Federations 101: The U.T. System Identity Management Federation

Internet2 Member Meeting

Fall 2006

Paul Caskey

Agenda

• Background

• What have we done?

• How did we do it?

• Why did we do it?

• How do we govern it?

• What does the future hold?

Background

• 16 Institutions 9 academic 6 health 1 System Administration

• 16 unique organizations, budgets, problems, ideas

• Drivers for change: Collaboration Shared Services Compliance Reduced sign-on

What have we done?

• Established the U.T. System Identity Management Federation 16 UT institutions Federation and Member (IdP and SP) policies Shibboleth/SAML VeriSign PKI

How did we do it?

• IdM Statement of Direction• NMI-EDIT “Extending The Reach” grant• Shibboleth IdP InstallFest and SP Fest (a year

later)• Shibb’d some low-risk apps (guest wireless,

financial reporting)• Now have about 10 apps, including student

couponing, legal tracking, research tracking, collaborative funding, and more)

• Currently in production, but still a long way to go

Why did we do it?

• We felt it best to address IdM on an administrative boundary - could happen quicker if we do it within the system.

• We had an established organizational and governance structure throughout UT System and wanted to use it for IdM

• We want to strive for providing infrastructure and policy to meet higher LoAs throughout UT System

How do we govern it?

• UT Federation Executive Committee

• UT System Office of Internal Audit

• Institutional Internal Audit offices

• Technical and Policy committees

• Student project :)

What does the future hold?

• Maturity (policy revisions, support models, VOs, etc)

• Higher LoAs • More apps (and more important ones)

• Inter-federation (TIGRE, HAM-TMC, TDL, etc.)

Thank you!