Download presentation
Presentation is loading. Please wait.
Published bySybil Bennett Modified over 8 years ago
2
Moving Forward in Stages Tom Barton, University of Chicago
3
Copyright Tom Barton, 2006. This work is the intellectual property of the author. Significant portions are the intellectual property of Lynn McRae. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
4
Identity Management is Strategic - Proceed in Stages Stage 1 – Baseline identity integration –Integrate identities from Systems of Record –Common username & login credentials –At least one attribute for differential access Stage 2 – Enriching identity through groups –Users (departments, projects, individuals) define populations through membership in groups –Carried through central infrastructure to enhance services Stage 3 – Policy control by privilege management –Set/view privileges across systems –Adjust privileges to change in role and status –Decentralized control of centralized infrastructure
5
Baseline Identity Integration Objective application 1 authentication service attribute service application N From Siloed To Integrated application N application 1 authNattributes authNattributes
7
Identity & Access Management: Functional Vocabulary VerbObjects ReflectData of interest from systems of record into registry, directory JoinIdentity information across systems ManageCredentials, group memberships, affiliations, privileges, services, policies Provide IAM info via - relay thru run-time request/response - provisioning into App/Service stores Authenticate (AuthN)Claimed identities Authorize (AuthZ)Access or denial of access LogUsage for audit
8
Increasing Utility of Commercial Tools Recent increase in campuses choosing –Microsoft –Novell –Oracle –Sun NSF Middleware Initiative projects in this space –OM (Open Metadirectory – Umeå University) –Nexus (Provisioning – University of Memphis) But many campuses still choose to build
9
Process & Organizational Tools Systems analysis –What business processes might produce desired info? –Where does/can it enter the IT infrastructure? –Do actual semantics fit the perceived value? Policies & governance processes
10
Shib
12
Few Off-The-Shelf Tools for Stages 2-3 No commercial products, really A few campus-built distributed group or privilege management solutions –Not packaged for implementation elsewhere Ergo, the Grouper and Signet Projects –V1.0+ releases, open source
13
Self-Identified Groups Identity Management allow BIO_X allow BIO_X WIKI define BIO_X WIKI define BIO_X allow BioX allow BioX Email Lists define BioX Email Lists define BioX What about my team? …my project? …my senior staff? The Boss HR allow Bio-X allow Bio-X Calendar define Bio-X Calendar define Bio-X Affiliation: faculty Dept: Biology Identity Management
14
Identity Management Grouper biology:bio-x biology:bio-x:admin biology:bio-x:staff HR allow Bio-X allow Bio-X WIKI allow Bio-X allow Bio-X Email Lists Email Lists allow Bio-X allow Bio-X Calendar Reflect Groups Across Applications The Boss Affiliation: faculty Dept: Biology
15
Missing TAs Identity Management Affiliation: faculty Instructor: CS-313 The Professor What about my TAs? … my auditors? … extensions/makeup? HR SIS Courses SIS Courses Shib Allow CS-313 Allow CS-313 CourseWare CS-313 grades CourseWare CS-313 grades allow CS teaching allow CS teaching Library CompSci resources Library CompSci resources allow CS affiliates External Partner External Partner
16
Enrich Course Membership Identity Management Affiliation: faculty Instructor: CS-313 The Professor Grouper Class:CS-313:TA isMemberOf: CS-313 U = HR SIS Courses SIS Courses Shib Allow CS-313 Allow CS-313 CourseWare CS-313 grades CourseWare CS-313 grades allow CS teaching allow CS teaching Library CompSci resources Library CompSci resources allow CS affiliates External Partner External Partner
17
Course Ware Course Ware Extend Course Infrastructure Identity Management Affiliation: faculty The Professor Grouper class:CS-313:TA isMemberOf: CS-313 U = faculty: CS-313 SIS Courses SIS Courses HR Shib allow CS-313 allow CS-313 CourseWare CS-313 grades CourseWare CS-313 grades allow CS teaching allow CS teaching Library CompSci resources Library CompSci resources allow CS affiliates External Partner External Partner
18
Guest IDs Guest IDs Non-Affiliated People Identity Management Affiliation: ??? Sib Rula Lenska “Friends are here from Europe!” faculty, staff, student guest faculty, staff, student guest Athletic Facilities Athletic Facilities staff, guest staff, guest Printing student, guest student, guest Black board Black board
19
Provide Entitlements Identity Management Affiliation: guest Sib Rula Lenska Grouper guestids:admin guestids:guests Signet printing(max100) blackboard(music103) athletic(gym,after5) effective date expiration date Guest IDs Guest IDs faculty, staff, student guest faculty, staff, student guest Athletic Facilities Athletic Facilities staff, guest staff, guest Printing student, guest student, guest Black board Black board
20
Finance Control of Authority A.Greenspan “Unless the situation is reversed, these …trends will cause serious economic disruptions” Identity Management who can view who can view Reporting who can approve who can approve Reimburse- ments Reimburse- ments who can spend who can spend Requisitions Manual approval workflow
21
Depts Distribute Control of Authority Identity Management Affiliation: staff A.Greenspan Grouper Signet school:dept1 (view,all) B.Bernake school:dept2 (approve,1472,$100) Accounts Scope while staff Finance who can view who can view Reporting who can approve who can approve Reimburse- ments Reimburse- ments who can spend who can spend Requisitions
22
Discussion and Further Information Identity Management Constituent Group 2:15-3:45pm today Room A124/127 Identity Management Roundtable 2:20-3:10pm Wednesday Room C151/152 CAMP Distributed Access Management November 7-9, Denver Colorado http://www.nmi-edit.org http://www.nsf-middleware.org
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.