1 / 12

InCommon Silver Implementation at UChicago

InCommon Silver Implementation at UChicago. Tom Barton. Which people will need Silver?. CIC CourseShare. Payroll. later. Student Loans. Benefits. CIC shared storage. TIAA-CREF. Time frame. Financial aid. Open Science Grid. CILogon. sooner. NSC. Nat’l Labs. NIH. research.gov.

selah
Télécharger la présentation

InCommon Silver Implementation at UChicago

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. InCommon Silver Implementation at UChicago Tom Barton

  2. Which people will need Silver? CIC CourseShare Payroll later Student Loans Benefits CIC shared storage TIAA-CREF Time frame Financial aid Open Science Grid CILogon sooner NSC Nat’l Labs NIH research.gov TeraGrid caBIG larger smaller User group size

  3. UChicago Silver Objectives • Support research & scientific collaborations • Ability to deliver SaaS solutions with higher LoA • Enhance local confidence in our ability to manage access • Eg, allay Registrar’s concerns with students using UChicagonetIds for transcript delivery • All faculty, staff, and students needing Silver should be able to get it, easily • But most won’t need it right away, so don’t make them do anything special until they do

  4. Circumstances – Initial State • Central IdM one of several activities supported by a staff pool – inability to sustain focus on IdM • Inadequate operating practices and doc • Unknown if HR on-boarding process good enough to leverage as-is • Student admissions process most likely not • ID Card office co-operative with ITS & Library • UC Medical Center IdM • user account management integrated with central IdM • but separate password store

  5. Implementation Approach • Re-org IdM • Use existing username/password credentials • Stored in LDAP and in Active Directory • Leverage ID card issuing process to meet Silver identity vetting & credential issuance requirements • Strengthen management of ID Card office • Assimilate ID Card back-end operations into central IdM

  6. Implementation Approach • Move IdM servers to central sysadmin group Document operating practices of both groups • Provide IT Security an opportunity to define good operating practices • Plan IdM audit with Risk Management • Extend IdMS to track who has met which Silver pre-requisites (ID vetting, good password, no security hold)

  7. Managing password exposure browser IdP/login app authN service 1 app IdMS password sync app authN service 2 app app VaTech-style policy to apply to all apps

  8. Unknowns • Medical Center • Unlikely to be needed soon (Drs are BSD faculty and have centrally-issued credentials) • identity vetting options • independent ID Card office eventually to be assimilated • leverage HR on-boarding process • ID vetting for remote people needing Silver • Predicated on anticipated specifications in InCommon Silver IAP v1.1

  9. Are you organized to enable a Silver implementation (if you wanted to do it)?And are the necessary stakeholder relationships in good shape?

  10. What would motivate you to start a Silver implementation?What obstacles hinder that?

  11. Do you already have the right set of tools, operating practices, and technologies to fold into a Silver implementation?

  12. The CIC has found it extremely helpful to go together, as a cohort. Do you have any friends to share the experience with?Do you want some?

More Related