remote locations Service providers require means to authorize applicants for access IT implementation Create applicantID in separate Kerberos database (realm) Issue one-time activation code in lieu of password Create self-service application for activating and managing applicantID Create applicant permit (group) and make available to campus service providers for read-only access Provide campus service providers with mechanism for creating their own groups “Reserve” NetID through naming convention of applicantID

14 14 Student onboarding: business view Business needs Student gets NetID as soon as deposit paid and has access to student services Student must be aware of IT policies and their responsibilities before accessing services Players College student services staff University Registrar’s staff IT Security Director IT Policy Director Faculty Advisory Group Identity Management IT staff Business decisions Require each student to take an online tutorial and quiz to introduce policies and network citizenship Deliver NetID in US mail until risk concerns adequately addressed

15 15 Policy and business process AuthenticationAuthorization Kerberos CUWebLogin Radius Active Directory Permit Server Grouper Signet Federation Infrastructure Single sign-on with NetID rfc32 for all services Intra-campus online services Identity repositories PeopleSoft LDAP directory Inter-campus online services External partners ILiad Delivering online student services in a distributed environment InCommon Shibboleth

16 16 Policy and business process AuthenticationAuthorization Kerberos CUWebLogin Radius Active Directory Permit Server Grouper Signet Federation Infrastructure Single sign-on with NetID for all services Intra-campus online services Identity repositories PeopleSoft LDAP directory Inter-campus online services External partners ILiad Delivering online services to all Cornell users InCommon Shibboleth

Download ppt "1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant."

Similar presentations

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
1 The Evolving Definition of Student: Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.

Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Planning the Implementation of Campus Community. Rules for Campus Community  Keep an open mind  Understand other’s processes  Realize the impact on.

Planning the Implementation of Campus Community. Rules for Campus Community  Keep an open mind  Understand other’s processes  Realize the impact on.
Identity and Access Management

Identity and Access Management
© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.

© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.

LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

Similar presentations

Ads by Google