1 / 32

Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle

This article explores the different stages of the student identity life cycle and discusses the importance of delivering, sourcing, and securing services at each stage. It delves into topics such as establishing a relationship, identity proofing, levels of assurance, credentials, roles/provisioning, security administration, federating, deactivation/de-provisioning, and governance management. The article emphasizes the advantages of single sign-on (SSO) and uniform administration of security in student life cycle management.

elvinar
Download Presentation

Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Student Life Cycle and Identity Management Mark McConahay Sr. Associate Registrar Indiana University Bloomington

  2. Student Life Cycle and Identity Management Student Life Cycle Description Transitions Security and Services Identity Life Cycle Establishing a Relationship Identity Proofing Levels of Assurance Credentials Roles/Provisioning Security Administration Federating Deactivation/De-Provisioning Governance Management “Advantages” SSO (Single sign-on) Uniform admin of security

  3. STUDENT LIFECYCLE Prospect Donor Admitted • Prospective Student • Admitted to Indiana University • Enrolled Student • Graduate of Indiana University • Indiana University Alumni • Donor to Indiana University Alumni Enrolled Graduate http://www.indiana.edu/~oem/

  4. Student Life Cycle at IU • Prospective Student • Initial Contact (e.g., 8th Grade Soccer Camp) • Hot Prospect (Submitted Test Scores, interest) • Applicant • Admitted to Indiana University • Admitted – not committed • Admitted – Paid • Admitted - Registered • Enrolled Student • Undergraduate/Graduate • Affiliations (Arts and Sciences, Business) • Institutional employee • Candidate for Degree • Graduate of Indiana University • Commencement Candidate • Former Student • Inactive Student (Non operational) • Indiana University Alumni • Programs and affiliations • Donor to Indiana University

  5. Student Life Cycle • Yeah – So What! • Place in life cycle defines: • Services Offered • Admin Access Security • Laws • Regulations • Policies • Unique Circumstances & Problems

  6. Student Life Cycle and Relationship, Services and Access

  7. Student Life Cycle and Relationship, Services and Access

  8. Student Life Cycle and Relationship, Services and Access

  9. Student Life Cycle and Relationship, Services and Access

  10. Student Life Cycle • Place (Affiliation/Role) in life cycle defines: • Services Offered • Provision(s) • Admin Access Security • Laws • Regulations • Policy • Unique Circumstances & Problems • Digital Identity Definitions and Specifications

  11. Student “Identity” Management • Identity Management • An integrated system of business processes, policies, and technologies that enable organizations to facilitate and control their users access to online applications and resources, while protecting confidential personal and business information from unauthorized users. (IU IdM) • Identity and access management (IdM) ensures that the right people access the right services. (AACRAO/EDUCAUSE)

  12. Student “Identity” ManagementWhy?From: EDUCAUSE/AACRAO-TECH Workshop Security - Centralized management of identity information gets sensitive personal information such as SSNs out of localized departmental databases. Reduces Duplicate Identity Information — Because IdM consolidates identity and related identifiers, it helps to reduce or eliminate the instance of individuals having duplicate identifiers across campus applications. Seamless Services — Students experience faster access to new services as they move through their relationship life cycle from applicant to enrolled student to alumni. (SSO) Consistent Application of Policy—IdM provides a central point for the application of access-related policy. Save Time and Money —IdM saves money by reducing redundancy in supporting multiple identity databases. Positioning for the Future —In today’s electronic environment, new opportunities will continue to surface to conduct business on-line. A robust IdM system will enable new ways for providing on-line services in a secure fashion as well as enabling seamless access to third-party applications.

  13. Student “Identity” ManagementDefinitions (IU IdM Meetings) • Authentication • Establish that a particular request is associated with a specific real-world individual. • Authorization • Services or information the individual is entitled to access based upon their role or affiliation with the enterprise. • Directory • The aggregation of individuals along with their associated attributes and information germane to enterprise. • Identifiers • An identifier is a character string that connects individual to a set of computerized data

  14. Student “Identity” ManagementDefinitions (IU IdM Meetings) • Credentials • The set of unique attributes that enable authentication of an individual to a specific application system. Typically, the classic combination of a user account number or name and a secret password. • Provision • To allocate services and information based upon an individual’s Authority, attributes and identifiers. • Middleware • A broad array of software tools and data that help applications use networked resources and services.

