1 / 6

uApprove Implementation at NC State University

Learn about the uApprove implementation at NC State University, including background, policies, and future enhancements. Find out how the university ensures privacy-preserving attributes while using identity federation.

kennetha
Download Presentation

uApprove Implementation at NC State University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. uApprove Implementation at NC State University Mark Scheible, OIT Security & Compliance Manager, Identity and Access Management mark_scheible@ncsu.edu

  2. uApprove Background for NC State University • First Identity Federation effort was within the UNC System • First application (federation driver) was cross-institutional course registration • Therefore, initial (only) attribute release policy (ARP) was to support this effort • After joining InCommon, our ARP needed to be re-addressed • UNC-System effort to implement a modified version of uApprove • Federation-specific • Attribute-specific • Affiliation/User-specific (FERPA Privacy Block) • Privacy-preserving attributes vs. PII

  3. uApprove Background for NC State University (continued) • Only would come into play for students with a privacy block, or if attributes were requested outside of the normal “ARP” • Started to implement this, but realized it was already a version behind • Discussion at Shib-Fed WG meeting resulted in a recommendation to not implement the modified version and roll out the standard SWITCH version • We saw this as a “courtesy” to all faculty, staff and students, as well as a way to promote awareness about what identity data you were releasing to a service provider

  4. Current uApprove Status • Implemented in January, 2010 along with default ARP per federation • Reviewed with OGC for FERPA requirements (minor changes required) • Still only display the Digital ID Card “once” per SP • While we’d like additional functionality (e.g. review of SPs visited and option to change release decision), waiting to review Shibboleth V3 IdP Release • We will continue to enhance the look and feel of the Digital ID Card

More Related