220 likes | 344 Views
Network and Communications Service. Self Serve Identity Management Kiosk. Gary Bernstein, Director NCS Eliezer Grinberger, Analyst NCS. Project Description. Provide a secure and accessible platform for the self-serve distribution of network credentials and a password reset mechanism.
E N D
Network and Communications Service Self ServeIdentity Management Kiosk Gary Bernstein, Director NCS Eliezer Grinberger, Analyst NCS
Project Description • Provide a secure and accessible platform for the self-serve distribution of network credentials and a password reset mechanism
Other Motivators • Move towards “Service Oriented Architecture”; Connecting legacy systems and exposing their functionality to other applications • Gain experience in the deployment of kiosk technology • Experiment with RFID as a network authentication device • Inspire other departments to implement kiosk applications
E-Mail and Network Credentials • McGill Uniform E-mail Address (UEA) format • First.last@mcgill.ca (staff) • First.last@mail.mcgill.ca (students) • We have adopted this format as the Uniform Login ID (ULID) • A single password is associated with the UEA/ULID
Distribution of ULID • Student’s first contact with McGill is upon application, using BANNER/Minerva • Student is assigned a BANNER numerical ID, currently different from the ULID
Distribution of ULID • Student’s BANNER password is initially the year and month of their birthday • Students reset password on first BANNER encounter and provide an answer to a “secret” question • Students only assigned UAE/ULID after course registration, which can happen as late as early September
The Problem • Students who register early forget passwords • UEA/ULID cannot be assigned until after registration • IST Help Desk is swamped with calls in late August, early September for password resets, UEA/ULID information
Solutions • In previous years IST Customer Service (ICS) would distribute credentials at carding • The kiosks will offload or eventually eliminate this task • The kiosks will be available for the remainder of the year to handle additional requests and other applications
Kiosk Operation • For security purposes, require two separate things: • Something you know • Something you own • The kiosk application provides the UEA/ULID and password when the card is presented AND the answer to the secret question is provided.
Kiosk Operation (cont’d) • The application: • Allows student to enter a new password, or • Assigns a random password • Prints the UEA/ULID and password
Pilot Project • Two kiosks temporarily located in ID card printing area where new students arrive. • One at Macdonald Campus (remote) • One at IST Customer service • After carding is completed, kiosks will be redeployed to Library and Registrar walk-in centre
Other Apps • Goal is to eventually provide access to multiple applications with varying levels of authentication: • No Authentication • Campus Map • Campus News • Job Opportunities at McGill
Other Apps • Swipe Only • Internet/Backbone Access • View course schedule • Double Authentication • Reset/View Network Credentials • View grades
Other Apps • We hope to stimulate the imagination of other service areas to add apps to the kiosk • For example, already had a request from McGill Security to print photos of students who are being sought by patrol agents. • Printing of receipts • Validation of ID before entry to exam rooms
Available Data in Campus OnGuard (Oracle) Banner (Oracle) • OnGuard Database: • Students / Staff list • ID Cards • Pictures • Banner Databases: • Students / Staff list • Secret Questions / Answers • Network credentials Confused user challenge … how to make the 3 dance?
Kiosk Kiosk Website Web Service Layer OnGuard Web Service Banner Web Service Data Layer OnGuard Banner Solution Architecture
Process Flow – Phase I Kiosk Website Badge number is transmitted to website User swipes his McGill ID card return person info & picture to website submit badge no. to OnGuad WS OnGuard Web Service request secret question from Banner WS return secret question to website Banner Web Service present web page to user
Phase I - Result ********* ******** ********
Process Flow – Phase II Kiosk Website Answer & password are transmitted to website User answers question and selects password validate secret answer request answer validation from Banner WS Banner Web Service request password change from Banner WS change user password present confirmation page to user