Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leading an Effort to Define Roles A “Tripod” View of IAM.

Published byTrevor Daniel Modified over 9 years ago

Similar presentations

Presentation on theme: "Leading an Effort to Define Roles A “Tripod” View of IAM."— Presentation transcript:

1 Leading an Effort to Define Roles A “Tripod” View of IAM

2 I AM Assistant Controller Assistant Treasurer Budget Administrator Purchasing Card Administrator Purchasing Card Reconciler EmployeeEmployee Alum – Liberal Arts Alum – Smeal College of Business Conference Attendee Workflow “Mother” of all Roles DONORDONOR Chair Residency Appeals Member WPSU Thespian Alumni Interest Group

3 I AM Director of Information Systems Auxiliary & Business Services Supervisor Budget Administrator Director in Finance & Business Employee Alum – Health & Human Development Parent of a freshman (tuition payer!)

4 I AM Senior Systems Engineer Budget Administrator Director/Manager Team Leader in ITS Emerging Technologies Group Employee Parent of an alum DONOR Lead Architect Member of Nittany Lion Club Co-Chair InCommon Technical Advisory Committee

5 I AM dmm4 9-0000-0003 211-00-0000 602068 2098752890 dmm4@psu.edu jlw2 9-0000-0001 466-00-9999 602068 1234567890 jlw2@psu.edu prs4 9-0000-0002 962-00-1212 602068 39765112309 rshuey@psu.edu

6 THE WALRUS GOO, GOO, G’JOOB

7 Historical Perspective Leading an Effort to Define Roles Historical Perspective Electronic Approval since 1988 Approval Paths Based on individual – dmm4 Financial and HR Processes Only Route based on mnemonics Implementing Role-Based Workflow Standard workflow for process Authorization through roles and related attributes

8 IAM at Penn State Leading an Effort to Define Roles IAM at Penn State Identity & Access Management Road Map Co-Chaired by Renee Shuey & Joel Weidner Sub-Groups: Policy and Governance Risk Assessment Vetting, Proofing and Registration Authorities Life Cycle and Affiliations Levels of Assurance Report being presented next week

9 Leading an Effort to Define Roles IAM

10 IAM

11 Policy Leading an Effort to Define Roles Policy HOW CAN WE FOCUS THE IAM LENS? Governance Coordination and collaboration Three-level structure proposed at Penn State Policy Comprehensive Overarching Policy Standards vs. best practices vs. objectives Audience beyond organization

12 Policy Leading an Effort to Define Roles Policy CHALLENGES Organizational Issues Workflow driving roles but broader use being implemented Department Identity Financial Organization is not representative of rest of the organization Cultural Change Communication/Cooperation Cross-Organization Collaboration

13 Policy Leading an Effort to Define Roles Policy CHALLENGES Roles Creation of roles that work in multiple systemsCreation of roles that work in multiple systems Roles – access and securityRoles – access and security Role versus Position versus AffiliationRole versus Position versus Affiliation Can we use the term “roles” in academic processes?

14 Policy Leading an Effort to Define Roles Policy CHALLENGES Role Stewardship Attributes define access and authority Who determines? Some attributes are unique to individual – User ID Other attributes relate to process Privileges that are inherent in position Role of President, Provost, Dean Delegates and Proxies Some roles can be automated Principal Investigator – drive from account set-up

15 Policy Leading an Effort to Define Roles Policy CHALLENGES Role Steward Defines roles used in various processes Role Assigner Authority to grant access to role May also require workflow approval Person in role may have authority to grant access to delegates and proxies

16 Policy Leading an Effort to Define Roles Policy CHALLENGES Relationship of IAM to Other Issues Privacy Information Security Data Classification Workflow List Serve Management

17 Policy Leading an Effort to Define Roles Policy Who will be your Role Stewards? or as Jimmy V says “Muddah” of All Roles

18 Leading an Effort to Define Roles IAM

19 Focus onBusiness Processes Leading an Effort to Define Roles Focus on Business Processes Three Different Lenses The Customer or Consumer of online resources The Application/Resource Provider The Administrator

20 The Customer Lens – the consumer “Don’t care how; I want it NOW!” I want it NOW!” Focus onBusiness Processes Leading an Effort to Define Roles Focus on Business Processes

21 The Customer Lens – the consumer Driving the development of online services Driving the development of online services Bringing expectations from commercial experiences Bringing expectations from commercial experiences Want it now Want it now Demand simplicity Demand simplicity Want it pushed Want it pushed Focus onBusiness Processes Leading an Effort to Define Roles Focus on Business Processes

22 Customer Challenges Don’t care about roles—only know what they want to do Don’t care about roles—only know what they want to do How can intelligence be embedded into the business processes to simplify the customer experience? How can intelligence be embedded into the business processes to simplify the customer experience? How can we integrate existing business processes (admissions, hiring, registration) with the automated updating of roles? How can we integrate existing business processes (admissions, hiring, registration) with the automated updating of roles? Focus onBusiness Processes Leading an Effort to Define Roles Focus on Business Processes

23 Resource/Application Provider Focus onBusiness Processes Leading an Effort to Define Roles Focus on Business Processes

