Identity and Access Management - edu

Identity and Access Management - edu

Penn States Identity & Access Management Initiative Its all about who you know and what you know about them 1 Presentation Overview Brief Introduction to Identity & Access Management (IAM) Concepts Why IAM is important to Penn State Starting Up the IAM Effort

Working on IAM Together Eight Key Recommendations Keeping the Momentum Going 2 IAM Defined An administrative process coupled with a technological solution which validates the identity of individuals and allows owners of data, applications, and systems to either maintain centrally or distribute responsibility for granting access to their respective resources to anyone participating within the

IAM framework. - NYS Forum 3 Three Core Concepts People and Relationships Creation and Management of Identities Access to Data and Applications 4 People and Relationships Different types of affiliations Formal vs. Casual

Multiple affiliations Affiliation life-cycles 5 Creation & Management of Identities Vetting collection and validation of identity information Proofing aligning collected data and matching an actual person Issuance of credentials

ID/password pair ID card 2nd factor token 6 Access to Data & Applications Connecting people to data and services Authentication decisions Knowing who Authorization decisions Affiliation type, status, level of assurance, roles and other attributes.

7 Why IAM is Important to Penn State Four foundational goals Increase collaboration and innovation Improve customer service Increase efficiency Improve security of digital assets and mitigation of risk 8

Real Life Examples New faculty and staff hires face an unmet need to access University systems, to choose benefit options, setup syllabi, and prepare for classes--before they set foot on a Penn State campus. 9 Real Life Examples Distance education students across Pennsylvania, and around the world, face significant challenges in gaining access to

the required online University resources needed for their education. 10 IAM Initiative The Beginning Started With Many Long Walks & Great Discussions 11

Sponsored by Position of Authority Executive Vice President and Provost R. Erickson Vice Provost & CIO Information Technology Services K. Morooney Information Technology Services 12

Co-Leading the IAM Effort Auxiliary & Business Services Information Technology Services 13 Identifying Stakeholders

14

Auxiliary and Business Services College of Agricultural Sciences Commonwealth Campuses Development and Alumni Relations Information Technology Services Intercollegiate Athletics International Programs Office of Human Resources Office of Sponsored Programs Office of Student Aid Office of the Corporate Controller

Office of the Physical Plant

Office of the University Bursar Office of the University Registrar Outreach and Cooperative Extension Penn State Great Valley Penn State Milton S. Hershey Medical Center Privacy Office (Office of the Corporate Controller) The Graduate School Undergraduate Admissions

Office Undergraduate Education University Libraries University Police Services The Invitation We recognize that this is a very broad topic and believe that your organization's participation will be critically important to successfully understanding Penn State's needs, challenges, and future directions in IAM. The individuals representing each area should have a basic understanding of digital identities, knowledge of

the business processes in your area, and an eagerness to collaborate to find a solution that will provide a strategic direction for Penn State and IT. 15 Vice Provosts Initial Charge Develop a Penn State roadmap for Identity and Access Management that can be used to help marshal the energy necessary to get to where we all need to go Establish a community of people and organizations who understand each others pressures, needs,

and desires in identity and access management for the purposes of maintaining and developing as nimble a set of infrastructures possible to facilitate academic, business, and collaborative processes 16 IAM Initiative Logistics

Full Committee Meetings every 6 weeks Deliverables in less than 1 year Education of Committee Members Sub Groups Report back to larger group Shared wiki space Co-leaders meeting with each group Co-Leaders and Sub Group leader meetings 17 IAM Sub Groups Levels of Assurance

Governance and Policy Vetting, Proofing, and Registration Authorities Risk Assessment Lifecycles and Affiliations Provisioning of Access Education and Awareness 18 Eight Strategic Recommendations 19

Strategic Recommendations #1 20 Create a Comprehensive Policy for Identity & Access Management A comprehensive policy, covering all aspects of Identity & Access Management, does not exist today and needs to be developed. This policy framework is crucial for the projects

success. Strategic Recommendations #2 21 Create a Central Person Registry A single centralized person registry is needed to combine identity data records from disparate systems, ensuring the integrity and availability of person records.

Strategic Recommendations #3 22 Streamline Vetting, Proofing, and Issuance of Digital Credentials Significant gains in efficiency could be realized by overhauling the current processes for creating accounts and issuing credentials.

