Upload
hugo-henry
View
216
Download
1
Embed Size (px)
Citation preview
© 2011 The University of Chicago
InCommon Silver Implementation at UChicago
Tom Barton
1
Which people will need Silver?Tim
e f
ram
e
soon
er
late
r
User group size
smaller
larger
NIHTeraGrid
Open Science
GridCILogon
NSC Nat’l Labs
CIC shared storage
CIC CourseShare
Payroll
caBIG
BenefitsStudent Loans
Financial aid
TIAA-CREF
research.gov
3
Support research & scientific collaborations
Ability to deliver SaaS solutions with higher LoA
Enhance local confidence in our ability to manage access Eg, allay Registrar’s concerns with students using
UChicago netIds for transcript delivery
All faculty, staff, and students needing Silver should be able to get it, easily
But most won’t need it right away, so don’t make them do anything special until they do
UChicago Silver Objectives
4
Central IdM one of several activities supported by a staff pool – inability to sustain focus on IdM
Inadequate operating practices and doc
Unknown if HR on-boarding process good enough to leverage as-is
Student admissions process most likely not
ID Card office co-operative with ITS & Library
UC Medical Center IdM user account management integrated with central IdM
but separate password store
Circumstances – Initial State
5
Re-org IdM
Use existing username/password credentials Stored in LDAP and in Active Directory
Leverage ID card issuing process to meet Silver identity vetting & credential issuance requirements Strengthen management of ID Card office
Assimilate ID Card back-end operations into central IdM
Implementation Approach
6
Move IdM servers to central sysadmin group Document operating practices of both groups Provide IT Security an opportunity to define good
operating practices
Plan IdM audit with Risk Management
Extend IdMS to track who has met which Silver pre-requisites (ID vetting, good password, no security hold)
Implementation Approach
Managing password exposure
browser
IdP/login
authN service
1
app
app
app
authN service
2app
app
IdMSpassword sync
VaTech-style policy to apply to
all apps
8
Medical Center Unlikely to be needed soon (Drs are BSD faculty
and have centrally-issued credentials)
identity vetting options
• independent ID Card office eventually to be assimilated
• leverage HR on-boarding process
ID vetting for remote people needing Silver
Predicated on anticipated specifications in InCommon Silver IAP v1.1
Unknowns
9
Are you organized to enable a Silver implementation (if you wanted to do it)?
And are the necessary stakeholder relationships in good shape?
10
What would motivate you to start a Silver implementation?
What obstacles hinder that?
11
Do you already have the right set of tools, operating practices, and technologies to fold into a Silver implementation?
12
The CIC has found it extremely helpful to go together, as a cohort.
Do you have any friends to share the experience with?
Do you want some?