Idm | Enterprise Architecture in Higher Education

Microsoft Canadian Colleges Exec Briefing – Identity and Access Mgmt

enterprise architecture, higher education, it governance No Responses »

Feb 042011

Mark Wahl, Senior Program Manager/Architect, Microsoft Corporation

Identity and Access Management – Business ready Security Solutions

Business needs agility and flexibility and IT needs control – these needs are in competition

Business Ready Security – Protections = protect everywhere, access anywhere, Access = simplify the security experience, Management = manage compliance, integrate and extend security across the enterprise

Consistent Identity and Access Experiences – for end users, for data owners, for security adminstrators

Identity Metasystem Architecture

User — access –> Relying Party (authZ = access control, personalization, collaboration)

User — authenticate –> Identity Provider (authN, self service, credentialing)

Identity Provider — token containing claims –> Relying Party

Claims in the Identity Metasystem

Claims enable authN, authZ, personalization, and access across boundaries – defines a contract between identity and resource authoritiies
tokens and claim transfer protocols beign standardized and interoperable

ForeFront Unified Access Gateway – allows direct access from anywhere as trusted and untrusted connections, creates a virtual private network (claims based authentication supported). Active Directory will support WS* and SAML standards

ForeFront Identity Manager – provides synchronization to move identity information between systems. Key functions: identity management, group access, self service password management

Futures

There is a balance between the Person’s need for “contextual separation” and the Person’s need to traverse contexts. People can bring their own trusted identity and request services. The concepts of Federated Directory and Minimal Disclosure Token Concepts to protect Relying Parties or Identity Providers to aggregate your service access requests to build a profile of your behaviour and personal information.

There is a lot of governance and policy work to get to the point of having the appropriate identity providers for the appropriate contexts for the claims based system to really be functional.

BCNet 2010 Conference – New Initiatives in Shared Network Applications

enterprise architecture 1 Response »

May 032010

New Initiatives in Shared Network Applications – Identity Management Working Group Report 2010

To watch our panel presentation, click here for the video

IDM Working Group Purpose

As a working group under the direction of the Applications Advisory Committee (APAC), the group will seek to create a forum for inter-institutional discussion of identity management issues while encouraging the collaboration and exchange of ideas and information between BCNET member institutions, other provincial post-secondary educational institutions and provincial and federal public sectors, including government and health care authorities.

Membership

Membership consists of IDM specialists from each BCNet member institution as well as BC Campus.

Projects

Eduroam – led the Canadian introduction of Eduroam with BCNet members. Developed policies, procedures and support for Eduroam in BC. Led the creation of the Canadian Access Federation, who now is responsible for Eduroam as well as Shibboleth. Canada joined the Eduroam federation in April 2008.

What is eduroam?

Do you need wireless access from your laptop around the world?

eduroam (education roaming) lets you do this.

Let’s say you are planning to attend an upcoming conference at the University of Calgary, or perhaps you are visiting the University of Western Ontario from the University of Amsterdam.

If you need wireless access, you will no longer need a guest account from the campus you are visiting — you simply use eduroam. Set it up once at your home institution, and it will work at any other eduroam member institution in the world!

Canadian Eduroam Membership – 23 members and counting …

BC – 7 members
Alberta – 3
Saskatchewan – 1
Ontario – 8
Quebec – 2
New Brunswick – 1
Newfoundland – 1

BCNet IDM Working Group continues to advocate to other higher education institutions around the province to join Eduroam.

BCNet IDM Workshop – May 2010

On Monday, May 3rd the BCNet IDM Working Group hosted a full day workshop for BCNet members, BC Campus and guests from the BC Government Office of the CIO, Health Authorities and Oracle. Four years ago, the IDM WG hosted a full day at SFU Burnaby. For those of us who were there, today would prove to be interesting to see how far IDM initiatives had come.

The day started with Peter Watkins from the BC Government Office of the Chief Information Officer talking about the Provincial work on Claims Based IDM Architecture and the future possibilities and challenges.

Randy Bruce from BC Campus was up next talking about their IDM initiatives especially the links with PASBC. SFU led the membership presentations talking about LDAP, CAS, Shibboleth and Open Registry. Read more...

BCNet IDM Workshop – Provisioning and Deprovisioning with Sun’s Identity Manager @ UVic

enterprise architecture 1 Response »

May 032010

Corey Scholefield, Paul Hilchey – University of Victoria

IDAM Framework Objectives

implemented SGHE platform
centralized the management of identity information
role based access
evolve away from batch processes
enhanced security
personalize, customize and enhance end user experiences
enhance partnerships with Information Security Office and University Privacy Officer(s)

Current Projects

Sun Identity Manager Upgrade to 8.1 – allows for business roles, IT roles, application roles, asset roles …
CAS SSO
Banner ERP Refresh
uPortal rollout (migration away from Luminis Portal?)
Affiliate IDM system

Showed a diagram of UVic Sun Identity Manager Deployment Overview and Enterprise IDAM Overview

I liked the organization of the Enterprise IDAM diagram into layers: