1 / 11

Jane Hill Directory Services Product Manager, Harvard University

Jane Hill Directory Services Product Manager, Harvard University. Identity Infrastructure Is “In”. Privacy and security concerns have increased focus on digital identity and allowable use Policy discussions are actually moving and are involving business and IT

mairwen
Download Presentation

Jane Hill Directory Services Product Manager, Harvard University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Jane Hill Directory Services Product Manager, Harvard University

  2. Identity Infrastructure Is “In” • Privacy and security concerns have increased focus on digital identity and allowable use • Policy discussions are actually moving and are involving business and IT • Of course, it mattered all along, but more people seem to grasp the strategic importance and potential exposures

  3. Progress with Policy • No formal enterprise data administration committee now but policies have been collected at security.harvard.edu • Led by Scott Bradner, University Information Security Officer • Work is ongoing • Departments and schools are appreciative of the guidance

  4. Recent Focus on FERPA • Interpreting FERPA in context of the online classroom • Concern that students should not be forced to remove FERPA block in order to have a fully-functional online instructional experience • Course tools and online community tools (like iSites) present challenges

  5. Example Policy Clarification • Online classroom and FERPA: online environment can mimic physical classroom • Officially registered students and instructional staff can see the name, email and image of the course participants • Students are cautioned that FERPA does not pertain in online classroom (e.g. in an online discussion group, email will be visible)

  6. Too Much of a Good Thing? • Using our privacy system, users can opt out of whitepages, data element by element • But using these privacy preferences beyond whitepages causes issues • Example: If I am adding a user to a website, and type her in by email or HUID, and I can only return name for validation if individual is non-private, how do I add the private person as a user? • Move to invitation/opt-in mechanism? • Should public sites work differently? • If website administrators are also students, does that change what we can let them do? • Application privacy preference, or enterprise privacy preference?

  7. What Is Feasible Today? • We believe we can flip the current security model with regard to users • Analyze the user and their role, rather than a list of users • What is right balance between federation and storing as enterprise data? • Aggregate the user data, or use virtual approach? • Federate or take on the process of collecting? • What do we really need to own? • Will virtual repositories work? • Will source system owners accept that approach?

  8. On Our Mind • If we can store role at right level of detail will we be able to: • eliminate the need for applications to have their own copy of people data? • provide access to resources based on policy rather than user-driven requests? • Will enterprise applications expect IdM infrastructure to exist and start deemphasizing proprietary application security?

  9. Our IdM Project • Engaging business and technology sides in design • Perpetual communication required around strategic importance and urgency • Less custom code; use vendor tools and let them keep up with standards • Ask hard questions like “what do we really need to store?” • Can we use virtual repositories? • Aggregate or federate across domains?

  10. Improve Data Foundation • Replace overburdened ID card system with loosely coupled, well defined systems • Identity database components: • Identity management • Uniquely identify people (one ID for life) • Status and role • Common data • Address, phones and email • Extended data about roles • Additional authorization and access management • New processes? • Coping with provisioning the incoming employee • What kind of ID do we give people? Who performs the ID’ing?

  11. Jane Hill, Directory Services jane_hill@harvard.edu Kishan Mallur, IT Infrastructure Services kishan_mallur@harvard.edu Scott Bradner, University Information Security Officer sob@harvard.edu

More Related