1 / 28

Collaboration: Identity and Access Management

Collaboration: Identity and Access Management. Lori Stevens University of Washington 16-17 October 2007. What is IAM?. Critical IT infrastructure Intersection of what NW engineers don’t want to do *with* what app developers don’t want to do

ula
Download Presentation

Collaboration: Identity and Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Collaboration: Identity and Access Management Lori Stevens University of Washington 16-17 October 2007 University of Washington

  2. University of Washington

  3. What is IAM? • Critical IT infrastructure • Intersection of what NW engineers don’t want to do *with* what app developers don’t want to do • Combines technologies, business processes, governance, and policies to: • Manage digital identities • Specify how ids access resources University of Washington

  4. Terminology • Authentication: says who you are • Authorization: says what you can do • Credentials: what you provide as ID • Federation: collection of orgs that agree to operate under a certain rule-set University of Washington

  5. Terminology • Identification: Process by which info about a person is used to provide some LOA • Level of Assurance (LOA)- Degree of certainty that someone is who they say they are • Low is OK for some things • For patient information (PHI), need high University of Washington

  6. What drives the need? • Collaboration • Research and education, governments, global health, … • Administrative applications • Growing complexity and the need to simplify • Risk mitigation University of Washington

  7. IAM-supported Collaboration • Wiki, blog, email, calendar, IM • Document sharing/editing • Phone/videoconference • Data sharing • More about outreach, ease of access, enablement University of Washington

  8. Why is IAM necessary? • To ensure the intended people access intended services • Organizations have to manage users/ids efficiently and accurately • While enabling them to get their work done • Digital IDs are taking on an increasingly important role for how we collaborate and share networked resources University of Washington

  9. Identity Management Trends • Pervasive in business processes • Inserting NetIDs as early as possible • e.g. NetIDs for student applicants, contractors, etc. • Identities/NetIDs useful for life, e.g. alumni, retirees University of Washington

  10. Sources of Information • Human Resource db • Research/grants db • Student db • Other dbs provide info about affiliations University of Washington

  11. Person Registry • Is knowing someone is a student enough? • Is this person an employee and a student? • Is this person affiliated with the institution? University of Washington

  12. Federated Authentication • Scholarship is global • Less allegiance to institution, more to research • Worldwide peers, now the norm • Access to partners is now: • Simple and more flexible • More secure University of Washington

  13. What is Shibboleth? • Standards-based (SAML) Web SSO pkg • Open Source • Uses local IdM system to get to campus and other institution’s apps • Protects user’s privacy and inst’s data • Plays well with others, helps svc partners University of Washington

  14. Federations • Usually HE but doesn’t need to be limited • Mostly Shib-based, not all though • Use cases: • content access • collaboration support • wireless roaming University of Washington

  15. University of Washington

  16. Identity Lifecycle Management • Managing users • One NetID per person • Credentials • Provisioning • Enabling self-service University of Washington

  17. Managing Identity • Provision accounts • Associate accounts with identities/people • Groups are created and managed • Accounts are given privileges • Credentials are issued • Authn, Authz, and Federation happen University of Washington

  18. Group and Access Management • Several sources determine where a person fits • A person belongs to several groups • One person often has several affiliations • Access can be based on: • Affiliation • Group membership • Roles • Privileges University of Washington

  19. Access Management • Authentication: • Single sign-on, fewer sign-ons • LOA, # of credentials • Federation and trust • Authorization: • access control, role-based, federation • Security auditing University of Washington

  20. Enterprise IAM Infrastructure • Enterprise user database • Person registry, directory driven from large business sources, e.g. staff, student, affiliates • Enterprise group management • Driven from business sources, e.g. courses, departments, ad-hoc • Enterprise privilege management • Delegated, role/function/affiliation-based University of Washington

  21. Consolidation supports Collaboration • Provides a centrally-coordinated service • Allows for distributed management of content • No need to manage multiple instances • Single place for auditing and reporting • Eases mgmt of security issues for apps • One set of tools and data for apps • The stuff of academic life and often inter-institutional University of Washington

  22. Challenges with Centralizing • Governance, mgmt of data • Defining rules, delegation • Compliance and regulations • Consensus and support for central svcs • Responsibility and accountability University of Washington

  23. Policy and Governance Questions • Who is responsible for IDM? • What collaboration scenarios are important to Research and Education? • Who will approve policies? • Who is part of the federation? • Who decides and develops policies? • Who owns the source data? University of Washington

  24. Technical Challenges • Delivering information to apps • Mobility, portability • anywhere, anyhow, anytime computing • Interface consistency cross-location • Diversity of apps and platforms • Advanced app requirements • Interoperability University of Washington

  25. IAM Benefits • Supports collaboration • Enables global federated authentication • Simplifies and secures • Reduces help desk load • Enables • Shared management • Operating efficiencies University of Washington

  26. Advancing IAM Efforts • Fostering technical standards • Aggregating and disseminating technical design and implementation strategies • Fostering opportunities for others to deploy products • Integrating efforts with specific scientific and research communities University of Washington

  27. Resources • http://www.terena.org/activities/tf-emc2/ • middleware.internet2.org • http://middleware.internet2.edu/MACE/ • www.nmi-edit.org/roadmap/draft-authn-roadmap-03/ University of Washington

  28. Questions? University of Washington

More Related