1 / 12

Building a Distributed Access Management Infrastructure: Lessons from UW-Madison's Approach

This document outlines the development of a distributed identity management (IdM) infrastructure at UW-Madison, focusing on the Populations, Affiliations, and Service Entitlements (PASE) initiative. PASE aims to streamline the management of identities and their relationships with the university, facilitate collaborations with external institutions, and ensure secure access to resources. Key requirements include rapid response to requests, stable authorization infrastructures, and improved visibility for audit capabilities. The document discusses the project's evolution, governance, and team roles in achieving these objectives.

mirra
Télécharger la présentation

Building a Distributed Access Management Infrastructure: Lessons from UW-Madison's Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BUILDING A DISTRIBUTED ACCESS MANAGEMENT INFRASTRUCTUREReports from the Real World

  2. UW-Madison

  3. History/Current IdM Infrastructure

  4. Next up: Populations, Affiliations and Service Entitlements (PASE)

  5. Business Drivers • Efficiently manage the identities of persons and their relationship with the university. • Securely and effectively conduct business with other institutions and government agencies. • Examples: • Granting a visiting professor access to the network and course management system. • Giving non-university employees (e.g. UW Hospital) to university managed resources (e.g. parking). • Providing new hires with an email address to receive employment communications before they begin work.

  6. Requirements • Rapid response to customer requests • New affiliations (groups) • Access to services by new or existing affiliations • A stable and reliable authorization infrastructure • Standard provisioning processes • Standard system interfaces for accessing group and entitlement information • Support for large numbers of affiliations and diverse populations • Better visibility into who has access to service • Improved audit and logging capability • Reduce the need for custom development when addressing customer requests

  7. The Concept

  8. Approach/History • Improved reconciliation process • Developed standard interface to the UDS • 2001 - Started PASE • Made the decision use internal development • Enabled the registry (UDS) to store affiliation data • A lot of project ups and downs. Changes is staff and management • 2005 - Reinitiated UI requirements gathering • Looked like it was going to take a long time • Decided to step back, do a survey of the market • Did a build vs. acquire analysis • Determined that acquiring a solution would be the most time-efficient and economical path • Acquired a real project manager • Adopted and implemented a rigorous project management mindset

  9. Project Approach

  10. Governance/Policy Roadmap

  11. Technology Gaps/Roadmap in more detail

  12. The PASE Team • Chris Holsman - Executive Sponsor • Pam Allen - Project Manager • Monica Crawford - Lead Developer • Steve Devoti - Enterprise Architect • Chuck Miller - Business Analyst • Mark Weber - Solution Architect • Keith Hazelton - Enterprise Architect

More Related