1 / 17

Plans and Progress for Identity Management

Plans and Progress for Identity Management. Updates from member institutions of the APAC Identity Management Working Group. Identity Management Working Group. Create a forum for inter-institutional discussion of identity management issues.

aine
Download Presentation

Plans and Progress for Identity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Plans and Progress for Identity Management Updates from member institutions of the APAC Identity Management Working Group

  2. Identity Management Working Group • Create a forum for inter-institutional discussion of identity management issues. • Collaboration and exchange of information between BCNET member institutions, other provincial post-secondary educational institutions and provincial and federal public sectors, including government and health care authorities. • Eduroam and Shibboleth technologies

  3. SFU – Jeremy Rosenberg CAS LDAP PeopleSoft Web Server Amaint Account Provisioning UDD Shibboleth Eduroam Mail Lists WebCT AD Zimbra

  4. SFU – Jeremy Rosenberg Current Identity Management Activities • Perpetual access for former staff and students • Shibboleth integration with BCCampus • Security protocol discussion and policies around compromised accounts • Move from MaillistACLs to Grouper • Collaborating on OpenRegistry project • Zimbra customization • Web Services via XML gateway • ERP integration upgrades

  5. U of Victoria – Corey Scholefield

  6. U of Victoria – Corey Scholefield Last Year Access Management • Launched “Sign In to UVic” Single Sign-On service • Enhancements for online retrieval of T2202 forms for former-students • ERP Refresh: Banner 8 upgrade, uPortal deployment • Sun Identity Manager upgrade to version 8.1 • Deployed new accounts-provisioning for Facilities Mgmt. “FAMIS” system • Active-Directory course-enrollment groups • Updated Employee-to-Department roles & affiliation implementation Identity Management • Duplicate identity consolidation in Banner: ongoing

  7. U of Victoria – Corey Scholefield In Progress Access Management • “Sign In to UVic” service upgrade: upgrade CAS SSO to latest version • Enhancements to Sun Identity Manager deployment • New role for Sessional Instructors • Guest ID Sponsorship system • Enterprise LDAP integration for departmental Unix systems • Project initiation on UVic Shibboleth Identity Provider deployment • Continue deprecation of home-grown Identity Registry • Strengthen reporting around access rights to ERP systems + streamlined account de-provisioning Identity Management • Standardized Email Addressing (fname.lname@uvic.ca)  • Generated usernames assigned to UVic applications, for Banner-based application-status tracking

  8. U of Victoria – Corey Scholefield Upcoming Access Management • Enterprise Username and Password management: NetLink renewal • Replace Banner baseline common-matching to reduce duplicate-ID creation Identity Management • Upgrade to Sun/Oracle Enterprise Directory (LDAP) Server • Replacement for Sun Identity Manager • System Upgrades: Exchange 2010, Facilities FAMIS, Athletics CLASS • LDAP-based course-enrollment groups • Grouper

  9. U of Victoria – Corey Scholefield Challenges • Demand-management, project prioritization • Social-media digital identity integration • Enterprise identity eligibility • Privacy: balancing privacy compliance needs & rate of innovation

  10. BCIT– Leo de Sousa Present Banner ~850k accounts in AD Share Point Citrix Outlook / Exchange Luminis DB triggers Custom scripts Email (Notes) OneCard Manual entry D2L Wireless CAS Apps Book store Raiser’s Edge Active Directory Innopac Imaging Web apps Lab PCs Admin PCs Macs

  11. BCIT– Leo de Sousa Future Banner ~40k accounts in AD BEIS Triggers ~810k accounts in AD LDS Luminis FIM 2010? Share Point Citrix Outlook / Exchange OneCard D2L Wireless CAS Apps Raiser’s Edge Active Directory AD LDS Imaging Innopac Web apps Book store Lab PCs Admin PCs Macs

  12. BCIT– Leo de Sousa • Future • Custom script replacement • Triggers are replacing custom scripts • Real time updates from Banner to AD • Data transfer is secured via certificates and SSL • Encrypted and complex passwords • Banner 8 was installed in August 2010 • Minimum password length was increased from 6 characters to 8 characters • Self-serve password resets • Reduced calls to help desk • Improvements to Banner Self Serve web site • Better security questions • Use of external email addresses

  13. BCIT– Leo de Sousa • Future • FIM 2010 is coming • Ad hoc group self management • Self serve password resets integrated into Windows logon • Single/Reduced sign-on • AD LDS used for authentication of non-current users (alumni) • AD used for authorization of current users

  14. UBC– Doug Gregg Last year • IAM-enabled enterprise Active Directory deployed • Shibboleth 2.2 / SAML 2.0 implemented • New installations • Gradual replacement of custom authentication solution • Refined identity repository • 450,000 identities – includes faculty, staff, students, alumni, community identities • Higher quality data, more accessible • Strategic Grouper deployment • All identities above can be members of groups • Concept of Service (resource), Clients (department) and members (users) • Data configuration to allow delegated management to “edge” departments • Integration model defined • Internal AD-aware, web applications • External web ,LDAP-aware applications

  15. UBC – Doug Gregg In progress • IAM core development • Integration engine (standard approaches  publish / subscribe / ESB) • “Person hub” for self-management of identity information • Extension of the person hub metaphor into a communications switchboard • User handles • Channels available • Subscriptions – handle/channel associations • Account management capabilities • Service selection based on entitlements • One-time password management • Account elevation / deprecation • Alias management • Administrative UI • Identity repository data clean up • Removal of account typing • Additional of level-of-assurance (LoA) • Password strengthening • Challenge question strengthening • Username recovery strengthening • Personal merges • Identity and access integration for key systems • Door control • Key control • Access cards • Student systems • Instructor/room scheduling • HRMS • IT Service Management • Library • Facilities management • Financials • Learning management systems

  16. BC Campus– Randy Bruce • Last Year • Custom script CAS in place to all services • Shibboleth pilot commenced with SFU

  17. BC Campus– Randy Bruce • This Year • De-commission uPortal • New login: CAS/Shibboleth • Shibboleth with SFU in production • Facilitate institutional discussions regarding privacy and federated identity

More Related