Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

Published byGarey Kelly Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey."— Presentation transcript:

1 Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey

2 Outline ‣ PSU and ITS ‣ Identity Management at Penn State ‣ Federating and Federations

3 A little bit about Penn State and ITS...

4 Penn State

5 ‣ Established 1855, PA’s Land Grant ‣ 24 campus locations ‣ 80K students, 10K faculty, 10K staff ‣ $640M annual research expenditure

6 Information Technology Services at Penn State

7 IdM Level Set “An integrated system of business processes, policies, and technologies that enable organizations to facilitate and control their users' access to online applications and resources — while protecting confidential personal and business information from unauthorized users. It represents a category of interrelated solutions that are employed to administer user authentication, access, rights, access restrictions, account profiles, passwords, and other attributes supportive of users' roles/profiles on one or more applications or systems. “ The NMI-EDIT Authentication Roadmap

8 Identity Management at Penn State…

9 Components of IdM at Penn State ‣ Kerberos, DCE, Active Directory ‣ LDAP (eduPerson) ‣ Cosign (WebAccess is local branding) ‣ Shibboleth ‣ Member of InCommon Federation ‣ RSA SecurID Tokens ‣ “Access Account” - branding for Penn State identity (authn only available too), ~120K ‣ “Short Term Access Accounts” (authn only available too), 178/9104 as of 11AM today ‣ “Friends of Penn State” - branding for external identity, ~450K

10 Components of IdM at Penn State - Proofing Start AD20 Agreement AD54 Agreement Library Agreement Display Password Newswire?Printing? Newswire Agreement Printing Agreement End Sign For Account No Yes GPG Encrypt Signature Request E-mail join Save all agreements

11 Components of IdM at Penn State – Policy ‣ Student Record Policy ‣ Definition of student records ‣ Definition of student ‣ Public information regarding students ‣ Confidentiality hold ‣ Network Usage Policy

12 Transaction Importance Trust Strength of Identity Proofing

13 Improving the Quality of Our Digital Identity ‣ Join InCommon Federation ‣ Participate in the eAuthentication project (getting CAF’ed) ‣ Create new service and business models ‣ Create “governance” for IdM ‣ Expire passwords ‣ Increase password strength

14 Federating and Federations…

15 Drivers for Federating in HE ‣ Increasing dependence upon ever richer collaboration ‣ Mandates leading to more research consortia ‣ Increasing number of on-line resources and tools ‣ Access management complexities for resource and tool providers ‣ End-user experience, reliable and efficient to run infrastructure ‣ Federal and State laws & regulations (e. g., FERPA, HIPAA, Gramm-Leach-Bliley Act)

16 The Goal of Federating ‣ Simplified Usability for all collaborations ‣ Home organizations carefully manage the release of personal information ‣ On-line resource providers focus on the protection and authorization of use of their on-line resources.

17 InCommon Federation ‣ Created to support Higher Education and its research and business partners ‣ Federation operator is an LLC operated by Internet2 ‣ Builds on existing campus identity management and single sign-on systems ‣ Makes use of open industry standards (SAML) and open source federating software (Shibboleth)

18 eAuthentication Federation ‣ Setting the standards for the identity proofing of individuals and businesses (based on risk of online services used) ‣ Building the necessary infrastructure to support common, unified processes and systems for government-wide use ‣ Helps build the trust that must be an inherent part of every online exchange between citizens and the U.S. Government

19 Figuring out how to work together

20 Before our digital world looks like this…

Download ppt "Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey."

Similar presentations

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.

Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Understanding Active Directory

Understanding Active Directory
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Www.incommon.org InCommon and Federated Identity Management 1 www.incommon.org.

InCommon and Federated Identity Management 1
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Similar presentations

Ads by Google