24 Resource/Application Provider Charged with providing online services to the university community Charged with providing online services to the university community Admission applications, housing contracts, meal plans, class resources, procurement, parking permits, online testing …Admission applications, housing contracts, meal plans, class resources, procurement, parking permits, online testing … Need to efficiently place user in a context and role to execute the transaction Need to efficiently place user in a context and role to execute the transaction May require both user and approver rolesMay require both user and approver roles Focus onBusiness Processes Leading an Effort to Define Roles Focus on Business Processes

25 Resource/Application Provider Challenges Dynamic environment where individuals are moving in and out of roles daily Dynamic environment where individuals are moving in and out of roles daily Reconciliation of a single identity with multiple roles Reconciliation of a single identity with multiple roles In what role is the customer acting today--or for this particular application?In what role is the customer acting today--or for this particular application? Focus onBusiness Processes Leading an Effort to Define Roles Focus on Business Processes

26 The Administrator Lens – The business of managing the business Focus onBusiness Processes Leading an Effort to Define Roles Focus on Business Processes

27 The Administrator Lens – The business of managing the business Ensuring that policy is being followed Ensuring that policy is being followed Oversight for fiscal responsibility Oversight for fiscal responsibility Oversight for academic integrity Oversight for academic integrity Focus onBusiness Processes Leading an Effort to Define Roles Focus on Business Processes

28 Administrator Challenges Responsible for role management Responsible for role management Knowing “who’s on first”Knowing “who’s on first” Keeping the business running Keeping the business running Proxies and delegatesProxies and delegates Audits & controls Audits & controls Reconstruction of business transactionsReconstruction of business transactions Encouraging people to “do the right thing”Encouraging people to “do the right thing” Focus onBusiness Processes Leading an Effort to Define Roles Focus on Business Processes

29 Leading an Effort to Define Roles IAM

30 Technology Leading an Effort to Define Roles Technology A mechanism must be provided for: Assignment and management of roles. Establishment of new roles and attributes. Assignment of authority

31 Technology Leading an Effort to Define Roles Technology Develop a Schema with “Agility Ability” Meets both needs of Today and Unknown of Tomorrow Necessary & Challenging

32 Technology Leading an Effort to Define Roles Technology Identify Champions

33 Technology Leading an Effort to Define Roles Technology Provide Education & Training

34 Leading an Effort to Define Roles IAM

35 Leading an Effort to Define Roles Questions, Comments, and Farewell Debbie Meder dmm4@psu.edu Joel Weidner jlw2@psu.edu Renee Shuey rshuey@psu.edu

36 Don’t Forget!

Download ppt "Leading an Effort to Define Roles A “Tripod” View of IAM."

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,

Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. State of Kansas – SMART.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. State of Kansas – SMART.
CFO Model December 2007 Bill Matthews A/Executive Director Government Accounting and Policy Office of the Comptroller General.

CFO Model December 2007 Bill Matthews A/Executive Director Government Accounting and Policy Office of the Comptroller General.
DIVISION OF FINANCE Office of the Vice President for Finance OFFICE OF BUDGET AND FINANCE Travel and Expense Prepared By Automation of Travel and PCard.

DIVISION OF FINANCE Office of the Vice President for Finance OFFICE OF BUDGET AND FINANCE Travel and Expense Prepared By Automation of Travel and PCard.
Reorganization of APHIS Veterinary Services U.S. Department of Agriculture Animal and Plant Health Inspection Service Veterinary Services November 2013.

Reorganization of APHIS Veterinary Services U.S. Department of Agriculture Animal and Plant Health Inspection Service Veterinary Services November 2013.
Corporate Service Review DEPARTMENT OF BUSINESS AND EMPLOYMENT.

Corporate Service Review DEPARTMENT OF BUSINESS AND EMPLOYMENT.
1 Penn State’s Identity & Access Management Initiative “It’s all about who you know … and what you know about them”

1 Penn State’s Identity & Access Management Initiative “It’s all about who you know … and what you know about them”
Title Page Rozzie Gerstman May 15, 2003. Overview of Presentation.

Title Page Rozzie Gerstman May 15, Overview of Presentation.
Financial Controls Task Force Report Joint Financial-HRMS Unit Liaison Meeting March 17, 2004 Mike Kalasinski Norel Tullier Cheryl Soper.

Financial Controls Task Force Report Joint Financial-HRMS Unit Liaison Meeting March 17, 2004 Mike Kalasinski Norel Tullier Cheryl Soper.
OHIO OFFICE OF INFORMATION TECHNOLOGY. Even the agents are suffering…

OHIO OFFICE OF INFORMATION TECHNOLOGY. Even the agents are suffering…
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
ECM Project Roles and Responsibilities

ECM Project Roles and Responsibilities
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
(rev 3/09) Stewardship, Accountability and Regulatory Compliance Jim Corkill Sandra Featherson Office of the Controller.

(rev 3/09) Stewardship, Accountability and Regulatory Compliance Jim Corkill Sandra Featherson Office of the Controller.
Institutional Research and Planning Reporting and Data Governance Strategy.

Institutional Research and Planning Reporting and Data Governance Strategy.
Promoting School Business Managers Brad Shortridge John Benedetti David Hill.

Promoting School Business Managers Brad Shortridge John Benedetti David Hill.
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google