Do I Really Need Another Account? External Identities for Campus Applications
|
|
- Hector Lucas
- 5 years ago
- Views:
Transcription
1 Do I Really Need Another Account? External Identities for Campus Applications Dedra Chamberlin, Cirrus Identity Eric Goodman, University of California Todd Haddaway, UMBC Tom Jordan, University of Wisconsin-Madison David Walker, Internet2
2 Overview Introduction The Problem What Do We Want from External IDs? Trustworthiness of External IDs? Criteria for Evaluating External ID Providers Parent Access at UMBC
3 External users... What to do?
4 Your Campus Services Campus SSO Campus Attributes (LDAP, AD, RDBMS) Campus Credentials
5 Your Campus Services Campus SSO External Users Campus Attributes (LDAP, AD, RDBMS) Campus Credentials
6 Learning Management System Campus SSO What about: Auditors Guest Faculty Continuing Education Students Campus Attributes (LDAP, AD, RDBMS) Campus Credentials
7 Student Systems/ERPs Campus SSO What about: Student Applicants Parents - Tuition and Housing Applicants Volunteers Contractors Campus Attributes (LDAP, AD, RDBMS) Campus Credentials
8 Research Collaboration Campus SSO What about: Private sector researchers Freelance scholars Global partners Campus Attributes (LDAP, AD, RDBMS) Campus Credentials
9 Alumni Engagement Campus SSO What about: Alumni members External donors Campus Attributes (LDAP, AD, RDBMS) Campus Credentials
10 Your Campus Services Campus SSO Campus Attributes (LDAP, AD, RDBMS) Campus Credentials
11 Where Do Guests Go?
12 Where Do Guests Go?
13
14
15
16
17 Verification
18
19
20 One Year Later
21
22
23 External Identities A Better Way? Reduce Friction for Customers Reduce IT costs Reduce helpdesk costs
24
25
26 What do we want out of External IDs? Use Cases
27 External Identities Working Group Ran from August 2014 to June 2015 External Identities Working Group Report The mission of the External Identities Working Group was to move the community of knowledge towards the goal of making external identities useful and sufficiently trusted in a variety of campus-based use cases.
28 External ID use case characteristics that inform implementation approach Longevity of the association One-off vs. long term Stability requirements Risk associated with the use case Appropriateness of external processes Level of Assurance matching Level/scope of integration...
29 Why use External Identities? Outsource passwords or other authentication mechanisms Don t manage passwords here Application still manages profiles User Profiles Campus User Profile External User Profile Application Accounts Campus Accounts External Accounts Application Campus IDM External IDs Leverage these passwords instead
30 Outsourced passwords Application not managing passwords Application still manages profiles User Profiles Campus User Profile External User Profile Application Accounts Campus Accounts External Accounts (Or other authentication) Simpler experience for user in many cases External providers may be better able to manage than local provider Application Campus IDM Leverage these passwords instead External IDs
31 Why use External Identities? Outsource user profiles or portions of them Get user details from here Try not to manage user information here User Profiles Campus User Profile External User Profile Application Accounts Campus Accounts External Accounts Application Campus IDM External IDs
32 Outsourced Profile Management Get user details from here Try not to manage user information here Decentralized user management User Profiles Campus User Profile External User Profile Application Accounts Campus Accounts External Accounts Avoids stale user data Delegates attribute or entitlement based authz May be more in concept than reality today Application Campus IDM Primarily useful for basic user info Name, , possibly affiliations Differences between social and federated IDs External IDs
33 Why use External Identities? Link to Internal Identities To support alternative access for users Track when external identities belong to an internal person, to support alternate access or features User Profiles Campus User Profile External User Profile Application Accounts Campus Accounts External Accounts Application Campus External IDs
34 Linked Accounts Track when external identities belong to an internal person, to support alternate access or features Map internal profile and external login User Profiles Campus User Profile External User Profile Application Accounts Campus Accounts External Accounts User convenience (allow use External IDs Application Campus of social ID login) Provides additional login option On/offboarding scenario support (alumni, applicants) Consistent profile across service suite COManage, Campus Identity Useful for Social IDs with directed identifiers Guest management
35 Supporting External Identities Minimizing impacts, maximizing flexibility for applications Services that can wrap or blend campus and external providers in useful ways User Profiles Campus User Profile External User Profile Application Accounts Campus Accounts External Accounts Application Campus External IDs
