Organizing a Campus Change: Planning for Identity and Access Management Improvements at UF
|
|
- Jonas McBride
- 6 years ago
- Views:
Transcription
1 Organizing a Campus Change: Planning for Identity and Access Management Improvements at UF Dr. Mike Conlon Director of Data Infrastructure June 3, 2008
2 University of Florida $2B annual revenue, $518M in grants, $750M state $2B annual revenue health care business Land grant 20 research centers, 67 CEOs #2 in total Fall 2007 student enrollment, 50,576 #4 public university incoming merit scholars $1.5B capital campaign 145 academic departments, 16 colleges
3 University of Florida IT $100M annual spend. 900 IT professionals Central IT reports to multiple vice presidents. $48M Legacy mainframe Student system PeopleSoft HR, Finance, Grants. Cognos BI. WebCT UF Exchange, UFAD HPC, FLR, FCLA College/Unit IT Some at college level. Most at department level. Centers, institutes, research groups Five network providers UF, IFAS, Shands HealthCare, Housing, Health Science Center
4 Identity and Access Mgt (IAM) Identity Associate people with electronic records UFID UF Directory. 1.7M people. Authentication Provide credentials for people to access computer systems. Associate authentication with identity. GatorLink username and password managed in myufl, pushed into PeopleSoft, Active Directory, Kerberos, NDS GLAuth local cookie based WebISO solution Authorization Control access to resources based on attributes of people Affiliations (UF Directory) and roles (PeopleSoft), pushed into UFAD. Declarative authorization: Is person x in group y?
5 IAM at UF
6 Challenges for IAM Security GLAuth has security flaws Platform Support Can not currently support the common platforms Apache and IIS on Linux and Windows WebISO Need a solution to provide Web Initial Sign On across participating sites Declarative Authorization Need a simple tool for units to control access via group membership If x is a y then allow access
7 How to Create Change? Complex technical environment Many systems Many thought leaders Complex managerial environment Many independent units Many competing interests
8 Partnering Evaluation Roles and Responsibilities Implementation Eight Step Change Process Identify the Needs Action Planning Measure Write the Project Charter 8
9 Partnering Using existing governance structures, raise the issue of improvements in IAM. IT Advisory Council Data Infrastructure ITAC Security ITAC UFAD ITAC Academic Identify the key individuals who must plan an execute an improvement
10 Roles and Responsibilities Clarify roles and responsibilities in IAM Across central IT providers Relationship of central IT providers to local IT Presentations at ITAC meetings, UFAD meetings Consistent communication Develop expectations regarding participation
11 Identify Business Needs Two years of discussion Four business needs emerge Symmetric WebISO across enterprise and local apps More environments. Support Windows and Linux. Apache and IIS. Improve Security. Replace existing local cookie based system Use group information for declarative authorization Town Hall presentation for technical community September 2, 2007 Educause CAMP, Tempe, February 3 4, 2008 Shibboleth identified as addressing all 4 needs Form planning team in February 2008
12 Shibboleth Internet2 project with lead site at Ohio State InCommon Trust Federation NSF, NIH, Microsoft DreamSpark, Elsevier, Mobile Campus, many more Federated identity (multiple identity providers) as well as declarative authorization (attribute release) Shibboleth Demo mo.html See
13 Shibboleth Flow
14 UF Shibboleth Flow
15 Shibboleth Planning Team Eli Ben Shoshan, CNS John Bevis, CNS Dr. Mike Conlon, chair Alan Cook, CIO Office Warren Curry, Bridges Tim Fitzpatrick, CNS Rodger Hendricks, AT Mike Kanofsky, UFAD Iain Moffat, CNS Erik Schmidt, UFAD Barb Sedesse, CNS
16 Attribute Release Shibboleth is designed to provide data about users (attributes) to authorized requestors Attribute Release is governed by Attribute Release Policy Attribute Release Policy is associated with an Application (typically a URL) At UF, an application is associated with a Responsible Party via UFID.
17 Attribute Release Control 1. Each Application has exactly one responsible party. A responsible party may have many applications 2. An Attribute Release Policy (ARP) may be assigned to many applications. An application may have more than one ARP. 3. An ARP may release multiple attributes. An attribute may be released via many different policies 4. Many attributes may come from a particular attribute source. Each attribute comes from exactly one source
18 Example of Attribute Release Policy UF_CID release primary affiliation along with a service provider specific identifier. The CID can be used by the service provider as a key to provide persistent access The CID is not the UFID. It is managed by Shibboleth. An application can assume that if a CID value recurs in a subsequent transaction, that it belongs to the same individual CID is not sensitive nor privileged and can be used outside UF. An application such as Mobile Campus could use this policy to verify that the user is a student and then manage preferences within their service for the student based on the CID. Note: The application does not get the user identity!
