Presentation is loading. Please wait.

Presentation is loading. Please wait.

Moving Forward in Stages Tom Barton, University of Chicago.

Published bySybil Bennett Modified over 8 years ago

Similar presentations

Presentation on theme: "Moving Forward in Stages Tom Barton, University of Chicago."— Presentation transcript:

1

2 Moving Forward in Stages Tom Barton, University of Chicago

3 Copyright Tom Barton, 2006. This work is the intellectual property of the author. Significant portions are the intellectual property of Lynn McRae. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

4 Identity Management is Strategic - Proceed in Stages Stage 1 – Baseline identity integration –Integrate identities from Systems of Record –Common username & login credentials –At least one attribute for differential access Stage 2 – Enriching identity through groups –Users (departments, projects, individuals) define populations through membership in groups –Carried through central infrastructure to enhance services Stage 3 – Policy control by privilege management –Set/view privileges across systems –Adjust privileges to change in role and status –Decentralized control of centralized infrastructure

5 Baseline Identity Integration Objective application 1 authentication service attribute service application N From Siloed To Integrated application N application 1 authNattributes authNattributes

6

7 Identity & Access Management: Functional Vocabulary VerbObjects ReflectData of interest from systems of record into registry, directory JoinIdentity information across systems ManageCredentials, group memberships, affiliations, privileges, services, policies Provide IAM info via - relay thru run-time request/response - provisioning into App/Service stores Authenticate (AuthN)Claimed identities Authorize (AuthZ)Access or denial of access LogUsage for audit

8 Increasing Utility of Commercial Tools Recent increase in campuses choosing –Microsoft –Novell –Oracle –Sun NSF Middleware Initiative projects in this space –OM (Open Metadirectory – Umeå University) –Nexus (Provisioning – University of Memphis) But many campuses still choose to build

9 Process & Organizational Tools Systems analysis –What business processes might produce desired info? –Where does/can it enter the IT infrastructure? –Do actual semantics fit the perceived value? Policies & governance processes

10 Shib

11

12 Few Off-The-Shelf Tools for Stages 2-3 No commercial products, really A few campus-built distributed group or privilege management solutions –Not packaged for implementation elsewhere Ergo, the Grouper and Signet Projects –V1.0+ releases, open source

13 Self-Identified Groups Identity Management allow BIO_X allow BIO_X WIKI define BIO_X WIKI define BIO_X allow BioX allow BioX Email Lists define BioX Email Lists define BioX What about my team? …my project? …my senior staff? The Boss HR allow Bio-X allow Bio-X Calendar define Bio-X Calendar define Bio-X Affiliation: faculty Dept: Biology Identity Management

14 Identity Management Grouper biology:bio-x biology:bio-x:admin biology:bio-x:staff HR allow Bio-X allow Bio-X WIKI allow Bio-X allow Bio-X Email Lists Email Lists allow Bio-X allow Bio-X Calendar Reflect Groups Across Applications The Boss Affiliation: faculty Dept: Biology

15 Missing TAs Identity Management Affiliation: faculty Instructor: CS-313 The Professor What about my TAs? … my auditors? … extensions/makeup? HR SIS Courses SIS Courses Shib Allow CS-313 Allow CS-313 CourseWare CS-313 grades CourseWare CS-313 grades allow CS teaching allow CS teaching Library CompSci resources Library CompSci resources allow CS affiliates External Partner External Partner

16 Enrich Course Membership Identity Management Affiliation: faculty Instructor: CS-313 The Professor Grouper Class:CS-313:TA isMemberOf: CS-313 U = HR SIS Courses SIS Courses Shib Allow CS-313 Allow CS-313 CourseWare CS-313 grades CourseWare CS-313 grades allow CS teaching allow CS teaching Library CompSci resources Library CompSci resources allow CS affiliates External Partner External Partner