36 Supporting External Identities Valuable IAM-wide capabilities Protocol conversion OAuth->SAML, etc. Attribute mapping E.g., FB ID/Google ID->ePPN User Profiles Campus User Profile External User Profile Application Accounts Campus Accounts External Accounts Application Campus Invitation services (provisioning support) Account linking services Externalized authorization Provides common support for internal and external users Use of gateways and independent services External IDs
37 Trustworthiness of External Identities
38 Are External IDs Trustworthy? Historically considered less trustworthy than internal identities, but this is not necessarily true...they are trustworthy enough for many purposes, and...there are ways to make them more trustworthy
39 Factors Affecting Trustworthiness Authentication strength Complex passwords? Multi-factor? Identity vetting (and re-vetting) Reassignment of accounts and identifiers Attributes collected and released Are they accurate and kept up to date? Security and privacy policy and practice Frequency of audits
40 When Are External IDs Trustworthy? It depends on the application. For example, We may not require strong authentication methods. Identity vetting may not matter. We may care only that the same person continues using the service. The external ID may be introduced by someone we trust. The same question should be asked of internal IDs
41 Enhancing Trust in External IDs Link multiple IDs to achieve greater overall trust. For example, An institution with good identity vetting but no multifactor authentication links Duo with their internal identities. A distributed institution contracts with an identity service that provides strong identity vetting and links with internal identifiers.
42 Account Recovery for External IDs When linked to an internal ID, there is probably sufficient information to re-establish trustworthy linking, or create linking to a new external ID. When not linked to an internal ID, there may be a business continuity issue, depending on the reliability / trustworthiness of the external account recovery process.
43 Criteria for Evaluating External Identity Providers
44 Trustworthiness Account management Are identifiers re-assigned? What are the password requirements? Is multi-factor supported? Identity vetting Is there any vetting? What attributes are collected, and are they vetted? Is there periodic re-vetting? Authentication policies Attribute release and consent Directed vs. global identifiers Support for communication of authentication contexts
45 Operations Protocol support Protection of secrets Privacy practices Incident response practices API limits
46 Business partnership Company mission Importance of identity Privacy focus Commercial vs. non-commercial motivations Certifications and audits Viability and sustainability of business model Liability and Indemnification Licensing Alignment with campus strategy and policy Impact of pricing model on end-users
47 Parent Access at UMBC Todd Haddaway
48 The Good Ol Days 48
49 College Life?? des a r G? es? s s l s l i a l B at C? Wh ooooo l Hel
50 Parent Access to Student Information (Social Identities at UMBC) Requested by parents at every summer orientation session Added functionality in our web portal using PeopleSoft web services Students use an invitation system to grant or revoke access Using Google and Facebook credentials via Cirrus Identity s Social-to-SAML gateway Access to information becomes an issue between the student50 and their parent
51 Policies? OR Drown in policy meetings Roll out software before we understand the implications
52 Social Identities at UMBC Parent access walk through 52
53 [ 53 ]
54 2015 Internet2 [ 54 ]
55 2015 Internet2 [ 55 ]
56 2015 Internet2 [ 56 ]
57 2015 Internet2 [ 57 ]
58 2015 Internet2 [ 58 ]
59 2015 Internet2 [ 59 ]
60 2015 Internet2 [ 60 ]
61 2015 Internet2 [ 61 ]
62 2015 Internet2 [ 62 ]
63 2015 Internet2 [ 63 ]
64 FERPA? Student Billing and Financial Aid offices want consistency between phone contact and online profile sharing Need to add the same language to online Profile Sharing as the current paper form The university legal office is currently simplifying our FERPA language for use on the Profile page 64
65 Current Paper Form 65
66 Profile Sharing Lookup 66
67 Social Identities at UMBC What s next? Student finances View account balance and details Financial Aid View awards and award status Advising sessions - View notes taken during Applicants and Admits 67
68 Our initial use case Student / Parent Financial Portal Allows authorized payer access to billing data Integration with 3rd party (Cashnet) Invitation-based Establishes a relationship Creates persistent identity
69 SPFP Application Workflow
70 Other key areas of activity Policy Definition Which providers Which applications What levels of assurance? What controls Development of External API for apps Consultation with strategic partners / governance groups
71 Other Outstanding Requests Alumni / Former Students Transcripts / Student Records Guest wireless users Continuing Education students Certification / Licensure (Education, Nursing) Services to Federations (Wisconsin, InCommon, R&S)
SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES
SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES Todd Haddaway, University of Maryland, Baltimore County Jacob Farmer, Indiana University Dedra Chamberlin, Cirrus Identity 2015 Internet2
