University of Cincinnati Federated Identity Strategy
|
|
- Claud Parker
- 6 years ago
- Views:
Transcription
1 University of Cincinnati Federated Identity Strategy Federated identity management (FIM) allows for two or more organizations to link their networks allowing for greater security and access to appropriate resources. FIM offers a standards-based means of achieving these goals by enabling one organization (the identity provider) to provide information about a managed identity to another organization (the identity consumer, service or resource provider). Each organization included in the "community of trust" tracks the identities of individuals who are most central employees and close contacts. Once the individuals have been authenticated by their own organizations, these individuals can access the other organizations' resources without re-authentication being required. The higher education community is one of the early adopters of FIM technologies. The primary driver for being an early adopter is because higher education researchers form communities based on subject matter that transcends institutional boundaries and they seek to share scarce resources like libraries or expensive laboratory equipment. A researcher is often less interested in intra-institutional collaboration than inter-institutional peer-to-peer collaboration. It s important to recognize that many enterprises already provide identity information to their trusted partners and resource providers in manual form. For example, currently researchers sharing data via specialized applications between Children s Hospital Medical Center and the University of Cincinnati must work each access request individually within their respective IT environments. This manual process may include transmission and storage of personally identifiable information. Furthermore, the process can be cumbersome and is prone to breakdown when problems arise due to a lack of no formal mechanism being in place between the entities potentially leading to ownership issues in the troubleshooting process. Implementation of federated identity solutions from the top down don t work well, rather a real business need must drive the adoption. That said, Children s Hospital Medical Center research environment engaged an external consultant to inventory servers and applications, map data flow between applications and clients, review current identity management practices and design a high performance network link between Children s and UC. Children s requested that UCit participate in this engagement and one of the recommended strategies from the engagement is to implement a FIM system between the entities. See appendices B and C.
2 Partners in a FIM system depend on each other to authenticate their respective users and vouch for their access to services. With Federations, when a user accesses a federated partner s resources that require authentication, instead of the organization that owns the resource authenticating the user, the user s home organization authenticates them and sends a token of approval to the federated partner. This allows the user to only have to store personal information for authentication in one place rather than across several different organizations. It also decreases the amount of personal identifiable information for which organizations are liable. There is less risk of Identity theft or leak of personal identifiable information in this system as the information is stored only with the home organization and users typically only have to remember one password instead of different ones for each organization. In general, federation provides many benefits to users and organizations. It is proving to be an effective way to lower the risk of identity theft, provide users with a much easier online experience, and delivering users easy access to a greater number of valuable resources. The fewer times a specific identity must be managed the more efficient the entire system. On a technical level, companies can share applications without needing to adopt the same technologies for directory services, security and authentication. Within companies, directory services such as Microsoft s Active Directory or products using the Lightweight Directory Access Protocol (LDAP) such as Novell s e-directory have allowed companies to recognize their users through a single identity. However, asking multiple companies to match up technologies or maintain full user accounts for their partners employees is unwieldy. FIM allows companies to keep their own directories and securely exchange information from them. Beyond our near term need with Children s as interest in e-learning increases it is accompanied by an increasing need to verify that online students are who they say they are. In addition, various affiliates of higher education, like funders, contractors, and even parents need to get access to institutional ITbased services. In many institutions, up to 30% of user accounts are provisioned manually for these affiliates because the source is not the HR or student information system. Additional affiliate groups are made up of exchange students or alumni that may or may not be currently enrolled in the university. Due to the number of affiliates and alumni, the total numbers of actively managed accounts are often significantly larger (for UC around 195,000) than those listed in the HR or student information system. For a complete breakdown of identities refer to the Appendix A.
