60 likes | 72 Views
Learn about the uApprove implementation at NC State University, including background, policies, and future enhancements. Find out how the university ensures privacy-preserving attributes while using identity federation.
E N D
uApprove Implementation at NC State University Mark Scheible, OIT Security & Compliance Manager, Identity and Access Management mark_scheible@ncsu.edu
uApprove Background for NC State University • First Identity Federation effort was within the UNC System • First application (federation driver) was cross-institutional course registration • Therefore, initial (only) attribute release policy (ARP) was to support this effort • After joining InCommon, our ARP needed to be re-addressed • UNC-System effort to implement a modified version of uApprove • Federation-specific • Attribute-specific • Affiliation/User-specific (FERPA Privacy Block) • Privacy-preserving attributes vs. PII
uApprove Background for NC State University (continued) • Only would come into play for students with a privacy block, or if attributes were requested outside of the normal “ARP” • Started to implement this, but realized it was already a version behind • Discussion at Shib-Fed WG meeting resulted in a recommendation to not implement the modified version and roll out the standard SWITCH version • We saw this as a “courtesy” to all faculty, staff and students, as well as a way to promote awareness about what identity data you were releasing to a service provider
Current uApprove Status • Implemented in January, 2010 along with default ARP per federation • Reviewed with OGC for FERPA requirements (minor changes required) • Still only display the Digital ID Card “once” per SP • While we’d like additional functionality (e.g. review of SPs visited and option to change release decision), waiting to review Shibboleth V3 IdP Release • We will continue to enhance the look and feel of the Digital ID Card