1 / 38

An Integrated Framework for Identity and Access Management (IAM)

An Integrated Framework for Identity and Access Management (IAM). RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting May 3, 2005, Arlington, VA. Session overview. Integration: IAM and applications (Keith) Drivers & requirements (RL “Bob”)

rademacher
Download Presentation

An Integrated Framework for Identity and Access Management (IAM)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Integrated Framework for Identity and Access Management (IAM) RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting May 3, 2005, Arlington, VA

  2. Session overview • Integration: IAM and applications (Keith) • Drivers & requirements (RL “Bob”) • From talking to doing (Keith again)

  3. I: From Construction to Integration • Construction • Raw materials into systems • Integration • Subsystems into whole systems • Multiple systems into ecosystems • We’re all moving from construction to integration • Let’s review state of middleware systems’ readiness for integration

  4. IAM: Generic Functions

  5. Reflect, Join, and Manage Credentials Enterprise Directory Systems of Record Stdnt Registry LDAP Reflect HR Join Other Manage Credentials

  6. Reflect, Join, and Manage Credentials • Collect bits of identity information in all the relevant IT systems • Use business logic to • Establish which records correspond to the same person • Maintain that identity join in the face of changes to data in collected systems • Assign a unique identifier for cross-system link

  7. Manage Credentials • When to assign, activate credentials • (as early as possible) • Who gets them? Applicants? Prospects? • “Guest” NetIDs (temporary, identity-less) • Reassignment (never; except…) • Please send me a feed… • Argument for WebISO

  8. Manage IAM Info and Provide it via run-time calls or provisioning Apps / Resources Enterprise Directory Central AuthN/WebISO AuthZ Systems of Record Log Reflect AuthN Provision Join Manage Creds AuthZ Manage Groups, Privs.,... Log Provide

  9. IAM functions & big pictures

  10. IAM functions & big pictures Manage Grps Log AuthZ Reflect Provide/run-time Join Credential Manage Privs Provide/provision (AuthN)

  11. Another aspect or perspectiveCourtesy of Mark Poepping, CMU • The User to Service Provider slice across the systems

  12. Another aspect or perspectiveCourtesy of Mark Poepping, CMU

  13. The User to Service Providerperspective

  14. The User to Service Providerperspective

  15. Next-up integration services • Message queuing (pub-sub, point-to-point) • Workflow (business process orchestration) • Policy info mgmt • Policy decision point • Service Oriented Architecture (SOA) as current buzz-word for the overall vision • The vision will outlast the name

  16. Middleware -- Application Integration • ERPs • SAKAI • uPortal • …

  17. IAM and Application Integration

  18. Inter-institutional integration • Virtual Organization (VOs) • Federations • League of Federations

  19. Part II: Drivers & Requirements

  20. Part III: Doing Integration: Service Oriented Architecture (SOA) • Goals • What software is deployed during an integration, where and how is it deployed? • What development is needed to accomplish an integration? • What is the development / deployment process? • How is the installation managed, maintained and expanded? • How do individual integrations work together to form an infrastructure?

  21. Service Oriented Architecture (SOA) Migration Strategy • Courtesy of Jim Phelps, Architect • U Wisconsin System Initiative • Common Systems Interoperability Architecture Working Group (CSIAWG)

  22. Migration Strategy - SOA • Organization - Change Management • Process - Business Process Analysis • Information - Enterprise Data Definitions • Infrastructure - Architecture and Technology • Vendors – Fill the Gaps

  23. Migration Strategy - SOA • Organization - Change Management • Culture shift from data to services • Staff Training and Support • New Expertise • Service Interface Designer(2) • Service Library Manager(2) • Integration Competency Centers(3)

  24. Integration Competency Center

  25. Migration Strategy - SOA • Organization - Change Management • Culture shift from data to services • Staff Training and Support • New Expertise • Service Interface Designer(2) • Service Library Manager(2) • Integration Competency Centers(3)

  26. Migration Strategy - SOA • Process - Business Process Analysis • Prioritization -Most Pain, Most Gain • Define/Document Business Processes • Look for optimization opportunities • Data needs (timeliness, availability, etc) • Use disruption to your advantage

  27. Migration Strategy - SOA • Information - Enterprise Data Identification • Let the Business Process Analysis drive the data definitions. • Don’t build a complete dictionary • Start with the most needed definitions • Build on standards

  28. Migration Strategy - SOA • Infrastructure - Architecture and Technology • Gap analysis - what pieces are missing • Architecture Analysis • Business Process Analysis and Enterprise Data Identification lead the efforts.

  29. Migration Strategy - SOA • We want to fix this business process. • It needs data and services to/from these systems. • We need these adaptors and data stores. • We need these technologies to deploy these services.

  30. Migration Strategy - SOA • Vendor - Evaluation to fill gaps • Business Process Analysis • Enterprise Data Identification • Data Definitions / schema development • Service Design • Technology Gaps

  31. Migration Strategy - SOA Always ask “is the request for data really a request for service”

  32. Roadmap to SOA UW System Level Business Application Level Campus Level

  33. Roadmap to SOA • Integration Competency Center ( ICC ) • Registry • Establish Governance • Development Standards • Common Tools UW System Level

  34. Roadmap to SOA • Analysis of Interfaces • Analysis of Business Processes • Reduction of Interfaces • Schema Definitions • Migration to Services Business Application Level

  35. Roadmap to SOA • ICC • Take advantage of disruption • Analysis of Business Processes • Reduction of Interfaces • Migration to Services Campus Level

  36. References • Enterprise Application Integration, Revere Group Presentation June 26, 2003 • Service-Oriented Architecture, A Field Guide to Integrating XML and Web Services, Thomas Erl • Introduction to Integration Competency Centers, Darwinmag.com http://www.darwinmag.com/read/070104/integration.html • Enterprise Service Bus, David A. Chappell • ICC - The Fab Five - Competency Center Models and core skill sets, CIO Magazine http://www.cio.com/archive/110104/office.html

  37. References • OASIS on Tuesday is announcing the formation of a technical committee that will develop a reference model to provide clarity on the definition of an SOA, said Duane Nickull, chairman of the new OASIS SOA-RM (Reference Model) Technical Committee and senior standards strategist at Adobe. -- Infoworld, May 03, 2005

More Related