90 likes | 219 Views
Federations 101: The U.T. System Identity Management Federation. Internet2 Member Meeting Fall 2006 Paul Caskey. Agenda. Background What have we done? How did we do it? Why did we do it? How do we govern it? What does the future hold?. Background. 16 Institutions 9 academic 6 health
E N D
Federations 101: The U.T. System Identity Management Federation Internet2 Member Meeting Fall 2006 Paul Caskey
Agenda • Background • What have we done? • How did we do it? • Why did we do it? • How do we govern it? • What does the future hold?
Background • 16 Institutions • 9 academic • 6 health • 1 System Administration • 16 unique organizations, budgets, problems, ideas • Drivers for change: • Collaboration • Shared Services • Compliance • Reduced sign-on
What have we done? • Established the U.T. System Identity Management Federation • 16 UT institutions • Federation and Member (IdP and SP) policies • Shibboleth/SAML • VeriSign PKI
How did we do it? • IdM Statement of Direction • NMI-EDIT “Extending The Reach” grant • Shibboleth IdP InstallFest and SP Fest (a year later) • Shibb’d some low-risk apps (guest wireless, financial reporting) • Now have about 10 apps, including student couponing, legal tracking, research tracking, collaborative funding, and more) • Currently in production, but still a long way to go
Why did we do it? • We felt it best to address IdM on an administrative boundary - could happen quicker if we do it within the system. • We had an established organizational and governance structure throughout UT System and wanted to use it for IdM • We want to strive for providing infrastructure and policy to meet higher LoAs throughout UT System
How do we govern it? • UT Federation Executive Committee • UT System Office of Internal Audit • Institutional Internal Audit offices • Technical and Policy committees • Student project :)
What does the future hold? • Maturity (policy revisions, support models, VOs, etc) • Higher LoAs • More apps (and more important ones) • Inter-federation (TIGRE, HAM-TMC, TDL, etc.)