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationCredentialing for InCommon
Credentialing for InCommon Summary/Purpose: This policy describes the means by which user accounts and credentials are managed by the University of Mississippi, as related to participation in the InCommon
More informationInCommon Federation: Participant Operational Practices
InCommon Federation: Participant Operational Practices Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP)
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP) GALLAUDET UNIVERSITY Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant")
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationIT Governance Committee Review and Recommendation
IT Governance Committee Review and Recommendation Desired Change: Approval of this policy will establish Security Standards for the UCLA Logon Identity for anyone assigned a UCLA Logon ID/password and
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
1. Canadian Access Federation Participant Information 1.1.1. Organization name: DOUGLAS COLLEGE 1.1.2. Information below is accurate as of this date: November 16, 2017 1.2 Identity Management and/or Privacy
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationTRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model
TRUST. assured reliance on the character, ability, strength, or truth of someone or something - Merriam-Webster TRUST AND IDENTITY July 2017 Trusted Relationships for Access Management: The InCommon Model
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Conestoga College Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationThe Four A s of Access A practical guide to auditing an access process.
The Four A s of Access A practical guide to auditing an access process. Ken Heskett, University of Michigan Objectives Understand access-related terminology and how you can use this information to help
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Submit Form Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Unversity of Regina Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationIdentity & Access Management: Changes for FAS and Beyond. May 6, p.m. FAS Standing Committee on IT Barker Center Plimpton Room
Identity & Access Management: Changes for FAS and Beyond May 6, 2015 12 p.m. FAS Standing Committee on IT Barker Center Plimpton Room Agenda The Vision for Harvard Identity & Access Management Business
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name Wilfrid Laurier University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More information5 OAuth EssEntiAls for APi AccEss control layer7.com
5 OAuth Essentials for API Access Control layer7.com 5 OAuth Essentials for API Access Control P.2 Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES There is also a glossary at the end of this document that defines terms shown in italics. Participation in the InCommon Federation ( Federation )
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Royal Society of Chemistry Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: British Columbia Institute of Technology Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Trent University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Toronto Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Lynda.com Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative
More informationMulti-Factor Authentication (MFA) Interoperability Profile. Karen Herrington, Virginia Tech David Walker, Internet2 September 26, 2016
Multi-Factor Authentication (MFA) Interoperability Profile Karen Herrington, Virginia Tech David Walker, Internet2 September 26, 2016 1 Mission Working group formed at the request of the Assurance Advisory
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: CARLETON UNIVERSITY Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Guelph Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: St. Thomas University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products
CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security
More informationCollege of the Holy Cross Student Guide to the Student Academic Records System (STAR)
College of the Holy Cross Student Guide to the Student Academic Records System (STAR) Revision Date: September 1, 2013 Page 1 Contents Introduction... 3 Granting Access to the Parent Center... 4 Changing
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Acadia University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationUCI INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES November 14, 2013
UCI INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES November 14, 2013 Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationThe EGI AAI CheckIn Service
The EGI AAI CheckIn Service Kostas Koumantaros- GRNET On behalf of EGI-Engage JRA1.1 www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationIAM Problems with managing identities and access of University Guests
IAM Problems with managing identities and access of University Guests Agenda IAM Background / Goals / Status Problem with managing guests accounts Possible solutions IAM Project Success Factors Establishing
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: McMaster University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationSOFTWARE DEMONSTRATION
