Title: Leading an Effort to Define Roles
1Leading an Effort to Define Roles
2I AM
Alum Liberal Arts
DONOR
Chair Residency Appeals
Assistant Controller
Assistant Treasurer
Employee
Budget Administrator
Workflow Mother of all Roles
Alum Smeal College of Business
Purchasing Card Administrator
Member WPSU
Conference Attendee
Thespian Alumni Interest Group
Purchasing Card Reconciler
3I AM
Alum Health Human Development
Director of Information Systems Auxiliary
Business Services
Supervisor
Director in Finance Business
Employee
Parent of a freshman (tuition
payer!)
Budget Administrator
4I AM
DONOR
Senior Systems Engineer
Director/Manager
Budget Administrator
Parent of an alum
Lead Architect
Team Leader in ITS Emerging Technologies Group
Co-Chair InCommon Technical Advisory Committee
Employee
Member of Nittany Lion Club
5I AM
dmm4 9-0000-0003 211-00-0000 602068
2098752890 dmm4_at_psu.edu
jlw2 9-0000-0001 466-00-9999 602068
1234567890 jlw2_at_psu.edu
prs4 9-0000-0002 962-00-1212 602068
39765112309 rshuey_at_psu.edu
6I AM
THE WALRUS
GOO, GOO, GJOOB
7Leading an Effort to Define Roles Historical
Perspective
- Electronic Approval since 1988
- Approval Paths
- Based on individual dmm4
- Financial and HR Processes Only
- Route based on mnemonics
- Implementing Role-Based Workflow
- Standard workflow for process
- Authorization through roles and related attributes
8Leading an Effort to Define Roles IAM at Penn
State
- Identity Access Management Road Map
- Co-Chaired by Renee Shuey Joel Weidner
- Sub-Groups
- Policy and Governance
- Risk Assessment
- Vetting, Proofing and Registration Authorities
- Life Cycle and Affiliations
- Levels of Assurance
- Report being presented next week
9Leading an Effort to Define Roles
IAM
TECHNOLOGY
Business Process
POLICY
10Leading an Effort to Define Roles
IAM
TECHNOLOGY
Business Process
POLICY
11Leading an Effort to Define Roles Policy
- HOW CAN WE FOCUS THE IAM LENS?
- Governance
- Coordination and collaboration
- Three-level structure proposed at Penn State
- Policy
- Comprehensive Overarching Policy
- Standards vs. best practices vs. objectives
- Audience beyond organization
12Leading an Effort to Define Roles Policy
- CHALLENGES
- Organizational Issues
- Workflow driving roles but broader use being
implemented - Department Identity
- Financial Organization is not representative of
rest of the organization - Cultural Change
- Communication/Cooperation
- Cross-Organization Collaboration
13Leading an Effort to Define Roles Policy
- CHALLENGES
- Roles
- Creation of roles that work in multiple systems
- Roles access and security
- Role versus Position versus Affiliation
- Can we use the term roles
in academic
processes?
14Leading an Effort to Define Roles Policy
- CHALLENGES
- Role Stewardship
- Attributes define access and authority
- Who determines?
- Some attributes are unique to individual User
ID - Other attributes relate to process
- Privileges that are inherent in position
- Role of President, Provost, Dean
- Delegates and Proxies
- Some roles can be automated
- Principal Investigator drive from account
set-up
15Leading an Effort to Define Roles Policy
- CHALLENGES
- Role Steward
- Defines roles used in various processes
- Role Assigner
- Authority to grant access to role
- May also require workflow approval
- Person in role may have authority to grant access
to delegates and proxies
16Leading an Effort to Define Roles Policy
- CHALLENGES
- Relationship of IAM to Other Issues
- Privacy
- Information Security
- Data Classification
- Workflow
- List Serve Management
17Leading an Effort to Define Roles Policy
Who will be your Role Stewards? or as Jimmy V
says Muddah of All Roles
18Leading an Effort to Define Roles
19Leading an Effort to Define Roles Focus on
Business Processes
- Three Different Lenses
- The Customer or Consumer of online resources
-
- The Application/Resource Provider
-
- The Administrator
20Leading an Effort to Define Roles Focus on
Business Processes
- The Customer Lens the consumer
- Dont care how
- I want it NOW!
21Leading an Effort to Define Roles Focus on
Business Processes
- The Customer Lens the consumer
- Driving the development of online services
- Bringing expectations from commercial experiences
- Want it now
- Demand simplicity
- Want it pushed
22Leading an Effort to Define Roles Focus on
Business Processes
- Customer Challenges
- Dont care about rolesonly know what they want
to do - How can intelligence be embedded into the
business processes to simplify the customer
experience? - How can we integrate existing business processes
(admissions, hiring, registration) with the
automated updating of roles?
23Leading an Effort to Define Roles Focus on
Business Processes
- Resource/Application Provider
24Leading an Effort to Define Roles Focus on
Business Processes
- Resource/Application Provider
- Charged with providing online services to the
university community - Admission applications, housing contracts, meal
plans, class resources, procurement, parking
permits, online testing - Need to efficiently place user in a context and
role to execute the transaction - May require both user and approver roles
25Leading an Effort to Define Roles Focus on
Business Processes
- Resource/Application Provider Challenges
- Dynamic environment where individuals are moving
in and out of roles daily - Reconciliation of a single identity with multiple
roles - In what role is the customer acting today--or for
this particular application?
26Leading an Effort to Define Roles Focus on
Business Processes
- The Administrator Lens The business of managing
the business
27Leading an Effort to Define Roles Focus on
Business Processes
- The Administrator Lens The business of managing
the business - Ensuring that policy is being followed
- Oversight for fiscal responsibility
- Oversight for academic integrity
28Leading an Effort to Define Roles Focus on
Business Processes
- Administrator Challenges
- Responsible for role management
- Knowing whos on first
- Keeping the business running
- Proxies and delegates
- Audits controls
- Reconstruction of business transactions
- Encouraging people to do the right thing
29Leading an Effort to Define Roles
30Leading an Effort to Define Roles Technology
- A mechanism must be provided for
- Assignment and management of roles.
- Establishment of new roles and attributes.
- Assignment of authority
31Leading an Effort to Define Roles Technology
- Develop a Schema with Agility Ability
- Meets both needs of Today and Unknown of Tomorrow
- Necessary Challenging
32Leading an Effort to Define Roles Technology
33Leading an Effort to Define Roles Technology
- Provide Education Training
34Leading an Effort to Define Roles
IAM
TECHNOLOGY
Business Process
POLICY
35Leading an Effort to Define RolesQuestions,
Comments, and Farewell
Debbie Meder dmm4_at_psu.edu Joel
Weidner jlw2_at_psu.edu Renee Shuey rshuey_at_psu.edu
36Dont Forget!