3 FIM works by creating a trust system between organizations. These trusts are called Federations. Federation is a sort of perimeter mechanism that sits at the edge of the network and shares identity information with other federation mechanisms where a trust relationship exists. The federation technology creates or gathers the trust assertions that must be made when an internal user wishes to access an external resource or vice versa. Federation can, therefore, be viewed as an extension of identity management principles beyond the borders of the enterprise. Globally there are a number of initiatives underway; domestically the U.S. federal government has launched one of the largest initiatives with its e-authentication project. Higher education s initiative is known as InCommon and has over 2.2 million end users participating in an open source effort. While these two domestic examples follow separate federation approaches InCommon is linked to a number of primary government funding agencies to provide improved convenience and identity administration efficiencies when education institutions access government data and when applying for grants. The list of vendors in this space includes CA, EMC, IBM, Liberty Alliance, Microsoft, Novell, Oracle, Ping Identity and Sun Microsystems. It s not plausible to evaluate all vendors so UCit is recommending that we limit the evaluations to those vendors currently integral to our Identity Management System. We would like to limit the evaluation to Microsoft, Novell and InCommon s Shibboleth open source solution for the following reasons. Novell s e-directory currently serves as the global directory structure and root of our existing identity management system. Underneath this Novell root structure sits an extensive Microsoft Active Directory environment. Both Novell and Microsoft s federation services were built with interoperability in mind. They are based on industry standards, which allows for interoperability across multiple platforms and programming languages. There is also another interesting open source solution called Shibboleth which is geared toward higher education. Shibboleth simply sits on top of any directory service that is being used now and adds the federation services so that policies can be derived for external trusts.
4 Appendix A Affiliation Counts at the University of Cincinnati Primary Affiliation Count Student (Active) 67,629 Staff 4,392 Faculty 6,136 Non UC Student Worker 58 Emeritus 414 Affiliate 6,042 Non Employee Faculty 465 Student (In-Active) 110,015 Total Active Affiliations 195,151
5 Appendix B CHMCC & UC Future State Network Diagram CHMCC & UC Future State Network Diagram UC GRI CSTCC Main Xavier Existing Fiber Connection Continue for I1/I2 Use CERF CHMCC Primary ISP UC HPB OARNet CHMCC IS Firewall UC Sanders CHMCC Research Data CHMCC Research Servers Private Gig Link for Traffic between CHMCC and UC OARnet (State of Ohio ISP) CHMCC IS DMZ UC Internal UC Border Firewall/Router CHMCC IS Servers
6 Appendix C CHMCC Future State Provisioning
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationInCommon Federation: Participant Operational Practices
InCommon Federation: Participant Operational Practices Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: British Columbia Institute of Technology Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationEffective: 12/31/17 Last Revised: 8/28/17. Responsible University Administrator: Vice Chancellor for Information Services & CIO
Effective: 12/31/17 Last Revised: 8/28/17 Responsible University Administrator: Vice Chancellor for Information Services & CIO Responsible University Office: Information Technology Services Policy Contact:
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationCredentialing for InCommon
Credentialing for InCommon Summary/Purpose: This policy describes the means by which user accounts and credentials are managed by the University of Mississippi, as related to participation in the InCommon
More informationManaging Trust in e-health with Federated Identity Management
ehealth Workshop Konolfingen (CH) Dec 4--5, 2007 Managing Trust in e-health with Federated Identity Management Dr. rer. nat. Hellmuth Broda Distinguished Director and CTO, Global Government Strategy, Sun
More informationA Pilot Implementation of DIRECT Messaging and Provider Directory Services in the Palomar Health District
A Pilot Implementation of DIRECT Messaging and Provider Directory Services in the Palomar Health District Project Overview and Plan Sujansky & Associates, LLC 1. Project Objectives Figure 1. High-level
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Royal Society of Chemistry Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Trent University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: CARLETON UNIVERSITY Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Unversity of Regina Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
1. Canadian Access Federation Participant Information 1.1.1. Organization name: DOUGLAS COLLEGE 1.1.2. Information below is accurate as of this date: November 16, 2017 1.2 Identity Management and/or Privacy
More informationSupporting a Widely Deployed Campus Shibboleth Implementation
Spring 2012 Internet2 Member Meeting April 25, 2012 Supporting a Widely Deployed Campus Shibboleth Implementation Russell Beall, University of Southern California Brendan Bellina, University of Southern
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationHigher Education PKI Initiatives
Higher Education PKI Initiatives (Scott Rea) Securing the ecampus - Hanover NH July 28, 2009 Overview What are the drivers for PKI in Higher Education? Stronger authentication to resources and services
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Conestoga College Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationIAM Project Overview & Milestones
IAM Project Overview & Milestones TABLE OF CONTENTS IAM PROJECT SUCCESS FACTORS 3 PROJECT SCOPE 3 IN SCOPE 3 OUT OF SCOPE 4 IAM NOW VS. FUTURE 5 IAM NOW 5 IAM IN THE FUTURE 7 IAM PROJECT END STATE 8 ACCESS
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationThe erosion of the perimeter in higher education. Why IAM is becoming your first line of defence.
www.pwc.com.au The erosion of the perimeter in higher education. Why IAM is becoming your first line of defence. What are all the things that make up IAM? 2 The identity scope is getting bigger and bigger.