19 Mike Goes to a Web Site Mike enters a URL for an application using Shibboleth The application is authorized for UF_CID policy and asks Shibboleth for attributes Shibboleth looks to see if Mike is signed on, if not, prompts for GatorLink username and password and verifies via Kerberos Shibboleth then gets Mike s affiliation from Active Directory and computes a CID based on Mike s UFID Shibboleth presents the CID and affiliation to the application Application sees that the user is a student (Mike s primary affiliation) and can record the CID The Application lets Mike in If Mike returns to the site, Shibboleth will compute the same CID for Mike and the application can use the CID to retrieve history and store preferences Note: The Application never learns any protected identity information about Mike
20 Measurement and Assessment 170,000 active GatorLink usernames Attributes in multiple data stores 34 UF affiliations; 7 primary affiliations 465 security roles 5,000 course sections per term Over 1,000 web sites, many with controlled content 5 key enterprise applications ISIS, WebCT, PeopleSoft, Cognos, Mail
21 Write the Charter One Page Shibboleth charter Rationale Goals Sponsor Impact Timeline Written by the planning team March 2008 Vetted through advisory committees April, May 2008
22 Partnering through the Action Plan June 2, 2008 Town hall with IT community June 16, 2008 Early beta testing July 2008 Full beta testing August 2008 Opening day ARP collection September 2008 Production service October 2008 Begin converting enterprise apps October 2009 Remove legacy
23 Reality Check on Business Needs: IAM Opportunities and Shibboleth Symmetric WebISO Shibboleth provides Symmetric WebISO across all Shibbolized applications More environments Shibboleth supports by IIS and Apache on Windows and Linux. Also Solaris and Mac servers. Improve Security Shibboleth has welldefined ARPs and technical controls to support appropriate data release Use group information for declarative authorization ARPs support declarative authorization
24 Implementation Proof of concept complete. Multiple web servers in CNS and Bridges. WebISO. Two simple ARPs. DRAFT ARP management and governance process Production environment planning Production launch anticipated fall 2008 Ready for early beta testing
25 Evaluation Have verified WebISO and platform support Will decommission two existing IAM systems Cosign and GLAuth, reducing operating costs Will have security review verifying improvement Will have MOU and controlled ARP for all web sites
26 More information Web Sites ufl.edu/directory du Questions, Comments
Creating a mytraining Learner Account
Welcome to UF Health Shands! Students are required to access the mytraining online application to complete required training modules prior to being provisioned an EPIC account. If you were previously employed
More informationSupporting a Widely Deployed Campus Shibboleth Implementation
Spring 2012 Internet2 Member Meeting April 25, 2012 Supporting a Widely Deployed Campus Shibboleth Implementation Russell Beall, University of Southern California Brendan Bellina, University of Southern
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationMT. SAN ANTONIO COLLEGE 2018 Educational and Facilities Master Plan HMC ARCHITECTS // COLLABORATIVE BRAIN TRUST
MT. SAN ANTONIO COLLEGE 2018 Educational and Facilities Master Plan HMC ARCHITECTS // COLLABORATIVE BRAIN TRUST Agenda / INTRODUCTIONS / PURPOSES OF EFMP / MASTER PLAN STEERING TASK FORCE / PROCESS AND
More informationMINUTES COMMITTEE ON GOVERNANCE Conference Call April 7, 2010
MINUTES COMMITTEE ON GOVERNANCE Conference Call April 7, 2010 A conference call of the Committee on Governance was held April 7, 2010. Chair Dianna Morgan called the meeting to order at 1:03 p.m. Present
More informationInternet2 Overview, Services and Activities. Fall 2007 Council Briefings October 7, 2007
Internet2 Overview, Services and Activities Fall 2007 Council Briefings October 7, 2007 Agenda Building Community - Marianne Smith International Partnerships Heather Boyles Middleware and Security - Renee
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationFIDO AND PAYMENTS AUTHENTICATION. Philip Andreae Vice President Oberthur Technologies
FIDO AND PAYMENTS AUTHENTICATION Philip Andreae Vice President Oberthur Technologies The Problem The Solution The Alliance Updates Data Breaches 781 data breaches in 2015 170 million records in 2015 (up
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationWeb address to for users to look up their Legacy Authority code -
Web address to for users to look up their Legacy Authority code - http://www.isprod.ufl.edu/directory/orgnlist.htm Web address for users to look up who has Department Directory Coordinator authority -
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Unversity of Regina Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationOverview of ABET Kent Hamlin Director Institute of Nuclear Power Operations Commissioner TAC of ABET
Overview of ABET Kent Hamlin Director Institute of Nuclear Power Operations Commissioner TAC of ABET 1 st National Meeting on Improving Education and Training For Chinese Nuclear Power Industry Personnel
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: British Columbia Institute of Technology Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Guelph Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Conestoga College Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Gale_Cengage Learning Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP)
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP) GALLAUDET UNIVERSITY Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant")
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Portage Network 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Royal Society of Chemistry Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Trent University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationUsing the New UCOP UAT Validation Reports for Graduate Admissions
To access the new UAT validation reports in Cognos for Graduate Admissions data, please follow the instructions outlined below: 1. Copy and paste the following link into your browser - http://data.ucop.edu.
