KEAS KState Enterprise Authentication System

About This Presentation

Title:

KEAS KState Enterprise Authentication System

Description:

Store identity role information about EVERYONE affiliated ... Central e-mail server (POP/IMAP) Central UNIX and Web servers. Netscape Calendar. SAMBA server ... – PowerPoint PPT presentation

Number of Views:73

Avg rating:3.0/5.0

Slides: 23

Provided by: harvardt

Learn more at: http://www.k-state.edu

Category:

more less

Transcript and Presenter's Notes

Title: KEAS KState Enterprise Authentication System

1
KEASK-State EnterpriseAuthentication System
CITAC April 26, 2002
2
Project Management Staff
Project Web Site keas.cns.ksu.edu
Neil Erdwien Senior Technical Sponsor neil_at_ksu.edu
532-4905
Chuck Gould Project Manager chuck_at_ksu.edu 532-4923
Harvard Townsend Senior Management
Sponsor harv_at_ksu.edu 532-6311
3
Agenda

Project scope Harvard
Authentication 101 Neil
Discussion/Questions

4
The Goal

Build a university-wide directory and
authentication service to support authorized
access to university information and technology
resources.
Store identity role information about EVERYONE
affiliated with K-State.
Using state IT Project Management Methodology to
guide the process
Expect to complete phase I in April, 2003

5
Why?

Multiple IDs and passwords
Goal One (few?) ID and password to remember
Goal Uniform ID name space
Complexity for user and for system administrators
Goal Reduced frustration for users and
simplified access to IT resources
Goal Reduced management costs
Goal Replace current CNS ID management system
Support for distance students
Goal Same access as resident students
Goal Instant access

6
Why?

Support new applications
Foundation technology for III, SIS/FRS, digital
library, portal, wireless networking, Peoplesoft
8, etc.
Improve security
Fewer passwords to keep track of
Password stored in fewer places
Can force choosing good passwords
Simplifies shutting off peoples access

7
Why?

Authenticate with other universities
Goal support EDUCAUSE EduPerson initiative
Goal Inter-realm authentication with KU
Transaction integrity (PKI)
Goal encrypt e-mail
Goal validate sender
Goal guarantee message not altered

8
Phase 1

Uniform ID/name space
Build directory service with ID/password
authentication
Directory-enable central services managed by CNS
Central e-mail server (POP/IMAP)
Central UNIX and Web servers
Netscape Calendar
SAMBA server
Remote access to library electronic journals and
databases

9
Phase 2 Possibilities

K-State Online
KATS
Telecom dialup modems
PeopleSoft
Wireless network
Novell NDS
Microsoft Active Directory
Departmental servers/applications

10
Later Phases

K-State Web Portal
III
SIS/FRS replacement
Authenticate with other universities
Public Key Infrastructure (PKI) for digital
signatures, secure messaging
Single sign-on where you authenticate once and
get access to all the services you need without
re-entering the authentication information

11
Authentication 101Neil Erdwien
12
(No Transcript)
13
Authentication vs. Authorization

Authentication is checking credentials to verify
identity
Authorization is the use of identity to control
access to resources

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
Unified Name Space

Existing systems have separate name spaces
Integration with KEAS will have name conflicts
Possible scenarios (3-8 character IDs)
Eliminate student license plate IDs?
Personal preference, first come, first serve for
all faculty, staff, and students?
Standard naming convention?
1st initial, first 7 characters of last name
1st initial, 2nd initial, first 6 characters of
last name
Conflict resolution, i.e. jsmith05_at_ksu.edu
Steering committee will decide in June.