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationSMS 2.0 SSO / LDAP Launch Kit
SMS 2.0 SSO / LDAP Launch Kit Table of Contents What options are available in SMS 2.0 for Single Sign On?... 4 LDAP (Lightweight Directory Access Protocol)... 4 SkySSO (Skyward Single Sign On)... 4 SkySTS
More informationIntroduction to Identity Management Systems
Introduction to Identity Management Systems Ajay Daryanani Middleware Engineer, RedIRIS / Red.es Kopaonik, 13th March 2007 1 1 Outline 1. Reasons for IdM 2. IdM Roadmap 3. Definitions 4. Components and
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: St. Thomas University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name Wilfrid Laurier University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Guelph Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationA Welcome to Federated Identity Nate Klingenstein, Internet2, USA. Prepared for the Matsuyama University, December 2013
A Welcome to Federated Identity Nate Klingenstein, Internet2, USA Prepared for the Matsuyama University, December 2013 www.incommon.org Welcome to the presentation and thanks to our hosts What is Federated
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Concordia University of Edmonton Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationUCI INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES November 14, 2013
UCI INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES November 14, 2013 Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies
More informationIdentity & Access Management: Changes for FAS and Beyond. May 6, p.m. FAS Standing Committee on IT Barker Center Plimpton Room
Identity & Access Management: Changes for FAS and Beyond May 6, 2015 12 p.m. FAS Standing Committee on IT Barker Center Plimpton Room Agenda The Vision for Harvard Identity & Access Management Business
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP)
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP) GALLAUDET UNIVERSITY Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant")
More informationCertification Authority
Certification Authority Overview Identifying CA Hierarchy Design Requirements Common CA Hierarchy Designs Documenting Legal Requirements Analyzing Design Requirements Designing a Hierarchy Structure Identifying
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Submit Form Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Acadia University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Toronto Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCollaboration & Commitment
Collaboration & Commitment The keys to successful delivery of IDM at the University of Greenwich Joshua Fry Head of Infrastructure Information & Library Services j.fry@gre.ac.uk Past Present & Future The
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationA Quick Guide to EPCS. What You Need to Know to Implement Electronic Prescriptions for Controlled Substances
A Quick Guide to EPCS What You Need to Know to Implement Electronic Prescriptions for Controlled Substances Many healthcare providers have delayed implementing electronic prescriptions for controlled substances
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationIntro - Authenticating the Campus and Beyond Pg 1. University of Groningen Pg 3. Pennsylvania State University Pg 4. Document Centric Solutions Pg 5
REFERENCES Intro - Authenticating the Campus and Beyond Pg 1 University of Groningen Pg 3 Pennsylvania State University Pg 4 Document Centric Solutions Pg 5 Goethe Pg 6 UZ Leuven Pg 7 Rotterdam University
More informationUMD: UTAH MASTER DIRECTORY
UMD: UTAH MASTER DIRECTORY EXECUTIVE SUMMARY The Utah Master Directory (UMD) is an identity management system for all State of Utah employees and approved citizens. It is the touchstone for all applications
More informationFederated Authentication for E-Infrastructures
Federated Authentication for E-Infrastructures A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended
More informationWORKPLACE Data Leak Prevention: Keeping your sensitive out of the public domain. Frans Oudendorp Ronny de Jong
Data Leak Prevention: Keeping your sensitive out of the public domain Frans Oudendorp Ronny de Jong Session objectives & takeaways Session objectives: Overview of information protection solutions How to
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationFederated Identification Architecture
Federated Identification Architecture Arezoo Haghshenas Department of Computer Tehran South Branch, Islamic Azad University Tehran, Iran Mir Ali Seyyedi Department of Computer Tehran South Branch, Islamic
More informationCopyright
This video looks at Claim Based/Identity Based systems using Active Directory Federation Services as an example. An example of a claim based system is where the user logs into a system like a web page