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationWELCOME TO THE COSA MEMBER WEBINAR
WELCOME TO THE COSA MEMBER WEBINAR 2017 Annual Meeting Wrap-up Use the chat box at the right of the screen to tell us who you are, where you re from, and who is participating with you today. To open the
More informationIntroduction. January 1, 2015
Introduction January 1, 2015 Radio Frequency IDentification Technologies that enable the capture of data about objects remotely using radio energy Our Mission To promote the public good by promoting high
More informationOur Vision Professional Community
Our Vision Professional Community Destination resort - the preferred provider of information about lean software and system development." www.leanssc.org Mission To promote and create awareness of Lean
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationUAB IT Academic Computing
UAB IT Academic Computing David L Shealy, Director Jill Gemmill, Asst. Director John-Paul Robinson, System Programmer Lead Mission Provide leadership for UAB research community while interfacing important
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Toronto Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationUNIVERSITY OF VIRGINIA BOARD OF VISITORS MEETING OF THE AUDIT, COMPLIANCE, AND RISK COMMITTEE DECEMBER 9, 2016
UNIVERSITY OF VIRGINIA BOARD OF VISITORS MEETING OF THE AUDIT, COMPLIANCE, AND RISK COMMITTEE DECEMBER 9, 2016 AUDIT, COMPLIANCE, AND RISK COMMITTEE (Open Session) Friday, December 9, 2016 12:45-1:45 p.m.
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Acadia University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Concordia University of Edmonton Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: CARLETON UNIVERSITY Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationUIS Monthly Update May 2015
IT Governance UIS Monthly Update May 2015 Scott Munson 5/19/2015 UIS May 2015 Enterprise Services Update Projects Update era Updates MUNSON IT GOVERNANCE MAY 2015 UIS UPDATE 5/19/2015 2 IT GOVERNANCE MAY
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationNAC Institutional Committee Meeting
Meeting Jet Propulsion Lab July 28-29, 2015 Kathryn Schmoll Chair Membership Committee Members Current Employer Current Position 1 CHAIR: Kathryn (Katy) Schmoll Kathryn Schmoll and Associates, LLC 2 James
More information2nd National MBE Manufacturers Summit 2017
Global Manufacturing Community 2nd National MBE Manufacturers Summit 2017 August 15-16, 2017 Corporate Sponsorship Global Manufacturing Community Providing Opportunities for MBE Manufacturers Nationally
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Okanagan College Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationInCommon Federation: Participant Operational Practices
InCommon Federation: Participant Operational Practices Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: McMaster University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationRESUME. David Lynwood Deal
Resume David Lynwood Deal 1 RESUME 1608 Meadowview Lane Martinsville, Virginia 24112 (276) 252-8820 (Home) (276) 656-0258 (Work) email: ddeal@patrickhenry.edu David Lynwood Deal Education: June 1978 April
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationNortheast Ohio Chapter Annual General Meeting
Northeast Ohio Chapter Annual General Meeting May 21, 2015 For professionals and organizations be the leading global provider of knowledge, certifications, community, advocacy and education on information
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationIdentity and Access Management PIN App Owner Town Hall Meeting. March 31, 2015 Tuesday 3:00 4:30 p.m. Taubman, T-520 (HKS)
Identity and Access Management PIN App Owner Town Hall Meeting March 31, 2015 Tuesday 3:00 4:30 p.m. Taubman, T-520 (HKS) Agenda Meeting Purpose and Intended Outcomes Rollout of HarvardKey Explanation
More informationReporting in mytraining Instruction Guide
If it is determined that you need to use the Enterprise Reporting Tool, click here for the appropriate instruction guide. The mytraining Management System has an integrated reporting tool that will allow
More informationIT Governance: Shared IT Infrastructure Advisory Committee (SIAC)
IT Governance: Shared IT Infrastructure Advisory Committee (SIAC) Notes Members Attending: Blanchard, Cromer, Kirmse (Chair), Frey, Lander, Robinson, Sallot Others Attending: Burdette, P. Cook, Easley,
More informationCanadian Access Federation: Trust Assertion Document (TAD)
1. Canadian Access Federation Participant Information 1.1.1. Organization name: DOUGLAS COLLEGE 1.1.2. Information below is accurate as of this date: November 16, 2017 1.2 Identity Management and/or Privacy
More informationK4-5 Upgrade: The Saga Continues
K4-5 Upgrade: The Saga Continues Trials and Tribulations of Kerberos Transition at the University of Michigan or How to Prepare for the Next Upgrade Overview In next half an hour we will: Present a general
More informationThe Massachusetts Health
HST.921 / HST.922 Information Technology in the Health Care System of the Future, Spring 2009 Harvard-MIT Division of Health Sciences and Technology Course Directors: Dr. Steven Locke, Dr. Bryan Bergeron,