17 Course Ware Course Ware Extend Course Infrastructure Identity Management Affiliation: faculty The Professor Grouper class:CS-313:TA isMemberOf: CS-313 U = faculty: CS-313 SIS Courses SIS Courses HR Shib allow CS-313 allow CS-313 CourseWare CS-313 grades CourseWare CS-313 grades allow CS teaching allow CS teaching Library CompSci resources Library CompSci resources allow CS affiliates External Partner External Partner

18 Guest IDs Guest IDs Non-Affiliated People Identity Management Affiliation: ??? Sib Rula Lenska “Friends are here from Europe!” faculty, staff, student guest faculty, staff, student guest Athletic Facilities Athletic Facilities staff, guest staff, guest Printing student, guest student, guest Black board Black board

19 Provide Entitlements Identity Management Affiliation: guest Sib Rula Lenska Grouper guestids:admin guestids:guests Signet printing(max100) blackboard(music103) athletic(gym,after5) effective date expiration date Guest IDs Guest IDs faculty, staff, student guest faculty, staff, student guest Athletic Facilities Athletic Facilities staff, guest staff, guest Printing student, guest student, guest Black board Black board

20 Finance Control of Authority A.Greenspan “Unless the situation is reversed, these …trends will cause serious economic disruptions” Identity Management who can view who can view Reporting who can approve who can approve Reimburse- ments Reimburse- ments who can spend who can spend Requisitions Manual approval workflow

21 Depts Distribute Control of Authority Identity Management Affiliation: staff A.Greenspan Grouper Signet school:dept1 (view,all) B.Bernake school:dept2 (approve,1472,$100) Accounts Scope while staff Finance who can view who can view Reporting who can approve who can approve Reimburse- ments Reimburse- ments who can spend who can spend Requisitions

22 Discussion and Further Information Identity Management Constituent Group 2:15-3:45pm today Room A124/127 Identity Management Roundtable 2:20-3:10pm Wednesday Room C151/152 CAMP Distributed Access Management November 7-9, Denver Colorado http://www.nmi-edit.org http://www.nsf-middleware.org

Download ppt "Moving Forward in Stages Tom Barton, University of Chicago."

Similar presentations

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.

On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
Worcester Polytechnic Institute 1 Providing Technology Orientation for New Faculty and Staff Copyright © 2005 Worcester Polytechnic Institute This work.

Worcester Polytechnic Institute 1 Providing Technology Orientation for New Faculty and Staff Copyright © 2005 Worcester Polytechnic Institute This work.
Copyright Dickinson College 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Dickinson College This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.

Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.
February 2006 copyright Michael Welch, Blinn College This work is the intellectual property of the author. Permission is granted for this material to be.

February 2006 copyright Michael Welch, Blinn College This work is the intellectual property of the author. Permission is granted for this material to be.
CAMP: Building a Distributed Access Management Infrastructure Lynn McRae, Stanford University Denver, Nov 7-9, 2006.

CAMP: Building a Distributed Access Management Infrastructure Lynn McRae, Stanford University Denver, Nov 7-9, 2006.
Internet2 MACE Identity and Access Management (IAM) Projects integ-tb-kh-02.ppt Keith Hazelton, U Wisconsin With help.

Internet2 MACE Identity and Access Management (IAM) Projects integ-tb-kh-02.ppt Keith Hazelton, U Wisconsin With help.
Handling Groups and Permissions: Grouper and Signet and uPortal Lynn McRae, Stanford University Keith Hazelton, University of Wisconsin With thanks to.

Handling Groups and Permissions: Grouper and Signet and uPortal Lynn McRae, Stanford University Keith Hazelton, University of Wisconsin With thanks to.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
Procurement From the 20 th to the 21 st Century Copyright Byron Honoré 2007. This work is the intellectual property of the author. Permission is granted.

Procurement From the 20 th to the 21 st Century Copyright Byron Honoré This work is the intellectual property of the author. Permission is granted.
MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.

MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, 2004. This work is the intellectual property of the.

Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,

Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, 2005. This work is the intellectual.

1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, This work is the intellectual.

Similar presentations

Ads by Google