One Fish Two Fish An Intro to Grouper
|
|
- Frank Mosley
- 6 years ago
- Views:
Transcription
1 One Fish Two Fish An Intro to Grouper Bill Thompson CISSP, Director IAM, Unicon Shilen Patel, Senior IT Analyst, Duke University June 10-15, 2012 Growing Community; Growing Possibilities
2 About Bill 395 days - Director, IAM Practice, Unicon IAM Practice, CAS/Shib/Grouper, CAS Steering Committee, CAS 3.5 Roadmap, CISSP 2.5 years - Senior Associate Director, Princeton University.NET CAS Client, Enterprise WebSSO Strategy 6 years - Associated Director - Rutgers University myrutgers (uportal 2/3), Jasig CAS Project, uportal Release Engineer, Jasig Board of Directors 2
3 About Unicon Trusted Partner since 1993 Expertise in Open Source Software for Education Professional Services for uportal, Sakai, CAS, Shib, Grouper, and soon Student Success Plan Innovative Cooperative Support Program 3
4 Agenda Why Grouper? History Concepts, Architecture & Components Grouper in What s Next Questions & Comments 4
5 5
6 Why have an access management strategy? Lower cost and time to deliver a new service Simplify and make consistent by using the same group or role in many places Physics 101 Course Group Group Wiki Access Lab Reservations 6
7 Access management stages: 1. Start out using a single user attribute, affiliation, in LDAP or Active Directory. This lets services implement simple access policies. Affiliation Service student faculty staff Staff portal guest 7
8 Access management stages: 2. Enrich & centralize access management with groups determined from systems of record Courses, financial accounts, departments Define service-specific access policies in the centralized access management system Math Faculty Group can access Math Faculty Resources 8
9 Access management stages: 3. Get central IT out of the loop Distributed management Exceptions Departmental applications Math Faculty Group Math Support Group + can access Math Faculty Resources 9
10 Access management stages: 4. Increase integration of access management Direct integration with applications using web services SOAP/REST/ESB Roles & privileges to support applications more deeply For Math Department, while John works there HR Admin Role 10
11 Why Grouper? Authentication, WebSSO is not enough Lots of apps, lots of groups Identities -> Groups -> Roles/Permissions IAM Maturity Cloud enablement Distributed management Security, Efficiency, Agility 11
12 History Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 - December December September March targeted for early
13 Contribution organizations, so far... Internet2 / JISC Brown University California Polytech Cardiff University Campus Crusade for Christ International Cornell University Duke University Freie Universität Berlin GIP RECIA LIGO Newcastle University Northern Arizona University Ohio State University SURFnet University of Bristol University of Chicago University of Kansas University of Memphis University of Pennsylvania University of Washington University of Web Bohemia 13
14 14
15 15
16 16
17 17
18 18
19 Grouper Core Concepts 19
20 Grouper Core Concepts Folders in hierarchies Group Direct members Subgroup Indirect members = U Composite groups 20
21 Security & Delegation Create groups Create subfolders Admin Update membership Read membership View group Opt-in Opt-out Delegation 21
22 Beyond groups... Attributes Roles Permissions Attribute definition Permission definition Role inheritance Delegation model extends that for Groups 22
23 Access management lifecycle Membership start & end times (optional) Move or copy folders, groups, etc User audit Point in time audit Rules 23
24 UChicago VPN access vpn:authorized Core business systems eligible IdM system = staff student postdoc IRB IRB Office denied closure locked IT Security Team Different groups, different authorities VPN only uses vpn:authorized 24
25 UChicago Grouper managed Apps aams Ad Astra Bulkmail Business Objects Enterprise Chalk CityRyde Cmail cnet Confluence Directory Administration dmca Facilities SIMS gnetid grouper Service Now sharepoint shibboleth statements portlet SVN tank unifiedcomm versions virtualization voip vpn web hosting webproxy webshare webspace wireless 25
