Reflect join a case study the university of texas health science center at houston
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Reflect & Join A Case Study The University of Texas Health Science Center at Houston PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on
  • Presentation posted in: General

Reflect & Join A Case Study The University of Texas Health Science Center at Houston. William A. Weems Assistant Vice President Academic Technology. Middleware Makes the Global Sharing of Resources Invisible to Users.

Download Presentation

Reflect & Join A Case Study The University of Texas Health Science Center at Houston

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Reflect join a case study the university of texas health science center at houston

Reflect & JoinA Case StudyThe University of Texas Health Science Center at Houston

William A. Weems

Assistant Vice President

Academic Technology


Middleware makes the global sharing of resources invisible to users

Middleware Makes the Global Sharing of Resources Invisible to Users.


Reflect join a case study the university of texas health science center at houston

Increasingly, people must easily and securely exchange information in cyberspace among "known" individuals and to securely access restricted resources they “know” can be trusted without having to struggle with numerous and onerous security processes.

3


Reflect join a case study the university of texas health science center at houston

  • How do you prove you are who you say you are?

  • How do you know that someone is legitimate in his or her dealings with you, and how do you get redress if things go wrong?

  • If your identity is stolen and used fraudulently, or personal records are altered without your knowledge or permission, how do you prove that it was not you?

  • It is difficult enough to verify someone's identity in the tangible world where forgery, impersonation and credit card fraud are everyday problems related to authentication.

  • Such problems take on a new dimension with the movement from face-to-face interaction, to the faceless interaction of cyberspace.

Identity and Authentication by Simon Rogerson

4


Reflect join a case study the university of texas health science center at houston

Ideally,  individuals would each like a single digital credential that can be securely used to authenticate his or her identity anytime authentication of identity is required to secure any transaction.

5


Reflect join a case study the university of texas health science center at houston

UTHSC-H: An Identity Provider (IdP)

It is critical to recognize that the university functions as an identity provider (IdP) in that UTHSC-H provides individuals with digital credentials that consist of an identifier and an authenticator. As an IdP, the university assumes specific responsibilities and liabilities.

6


Two categories of identity

Two Categories of Identity

  • Physical Identity – Assigned Identifier - Authentication

    • Facial picture,

    • Fingerprints

    • DNA sample

  • Identity Attributes – Authorization Attributes

    • Common name,

    • Address,

    • Institutional affiliations - e.g. faculty, student, staff, contractor,

    • Specific group memberships,

    • Roles,

    • Etc.

7


Issuing a digital credential

Issuing a Digital Credential

  • Individual appears before an Identity Provider (IdP) which accepts the responsibility to

    • positively determine and catalog a person's uniquely identifying physical characteristics (e.g. picture, two fingerprints, DNA sample),

    • assign a unique, everlasting digital identifier to each person identified,

    • issue each identified person a digital credential that can only be used by that person to authenticate his or her identity,

    • maintain a defined affiliation with each individual whereby the validity of the digital credential is renewed at specified intervals.

8


Reflect join a case study the university of texas health science center at houston

Assigns

Everlasting

Identifier

Issues

Digital

Credential

IdP Obtains

Physical

Characteristics

Permanently

Bound

Person Only

Activation

Identifier

Digital Credential

Identity Vetting & Credentialing

Identity Provider

(IdP)

uth.tmc.edu

Permanent

Identity

Database

Person

9


Reflect join a case study the university of texas health science center at houston

The University of Texas SystemSTRATEGIC LEADERSHIP COUNCILStatement of DirectionIdentity ManagementApril 27, 2004

  • The University of Texas System Information Technology Strategic Leadership Council agrees that deployment of a robust, secure, interoperable infrastructure for identity management in support of inter-institutional collaboration is a strategic goal. This infrastructure will be based upon the available standards and best practices:

10


Reflect join a case study the university of texas health science center at houston

The University of Texas SystemSTRATEGIC LEADERSHIP COUNCILStatement of DirectionIdentity ManagementApril 27, 2004

  • LDAP (Lightweight Directory Access Protocol) compliant directory services,

  • eduperson schema as promulgated by EDUCAUSE and Internet2,

  • utperson schema (to be developed)

  • inter-institutional access control utilizing Internet2 Shibboleth, and

  • consistent institutional definitions and identity management trust policies for students, faculty, and staff as well as sponsored affiliates.