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES There is also a glossary at the end of this document that defines terms shown in italics. Participation in the InCommon Federation ( Federation )
More informationThe Africa Utilities Telecom Council Johannesburg CC, South Africa 1 st December, 2015
The Africa Utilities Telecom Council Johannesburg CC, South Africa 1 st December, 2015 Utilities Telecom Council Global Focus on Utility Information and Communications Technology (ICT) Formed more than
More informationTOWN HALL MEETING February 5, 2014
TOWN HALL MEETING February 5, 2014 A.J. ROBINSON President Central Atlanta Progress Atlanta Downtown Improvement District DR. RISA PALM Georgia State Provost and Senior Vice President for Academic Affairs
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name Wilfrid Laurier University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationTexas A&M University: Learning Management System General & Application Controls Review
Overall Conclusion Overall, the controls established over the primary learning management system at Texas A&M University, Blackboard Learn (ecampus), are effective in providing reasonable assurance that
More informationCredentialing for InCommon
Credentialing for InCommon Summary/Purpose: This policy describes the means by which user accounts and credentials are managed by the University of Mississippi, as related to participation in the InCommon
More informationGrabbing the Bronze and Silver Ring: The InCommon Assurance Program
IAM Online Grabbing the Bronze and Silver Ring: The InCommon Assurance Program Wednesday, June 15, 2011 3 p.m. ET Tom Barton, University of Chicago R.L. Bob Morgan, University of Washington Renee Shuey,
More information2010 Kerberos Conference
2010 Kerberos Conference MIT, Cambridge 26-27 October, 2010 Josh Howlett, Strategic Projects Leader, JANET(UK) & Sam Hartman, Painless Security LLC Contents Background Use-cases Brief overview of architecture
More informationCommonwealth Cyber Initiative Blueprint Development
Commonwealth Cyber Initiative Blueprint Development Theresa Mayer and Laurel Miner Virginia Tech Presented to VRIC on August 14, 2018 https://www.networkworld.com/article/3235124/internet-of-things/internet-of-things-definitions-a-handy-guide-to-essential-iot-terms.html
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Submit Form Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Lynda.com Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative
More informationCorporate Membership
Corporate Membership Introduction Welcome to the Cloud Security Alliance. The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within
More informationTrust and Identity Services an introduction
KEVIN MOROONEY Vice President, Trust and Identity Services OCTOBER, 2016 PACIFIC NORTHWEST GIGAPOP (PNWGP) Trust and Identity Services an introduction ADVISORY COUNCIL MEETING Background Me trust and identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationHigh Performance Computing Environment for Research on Restricted Data. Dr. Erik Deumens Rob Adams Dr. Alin Dobra
High Performance Computing Environment for Research on Restricted Data Dr. Erik Deumens Rob Adams Dr. Alin Dobra The Needs of Sponsored Research Dr. Erik Deumens Director, Research Computing University
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: St. Thomas University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationFlorida State University
Florida State University Disaster Recovery & Business Continuity Planning Overview October 24, 2017 1 Key Readiness Questions Has your department identified the business functions and infrastructure that
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationMemorandum of Understanding between the Central LHIN and the Toronto Central LHIN to establish a Joint ehealth Program
Memorandum of Understanding between the Central LHIN and the Toronto Central LHIN to establish a Joint ehealth Program Purpose This Memorandum of Understanding (MOU) defines the terms of a joint ehealth
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationDo I Really Need Another Account? External Identities for Campus Applications
Do I Really Need Another Account? External Identities for Campus Applications Dedra Chamberlin, Cirrus Identity Eric Goodman, University of California Todd Haddaway, UMBC Tom Jordan, University of Wisconsin-Madison
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationSTRATEGIC IT ACCOUNTABILITY BOARD (SITAB) MEETING NOTES WEDNESDAY, SEPTEMBER 8, 2010
STRATEGIC IT ACCOUNTABILITY BOARD (SITAB) MEETING NOTES WEDNESDAY, SEPTEMBER 8, 2010 Attendees: Tony Ambler, Jay Boisseau, Pat Clubb, Andrew Dillon, Brad Englert, Greg Fenves, Rod Hart, Steve Leslie, David
More informationDeveloping a Cross Part Client Level Data System
Developing a Cross Part Client Level Data System The Minnesota Experience Ryan White All Grantee Meeting August 25, 2010 SheilaMurphy RN CPHQ Hennepin County Human Services and Public Health Department
More information