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationGuidelines for Faculty Participation in SBIR and STTR
Guidelines for Faculty Participation in SBIR and STTR Background Washington University (WU) is committed to the enhancement and support of faculty efforts to translate the results of their research to
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES There is also a glossary at the end of this document that defines terms shown in italics. Participation in the InCommon Federation ( Federation )
More informationUIS Monthly Update May 2015
IT Governance UIS Monthly Update May 2015 Scott Munson 5/19/2015 UIS May 2015 Enterprise Services Update Projects Update era Updates MUNSON IT GOVERNANCE MAY 2015 UIS UPDATE 5/19/2015 2 IT GOVERNANCE MAY
More informationDo I Really Need Another Account? External Identities for Campus Applications
Do I Really Need Another Account? External Identities for Campus Applications Dedra Chamberlin, Cirrus Identity Eric Goodman, University of California Todd Haddaway, UMBC Tom Jordan, University of Wisconsin-Madison
More informationIntroduction of the Identity Assurance Framework. Defining the framework and its goals
Introduction of the Identity Assurance Framework Defining the framework and its goals 1 IAEG Charter Formed in August of 07 to develop a global standard framework and necessary support programs for validating
More informationInCommon Policies and Practices
InCommon Policies and Practices The documents listed below comprise the polices and practices under which the InCommon Federation and Participants operate. These documents should be reviewed prior to submitting
More informationMaximize your move to Microsoft in the cloud
Citrix and Microsoft 365: Maximize your move to Microsoft in the cloud 3 reasons to manage Office 365 with Citrix Workspace Pg. 2 Pg. 4 Citrix.com e-book Maximize your Citrix Workspace 1 Content Introduction...3
More informationShould You Use Liberty or Passport for Digital Identities?
Select Q&A, J. Pescatore, A. Litan Research Note 12 August 2003 Should You Use Liberty or Passport for Digital Identities? Federated digital identities, such as from the Liberty Alliance and Microsoft
More informationFive Reasons It s Time For Secure Single Sign-On
Five Reasons It s Time For Secure Single Sign-On From improved security to increased customer engagement, secure single sign-on is a smart choice. Executive Overview While cloud-based applications provide
More informationKnowledge Center (KC) Registration
DEQ s Knowledge Center (KC) is an online Learning Management System that can be used by local and federal government officials, private developers, contractors and consultants to enroll in classroom courses,
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationSecurity Awareness, Training, And Education Plan
Security Awareness, Training, And Education Plan Version 2.0 December 2016 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 PLAN DETAILS 4 3.2 WORKFORCE DESIGNATION 4
More informationInteragency Advisory Board Meeting Agenda, August 25, 2009
Interagency Advisory Board Meeting Agenda, August 25, 2009 1. Opening Remarks 2. Policy, process, regulations, technology, and infrastructure to employ HSPD-12 in USDA (Owen Unangst, USDA) 3. Policy and
More informationCLOSING IN FEDERAL ENDPOINT SECURITY
CLOSING IN FEDERAL ENDPOINT SECURITY More than half of agency IT officials worry about cyberattacks involving endpoint devices as a means of accessing agency networks. Yet many aren t taking advantage
More informationIdentity and capability management and federation
Identity and capability management and federation The need to manage identities - 1 Increment of digital identity complexity Password, dynamic password, one-time password, based on portable secure devices
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and
More informationIAM for Workday: How to Embrace an 800 Pound Gorilla. Michael Brogan & Jonathan Pass UW-IT, Identity & Access Management
IAM for Workday: How to Embrace an 800 Pound Gorilla Michael Brogan & Jonathan Pass UW-IT, Identity & Access Management 10-7-2015 Background IAM Integrations Parting Thoughts Questions Agenda 2 Background
More informationEBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS
EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationTRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model
TRUST. assured reliance on the character, ability, strength, or truth of someone or something - Merriam-Webster TRUST AND IDENTITY July 2017 Trusted Relationships for Access Management: The InCommon Model
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationCisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY
Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY CASE STUDY ADOBE 2 About Adobe Adobe Systems provides digital media and marketing solutions to customers around the world including
More information