1 / 15

Identity & Access Management Project

Identity & Access Management Project. Tom Board February 2006. Presentation Overview. Needs analysis Selection process Implementation plan Post-implementation plan. Needs Analysis. First signs of need: LDAP implementation External signs: Compliance legislation

elle
Download Presentation

Identity & Access Management Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity & Access Management Project Tom Board February 2006

  2. Presentation Overview • Needs analysis • Selection process • Implementation plan • Post-implementation plan

  3. Needs Analysis • First signs of need: LDAP implementation • External signs: • Compliance legislation • Market maturity and competition • Expansion of technical requirements • Buy versus build? • Recommendation to OVP

  4. Selection Process • Translate needs assessment to RFP • Issue RFP in August 2004 to 18 vendors • List vetted with consulting firms • 12 vendors submitted 9 responses • Three phase process: • Assess ability to execute at our scale • Face-to-face presentations, Q&A • For two finalists: proof-of-concept, license terms, consulting pricing, references

  5. Progress • Aug 2004 – RFP issued • Nov 2004 – First cut to from 9 to 6 • Feb 2005 – Second cut to 2 finalists • Mar 2005 – Proofs of concept • Apr 2005 – Pricing models • Aug 2005 – Negotiations begin • Dec 2005 – Contract signed

  6. Vendor • Sun Microsystems • Java Enterprise Suite pricing • Fully-functional Web Access Management • Market-leading identity management (Waveset) • Closest match to unique SNAP functions, plus flexibility • Four-year contract term

  7. Implementation Plan • Deploy Web SSO • Replace SNAP • Leverage IdM capabilities • Leverage WAM capabilities

  8. 1. Deploy Web SSO • Three demonstration systems • SNAP • Web e-mail (?) • TBD • Would like mix of Apache, IIS, and other Web servers • Timeline: 8-10 weeks after hardware ready

  9. 2. Replace SNAP • Replicate SNAP functions in more easily maintained software environment • Minimize visible changes for end users • Certify NetID rules and lifecycle with community • Parallel operation and gradual migration • Timeline: 12 months after hardware ready • December 2006 or June 2007

  10. 3. Leverage IdM Capabilities • Use IdM workflows to grant access to services • Grant access based upon roles • Workflows and business rules can be based upon what permissions have been granted to a NetID • Provision user profiles within Oracle/PS applications

  11. 4. Leverage WAM Capabilities • Web SSO improves security but aggregates risk, so we will need two-factor authentication • Utilize coarse-grained access control • WAM opens the way to federated authentication with other schools and with businesses

  12. Hardware Deployment

  13. Timeline * This timeline is for illustrative purposes only and should not be used in planning – please consult with an experienced professional. The views expressed are those of the author and not those of NUIT. No warranty expressed or implied. YMMV. All bets are off.

  14. Post-Implementation Plan • Two-factor authentication pilot with HRIS (Spring 2006) • In Spring 2007, use IdM workflow for • access approval • user profile creation applications • Coarse-grained access control based upon provisioned access (Spring 2007) • Modify IdM behaviors based upon provisioned access (Spring 2007)

  15. Questions?

More Related