80 likes | 191 Views
Federated Identity in Texas. Paul Caskey The University of Texas System HEAnet National Conference Kilkenny, Ireland 13 November 2008. Background. What is the University of Texas (U.T.) System? 9 academic, 6 medical, 1 administration 190,000 students / 80,000 employees
E N D
Federated Identity in Texas Paul Caskey The University of Texas System HEAnet National Conference Kilkenny, Ireland 13 November 2008
Background • What is the University of Texas (U.T.) System? • 9 academic, 6 medical, 1 administration • 190,000 students / 80,000 employees • 1100 km apart geographically, but traditionally much further apart in terms of culture and sharing of resources • What is LEARN? • Lonestar Education And Research Network (Texas RON) • Participants come from public/private universities, community colleges, primary education (K-12), and service providers • 33 Institutions as tier 1 members, many more at the lower tiers • A major part of their mission is promoting collaboration in Texas
Background (continued) • Two federations in one state? • Different missions • Different populations • Shared goal of increasing collaboration across the state • Could “evolve” to support eGovernment in Texas as well (currently, there is no state-sponsored initiative to develop federation) • Interfederation is the key to achieving the goals
The U.T. System Federation • Collaboration is a key goal. • It all started with a “statement of direction” from our leaders and a small seed grant from the federal government • Why our own federation (rather than InCommon, etc)? • We know our campuses best / clear administrative boundary • Level and elevate the overall strength of identity management policy, practice, and technology • Ensure that no campus is left behind • Direct control over policies and directions • Most of our initial apps were just for our campuses • Current Status • Officially in production since 1 Sept 2006 • ~40 applications (administrative, academic, medical, security, and collaborative apps, but no content sharing) • 3 external vendors
The LEARN Federation • Again, collaboration is a key goal • Builds on the infrastructure and personal relationships already built with LEARN members • Why a separate federation (from InCommon, UT)? • LEARN maintains a close relationship with its members • Help smaller campuses participate, including community colleges and K-12 as well • Can also include other entities as needed, including governmental agencies • Current Status • In pilot operations since July 2008 • Initial draft of policies complete and pending approval • 2 apps, with several more being implemented in the next 6 months
Lessons Learned (so far) • Policy work is slow, but critical to establish an environment in which trust can develop. • It’s important to address the support needs that grow out of a federated environment (federate the support too). • Federated authorization is challenging and takes lots of time and effort (AppAdmin workflow app) – training and executive support are the keys. • Interfederation policy work is worse than establishing policies for our own federation since these policies span administrative and governmental / legal boundaries. • Everyone wants to build a house, but nobody wants to do housekeeping!
What benefits have we observed from our federation? • User satisfaction • Fewer passwords to remember, increases the value of their campus credential • Local autonomy • Supports differing technologies, policies, and business processes • Increased security • No application-based loosely-coupled identities • More granular authorization • Lower costs • Applications don’t have to develop and manage separate identities for their users • Support secure collaboration across the world just as easily as across the state (well, almost) • SAML is a mature global standard
The future? • More apps! • Vendors • eGovernment • Increased external collaborations • Interfederation / peering • LEARN • InCommon • Others? (caBIG, etc) • Compliance / verification • Standardized audit plan • Improved authorization capabilities • Policy revisions