150 likes | 279 Vues
Winter 2011 CSG Workshop: InCommon Silver. January 12, 2011. Speakers. Happy Valley. Agenda. Overview: What is “InCommon Silver”?. I dentity A ssurance P rofile (IAP) developed by InCommon Set of requirements around best practices for identity and access management
E N D
Winter 2011 CSG Workshop: InCommon Silver January 12, 2011
Speakers CSG: InCommon Silver
Happy Valley CSG: InCommon Silver
Agenda CSG: InCommon Silver
Overview: What is “InCommon Silver”? • Identity Assurance Profile (IAP) developed by InCommon • Set of requirements around best practices for identity and access management • Aligned with the recommendations in NIST 800-63 for Level of Assurance 2 (LoA2) • Being “Silver compliant” will ensure that an institution’s conforming authentication assertions will be accepted by relying parties at LoA2. CSG: InCommon Silver
InCommon Identity Assurance Program’sIdentity Management Functional Model CSG: InCommon Silver
InCommon Silver Requirements • Eight Assessment Areas • Three General Categories of Requirements • Documentation of policies and procedures and standard operating practices • Strength of authentication and shared secrets (passwords) • Registration of identity subjects and issuance of credentials CSG: InCommon Silver
CIC InCommon Silver Project • University of Chicago • University of Illinois • Indiana University • University of Iowa • University of Michigan • Michigan State University • University of Minnesota • Northwestern University • Ohio State University • The Pennsylvania State University • Purdue University • University of Wisconsin-Madison --------------- • Virginia Tech • University of Washington CSG: InCommon Silver
CIC CIOs and Federation • CIC CIOs Provide Strong Executive Sponsorship • 2007 Goal: • Establish federation infrastructure • Join InCommon by 2008 • 2009 Goal: • Enable Collaboration for Above-the-Campus and Cloud Services • The CIC Universities will implement InCommon Silver to support LoA 2 by Fall 2011. CSG: InCommon Silver
CIC Project Management • Organized with Co-leads • Renee Shuey (PSU), Tom Barton (Chicago) • Organized in Phases • Gap Analysis: Campuses had different problems to address • Leverage commonalities; understand differences • Identification of “Silver” population: not “all or nothing” • Regular conference calls • Reviewed IAP detail by detail • Engaged CIC Internal Auditors CSG: InCommon Silver
CIC Project Organization • Work teams aligned with types of requirements • Developing Documentation • Authentication • Active Directory Implementations • Kerberos Implementations • Multi-Factor Implementations • Registration Authority Processes (later) CSG: InCommon Silver
CIC First Cohort • Impact of Being First Cohort • Opportunity to test, influence IAP (Identity Assurance Profile) • Pain Points submitted to TAC (Technical Advisory Committee) • Support Refinement of IAP CSG: InCommon Silver
What is the target? CSG: InCommon Silver
Campus Level Project Management • Fit into Campus Project Management Culture • Silver project doesn’t stand in isolation • Recognize alignment; leverage other campus efforts • Next Segment: Four Campus Stories • Matt Kolb – Michigan State University • Mary Dunker – Virginia Tech • Chris Pruess – University of Iowa • Tom Barton – University of Chicago CSG: InCommon Silver
Resources • CIC Identity Management Projecthttp://www.cic.net/Home/Projects/Technology/IdMgmt/Introduction.aspx • InCommon Identity Assurancehttp://www.incommonfederation.org/assurance/ • Internal Audit Involvementhttps://www.cic.net/Libraries/Technology/Internal_Audit_Involvement_Silver.sflb.ashx • Management Assertions Example https://www.cic.net/Libraries/Technology/Audit_Management_Assertions.sflb.ashx CSG: InCommon Silver