26 Google Apps* Any SaaS Applications Shibboleth IdP Grouper Plugin Kuali Rice Grouper Plugin Atlassian Jira Confluence Grouper Plugin LDAP/AD Provisioning Service Provider Delegation Rules Web Services REST/SOAP Applications Grouper Client Person Registry Subject API JNDI/JDBC Subjects Groups Roles Permissions Policy Audit Change Log Notifications XMPP/HTTP ESB Grouper Loader Web UI Grouper Shell Systems of Record LDAP/AD * PSP connectors may be needed Groups, Roles and Permissions Management Grouper Admin 26
27 Grouper in 27
28 Contents Background Architecture Naming Provisioning Dynamic Groups Courses and other collaboration groups Active Directory Permissions 28
29 Background Started in 2006 with Grouper v0.5. No existing group management system centrally. Existing attributes were not enough for authorization. Though when they were, they were complicated. 29
30 30
31 Nagios monitors Grouper WS DB is a single point of failure. 31
32 Naming duke:employees - institutionally managed groups based on employee data. duke:orgs - organizational hierarchy. duke:resources - used to store resources in Grouper primarily to manage external resources. duke:siss - course enrollments 32
33 Naming (continued) duke:users - user specific groups duke:<department> - separate folders for each department using Grouper, such as OIT, Library, and Law. Department specific dynamic groups Department specific user managed groups. Sub-folders for app-specific or sub-dept. 33
34 Provisioning 34
35 Provisioning Provisioning at least one LDAP directory in near real-time since Incremental only. Bulk seems very expensive, so we try to make incremental reliable. Custom change log before Grouper had a change log. Keeps track of which consumers have processed which change. Daily retries. 35
36 Provisioning (continued) Target systems OIM - used to provision resources Active Directory - applications specifically designed to use AD. Service Directories - legacy, original LDAP provisioning. 36
37 Provisioning (continued) Target systems Util Directories - non-ad, fast, limited data. Authentication Directories - Shibboleth IdP. 37
38 Dynamic Groups 38
39 Dynamic Groups OIM maintained using custom connector. Connector knows which Grouper group are dynamic based on Grouper group type. Grouper has definition of the groups. Connector knows which attributes are involved in dynamic groups. 39
40 Dynamic Groups (continued) When an attribute of a person changes: Connector finds relevant dynamic groups. For each one, determines if the person should or should not be in the group. For each one, determines if the person is in the group or not. Makes changes using Grouper WS if needed. 40
41 Dynamic Groups (continued) OIM retries failures every day. Manually run sync script. Real-time. 41
42 Courses and other collaboration groups 42
43 Courses Get course files from source system every day. Diff with previous file and update Grouper. Accounts for 90%+ of our groups. For each course, automatically creates groups for students, instructors, and TAs. 43
44 Toolkits Allows students and employees to create online communities. Communities based on courses or other ad-hoc groups. Allows instructors and other delegated administrators to define other course groups. visitors, auditors, developers, etc. 44
45 Toolkits (continued) Toolkits maps the various course groups with default permissions in various applications. Ad-hoc communities also have groups associated with permissions. Applications include Sakai, WordPress, Sympa, Confluence, and more. 45
46 Toolkits (continued) 46
47 Creates various groups in Grouper (admin, contrib, viewers, all) Toolkits (continued) 47
48 Toolkits (continued) 48
49 Toolkits (continued) 49
50 Active Directory Permissions 50
51 Initial Environment Used to be in a world where the central Active Directory was manually managed. Passwords in the Active Directory were not in sync with NetID passwords (MIT Kerberos). Departments also had their own Active Directory environments. 51
52 High Level Goals IdM manages user objects for Duke students, employees, and affiliates. One way password sync from MIT Kerberos to Active Directory. Departments need to be able to read and update some user attributes. Departments need to be able to create some objects. 52
53 Solution KDC plugin to sync passwords. Additional integration with ERP to define functional group attribute. e.g. OIT:SSI or TrinityCollege:A&S:Art Org hierarchy in Grouper based on functional group attribute and dynamic groups. Grouper to manage permissions. 53
