1 / 14

The Challenges of Creating an Identity Management Infrastructure for the University of California

David Walker Karl Heins Office of the President University of California. The Challenges of Creating an Identity Management Infrastructure for the University of California. Overview. The Environment UCTrust Stakeholders and Changing Roles. The University of California.

drake
Download Presentation

The Challenges of Creating an Identity Management Infrastructure for the University of California

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. David Walker Karl Heins Office of the President University of California The Challenges of Creating an Identity Management Infrastructure for the University of California

  2. Overview • The Environment • UCTrust • Stakeholders and Changing Roles

  3. The University of California • Ten campuses, three national labs, five medical centers • Most operational responsibilities on campuses • Payroll, Student Information, etc. • Each campus does its own identity management • A few services are central • Employee self-service and benefits • Most licensed library materials • Multi-campus collaborations

  4. A (Secure) Online Environment • Academic • Library • Course Management • Federal agencies • Administrative • Travel • Employee Training • Personal • Employee Benefits

  5. At Your Service Online (AYSO)‏ • UC's centrally-operated employee self-service application to manage tax withholding, retirement benefits, etc. • Potentially, hundreds of thousands of dollars of employee's funds. • Requires • High level of identity assurance • Help desk coordination • Coordinated log management for investigations • Legal and fiduciary compliance

  6. What is the problem? • Identity is application centric • Access is not removed timely when people leave the organization • Difficult to terminate individual’s access to all systems when needed • Security of ID and password controls vary • Users must maintain multiple passwords • Each application must design, build and maintain the identity management infrastructure.

  7. What Do We Need? • Trustworthy exchange of identity attributes • Trustworthy identity attributes • In general, a trust environment • Service Providers trust Identity Providers to provide correct identity information • Identity Providers trust Service Providers not to misuse information they receive • Community Members trust Identity Providers not to reveal information inappropriately and Service Providers not to misuse that information

  8. UCTrust • Establishes global requirements to facilitate system-wide agreements. • Creates trust in identity attributes through policy. • Policy controls the creation and release of information • Technology enforces that policy • Technology ensures secure transit of identity attributes • Extends InCommon with multiple levels of assurance

  9. UCTrust Requirements • Identity Providers must provide authoritative and accurate attribute assertions • Identity Providers must have practices that meet minimum standards • establishing electronic credentials and • maintaining individual identity information • Service Providers receiving individual identity attributes must ensure its protection and respect privacy constraints defined by the campus

  10. Governance • IT Leadership Council (ITLC)‏ • The body of campus CIOs • Provides oversight and conflict resolution • UCTrust Work Group • Composed of campus Identity Providers, Service Providers, UCTrust Administration, UCOP • Manages operational policies and procedures

  11. Many Stakeholders • Application Owners • Identity Providers • CIOs • Academic Senate • Vice Chancellors of Administration • Controllers • Legal Counsel • Consensus requires policy, implementation standards, and creative politics.

  12. Changing Roles and Responsibilities • Service Providers are dependent on Identity Providers • Identity Providers are dependent on Service Providers to protect personal information • Service Providers and Identity Providers are co-dependent for availability, user assistance, problem resolution, security investigation, etc. • End-users have a greater role in the protection of their credentials.

  13. Role of Audit • Participate in the project development i.e. make sure proper controls established • Because ID management is a better system, advocate for change to others • Periodic review and validation to provide independent assurance to ID and service providers

  14. Influence to Adopt UCTrust • Trust in the people who manage the new ID system • Agreement from outside experts that this change the proper course • Passion from the UCTrust to deliver • Logical reasons for the change

More Related