1 / 11

The Access Management Puzzle: Putting the Pieces Together

The Access Management Puzzle: Putting the Pieces Together. Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University of Washington. Context and Challenges. Large institution, diverse populations Three Campuses

alena
Download Presentation

The Access Management Puzzle: Putting the Pieces Together

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Access Management Puzzle:Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University of Washington

  2. Context and Challenges • Large institution, diverse populations • Three Campuses • 43,000 students – Undergraduate, Graduate and Professional • Extension Enrollment – 27,000 • 28,000 Faculty and Staff • Two Medical Centers, Neighborhood Clinics, SCCA • K-20 network • Result: over 512,000 UW NetIDs in use

  3. Environment • Tension between central and decentralized governance • Central IT (C&C), also much departmental computing • IT Strategic Plan: No ERP solution • build on the legacy • use best of breed niche solutions • IAM solutions: Open Source + Professionally-developed In-House

  4. Foundation • UW NetID • Kerberos : MIT KDC deployed 1997 • LDAP: Netscape Directory Server 1998 (switched to OpenLDAP in 2005) • Web ISO/SSO: pubcookie UW NetID "weblogin" service introduced on campus in 1999 • Person Registry: 1999 • Privilege Management: ASTRA v1 released 2003

  5. Guiding Principles • Gray’s Network Security Credo • Open networks/Closed servers/Protected sessions • Key elements of security architecture: Authn/Authz • Single, ubiquitous identifier • SSO • Lowest latency • Integration • Visibility • Pragmatism

  6. Solution: Authentication

  7. Solution: Authorization

  8. Good outcomes • Roles • Adapt to application needs • Learn and limit • Authorization Management • Central • Distributed • Legacy Applications • Publish Authorizations • Manage Authorizations

  9. Recent successes, upcoming challenges • UW Windows Infrastructure: course groups to AD • Treat Exchange population as a Subscription • Generate organizational groups by Budget • Push ASTRA Role occupants to Groups? • Web Service interfaces to LDAP directories • Greater federation via Shibboleth • Grouper • Global IdM • Levels of Assurance … and … of course …

  10. Governance and Policy • IT and IM (OIM) • Data Management Committee • Minimum Data Security Standards • Roles Sub-committee

  11. The Security Middleware Team (without which …) • Rupert Berk • Heidi Berrysmith • Donn Cave • Nathan Dors • Jim Fox • Anne Hopkins • Ken Lowe • Zephyr McLaughlin • RL ‘Bob’ Morgan • Bob Salnick • Tracy Stenvik • Ann Testroet

More Related