Strategic Recommendations #4 23 Automate the Provisioning (and Deprovisioning) of Access Rights Customer service and security could both be significantly increased by automating the provision of access based on affiliation, roles, and attributes. Strategic Recommendations #5

24 Develop a Plan for Formal Risk Assessment A systematic risk management process is needed to evaluate the technology and information systems that are critical to the Universitys mission. Strategic Recommendations #6

25 Add Level of Assurance Component to Accounts and Access Decisions A more granular approach to account creation and access decisions is needed. A Level of Assurance component will provide this flexibility and is also being required by federal agencies. Strategic Recommendations #7

26 Promote Single Sign-on, Federated Identities, and Better Control of University Digital Credentials Better control of Penn State digital credentials is neededespecially in regards to the use of these credentials with outside agencies, hosted vendor solutions, and other institutions of higher education. Single sign-on and federated identities will provide this control.

Strategic Recommendations #8 Promote Awareness and Education of the Importance of Identity & Access Management Initial awareness and ongoing education is needed to promote understanding of the importance of Identity & Access Management and achieve buy-in from stakeholders 27 Next Steps Awareness and Education Matrix of Use Cases Identify Priorities

Pilot implementing Levels of Assurance Gap analysis InCommon Silver, LoA 2 NIH Applications Strategic Implementation Teams 28 Contact Information Joel Weidner [email protected] Renee Shuey

[email protected] 29 Resources Penn State IAM Initiative http://its.psu.edu/IAM/ The Enterprise Authentication Implementation Roadmap http://www.nmi-edit.org/roadmap/draft-authnroadmap-03/index.html 30

Copyright Renee Shuey & Joel Weidner, March 2008 This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. 31

Recently Viewed Presentations

  • SEMICONDUCTORS

    SEMICONDUCTORS

    Two processes are used: Half-wave rectification; Full-wave rectification. Half-wave Rectification Simplest process used to convert ac to dc. A diode is used to clip the input signal excursions of one polarity to zero. Shockley Equation SEMICONDUCTORS EE 2303 Overview Introduction...
  • World History: Unit 1 - Weebly

    World History: Unit 1 - Weebly

    In this course, we will study the major events and themes of world history. This is a required course for the promotion to 10th grade. To study these things, we will do a variety of lessons. Each will require your...
  • Diapositive 1 - Weebly

    Diapositive 1 - Weebly

    Cette différence de réaction sur le sable ne peut donc être expliquée que par la variation d'une grandeur liant le poids (la force) à la surface de contact, On peut en déduire que La pression est l'application d'une force sur...
  • An Investigation into a Sea Breeze Induced Cross-Shore Flow ...

    An Investigation into a Sea Breeze Induced Cross-Shore Flow ...

    The cross-shore wind stress is significantly correlated to the cross-shore subaqueous velocity with onshore flow near the surface and offshore flow near the bottom. Cross-rotary spectral analysis is used to describe the rotational coherence and phase over the vertical with...
  • Neue Security im z/VSE

    Neue Security im z/VSE

    Aufbau einer Anwendung (8) Bei Bedarf mehrere Jahresdateien zusammen kopieren Werte einzelner Auswertungszeiträume können über einen beliebigen Zeitraum verglichen werden
  • Quantifiers Quiz - photocopiables

    Quantifiers Quiz - photocopiables

    Passive Voice QuizTourismTheme. Touch the correct buttons. www. photocopiables.com. Start the Quiz
  • The Critical Period Hypothesis - University of Miskolc

    The Critical Period Hypothesis - University of Miskolc

    The Critical Period Hypothesis Critical period or critical periods? The basic claim Evidence for L1: feral children Lenneberg, 1967 Bickerston, 1981 L2: L2 learning and acquisition Bialystok, 1997, Singleton & Lengyel, 1995 Feral children Kamala and Amala Genie Aspects of...
  • Komposisi Tubuh (Body Composition)

    Komposisi Tubuh (Body Composition)

    Subscapular (Subscapular Skinfold) 4. Suprailiaka (Suprailiac Skinfold) 5. Mid Axillari (Mid Axillary Skinfold) Asumsi Yang Digunakan Dalam Metode Pengukuran Tebal Lipatan Bwah Kulit (Skinfold) TLBK ---> secara tidak langsung mngukur tebal jaringan adiposa di bawah kulit. Asumsi: 1.