1 / 14

IAM at CSU

IAM at CSU. Prepared for IAC Scott Baily, Interim Director of ACNS August 13, 2008. What is IAM?.

mahans
Download Presentation

IAM at CSU

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IAM at CSU Prepared for IAC Scott Baily, Interim Director of ACNS August 13, 2008

  2. What is IAM? • A collection of administrative processes coupled with a technological solution which enables the validation of individuals’ identity and conditionally authorizes access to systems, applications, and data. • Today, we use eID for identity management IAM Presentation

  3. A little background on eID • Locally developed several years ago • 50,000+ lines of code – extremely complex • No viable commercial alternatives at that time • Significant extensions imply a major re-write • eID successfully authenticates central services • RamCT, ARIESweb, VPN, etc. • And departmental apps as well • Preview CSU, Parking Services • eID’s 2 primary authors have left the University IAM Presentation

  4. The Question • Is eID the IAM solution to carry CSU into the future? IAM Presentation

  5. The Process • Conducted 20 face-to-face interviews with campus “stakeholders” • Conducted an informal survey for additional input from the campus • Attended conferences, seminars, webinars, and spoke with other institutions about their solutions IAM Presentation

  6. Key Findings • CSU has relationships with far more than students, faculty and staff • An IAM solution must also accommodate: • Visiting scientists • Collaborative research partners • Community patrons at the library • Development Opportunities • Contractors • Facility access control (safety issues) • Many others IAM Presentation

  7. Key Findings (Cont’d) • Legislation requires protection of: • Student information • Health information • Financial information • Credit Card Info (PCI DSS) • Personally identifiable information • Who has access to this information? • How is it controlled? • How, and by whom, is it reviewed? IAM Presentation

  8. Key Findings (Cont’d) • eID was not designed to do authorization • Several departments have “rolled their own” • eID has only rudimentary auditing capabilities • eID is not sufficiently extensible • Need more granularity than just “associates” • The most difficult issue may be the development, implementation and management of access and authorization policies IAM Presentation

  9. Key Findings (Cont’d) • CSU is implementing innovative research and education initiatives for a 21st–century, dynamic global economy • Super Clusters • School of Global Environmental Sustainability • Collaborative participation in Kuali Development (Financial and Research) • We must provide the underlying support infrastructure (including IAM) that supports these activities IAM Presentation

  10. Key Findings (Cont’d) • Examples of requests we cannot fulfill • Parent access to student accounts, other records • Additional information to support development efforts • Participation in National federated identity initiatives • Multiple levels of assurance when issuing identities • Good reporting tools for authorization and access • Grant appropriate levels of access to a wide variety of “guests” • Several others IAM Presentation

  11. Observations • This may sound like an IT initiative, but it is not! • Identity and Access Management is something that affects every College and Administrative Unit on the campus • The only way to ensure a successful outcome going forward is for representatives from each of the key areas to participate in the process • This is one of the principal lessons learned from other sites who have traveled this road IAM Presentation

  12. Recommendations • IAC should recommend to ITEC that the University begin the process of replacing eID with an extensible and scalable IAM solution. • Reiterate that this is not an IT initiative • All campus stakeholders have indicated a willingness to engage in this activity • Anticipated to take about 24 months to complete • Wise investments in the future usually reap substantial rewards IAM Presentation

  13. Thanks • To everyone who has participated in our recent discovery process, and • To those who offered to continue contributing in the future should this activity proceed to the next level IAM Presentation

  14. Questions • Are most welcome IAM Presentation

More Related