1 / 15

Integrated Institutional Identity Infrastructure: Implications and Impacts

RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005. Integrated Institutional Identity Infrastructure: Implications and Impacts. IAM Drivers. Compliance Collaboration Outreach Network security Gorilla applications Your driver here. Compliance.

susanv
Download Presentation

Integrated Institutional Identity Infrastructure: Implications and Impacts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005 Integrated Institutional Identity Infrastructure: Implications and Impacts

  2. IAM Drivers Compliance Collaboration Outreach Network security Gorilla applications Your driver here ...

  3. Compliance External regulations FERPA, HIPAA Funding agency reqs: DoE, DoD, etc State-agency regulations Federal e-authentication contractual Internal policies Privacy Financial controls

  4. Privacy compliance support HIPAA, FERPA, local privacy regs, etc It's simple: control who can see what Process: classify data (eg protected health info) identify business processes, “need to know” control access methods and data locations identify and authenticate users log and audit access (as needed) manage policy expression, evolution

  5. Infra Requirements Identity management anti-sharing controls, support process/system/service identities Authorization management translate need-to-know, data classes into containers, ACLs, roles integrate with biz processes (medical, teaching, ...) Log/audit/reporting support Privacy implementation guidance

  6. US E-Authentication program Broad initiative supporting e-government both citizen-facing and internal based on NIST technical authentication guidelines, including 4 “levels of assurance” using SAML protocol base (Shibboleth compatible) most agencies must run compliant app in 2005 operating “Federal federation” of participating applications and credential providers standards, practices will be widely used outside of government as well http://cio.gov/eauthentication/

  7. E-Authentication and us Universities and CAF compliance indicate “institutional authority” LoA requirements for: identity proofing, activation, revocation, password strength, good user practice facility control, config/software management helpdesk, password reset practice record-keeping, audit, etc initial assessments done by GSA future compliance via inter-federation peering will support peering to other areas (eg financial)

  8. Inter-institutional Collaboration Much large-scale funded research is inter-institutional funding vehicles are multi-institution projects,aka virtual organizations (VOs) institutional VO support is key to being in the game not just facilities and networking any more often international in scope many other collaborations at all scales licensed content via consortia institutes, centers, special programs, ... ... and our own departments and colleges

  9. Collaboration requirements Tools mailing list, storage, web pub, calendar, ... identity mgt, roles, groups, authz mgt, privacy and all must work inter-institutionally network access federated identity, or many sponsored accts policy flexibility e.g., “must be employee” support VO policies, IAM technologies

  10. Institutional Outreach New initiatives lead to new populations alumni, retirees applicants, prospects K-12 regional medicine, patients distance learning, int'l campuses regional colleges

  11. Supporting Outreach Identity management low-cost or no-cost identity proofing new lows in level of assurance, eg passwords new process state changes, eg applicant->student, employee->retiree patient process is likely high LoA Authorization campus netid does not mean “campus user” users not entitled to “regular service bundle”

  12. Network access security High security, high access keep viruses, worms, sniffers, spammers out accomodate visitors, conferences with wireless Support identity management for machines network-layer authentication device support, constrained net environment easy access to (shared?) ids or registration new policy considerations

  13. Big application integration ERP, Portal, LMS, Grid you're not just buying an app, you're buying infrastructure and your deployers may treat them as infrastructure, ie creating their own processes for IAM etc may be OK, but not likely to be general-purpose open-source packages are new opportunities uPortal, Sakai, Kuali, Globus many challenges same as with vendor packages good integration examples can be infectious

  14. Conclusion the perils of success apps and orgs now come to infra providers seeking support, expecting advanced services we still have to evangelize budgets not going up exponentially ... architecture and integration know what the pieces do and don't do justify up-front costs, but focus on design wins

More Related