1 / 22

Identity and Access Management

Identity and Access Management. IAM A Preview. Goal. To design and implement an identity and access management (IAM) middleware infrastructure that Improves the user experience Increases our security and audit capability Opens the door to different levels of access. How will IAM help us?.

fritz-calhoun
Download Presentation

Identity and Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity and Access Management IAM A Preview

  2. Goal • To design and implement an identity and access management (IAM) middleware infrastructure that • Improves the user experience • Increases our security and audit capability • Opens the door to different levels of access

  3. How will IAM help us? • Streamlining business processes through workflow • Reducing the need to hire additional technology staff to manage new applications • Supporting collaboration, both internal to and external to the University.

  4. Drivers for IAM • The drivers from both inside and outside the University promoting the implementation of this infrastructure include: • interdisciplinary and inter-institutional research and collaboration • Changing needs of teaching and learning • Fund raising and outreach • Digital library access • Increasing budgetary pressures • Interactions with government agencies

  5. The IAM InfrastructureThe Business Case – 7 Major Outcomes • It will reduce the number of credentials that constituents must know to perform the actions for which they are authorized • It will reduce the implicit denial of service experienced by new members of the University. • Accounts are not currently set up in a timely manner because processes – both manual and automated – may not function properly.

  6. IAM – The Business Case • It will reduce the operational and management overhead of enabling our constituents to perform actions for which they are already authorized and the incremental cost of implementing a new online service. • It will reduce the operational and management overhead of disabling authorization for former constituents (individuals no longer in a relationship with the University) who should no longer have access to University services and resources.

  7. IAM – The Business Case • It will enable the University to quickly modify a constituent’s access permissions as the his/her role, and therefore his/her set of authorizations, change • It will improve the quality of auditing actions across the University by using persistent identifiers common to all applications

  8. IAM – The Business Case • It can provide an environment in which the University’s confidence that the credential presented by someone to perform an authorized action is presented by the person to whom the credential was issued. • By centralizing identity proofing and establishing appropriate policies on how an individual can prove who he says he is. • The middleware infrastructure stores the credential in a secure manner. • Today credentials are stored in a variety of systems, rather than a central one, with sometimes questionable levels of security.

  9. IAM – Benefits • Significant benefits can be reaped from the deployment of an IAM infrastructure • Enhanced Security • IAM reduces the management of user access to a single system • Who is active is deterministic since the identity information about individuals emanates from the University’s key administrative systems • Identity data is stored in a single protected data repository with data encryption and single sign-on capability • Relatively small staff to manage it

  10. IAM – Benefits • Enhanced Security (continued) • Provides a mechanism to express access control policies • Supports authorization services to applications • Supports better logging and audit capability • User login identifiers are identical across systems so we are better able to track activity. • Improves support for after-the-fact audit analyses

  11. IAM – Benefits • Simplified Network and Online Service Access • Enables unified access to multiple applications • Enables initial-sign-on, also called single-sign-on • With initial-sign-on, it is a straightforward step to a campus portal

  12. IAM – Benefits • Economies of Scale • The identity information that is populated into the identity and access management infrastructure comes from administrative systems like the Human Resources and Student Administration systems • Additional identity information will be populated from other systems or interfaces as required. These entries will have explicit expiration dates associated with them.

  13. IAM – Benefits • Provides better application standards around authentication and authorization • Not only are applications using a common directory for identification, but a standard (single) interface to authenticate • Applications will be easier to build, will be more consistent with each other, and provide a common user experience around authentication and authorization

  14. IAM – Benefits • Economies of Scale continued • Provides a unified means of enabling and disabling access to a wide range of online services infrastructure for access control information • It requires more support staff to have each application maintain its own accounts and access privileges • Since all applications authenticate and authorize against the same directories, the training costs are reduced (and users are more comfortable as well) • It is easier to outsource an application that are compliant to our standards since we would not need the vendor to provide access control

  15. IAM – The Proposal • The model that we are pursuing to solve the IAM problem is based on the work of the National Science Foundation Middleware Initiative and Internet 2. • We are committed to an open standards solution. • We are committed to an extensible solution.

  16. IAM – The Proposal • We will address initial sign-on for web applications • We will attempt to address initial sign-on for desktop/client applications • We will address the affiliate user issue and provide mechanisms for adding such users to the database to allow access to only those services that they should receive

  17. IAM – The Proposal • The next slide shows the roadmap for the identity and access management infrastructure for UConn. • This will be adapted as necessary during the project, but is strongly based on the recommended roadmap from the NSF Middleware Initiative.

  18. IAM – Who? • The design of the Identity Management component of the IAM infrastructure will require both technical staff from UITS and functional staff from a variety of areas • The functional staff will provide the business processes by which we can eliminate duplicate identities for the same person, determine the roles we care about, and help us to understand where besides the Human Resources and Student Administration Systems we must look for identities.

  19. IAM – Who continued? • The Identity Management component will also require technical staff with expertise in identity management, programming, and database administration. • The Provisioning Engine will require either a purchased product or some programming staff. This component will also require system and application administrators.

  20. IAM – Who needs to be involved? • The Access Management component requires programmers, system administrators, identity management experts, and application administrators.

  21. IAM – Where do we start? • Our goal is to carve out a manageable piece of this huge project and build for extensibility. • We have initiated a short project to investigate what is available in the market. • RFIs are in – we just got them and we need to start reviewing them.

More Related