54 Departmental OUs Chancellor HealthAffairs OU= DukeDepts Financial Services Trinity College DFAS tech svcs Chem A&S Art duke:resources duke:resources:dept_tree duke:resources:dept_tree:trinitycollege duke:resources:dept_tree:trinitycollege:dfas duke:resources:dept_tree:trinitycollege:dfas:techsvcs duke:resources:dept_tree:trinitycollege:a&s duke:resources:dept_tree:trinitycollege:a&s:chem duke:resources:dept_tree:trinitycollege:a&s:art duke:resources:dept_tree:financialservices duke:resources:dept_tree:chancellorhealthaffairs Map Departmental OUs in AD onto Grouper Resources in One Hieararchy 54
55 People OUs OU= DukePeople Financial Services DFAS Trinity College A&S Users duke:resources:people_tree duke:resources:people_tree:trinitycollege duke:resources:people_tree:trinitycollege:objectclass duke:resources:people_tree:trinitycollege:unixloginshell duke:resources:people_tree:trinitycollege:unixhomedirectory tech svcs Users Chem Art Users duke:resources:people_tree:trinitycollege:users duke:resources:people_tree:trinitycollege:users:objectclass duke:resources:people_tree:trinitycollege:users:unixloginshell duke:resources:people_tree:trinitycollege:users:unixhomedirectory Users Users Users duke:resources:people_tree:trinitycollege:a&s etc... Map (User OUs x Attributes) onto Grouper Resources in Separate Hierarchy 55
56 Departmental Roles it_nonmanagers (dynamic) it_managers (dynamic) ad_manager (explicitly defined with includes/excludes) ad_admins (explicitly defined with includes/excludes) 56
57 Mapping Permissions Express AD Access Rights as Grouper Perms (subject,action,resource) (duke:orgs:oit:ssi:ad_admins,action_full, duke:resources:ad:dept_tree:oit:ssi) (OIT:SSI AD Admins have full rights in DukeDepts\OIT\SSI [recursively]) (duke:orgs:oit:ssi:ad_admins,action_readwrite, duke:resources:ad:people_tree:oit:ssi:unixhomedire ctory) (OIT:SSI:AD Admins have read-write access to the unixhomedirectory attribute in DukePeople\OIT\SSI [recursively]) 57
58 Web UI Manager view to manage OU=DukePeople 58
59 Future Upgrade from 1.5 to 2.1. Changes to provisioning strategy. PSP? Additional subject sources More with permissions High availability Privacy and subject filtering 59
60 Grouper Roadmap Release Item Description 2.2 New Grouper UI Provide new UI capabilities that better meet community needs Services in Grouper Improved Grouper configuration On-going Grouper Core On-going Community contributions Tag objects in Grouper so that folders, groups, permissions can be associated with a "service to make it easier for users to perform tasks in Make Grouper more easily deployable and upgradeable across environments with cascaded config files and expression language in config file Continue adding capabilities to meet requirements from the field. Solicit and publicize community contributions of extensions and complements to Grouper. 60
61 Resources Grouper Project Grouper demo server: 61
62 Thanks! Bill Thompson CISSP, Director IAM, Unicon Shilen Patel, Senior IT Analyst, Duke University 62
Grouper Working Group
Grouper Working Group Agenda Internet2 IPR, agenda bash" Grouper v2.0 in brief" Whoʼs using Grouper? Survey take aways" Focus on v2.x: current plans & discussion" Grouper & OSIdM4HE" Your items " 2" October
More informationDelegated Access Control in AD using Grouper
ERP IDM MS-AD Grouper Java Web UI Admin Admin Authority Manager Admin Delegated Access Control in AD using Grouper Rob Carter, Duke University Shilen Patel, Duke University History How did it ever come
More informationOpen Apereo Grouper in Action Access Management Strategies for Higher Education and Research. 100% Open for Education
Open Apereo 2016 100% Open for Education Grouper in Action Access Management Strategies for Higher Education and Research Chris Hyzer, University of Pennsylvania Bill Thompson, Lafayette College Jeff Pasch,
More informationPlease note: you will not hear any audio until the session begins
IAM Online Get Schooled on Grouper 2.0 Wednesday, September 14, 2011 3 p.m. ET Tom Barton, University of Chicago Chris Hyzer, University of Pennsylvania Please note: you will not hear any audio until the
More informationGrouper after Groups Enabling Net+ Services with PAP, PEP, and PDP...Oh My!
