Some IDM Lessons Learned. Chris Phillips – email@example.com, Fall Internet2 - Dec 5th , 2006. About Queen’s University. Full-time enrolment: 20,720 (2005) Academic Staff 2,355 (tenure and tenure track included) Other Staff 2,498 (including medical support staff)
Chris Phillips – firstname.lastname@example.org,
Fall Internet2 - Dec 5th , 2006
No self serve interface for end users!
Can’t distribute admin tools easily
Can’t do delegated administration
Data accuracy issues.(People sometimes have duplicates).
Can’t do externally created sponsored accounts
Sync is nightly, need realtime or near realtime
Accounts are deleted and removals not always replicated out. Audit trail is incomplete
Enabling new data is custom work which is tedious and time consuming. Many opportunities to break in many places
Bussiness logic and “workflow” are sprinkled over many places and need to be refactored to simplify and to centralize tasks/objects.
No challenge questions for passwd reset
Certain changes don’t take effect automatically (uid changes)
Nexus+signet+grouper+a useful workflow tool+gluework betwixt the above+your business logic+glue work to your endpoints
Sun IDM+ your business logic+ customizations to above+glue work to your endpoints
Sun Fed. Manager + AccessMgr./OpenSSOORSun AccessMgr + Shib 1.3
MAMS + Shib 2.0 orShib 1.3+ your SSO
How do you choose? This is a whole topic unto itself best answered by you.A popular approach is to engage prof. services once a ‘winning’ technology is chosen.
Parting thoughts to consider: pre-existing tech. base, team caliber, technology strengths, size, funding, mgmt buy in, long/short term goals, and…and...
Questions, comments, and inquiries welcome!
Project Website: http://wiki.its.queensu.ca/display/IDM/Home
NMI-EDIT IDM readiness checklist: http://www.nmi-edit.org/pdf/mw-idm-readiness-v.3.pdf
Our RFI for an IDM solution: https://qshare.queensu.ca/xythoswfs/webui/_xy-137034_1-t_1XxMZ7lZ