1 / 15

Case Studies in Distributed Authority Management

This case study explores the Distributed Authority Management system at the University of Washington, focusing on the ASTRA application, which has been in operation since January 2003. Supporting over 20 applications and 10,000 authorizations, ASTRA illustrates a complex authorization framework with 500 Authorizers and 100 Delegators. The challenges faced, including establishing new policies and maintaining data integrity, are discussed alongside the progress made through a multi-year development effort. This analysis highlights lessons learned, effective support strategies, and the importance of persistence in achieving organizational goals.

jarvis
Télécharger la présentation

Case Studies in Distributed Authority Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Case Studies in Distributed Authority Management Ian Taylor University of Washington

  2. Where are we? How did we get here? • ASTRA currently supports > 20 applications

  3. Where are we? How did we get here? • ASTRA currently supports > 20 applications • and 10,000 authorizations, created by

  4. Where are we? How did we get here? • ASTRA currently supports > 20 applications • and 10,000 authorizations, created by • 500 Authorizers, themselves authorized by

  5. Where are we? How did we get here? • ASTRA currently supports > 20 applications • and 10,000 authorizations, created by • 500 Authorizers, themselves authorized by • 100 Delegators, who were identified by

  6. Where are we? How did we get here? • ASTRA currently supports > 20 applications • and 10,000 authorizations, created by • 500 Authorizers, themselves authorized by • 100 Delegators, who were identified by • a few high-level Administrators, reporting to

  7. Where are we? How did we get here? • ASTRA currently supports > 20 applications • and 10,000 authorizations, created by • 500 Authorizers, themselves authorized by • 100 Delegators, who were identified by • a few high-level Administrators, reporting to • the Provost and the EVP

  8. Where are we? How did we get here? • ASTRA currently supports > 20 applications • and 10,000 authorizations, created by • 500 Authorizers, themselves authorized by • 100 Delegators, who were identified by • a few high-level Administrators, reporting to • the Provost and the EVP • as a result of a multi-year design/dev effort

  9. Where are we? How did we get here? • ASTRA currently supports > 20 applications • and 10,000 authorizations, created by • 500 Authorizers, themselves authorized by • 100 Delegators, who were identified by • a few high-level Administrators, reporting to • the Provost and the EVP • as a result of a multi-year design/dev effort • which produced ASTRA v1.0 in January, 2003

  10. Problems and Issues • A new way of doing business, no precedence and therefore no existing community of users. • Central authorization? Distributed? Who decides? • Maintaining the out-of-system records of delegated authority. • Unmet need for an official, systematically-usable ‘hierarchy-of-control’ map.

  11. Policies and Practices • Application developers do not get access to production applications unless authorized. • No-one may authorize themselves. • All new applications must use ASTRA or justify why not. In-house developments are compliant. Experience with vendor products is not so good. • No automatic revocation of access rights. Instead, notices of status sent to Authorizers.

  12. What’s worked for us • Just Do It – without waiting for every detail to be worked out (e.g. who “owns” authorizations?).

  13. What’s worked for us • Just Do It – without waiting for every detail to be worked out (e.g. who “owns” authorizations?). • After all, what’s the worst thing that can happen?

  14. What’s worked for us • Just Do It – without waiting for every detail to be worked out (e.g. who “owns” authorizations?). • After all, what’s the worst thing that can happen? • University loses $millions! • Huge data losses! • It hits the papers! • You lose your job!

  15. What’s worked for us • Effective, informed, compassionate client support – builds confidence and reputation. One very good person can do this. • Persistence in the pursuit of success. • Good buy-in from IT leadership. • Good staff.

More Related