Grouper after Groups Enabling Net+ Services with PAP, PEP, and PDP...Oh My! October 3rd, 2012 Bill Thompson IAM Architect, Unicon Chris Hyzer Grouper Developer, University of Pennsylvania Grouper after
More information1- Nov- 2010, Fall Member Mee2ng Chris Hyzer, Grouper developer
1- Nov- 2010, Fall Member Mee2ng Chris Hyzer, Grouper developer Rules Federated users CMU permissions users uportal integra2on Demo of Penn Grouper/Rice workflow 2 11/2/10, 2009 Internet2 4 11/2/10, 2009
More informationSupporting a Widely Deployed Campus Shibboleth Implementation
Spring 2012 Internet2 Member Meeting April 25, 2012 Supporting a Widely Deployed Campus Shibboleth Implementation Russell Beall, University of Southern California Brendan Bellina, University of Southern
More informationTom Barton, Keith Hazelton, Bill Yock. Strategies for Accelerating Identity and Access Management (IAM) in Higher Education
Tom Barton, Keith Hazelton, Bill Yock Strategies for Accelerating Identity and Access Management (IAM) in Higher Education Three Speeches for the Price of One! Tom Barton Global Access Services for R&E
More informationIAM Project Overview & Milestones
IAM Project Overview & Milestones TABLE OF CONTENTS IAM PROJECT SUCCESS FACTORS 3 PROJECT SCOPE 3 IN SCOPE 3 OUT OF SCOPE 4 IAM NOW VS. FUTURE 5 IAM NOW 5 IAM IN THE FUTURE 7 IAM PROJECT END STATE 8 ACCESS
More informationAgenda mabc. 2 10/12/09, 2009 Internet2
Agenda mabc Welcome, IP, agenda bash [] Community news University of Washington UI demo [] Roadmap [] EffecBve memberships & performance of v1.5 schema [] Moving & copying groups and folders [] Audit overview
More information26- April- 2010, Spring Member Mee4ng Chris Hyzer, Grouper developer
26- April- 2010, Spring Member Mee4ng Chris Hyzer, Grouper developer XMPP integra4on XMPP and the Grouper loader XMPP and the Grouper client Kuali Rice integra4on Rice groups Rice subjects Automa4c workflow
More informationThe Future of Indoor Plumbing. Dr Ken Klingenstein Director, Internet2 Middleware and Security
The Future of Indoor Plumbing Dr Ken Klingenstein Director, Internet2 Middleware and Security Topics The Work So far Indoor, policy-based plumbing IdM in the enterprise Inter-realm and inter-institutional
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationIAM for Workday: How to Embrace an 800 Pound Gorilla. Michael Brogan & Jonathan Pass UW-IT, Identity & Access Management
IAM for Workday: How to Embrace an 800 Pound Gorilla Michael Brogan & Jonathan Pass UW-IT, Identity & Access Management 10-7-2015 Background IAM Integrations Parting Thoughts Questions Agenda 2 Background
More informationOracle Identity Manager 11gR2-PS2 Hands-on Workshop Tech Deep Dive Provisioning and Reconciliation
Oracle Identity Manager 11gR2-PS2 Hands-on Workshop Tech Deep Dive Provisioning and Reconciliation atul.goyal@oracle.com Principal Product Manager, Oracle Identity Governance Provisioning Oracle Confidential
More informationHigher Education - Key IAM Components and Requirements
Higher Education - Key IAM Components and Requirements 3. 4. 5. 6. 7. 8. 9. 10. 1 1 13. 14. 15. 16. 17. 18. Creating Digital Identities - ID Match Manage Digital Identities - Self-Service Manage Digital
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationMinnesota State Colleges and Universities
Minnesota State Colleges and Universities Appropriate and Acceptable Use by System Office Staff Fall 2015 Click to view recording The Minnesota State Colleges and Universities system is an Equal Opportunity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: British Columbia Institute of Technology Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation
More informationMicrosoft SharePoint Server 2013 Plan, Configure & Manage
Microsoft SharePoint Server 2013 Plan, Configure & Manage Course 20331-20332B 5 Days Instructor-led, Hands on Course Information This five day instructor-led course omits the overlap and redundancy that
More informationThe Role of Standards and Open Source Software in Student Information Systems
The Role of Standards and Open Source Software in Student Information Systems Jerald Bracken jeraldbracken@gmail.com April 4, 2012 AACRAO SPEEDE Committee Open Source: software whose source code is published
More informationCollaboration & Commitment