11


Reflect join a case study the university of texas health science center at houston

UTHSC-H Identity Management System

HRMS

SIS

GMEIS

UTP

Guest MS

Identity

Reconciliation &

Provisioning

Processes

Person

Registry

INDIS

Authoritative

Enterprise

Directories

OAC7

OAC47

User Administration Tools

Attribute

Management

Sync

Authentication

Service

Authorization

Service

Change

Password

Secondary

Directories

12


Person registry

Person Registry

  • Identity Reconciliation

    • Unique Identifiers Generated by Source of Record

      • SSN – If Available (HRMS, GMEIS, UTP, Guest, SIS)

      • Student ID,

      • Employee Number - HRMS

    • Full Name

      • First, Middle, Last

    • Birth Information

      • Date of Birth,

      • City of Birth,

      • Country of Birth

    • Gender

  • UUID – An everlasting unique identifier

13


Reflect join a case study the university of texas health science center at houston

Person

Is New ?

No matches

or possible matches

Add

yes

no

Is Single

Match ?

Identifiers match one and only one person

No possible matches

Update

yes

no

Identifiers match more than one person

And / or

Name or Birth information match one or more persons

Is

Possible

Or Multiple

Match ?

Manual

Processing

yes

14


Database schema

Database Schema

Identifier Table

ID Name

ID Value

Person Table

UUID

Date of Birth

Place of Birth

Country of Birth

Name Table

First

Middle

Last

Gender

Male / Female

15


Reflect join a case study the university of texas health science center at houston

UTHSC-H Identity Management System

HRMS

SIS

GMEIS

UTP

Guest MS

Identity

Reconciliation &

Provisioning

Processes

Person

Registry

INDIS

Authoritative

Enterprise

Directories

OAC7

OAC47

User Administration Tools

Attribute

Management

Sync

Authentication

Service

Authorization

Service

Change

Password

Secondary

Directories

16


Reflect join a case study the university of texas health science center at houston

Sponsor Submits

Guest Request

Applicant Appears

Before LRAA

LRAA Verifies

Applicant’s Data

LRAA Certifies

Applicant’s Data

Assign UUID,

Add to Person

Registry

Identity

Reconciliation

Applicant

Currently

Affiliated

Not in

Person Registry

Yes

Applicant in

Person Registry

Guest Added

to Guest

Database

No

Possible Identity Match

Guest Added

to Guest

Database

Guest Request

Voided

LRAA Resolves

ID Uncertainty

LRAA Credentials

Guest

LRAA Credentials

Guest


Reflect join a case study the university of texas health science center at houston

Guest Management System

Sponsor’s

Request

Forms

Submission

Unverified

Applicant’s

Data

LRAA’s

Review/Update

Forms

Review/Update

Person

Registry

Verified

Applicant’s

Data

Identity

Management

System

LRAA’s

Approval

Form

Submit to

Reconciliation

Enterprise

LDAP

Directory

New

Person?

No

Check Present

Affiliations

Yes

Current

Affiliations

Yes

No

Approval

Processes

Void Sponsor’s

Request

Create LDAP

Entry

Guest DB


Reflect join a case study the university of texas health science center at houston

19


Reflect join a case study the university of texas health science center at houston

Identity Vetting & Credentialing

UTHSC-H Two Factor Authentication

Identity Provider

(IdP)

uth.tmc.edu

Permanent

Identity

Database

Assigns

Everlasting

Identifier

Issues

Digital

Credential

IdP Obtains

Physical

Characteristics

?

?

Permanently

Bound

Person Only

Activation

Identifier

Person

Digital Credential

20


Reflect join a case study the university of texas health science center at houston

Identity Vetting & Credentialing

UTHSC-H Username/Password Authentication

Identity Provider

(IdP)

uth.tmc.edu

Permanent

Identity

Database

Assigns

Everlasting

Identifier

Issues

Digital

Credential

IdP Obtains

Physical

Characteristics

?

???????

Permanently

Bound

Person Only

Activation

Using Network

Username

Password

Identifier

Person

Digital Credential

21


Reflect join a case study the university of texas health science center at houston

UTHSC-H Strategic Authentication Goals

  • Two authentication mechanisms.

    • Single university ID (UID) and password

    • Public Key Digital ID on Token (two-factor authentication)

      • Digital Signatures

      • Highly Secure Access Control

      • Potential for inherent global trust

22


  • Login