1 / 21

Portal Services & Credentials at UT Austin

Dive into UT Austin's portal and authentication systems, exploring credentialing, challenges, and responses for a forward-looking approach. Discuss identity management needs and solutions for a large, diverse university community.

kathleenhughes
Download Presentation

Portal Services & Credentials at UT Austin

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Portal Services & Credentialsat UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005

  2. Discussion Items • Setting the stage • UT’s portal service – UT Direct • UT’s authentication service – UT EID • Credentialing & Support • Challenges & Responses • Future Directions

  3. Setting the Stage • UT Austin has large number of core constituents: • ~50,000 students • ~18,000 faculty & staff • And even larger groups of “extended” populations (e.g., prospective students, former students, parents, job applicants)

  4. UT’s Portal – UT Direct • Created in 2000, upgraded in 2003 • “Home-grown” using local custom development tools • Serves as both a portal and a web application framework (look & feel, menus, bookmarks, etc.) • Personalization is based on user’s affiliations

  5. UT Direct Usage • UT Direct has achieved strong penetration – • 80% of students use it at least weekly • 70% of faculty & staff use it weekly • 100,000 distinct users login weekly • UT Direct user interface is used for most business/administrative web services at UT Austin

  6. UT’s Authentication Service –UT EID • UT EID system created in 1995, upgraded in 1999, major overhaul coming this fall • All members of UT community have EIDs • Unified namespace for all EIDs • Sponsoring departments control the affiliations attached to EIDs

  7. EID Classes • EIDs are grouped into 3 major classes based on affiliation and status of identity verification • Low assurance – Self-registered EIDs • Medium assurance – Sponsored by an approved UT department • High assurance – ID verified in-person & electronic signature agreement signed • Required password strength depends on EID class

  8. EID Populations • The EID system currently contains 1.7M identity accounts, including: • Current students (~50K) • Former students (since ’74) (~600K) • Current employees (~35K*) • Former employees (since ’72) (~300K*) • Prospective students (~650K) • Guests (~400K) * Includes employees from certain other UT System universities that use shared administrative services.

  9. Relationship between UT Direct & the EID System • UT Direct and UT EID authentication are distinct systems • Most but not all UT Direct Services are EID-authenticated • UT EID authentication also used by many other services at UT Austin UT EID Authentication UT Direct Black- board Web- space Web- mail

  10. EID Credentialing • EID Creation • Guest EID suite (self-registration) • EID-on-demand (inline registration) • Automated EID creation • Physical ID verification is required for most core affiliates, but not for extended populations • EID eProxy allows one person to act on behalf of another for certain services (e.g., a parent who is paying a student’s housing bill)

  11. EID Support • EID web help suite lists contacts and provides password help options based on user’s current affiliations • Passwords can be reset online via challenge/response questions or via email ticketing (w/other credentials) • EID phone support is delegated to affiliation sponsors; Central ITS help desk is the last resort

  12. Challenges Part 1 • Risks posed by a unified identifier (for example, FERPA compliance) • One set of credentials shared by multiple systems can expose data in unexpected ways • User support systems/options are complicated by need to prevent inappropriate access to confidential data

  13. Challenges Part 2 • Duplicate EIDs and merging of EIDs • Extended populations tend to be future or former core constituents, so duplicate EIDs can cause problems • Privacy & identity theft concerns • Data elements used for identity reconciliation raise privacy concerns for the university community

  14. Challenges Part 3 • Relentless increase in identity registry size: +20% per year • New extended populations regularly being identified • Campus departments replacing local SSN-based identifiers with EIDs • Ongoing migration of campus systems to EID authentication (simplified sign-on initiative)

  15. Responses Part 1 • Risks posed by a unified identifier (for example, FERPA compliance) • Proactively coordinate EID support and password reset policies across sponsoring departments, especially when new affiliations are added • Move toward more granular authentication status and control

  16. Responses Part 2 • Duplicate EIDs and merging of EIDs • Increase intelligence of self-registration process with adaptive questionnaire • Push EID usage to start of business processes to limit backend EID merges • Privacy & identity theft concerns • Remove SSN from EID System • Institute stricter controls on access to identity registry data

  17. Responses Part 3 • Relentless increase in identity registry size: +20% per year • Improve flexibility & agility of identity registry to better cope with growth • Limit identity reconciliation efforts to close affiliates • Implement new classes of EIDs (e.g., identifier-only) with characteristics targeted to campus needs

  18. Future Directions – UT Direct • Bolster support for non-authenticated sessions • Unify central UT web site architecture with UT Direct portal • Support Shibboleth-style local-campus authentication for other UT System universities • Explore commercial & open-source tools/products for next generation of UT Direct

  19. Future Directions – UT EID • Complete overhaul of EID system will occur in Fall 2005 • Improve online support tools for users, especially for former students • Allow affiliation sponsors to define populations within an affiliation to provide customized support options • Support strong second-factor authentication options

  20. My Contact Info CW Belcher c.belcher@its.utexas.edu (512) 232-6519

  21. Portal Services & Credentialsat UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005

More Related