plans and progress for identity management n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Plans and Progress for Identity Management PowerPoint Presentation
Download Presentation
Plans and Progress for Identity Management

Loading in 2 Seconds...

play fullscreen
1 / 17

Plans and Progress for Identity Management - PowerPoint PPT Presentation


  • 121 Views
  • Uploaded on

Plans and Progress for Identity Management. Updates from member institutions of the APAC Identity Management Working Group. Identity Management Working Group. Create a forum for inter-institutional discussion of identity management issues.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Plans and Progress for Identity Management


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Plans and Progress for Identity Management Updates from member institutions of the APAC Identity Management Working Group

    2. Identity Management Working Group • Create a forum for inter-institutional discussion of identity management issues. • Collaboration and exchange of information between BCNET member institutions, other provincial post-secondary educational institutions and provincial and federal public sectors, including government and health care authorities. • Eduroam and Shibboleth technologies

    3. SFU – Jeremy Rosenberg CAS LDAP PeopleSoft Web Server Amaint Account Provisioning UDD Shibboleth Eduroam Mail Lists WebCT AD Zimbra

    4. SFU – Jeremy Rosenberg Current Identity Management Activities • Perpetual access for former staff and students • Shibboleth integration with BCCampus • Security protocol discussion and policies around compromised accounts • Move from MaillistACLs to Grouper • Collaborating on OpenRegistry project • Zimbra customization • Web Services via XML gateway • ERP integration upgrades

    5. U of Victoria – Corey Scholefield

    6. U of Victoria – Corey Scholefield Last Year Access Management • Launched “Sign In to UVic” Single Sign-On service • Enhancements for online retrieval of T2202 forms for former-students • ERP Refresh: Banner 8 upgrade, uPortal deployment • Sun Identity Manager upgrade to version 8.1 • Deployed new accounts-provisioning for Facilities Mgmt. “FAMIS” system • Active-Directory course-enrollment groups • Updated Employee-to-Department roles & affiliation implementation Identity Management • Duplicate identity consolidation in Banner: ongoing

    7. U of Victoria – Corey Scholefield In Progress Access Management • “Sign In to UVic” service upgrade: upgrade CAS SSO to latest version • Enhancements to Sun Identity Manager deployment • New role for Sessional Instructors • Guest ID Sponsorship system • Enterprise LDAP integration for departmental Unix systems • Project initiation on UVic Shibboleth Identity Provider deployment • Continue deprecation of home-grown Identity Registry • Strengthen reporting around access rights to ERP systems + streamlined account de-provisioning Identity Management • Standardized Email Addressing (fname.lname@uvic.ca)  • Generated usernames assigned to UVic applications, for Banner-based application-status tracking

    8. U of Victoria – Corey Scholefield Upcoming Access Management • Enterprise Username and Password management: NetLink renewal • Replace Banner baseline common-matching to reduce duplicate-ID creation Identity Management • Upgrade to Sun/Oracle Enterprise Directory (LDAP) Server • Replacement for Sun Identity Manager • System Upgrades: Exchange 2010, Facilities FAMIS, Athletics CLASS • LDAP-based course-enrollment groups • Grouper

    9. U of Victoria – Corey Scholefield Challenges • Demand-management, project prioritization • Social-media digital identity integration • Enterprise identity eligibility • Privacy: balancing privacy compliance needs & rate of innovation

    10. BCIT– Leo de Sousa Present Banner ~850k accounts in AD Share Point Citrix Outlook / Exchange Luminis DB triggers Custom scripts Email (Notes) OneCard Manual entry D2L Wireless CAS Apps Book store Raiser’s Edge Active Directory Innopac Imaging Web apps Lab PCs Admin PCs Macs

    11. BCIT– Leo de Sousa Future Banner ~40k accounts in AD BEIS Triggers ~810k accounts in AD LDS Luminis FIM 2010? Share Point Citrix Outlook / Exchange OneCard D2L Wireless CAS Apps Raiser’s Edge Active Directory AD LDS Imaging Innopac Web apps Book store Lab PCs Admin PCs Macs

    12. BCIT– Leo de Sousa • Future • Custom script replacement • Triggers are replacing custom scripts • Real time updates from Banner to AD • Data transfer is secured via certificates and SSL • Encrypted and complex passwords • Banner 8 was installed in August 2010 • Minimum password length was increased from 6 characters to 8 characters • Self-serve password resets • Reduced calls to help desk • Improvements to Banner Self Serve web site • Better security questions • Use of external email addresses

    13. BCIT– Leo de Sousa • Future • FIM 2010 is coming • Ad hoc group self management • Self serve password resets integrated into Windows logon • Single/Reduced sign-on • AD LDS used for authentication of non-current users (alumni) • AD used for authorization of current users

    14. UBC– Doug Gregg Last year • IAM-enabled enterprise Active Directory deployed • Shibboleth 2.2 / SAML 2.0 implemented • New installations • Gradual replacement of custom authentication solution • Refined identity repository • 450,000 identities – includes faculty, staff, students, alumni, community identities • Higher quality data, more accessible • Strategic Grouper deployment • All identities above can be members of groups • Concept of Service (resource), Clients (department) and members (users) • Data configuration to allow delegated management to “edge” departments • Integration model defined • Internal AD-aware, web applications • External web ,LDAP-aware applications

    15. UBC – Doug Gregg In progress • IAM core development • Integration engine (standard approaches  publish / subscribe / ESB) • “Person hub” for self-management of identity information • Extension of the person hub metaphor into a communications switchboard • User handles • Channels available • Subscriptions – handle/channel associations • Account management capabilities • Service selection based on entitlements • One-time password management • Account elevation / deprecation • Alias management • Administrative UI • Identity repository data clean up • Removal of account typing • Additional of level-of-assurance (LoA) • Password strengthening • Challenge question strengthening • Username recovery strengthening • Personal merges • Identity and access integration for key systems • Door control • Key control • Access cards • Student systems • Instructor/room scheduling • HRMS • IT Service Management • Library • Facilities management • Financials • Learning management systems

    16. BC Campus– Randy Bruce • Last Year • Custom script CAS in place to all services • Shibboleth pilot commenced with SFU

    17. BC Campus– Randy Bruce • This Year • De-commission uPortal • New login: CAS/Shibboleth • Shibboleth with SFU in production • Facilitate institutional discussions regarding privacy and federated identity