Collaboration & Commitment The keys to successful delivery of IDM at the University of Greenwich Joshua Fry Head of Infrastructure Information & Library Services j.fry@gre.ac.uk Past Present & Future The
More informationIBM Tivoli Identity Manager V5.1 Fundamentals
IBM Tivoli Identity Manager V5.1 Fundamentals Number: 000-038 Passing Score: 600 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ IBM 000-038 IBM Tivoli Identity Manager V5.1 Fundamentals
More informationIdentity & Access Management: Changes for FAS and Beyond. May 6, p.m. FAS Standing Committee on IT Barker Center Plimpton Room
Identity & Access Management: Changes for FAS and Beyond May 6, 2015 12 p.m. FAS Standing Committee on IT Barker Center Plimpton Room Agenda The Vision for Harvard Identity & Access Management Business
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More information1 The intersection of IAM and the cloud
1 The intersection of IAM and the cloud Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Theory, practice, pros and cons with a focus on enterprise deployments of IAM and cloud
More informationAt Course Completion: Course Outline: Course 20742: Identity with Windows Server Learning Method: Instructor-led Classroom Learning
Course Outline: Course 20742: Identity with Windows Server 2016 Learning Method: Instructor-led Classroom Learning Duration: 5.00 Day(s)/ 40 hrs Overview: This five-day instructor-led course teaches IT
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationInCommon Federation: Participant Operational Practices
InCommon Federation: Participant Operational Practices Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationThe WebLion Project: Bringing Open Source to Educational Institutions
The WebLion Project: Bringing Open Source to Educational Institutions Michael J. Halm and Christian Vinten-Johansen ITS TLT Special Projects Group Open Source in Education Is open source ready for higher
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationWhat is Azure Active Directory (and Why Should I care)?
What is Azure Active Directory (and Why Should I care)? Eric Kool-Brown (kool@uw.edu) Software Engineer UW-IT Identity and Access Management Presented to the Internet2 2018 Technology Exchange Subtitle:
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationTIER ROADMAP UPDATE WORKING TOGETHER TO DEVELOP THE PATH
TIER ROADMAP UPDATE WORKING TOGETHER TO DEVELOP THE PATH Ann West (Internet2) Steve Zoppi (Internet2) James Jokl (University of Virginia) Warren Curry (University of Florida) Topics for Today TIER Overview
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationIAM Problems with managing identities and access of University Guests
IAM Problems with managing identities and access of University Guests Agenda IAM Background / Goals / Status Problem with managing guests accounts Possible solutions IAM Project Success Factors Establishing
More information1 Hitachi ID Group Manager. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications
1 Hitachi ID Group Manager Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Full lifecycle management of groups and memberships. 2 Agenda Introductions. Hitachi ID corporate
More informationThe Shibboleth-enabled WebDAV server used in ESUP-Portail and ORI-OAI projects
The Shibboleth-enabled WebDAV server used in ESUP-Portail and ORI-OAI projects Raymond Bourges TERENA EuroCAMP 14-15 November 2007 Dubrovnik, Croatia Shibboleth-enabled WebDAV server 1) Context Demo (if
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationAAI Tutorial. SWITCHaai Team
AAI Tutorial SWITCHaai Team aai@switch.ch Berne, 5. May 2009 Agenda 1 What is AAI? 2 Demo 3 The SWITCHaai federation 4 5 Technical details behind AAI Summary and Q&A 2 AAI - Key to access them all AAI
More informationPractical Steps Implementing Red Hat Identity Management Solution David Sirrine Senior Technical Account Manager, Red Hat Jerel Gilmer SEC June 29,
Practical Steps Implementing Red Hat Identity Management Solution David Sirrine Senior Technical Account Manager, Red Hat Jerel Gilmer SEC June 29, 2016 Agenda Brief introduction to the Red Hat Identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
1. Canadian Access Federation Participant Information 1.1.1. Organization name: DOUGLAS COLLEGE 1.1.2. Information below is accurate as of this date: November 16, 2017 1.2 Identity Management and/or Privacy
