200 likes | 301 Views
Identity Management, Federating Identities, and Federations. November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey. Outline. PSU and ITS Identity Management at Penn State Federating and Federations. A little bit about Penn State and ITS. Penn State. Penn State.
E N D
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey
Outline • PSU and ITS • Identity Management at Penn State • Federating and Federations
Penn State • Established 1855, PA’s Land Grant • 24 campus locations • 80K students, 10K faculty, 10K staff • $640M annual research expenditure
IdM Level Set • “An integrated system of business processes, policies, and technologies that enable organizations to facilitate and control their users' access to online applications and resources — while protecting confidential personal and business information from unauthorized users. It represents a category of interrelated solutions that are employed to administer user authentication, access, rights, access restrictions, account profiles, passwords, and other attributes supportive of users' roles/profiles on one or more applications or systems. “ • The NMI-EDIT Authentication Roadmap
Kerberos, DCE, Active Directory LDAP (eduPerson) Cosign (WebAccess is local branding) Shibboleth Member of InCommon Federation RSA SecurID Tokens “Access Account” - branding for Penn State identity (authn only available too), ~120K “Short Term Access Accounts” (authn only available too), 178/9104 as of 11AM today “Friends of Penn State” - branding for external identity, ~450K Components of IdMat Penn State
Start End AD54 Agreement Library Agreement Newswire Agreement Printing Agreement Newswire? Printing? Sign For Account Display Password Components of IdM at Penn State - Proofing AD20 Agreement No Yes Yes No • GPG Encrypt Signature • Request E-mail join • Save all agreements
Components of IdMat Penn State – Policy • Student Record Policy • Definition of student records • Definition of student • Public information regarding students • Confidentiality hold • Network Usage Policy
Strength of Identity Proofing Trust Transaction Importance
Improving the Quality of Our Digital Identity • Join InCommon Federation • Participate in the eAuthentication project (getting CAF’ed) • Create new service and business models • Create “governance” for IdM • Expire passwords • Increase password strength
Drivers for Federating in HE • Increasing dependence upon ever richer collaboration • Mandates leading to more research consortia • Increasing number of on-line resources and tools • Access management complexities for resource and tool providers • End-user experience, reliable and efficient to run infrastructure • Federal and State laws & regulations (e. g., FERPA, HIPAA, Gramm-Leach-Bliley Act)
The Goal of Federating • Simplified Usability for all collaborations • Home organizations carefully manage the release of personal information • On-line resource providers focus on the protection and authorization of use of their on-line resources.
InCommon Federation • Created to support Higher Education and its research and business partners • Federation operator is an LLC operated by Internet2 • Builds on existing campus identity management and single sign-on systems • Makes use of open industry standards (SAML) and open source federating software (Shibboleth)
eAuthentication Federation • Setting the standards for the identity proofing of individuals and businesses (based on risk of online services used) • Building the necessary infrastructure to support common, unified processes and systems for government-wide use • Helps build the trust that must be an inherent part of every online exchange between citizens and the U.S. Government