SOFTWARE DEMONSTRATION IDENTITY AND ACCESS MANAGEMENT SOFTWARE AND SERVICES RFP 644456 DEMONSTRATION AGENDA Executive Summary Technical Overview Break User Interfaces and Experience Multi-Campus and Inter-Campus
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationTop Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk
Top Reasons To Audit An IAM Program Bryan Cook Focal Point Data Risk Focal Point Data Risk A New Type of Risk Management Firm THE FACTS Born from the merger of three leading security & risk management
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Concordia University of Edmonton Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that
More informationGoal. TeraGrid. Challenges. Federated Login to TeraGrid
Goal Federated Login to Jim Basney Terry Fleury Von Welch Enable researchers to use the authentication method of their home organization for access to Researchers don t need to use -specific credentials
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis H2020 Clustering
More informationHigher Education PKI Initiatives
Higher Education PKI Initiatives (Scott Rea) Securing the ecampus - Hanover NH July 28, 2009 Overview What are the drivers for PKI in Higher Education? Stronger authentication to resources and services
More informationFederated authentication for e-infrastructures
Federated authentication for e-infrastructures 5 September 2014 Federated Authentication for E-Infrastructures Jisc Published under the CC BY 4.0 licence creativecommons.org/licenses/by/4.0/ Contents Introduction
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis SAINT Workshop
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationIf a student logs in using the Google or Microsoft options on the bottom of the screen, they will get to the guest portal. If you have students
1 If a student logs in using the Google or Microsoft options on the bottom of the screen, they will get to the guest portal. If you have students saying I am logged in but I don t see form it is probably
More informationFederated Authentication for E-Infrastructures
Federated Authentication for E-Infrastructures A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended
More informationNow SAML takes it all:
Now SAML takes it all: Federation of non Web-based Services in the State of Baden-Württemberg Sebastian Labitzke Karlsruhe Institute of Technology (KIT) Steinbuch Centre for Computing (SCC) labitzke@kit.edu
More informationExtending Services with Federated Identity Management
Extending Services with Federated Identity Management Wes Hubert Information Technology Analyst Overview General Concepts Higher Education Federations eduroam InCommon Federation Infrastructure Trust Agreements
More informationCracking the Access Management Code for Your Business
White Paper Security Cracking the Access Management Code for Your Business As the digital transformation expands across your business, delivering secure access to it has made a modern identity and access
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationOffice 365 External Sharing Webinar November 7, 2017
Office 365 External Sharing Webinar November 7, 2017 Introductions Peter Carson President, Extranet User Manager and Envision IT SharePoint MVP Partner Seller, Microsoft Canada peter.carson@extranetusermanager.com
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Gale_Cengage Learning Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Fraser & Hoyt Incentives Ltd. Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that
More informationThe Role of Standards and Open Source Software in Student Information Systems
The Role of Standards and Open Source Software in Student Information Systems Jerald Bracken jeraldbracken@gmail.com April 4, 2012 AACRAO SPEEDE Committee Open Source: software whose source code is published
More informationIAM Project Overview & Milestones
IAM Project Overview & Milestones TABLE OF CONTENTS IAM PROJECT SUCCESS FACTORS 3 PROJECT SCOPE 3 IN SCOPE 3 OUT OF SCOPE 4 IAM NOW VS. FUTURE 5 IAM NOW 5 IAM IN THE FUTURE 7 IAM PROJECT END STATE 8 ACCESS
More informationNext Generation Authentication
Next Generation Authentication Bring Your Own security impact Dominique Dessy Sr. Technology Consultant 1 2012 DIGITAL UNIVERSE 1.8 ZETTABYTES 1,800,000,000,000,000,000,000 2 $ 3 4 Threat Landscape 60%
More informationThe Challenges of User Consent
IAM Online The Challenges of User Consent Wednesday, May 11, 2011 3 p.m. ET Tom Barton, University of Chicago Steve Carmody, Brown University Russell Beall, University of Southern California Tom Scavo,
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Portage Network 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources
More informationUCLA RESEARCH INFORMATICS STRATEGIC PLAN Taking Action June, 2013
UCLA RESEARCH INFORMATICS STRATEGIC PLAN Taking Action June, 2013 1 Project Motivation Addressing Research Informatics is among the greatest strategic requirements for UCLA s future research competitiveness
More informationLeveraging the InCommon Federation to access the NSF TeraGrid
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University of Illinois at Urbana-Champaign jbasney@ncsa.uiuc.edu
More information