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationSOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES
SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES Todd Haddaway, University of Maryland, Baltimore County Jacob Farmer, Indiana University Dedra Chamberlin, Cirrus Identity 2015 Internet2
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationThe Challenges of User Consent
IAM Online The Challenges of User Consent Wednesday, May 11, 2011 3 p.m. ET Tom Barton, University of Chicago Steve Carmody, Brown University Russell Beall, University of Southern California Tom Scavo,
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationIdentity with Windows Server 2016
Identity with Windows Server 2016 Course 20742B - 5 Days - Instructor-led, Hands on Introduction This five-day instructor-led course teaches IT Pros how to deploy and configure Active Directory Domain
More informationSharePoint Online for Power Users
Introduction This course is designed to bring users up to speed with working with SharePoint as a Power User. The course introduces and the Office 365 ecosystem and teaches basics such as navigating the
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Toronto Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationIT Architecture and Infrastructure Committee
IT Architecture and Infrastructure Committee 9:00-10:30am., February 10, 2017, FAC 228D I. 9:00-9:30 Printing (Eric Hepburn) II. 9:30-10:00 IAM Modernization Program Update (CW Belcher, Rosa Harris, Madia
More information1 IAM Program Launch. 2 Agenda. 3 Introductions. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications
1 IAM Program Launch Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Kickstart an IAM program with discovery of business and IT requirements 2 Agenda Who? Introductions. Why?
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationGrouper Provisioning: Locally & Cloud Bill Thompson, Lafayette College Chris Hyzer, University of Pennsylvania Bert Bee-Lindgren, Georgia Tech
Grouper Provisioning: Locally & Cloud Bill Thompson, Lafayette College Chris Hyzer, University of Pennsylvania Bert Bee-Lindgren, Georgia Tech 2016 Internet2 Introduction to TIER [ 2 ] 2016 Internet2 VPN
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Guelph Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationSOFTWARE DEMONSTRATION
SOFTWARE DEMONSTRATION IDENTITY AND ACCESS MANAGEMENT SOFTWARE AND SERVICES RFP 644456 DEMONSTRATION AGENDA Executive Summary Technical Overview Break User Interfaces and Experience Multi-Campus and Inter-Campus
More informationShibbolizing uportal and a Path for Delegated Authentication with Shibboleth
Shibbolizing uportal and a Path for Delegated Authentication with Shibboleth Tom Barton, Scott Cantor, and Andrew Petro The Ohio State University, University of Chicago, and Unicon, respectively. Jasig
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: McMaster University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Unversity of Regina Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationIT Governance Committee Review and Recommendation
IT Governance Committee Review and Recommendation Desired Change: Approval of this policy will establish Security Standards for the UCLA Logon Identity for anyone assigned a UCLA Logon ID/password and
More informationSharePoint 2019 and Extranet User Manager
SharePoint 2019 and Extranet User Manager Tuesday, June 5, 2018 12:00-1:00 PM http://eum.co (#) Agenda Introductions SharePoint 2019 Announcements SharePoint On Premises Extranets EUM Features and Licensing
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES There is also a glossary at the end of this document that defines terms shown in italics. Participation in the InCommon Federation ( Federation )
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: CARLETON UNIVERSITY Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationM20742-Identity with Windows Server 2016
M20742-Identity with Windows Server 2016 Course Number: M20742 Category: Technical Microsoft Duration: 5 days Certification: 70-742 Overview This five-day instructor-led course teaches IT Pros how to deploy
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationGLBA Compliance. with O365 Manager Plus.
