1 / 15

Identity Management at Virginia Tech

Identity Management at Virginia Tech. CTSSR Annual Meeting August 7, 2013 Identity Management presentation Karen Herrington. What is Identity Management? Why is it Important at Virginia Tech?. Who are you and what can you do?

moanna
Download Presentation

Identity Management at Virginia Tech

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Management at Virginia Tech CTSSR Annual Meeting August 7, 2013 Identity Management presentation Karen Herrington

  2. What is Identity Management? Why is it Important at Virginia Tech? • Who are you and what can you do? • Increasingly, interactions with users take place electronically rather than in person • Being asked to provide online services to a broad audience – not just employees and students • Safety and Security– we must know who is accessing our resources – safety, legal, financial, reputational ramifications

  3. IMS Manages Electronic Identities • Over 800,000 electronic identities • ~40 defined affiliations • An affiliation describes an individual’s connection or association with the university • Affiliations are programmatically derived or assigned based on the information present in the system about the individual • Useful for making authorization decisions

  4. Student/Alumni Affiliations(Numbers as of July 2013) • VT-STUDENT-ENROLLED 4309 • VT-STUDENT-FUTURE 26813 • VT-STUDENT-RECENT 33145 • VT-STUDENT-WAGE 6634 • VT-STUDENT 355882 • VT-ALUM 253719 • VT-ALUM-CONSTITUENT 556147 • VT-ALUM-FRIEND 91787 • VT-ALUM-PARENT 198103

  5. Employee Affiliations • VT-EMPLOYEE-EMERITUS 759 • VT-EMPLOYEE-LEAVE 148 • VT-EMPLOYEE-NON-STATE 1223 • VT-EMPLOYEE-PREHIRE 1384 • VT-EMPLOYEE-RETIREE 4427 • VT-EMPLOYEE-STATE 7415 • VT-EMPLOYEE-TEMPORARY 533 • VT-EMPLOYEE-WAGE 3021 • VT-EMPLOYEE-FORMER 83726 • VT-FACULTY 4427  • VT-STAFF 5930  • VT-EMPLOYEE 12925

  6. Others • VT-ACTIVE-MEMBER17316 • VT-GUEST 106992 • VT-AFFILIATE-LCI 2168 • VT-AFFILIATE-TEMPORARY 2939

  7. VCOM/Carilion Affiliations • VCOM-ALUM 1086 • VCOM-AFFILIATE 3 • VCOM-ACTIVE-MEMBER 1071 • VCOM-EMPLOYEE-FORMER 90 • VCOM-STUDENT-ENROLLED 846 • VCOM-EMPLOYEE 225 • VCOM-STUDENT-FORMER 164 • VCOM-STAFF 92 • VTC-ACTIVE-MEMBER 211 • VTC-EMPLOYEE 36 • VTC-STUDENT-ENROLLED 175

  8. Non-State, Affiliate-Temporary VT-EMPLOYEE-NON-STATE 1223 VT-AFFILIATE-TEMPORARY 2939 • Federal employees • Foundation • Bookstore • VT Inn • Summer Campers • State Auditors • Supervisors of VT employees • CRC employees • Undergraduate researchers • Northern Virginia Consortium Architecture students • Korean engineers attending 6-month seminar in Arlington • Contractors working on long-term projects • “Guest” faculty

  9. Two Sizes Don’t Fit AllAffiliate-Temporary (XS) Non-State (XL) • No standard way to enter • Varying amounts of identity information • Varying needs and entitlements to VT resources and services • Some need “student-like” access, some need “employee-like” access, some need only select services • Length of time access is needed varies • No reliable way to deprovision Non-State

  10. Affiliate System • One Stop Shop • “Smart” entry interface • Support both employee-like and student-like access • Workflows including approvals • Potentially feed other systems such as Banner

  11. GIS Authorization Model • Proof of concept authorization model • Joint project with CGIT • CGIT grad student – presentation layer • IMS grad student – authorization layer • GeoServer - open source software server for sharing and editing geospatial data • CAS - authentication • Entitlements – authorization

  12. Entitlements • Assigned to individuals • Way of expressing access rights • Flexible, customizable • Can enable granular authorization • Can be easily provisioned/deprovisioned – expiration dates

  13. Entitlements • User_role/authorized_locality/data_layer • Individual1: VT Police/Blacksburg/buildings • Individual1: VT Police/VT Campus/building interiors • Individual2: VT building manager/VT Campus/buildings • Individual2: VT building manager/VT Campus/Burruss Hall interior • Individual3: Contractor/VT Campus/Pamplin Hall interior **(expires in 2 weeks) • Individual4: VT Emergency Mgt/Blacksburg/buildings • Individual4: VT Emergency Mgt/VT Campus/building interiors • Individual4: VT Emergency Mgt/VT Campus/underground utilities

  14. Questions?

More Related