Presentation is loading. Please wait.

Presentation is loading. Please wait.

National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.

Published byBonnie Houston Modified over 9 years ago

Similar presentations

Presentation on theme: "National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George."— Presentation transcript:

1 National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George O. Strawn NSF CIO Fall 2006

2 National Science Foundation Chief Information Officer Outline What is Identity Management (IdM)? IdM 1.0 Why not IdM 1.0? Why IdM 2.0? Why not IdM 2.0? What is IdM 2.0? Other matters

3 National Science Foundation Chief Information Officer What is Identity Management? Organization: The policies, processes, and tools used to “assure” that IT systems and applications are made available only to appropriate persons Individual: The persons I am working with and the systems I am using really are who they say they are. And no one can impersonate me, or read or change my information

4 National Science Foundation Chief Information Officer IdM has become important! Identity Management has greatly increased in importance as IT systems and applications are used to perform more and more of the work of society and commerce For this reason, we’ve got to do a better job of IdM (from IdM 1.0 to IdM 2.0)

5 National Science Foundation Chief Information Officer IdM 1.0 IdM is nothing new –we’ve had “user names and passwords” almost forever (in IT terms) A defining characteristic of IdM 1.0 is that each IT system and application does its own identity management –usually by keeping a list of authorized username/password pairs and checking it at login time

6 National Science Foundation Chief Information Officer Why not IdM 1.0? Ineffective: IdM 1.0 does a poor job of assuring privacy and security Inefficient: IdM 1.0 is expensive to manage and maintain (many separate IdM systems) Liability: IT and application providers (and their organizations) are now burdened with security and privacy responsibilities User-unfriendly: Users are now burdened with many username/password pairs –And these are proliferating!

7 National Science Foundation Chief Information Officer Why IdM 2.0? Effective: IdM 2.0 can provide a uniformly strong (eg, secure and private) identity management capability for an organization Efficient: IdM 2.0 can provide a single IdM system for an organization User-friendly: IdM 2.0 can greatly reduce the number of username/password pairs that a user must remember

8 National Science Foundation Chief Information Officer Why not IdM 2.0? IdM 2.0 will require changes to policies, processes, and IT systems –eg, replacing the IdM 1.0 software with the standardized IdM 2.0 software (middleware) IdM 2.0 is not free –The policies, processes, and IT systems must be developed and maintained But the benefits will outweigh the costs!

9 National Science Foundation Chief Information Officer What is IdM 2.0? A single, standardized solution for an organization to “assure” access to IT systems and applications only to appropriate persons Requires a “bigger/better” list of persons and it divides IdM into two parts: –authentication of users: Are you who you say you are? –authorization of users: Should you have access to a particular system or application?

10 National Science Foundation Chief Information Officer A bigger/better list of persons Often called a directory Will include all persons in your organization Q: But what about persons in other organizations who need access to your IT systems and applications? A: See next+2 nd slide. Will require as much “care and feeding” as your financial and personnel databases Will include information to enable authentication and authorization

11 National Science Foundation Chief Information Officer Authentication Are you who you say you are? –What you know (eg, a private password) –What you have (eg, a token that generates time-dependent random numbers) –What you are (eg, your fingerprint or retinal scan) These can be done alone (more or less well), or in (1-, or 2-, or 3-factor) combination

12 National Science Foundation Chief Information Officer Authorization Answers the question (for each person): which IT systems and applications are you permitted to use? Can be based on individuality (eg, Jane Jones is authorized to access the financial system) And can be based on role (eg, any staff member is authorized to use the internal web)

13 National Science Foundation Chief Information Officer Beyond the organization Another major benefit of IdM 2.0 will be that organizations can authenticate their members to other organizations (called “federated identity management”). Eg, –University X authenticates a student, and –College Y authorizes any student at University X to use its library system Higher Ed, USG, and industry are working hard to do this (eg, InCommon in HE)

14 National Science Foundation Chief Information Officer In the Federal world We are working to create a USG-wide “e- authentication” system We are working (under “HSPD-12”) to create an “intelligent card” for USG-wide physical access and (ultimately) for IT access NSF intends to move FastLane authentication from IdM 1.0 to IdM 2.0 –Eg, We intend that one could log into FastLane with a university credential if it is an InCommon credential

15 National Science Foundation Chief Information Officer Creating a Trusting e- Community Trusted Identity Management is one component of a trusted IT environment (together with secure IT applications and systems, and and digital information that is confidential, integral, and available) We will not enter the digital promised land until we do all these things better!

Download ppt "National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Social Economic and Legal Issues in Digital Libraries Group 7: Graham Hill Bianna Ine Matthew McGovern Francine Pfeffer.

Social Economic and Legal Issues in Digital Libraries Group 7: Graham Hill Bianna Ine Matthew McGovern Francine Pfeffer.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.

Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.

© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,

Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Similar presentations

Ads by Google