1 / 20

University of Washington Identity and Access Management

University of Washington Identity and Access Management. IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed Systems Ian Taylor, Manager, Security Middleware ‘RL’ Bob Morgan, Architect Anne Hopkins, Lead Zephyr McLaughlin, Lead. Overview.

hung
Download Presentation

University of Washington Identity and Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. University of WashingtonIdentity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed SystemsIan Taylor, Manager, Security Middleware‘RL’ Bob Morgan, ArchitectAnne Hopkins, LeadZephyr McLaughlin, Lead

  2. Overview • IAM Mission and Scope • IAM Practices • UW IAM Service Set • International Collaboration in IAM • Q & A

  3. IAM Mission • UW Mission • “preservation, advancement, dissemination of knowledge” • people-based processes, increasingly online • Identity management provides ... • institutional means to know who can, should and did access online (and physical) resources

  4. IAM Scope • IAM supports the whole institution • teaching, research, outreach, healthcare, student life, alumni, collaborators, affiliates, local, regional, global • UW Identity and UW NetID Statistics • 43,000 students at three campuses – Undergraduate, Graduate and Professional • Plus an Extension Enrollment of 27,000 more • 28,000 Faculty and Staff • Two Medical Centers, Neighborhood Clinics, SCCA, etc. • K-20 network • 385,000 Active UW NetIDs (11/28/07)

  5. IAM Practices • One identity per person • Many affiliations per person • Not just people (applications, groups, roles, organizations, ...) • Manage entire identity lifecycle • Level of Assurance (LoA) varies depending on population and application needs

  6. IAM Practices (cont.) • Compromise of credentials will happen • Business needs often must be balanced with compliance requirements • Identity theft is a serious problem

  7. UW Identity and Access Management Service Set • Identity Management • Person Registry • UW NetID Service • Authentication • UW Kerberos Realm • UW Windows Infrastructure • Weblogin Service (Pubcookie / Shibboleth) • SecurID • UW Certificate Authority

  8. UW Identity and Access Management Service Set (cont.) • Authorization and Aggregation • ASTRA • Groups Service • Subscriptions • Enterprise Directory Services • Person Directory • Groups Directory • White Pages Directory

  9. Federation • Use university identity for external service access • for web resources, using SAML standard • Internet2 Shibboleth federation software widely deployed • R&HE Federations create trust communities • agree on standards, vet institutions, exchange keys • InCommon Federation in US • many national R&HE federations in Europe and Australia • global service providers (eg Elsevier, Microsoft) join • work starting on global interfederation

  10. Other Identity Collaborations • eduroam • access to university wireless for HE visitors • 802.1x and RADIUS technology • deployed throughout Europe and Asia/Pacific • grid • supporting large e-science projects • X.509 technology • IGTF provides global linkage of grid CAs • work on linking grid access to SAML/Shib federation

  11. Q & A • Thank you for your interest. We welcome your questions. • Lori Stevens, lrs@u.washington.edu • Ian Taylor, iant@u.washington.edu • Bob Morgan, rlmorgan@u.washington.edu • Anne Hopkins, annehop@u.washington.edu • Zephyr McLaughlin, zephyrmc@u.washington.edu

  12. Shibboleth Flow Overview • User connects to resource and is redirected to WAYF • User authenticates at his home organization • User gets authenticated and redirected to web server of resource • Attribute request – user is granted access to resource

  13. 1. User connects to resource and is redirected to WAYF

  14. 2. User authenticates at his home organization

  15. 3. User gets authenticated and redirected to web server of resource

  16. 4. Attribute request – user is granted access to resource

  17. Shibboleth Demo • https://spaces.internet2.edu • Login via Shibboleth • http://www.switch.ch/aai/demo/expert.html • Excellent technical introduction

More Related