1. Prepared for IAC Scott Baily, Interim Director of ACNS August 13, 2008

2.  A collection of administrative processes coupled with a technological solution which enables the validation of individuals’ identity and conditionally authorizes access to systems, applications, and data.  Today, we use eID for identity management 8/13/20082IAM Presentation

3.  Locally developed several years ago  50,000+ lines of code – extremely complex  No viable commercial alternatives at that time  Significant extensions imply a major re-write  eID successfully authenticates central services  RamCT, ARIESweb, VPN, etc.  And departmental apps as well  Preview CSU, Parking Services  eID’s 2 primary authors have left the University 8/13/20083IAM Presentation

4.  Is eID the IAM solution to carry CSU into the future? 8/13/20084IAM Presentation

5.  Conducted 20 face-to-face interviews with campus “stakeholders”  Conducted an informal survey for additional input from the campus  Attended conferences, seminars, webinars, and spoke with other institutions about their solutions 8/13/20085IAM Presentation

6.  CSU has relationships with far more than students, faculty and staff  An IAM solution must also accommodate:  Visiting scientists  Collaborative research partners  Community patrons at the library  Development Opportunities  Contractors  Facility access control (safety issues)  Many others 8/13/20086IAM Presentation

7.  Legislation requires protection of:  Student information  Health information  Financial information  Credit Card Info (PCI DSS)  Personally identifiable information  Who has access to this information?  How is it controlled?  How, and by whom, is it reviewed? 8/13/2008IAM Presentation7

8.  eID was not designed to do authorization  Several departments have “rolled their own”  eID has only rudimentary auditing capabilities  eID is not sufficiently extensible  Need more granularity than just “associates”  The most difficult issue may be the development, implementation and management of access and authorization policies 8/13/2008IAM Presentation8

9.  CSU is implementing innovative research and education initiatives for a 21 st –century, dynamic global economy  Super Clusters  School of Global Environmental Sustainability  Collaborative participation in Kuali Development (Financial and Research)  We must provide the underlying support infrastructure (including IAM) that supports these activities 8/13/2008IAM Presentation9

10.  Examples of requests we cannot fulfill  Parent access to student accounts, other records  Additional information to support development efforts  Participation in National federated identity initiatives  Multiple levels of assurance when issuing identities  Good reporting tools for authorization and access  Grant appropriate levels of access to a wide variety of “guests”  Several others 8/13/2008IAM Presentation10

11.  This may sound like an IT initiative, but it is not!  Identity and Access Management is something that affects every College and Administrative Unit on the campus  The only way to ensure a successful outcome going forward is for representatives from each of the key areas to participate in the process  This is one of the principal lessons learned from other sites who have traveled this road 8/13/2008IAM Presentation11

12.  IAC should recommend to ITEC that the University begin the process of replacing eID with an extensible and scalable IAM solution.  Reiterate that this is not an IT initiative  All campus stakeholders have indicated a willingness to engage in this activity  Anticipated to take about 24 months to complete  Wise investments in the future usually reap substantial rewards 8/13/2008IAM Presentation12

13.  To everyone who has participated in our recent discovery process, and  To those who offered to continue contributing in the future should this activity proceed to the next level 8/13/2008IAM Presentation13

14.  Are most welcome 8/13/2008IAM Presentation14