1 / 33

Joanne Berg, Registrar, UW-Madison Dan Edlebeck, Registrar, UW-Whitewater WACRAO Meeting

Joanne Berg, Registrar, UW-Madison Dan Edlebeck, Registrar, UW-Whitewater WACRAO Meeting November 4, 2004. IAA Overview. Presentation overview. Identity management overview What is IAA? How does it work? What student data is used? How is the data used? History and Governance

cheri
Télécharger la présentation

Joanne Berg, Registrar, UW-Madison Dan Edlebeck, Registrar, UW-Whitewater WACRAO Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Joanne Berg, Registrar, UW-Madison Dan Edlebeck, Registrar, UW-Whitewater WACRAO Meeting November 4, 2004 IAA Overview

  2. Presentation overview • Identity management overview • What is IAA? • How does it work? • What student data is used? • How is the data used? • History and Governance • Guidelines for Use

  3. Identity management Identification & Authentication • Is the person wanting to use the service who she claims to be? • Is she a member of our campus? Authorization • Is she permitted to use the service? • Is her privacy being protected?

  4. What is IAA? • An identity management system linking institutions across the UW System • reduces complexity, cost, and processing for applications • It is the repository of aggregate information about student, faculty, staff and “other” populations • The IAA registry enables applications like Learn@UW and APBS • The IAA registry hosts 330,000 individuals each with one unique identifier

  5. Some key points about IAA • It’s efficient and user-friendly • We don’t need to worry about multiple usernames and passwords • IAA supports local campus policies and identity management mechanisms • Data ownership and policy decisions stay at individual campuses • It’s not a system-wide data warehouse

  6. How it works… • Data is fed from the campus to the IAA registry • Passwords are maintained at the campus, not in IAA. • The IAA registry is used for: • User authentication and authorization • UW System White Pages Directory

  7. Name Gender Birth Date Social Security Number ISO Number Deceased Indicator Data Source Email (official & preferred) Phone (home & cellular) Address (permanent & current) Username Institution Code Academic Calendar Term Student Status (Eligible to enroll, Enrolled, Withdrawn) Status Begin Date Status End Date Status Last Updated Major Student Classification/Level (Fresh, Soph, Jun, Sen, Grad, Other) College Privacy Flag (yes/no) What student data is fed to IAA?

  8. Common System Applications using IAA Authentication Hub Learn@UW Kronos Hyperion APBS DSpace (Minds@UW) Student Appt & Payroll Payroll IAA Registry Data Relevant data System Campuses IAA White Pages Directory passwords

  9. First, we start with a campus user.

  10. UW Libraries Electronic Resource Management This person wants to access a Common Systems application that’s hosted by UW System.

  11. UW Libraries Electronic Resource Management Requires IAA user ID The person has a campus username and password but the Common Systems application has no knowledge of it. The application requires a separate user ID that is generated by IAA.

  12. UW Libraries Electronic Resource Management The person’s campus has its own authentication infrastructure - most likely LDAP.

  13. UW Libraries Electronic Resource Management And, as you know, the campus has submitted student data to the IAA Registry. The data does not include passwords.

  14. UW Libraries Electronic Resource Management The IAA Registry also collects employee information.

  15. UW Libraries Electronic Resource Management Requires IAA user ID The IAA Registry, using data submitted by the campus, works in conjunction with the IAA Authentication Hub to bridge the gap between the person and the Common Systems application.

  16. UW Libraries Electronic Resource Management Requires IAA user ID Before the person can access the application, he must go through the IAA Authentication Hub login page.

  17. UW Libraries Electronic Resource Management Requires IAA user ID To do so, the person must provide two additional pieces of information: – home campus - the application to be accessed

  18. UW Libraries Electronic Resource Management Requires IAA user ID The IAA Authentication Hub will then contact the campus authentication server and will validate the person’s username and password (remember … no passwords are stored in IAA).

  19. UW Libraries Electronic Resource Management Requires IAA user ID The IAA Authentication Hub also allows for a campus portal to authenticate the person.

  20. UW Libraries Electronic Resource Management Requires IAA user ID After IAA and the campus work together to authenticate the person, the IAA Authentication Hub uses the IAA Registry to convert the person’s campus username to the IAA user ID that the application will understand.

  21. UW Libraries Electronic Resource Management Requires IAA user ID The IAA Authentication Hub then redirects the user’s browser to the application which uses the IAA user ID.

  22. UW Libraries Electronic Resource Management Requires IAA user ID And, like magic, the person has authenticated to a Common Systems application. The person did not need to know the IAA user ID and the application did not need to know anything about the person’s campus username.

  23. This all sounds reallycomplicated. What do I needto know?

  24. A brief scenario… Password Verification comes from campus Bob enters ID and Password to access a system application that uses IAA authentication Bob is allowed “in”… Who Says Bob Is Allowed Into this application?

  25. Who Says….? • The campus, based on the data submitted to the IAA registry. • An application sponsor requested use of IAA data to authenticate users and the IAA Governance Work Group approved the request. • The campus LDAP and the IAA Authentication Hub work together to allow Bob into the application.

  26. Is there public access to IAA information? The White Pages Directory will be open to the public* • * FERPA protected Other than the White Pages Directory, no one SEEs, nor can they query, IAA data

  27. White Pages Directory example

  28. IAA Governance Working Group(est. December 2003) Carrie Regenstein (UW Madison, Chair) Chris Ashley (UW System, ex-officio) Joanne Berg (UW Madison) David Crass (UW Milwaukee) Dan Edlebeck (UW Whitewater) Mary Fischer (UW Green Bay) Elliott Garb (UW Oshkosh)

  29. IAA Governance Working Group Charge from Ed Meachen, UW System (December 2003) • Ensure proper stewardship of IAA registry data (including security and privacy) • Make recommendations on the IAA registry and directory structures and any proposed enhancements or modifications to those structures • Make decisions on electronic or other applications desiring access to IAA services

  30. IAA Guidelines for UseDeveloped by IAA Working Group • IAA data will only be used for purposes of providing identity management, which includes directory authentication and authorization services. • Compliance with State and Federal laws regarding privacy and security, eg. FERPA, and University policy. • Memorandums of Understanding (MOUs) between UWSA and entities submitting data to IAA. • The entity submitting data to the IAA registry will maintain the role of custodian of that data.

  31. IAA Guidelines for Use • UWSA is responsible for maintaining and protecting the integrity and security of data submitted by participating entities while such data is maintained in the IAA system. • All access to IAA data must be approved by the IAA Governance Working Group. • Addition of data elements must be approved by IAA Governance Working Group.

  32. Resources • IAA working group members • IAA website http://www.uwsa.edu/olit/iaa/

  33. Questions

More Related