  15. Student “Identity” Life Cycle • Establishing a Relationship • Identity Proofing • Levels of Assurance • Credentials • Roles • Provisioning • Security Administration • Federating • Deactivation/De-Provisioning • Re-credentialing

  16. Student “Identity” Life Cycle • Establish Relationship • Identity “proofing” • Levels of Assurance • Avoiding Duplication

  17. Student “Identity” Life Cycle • Establish Relationship • Creation of the digital index and collection of attributes and data that represent an individual. • Attributes must represent: • The stage in which the student resides to define service allocation. • Establish Credentials • Questions(?) • Who has the authority to: • Create a record (in a specific role) • Remedy duplicates

  18. Student “Identity” Life Cycle • Identity “Proofing” • Processes and procedures that link the individual to the digital collection of attributes representing the individual.

  19. Student “Identity” Life Cycle • Levels of Assurance • Processes and procedures that link the individual to the digital collection of attributes representing the individual. Which is the REAL Mary Beth?

  20. Student “Identity” Life CycleLevels of AssuranceExcepted from the PSU’s report on Levels of Assurance *Note: The matrix above is intended to provide visual representation of what levels of assurance at Penn State might consist of how they might be differentiated. This is not an inclusive list of all data elements collected or vetted.

  21. Student “Identity” Life Cycle • Credentials • Establish and Notify • “Reset” Practices • Knowledge Questions • Re-credentialing • Lost/Forgotten • Remote • Deactivation

  22. Student “Identity” Life Cycle • Roles • Collection of common requirements, tasks and business functions performed by individuals using an application support “system”. Based upon these common requirements, specific common services can be allocated. • Roles enable consistent allocation of services and administration of security privileges.      

  23. Student “Identity” Life CycleRoles and Security Administration • Common Roles • Prospective Student • Admitted to Indiana University • Enrolled Student • Graduate of Indiana University • Indiana University Alumni • Donor to Indiana University • Common Roles • Instructor • School Dean • School Recorder • Scheduling Officer • Financial Officer • Registrar Staff • “Auxiliary” Staff

  24. Student “Identity” Life CycleRoles and Security Administration “Devil in the Details” • Role “Challenges” • Authority • Who can decide upon the definitions • Who can place individuals into a “role” • Role Transitions • How does individual move from one role to another? (Admit -> Enrolled student-> Former Student) • Multiple Roles • Student/Staff Member • Student/Instructor • Exceptional Roles • Research Affiliates • Unique Student programs (Correspondence) • IDm and Application Security “Handshake” • Granularity Issues

  25. Student “Identity” Life Cycle“Federating – The Promised Land” • Federating Identity • “The beauty of standards is that you can have so many! • “You mean I have to login again?” • vs • “Standards shall set you free!” • SSO Everywhere!

  26. Student “Identity” Life Cycle“Federating – The Promised Land” • Federation • A federation is an association of organizations that use a common set of attributes, practices and policies to exchange information about their users and resources in order to enable collaborations and transactions. • Using a standard mechanism for exchanging information provides economies of scale by reducing or removing the need to repeat integration work for each new resource. • Since access is driven by policies set by the resource being accessed, higher security and more granular control to resources can be supported. (InCommon)

  27. Student “Identity” Life Cycle“Federating – The Promised Land” • Examples: • Restricted Library Resources • Apple – iTunes U • MicroSoft • Educause • Bookstores • National Student Clearinghouse • 3rd Party Academic Support Providers • Bedtime Story • CAMP (Try it) • others

  28. Student “Identity” Life CycleAll Good things must come to an end – or do they? • De-Provisioning and Deactivation • De-provision- remove information services from the individual. Most easily administered if Role-based. • Part of transition between roles • Must decide the “final resting state” of an “identity” • Deactivate - remove ability to authenticate into the system. Decision can made regarding persistence of primary identifier.

  29. Student “Identity” Life CycleAll Good things must come to an end – or do they? • De-Provisioning and Deactivation • De-provision- remove information services from the individual. Most easily administered if Role-based. • Part of transition between roles • Must decide the “final resting state” of an “identity” • Deactivate - remove ability to authenticate into the system. Decision can made regarding persistence of primary identifier.

  30. Student Life Cycle and Identity Management Governance Who Decides for the institution? Due to breadth of offerings – who has authority, responsibility and expertise to set institutional policy/practice? How are exceptions (e.g., affiliates) handled? Who performs the required review? Who adjudicates problems and conflicts? Who can add users (individuals) into specific roles and/or activate them on the “system”?

  31. Student Life Cycle and Identity Management Student Life Cycle Case Studies Identity Life Cycle Identity Relationships Security and Roles Local campus context Breakout sessions Governance Panel

  32. Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Student Life Cycle and Identity Management Mark McConahay Sr. Associate Registrar Indiana University Bloomington

More Related