GLBA Compliance with O365 Manager Plus www.o365managerplus.com About GLBA The Gramm-Leach-Bliley Act (GLB Act or GLBA) is also known as the Financial Modernization Act of 1999. It is a United States federal
More informationHorizon Workspace Administrator's Guide
Horizon Workspace Administrator's Guide Horizon Workspace 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationIdentity with Windows Server 2016
Identity with Windows Server 2016 20742B; 5 days, Instructor-led Course Description This five-day instructor-led course teaches IT Pros how to deploy and configure Active Directory Domain Services (AD
More informationPotential for Technology Innovation within the Internet2 Community: A Five-Year View
Potential for Technology Innovation within the Internet2 Community: A Five-Year View Steve Corbató Managing Director, Technology Direction & Development Industry Strategy Council meeting DTW Westin 17
More informationMicrosoft Core Solutions of Microsoft SharePoint Server 2013
1800 ULEARN (853 276) www.ddls.com.au Microsoft 20331 - Core Solutions of Microsoft SharePoint Server 2013 Length 5 days Price $4290.00 (inc GST) Version B Overview This course will provide you with the
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationInternet2 Overview, Services and Activities. Fall 2007 Council Briefings October 7, 2007
Internet2 Overview, Services and Activities Fall 2007 Council Briefings October 7, 2007 Agenda Building Community - Marianne Smith International Partnerships Heather Boyles Middleware and Security - Renee
More information20742: Identity with Windows Server 2016
Course Content Course Description: This five-day instructor-led course teaches IT Pros how to deploy and configure Active Directory Domain Services (AD DS) in a distributed environment, how to implement
More informationRunning Effective Projects In Office 365. June 1, 2017
Running Effective Projects In Office 365 June 1, 2017 Peter Carson President, Envision IT SharePoint MVP Partner Seller, Microsoft Canada peter.carson@extranetusermanager.com http://blog.petercarson.ca
More informationMETHODOLOGY This program will be conducted with interactive lectures, PowerPoint presentations, discussions and practical exercises.
CENTER OF KNOWLEDGE, PATH TO SUCCESS Website: IDENTITY WITH WINDOWS SERVER 2016 Course 20742: 5 days; Instructor-Led INTRODUCTION This five-day instructor-led course teaches IT Pros how to deploy and configure
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationAdvanced Solutions of Microsoft SharePoint 2013
Course 20332A :Advanced Solutions of Microsoft SharePoint 2013 Page 1 of 9 Advanced Solutions of Microsoft SharePoint 2013 Course 20332A: 4 days; Instructor-Led About the Course This four-day course examines
More informationEXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings
EXPERTS LIVE SUMMER NIGHT Close your datacenter and give your users-wings Stefan van der Wiele Robbert van der Zwan TSP EMS Blackbelt TSP EMS Netherlands EXPERTS LIVE SUMMER NIGHT Stefan van der Wiele
More informationCase Study Identity Management at Texas A&M University
Case Study Identity Management at Texas A&M University Susan Neitsch Lead Software Applications Developer, Texas A&M University The Problem: delivering a centralized email service Climate Late 1990s Students
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationEDINBURGH S TELFORD COLLEGE
Table of Contents Executive Summary 1 Background Information 1 Access Management 2 Methodology 2 Project Experience 4 References 4 Executive Summary This case study describes the experiences at Edinburgh
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Royal Society of Chemistry Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationRutgers Connect / O365 - Migration General Kick-Off Town Hall August 5, 2016
- Migration General Kick-Off Town Hall August 5, 2016 Agenda Current Status of Rutgers Connect and Migration Schedule Architecture of Rutgers Connect Migration Steps Other Topics (MDM, Archives, Resource
More informationThe Four A s of Access A practical guide to auditing an access process.
The Four A s of Access A practical guide to auditing an access process. Ken Heskett, University of Michigan Objectives Understand access-related terminology and how you can use this information to help
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP)
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP) GALLAUDET UNIVERSITY Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant")
More informationCA GovernanceMinder. CA IdentityMinder Integration Guide
CA GovernanceMinder CA IdentityMinder Integration Guide 12.6.00 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationUIS Monthly Update May 2015
IT Governance UIS Monthly Update May 2015 Scott Munson 5/19/2015 UIS May 2015 Enterprise Services Update Projects Update era Updates MUNSON IT GOVERNANCE MAY 2015 UIS UPDATE 5/19/2015 2 IT GOVERNANCE MAY
More informationMozy. Administrator Guide
Mozy Administrator Guide Preface 2017 Mozy, Inc. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished under a license
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More information