Identity and Access Management - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Identity and Access Management

Description:

Identity and Access Management IAM A Preview Goal To design and implement an identity and access management (IAM) middleware infrastructure that Improves the user ... – PowerPoint PPT presentation

Number of Views:1391
Avg rating:3.0/5.0
Slides: 23
Provided by: SueLi2
Category:

less

Transcript and Presenter's Notes

Title: Identity and Access Management


1
Identity and Access Management
  • IAM
  • A Preview

2
Goal
  • To design and implement an identity and access
    management (IAM) middleware infrastructure that
  • Improves the user experience
  • Increases our security and audit capability
  • Opens the door to different levels of access

3
How will IAM help us?
  • Streamlining business processes through workflow
  • Reducing the need to hire additional technology
    staff to manage new applications
  • Supporting collaboration, both internal to and
    external to the University.

4
Drivers for IAM
  • The drivers from both inside and outside the
    University promoting the implementation of this
    infrastructure include
  • interdisciplinary and inter-institutional
    research and collaboration
  • Changing needs of teaching and learning
  • Fund raising and outreach
  • Digital library access
  • Increasing budgetary pressures
  • Interactions with government agencies

5
The IAM InfrastructureThe Business Case 7
Major Outcomes
  • It will reduce the number of credentials that
    constituents must know to perform the actions for
    which they are authorized
  • It will reduce the implicit denial of service
    experienced by new members of the University.
  • Accounts are not currently set up in a timely
    manner because processes both manual and
    automated may not function properly.

6
IAM The Business Case
  • It will reduce the operational and management
    overhead of enabling our constituents to perform
    actions for which they are already authorized and
    the incremental cost of implementing a new online
    service.
  • It will reduce the operational and management
    overhead of disabling authorization for former
    constituents (individuals no longer in a
    relationship with the University) who should no
    longer have access to University services and
    resources.

7
IAM The Business Case
  • It will enable the University to quickly modify a
    constituents access permissions as the his/her
    role, and therefore his/her set of
    authorizations, change
  • It will improve the quality of auditing actions
    across the University by using persistent
    identifiers common to all applications

8
IAM The Business Case
  • It can provide an environment in which the
    Universitys confidence that the credential
    presented by someone to perform an authorized
    action is presented by the person to whom the
    credential was issued.
  • By centralizing identity proofing and
    establishing appropriate policies on how an
    individual can prove who he says he is.
  • The middleware infrastructure stores the
    credential in a secure manner.
  • Today credentials are stored in a variety of
    systems, rather than a central one, with
    sometimes questionable levels of security.

9
IAM Benefits
  • Significant benefits can be reaped from the
    deployment of an IAM infrastructure
  • Enhanced Security
  • IAM reduces the management of user access to a
    single system
  • Who is active is deterministic since the identity
    information about individuals emanates from the
    Universitys key administrative systems
  • Identity data is stored in a single protected
    data repository with data encryption and single
    sign-on capability
  • Relatively small staff to manage it

10
IAM Benefits
  • Enhanced Security (continued)
  • Provides a mechanism to express access control
    policies
  • Supports authorization services to applications
  • Supports better logging and audit capability
  • User login identifiers are identical across
    systems so we are better able to track activity.
  • Improves support for after-the-fact audit
    analyses

11
IAM Benefits
  • Simplified Network and Online Service Access
  • Enables unified access to multiple applications
  • Enables initial-sign-on, also called
    single-sign-on
  • With initial-sign-on, it is a straightforward
    step to a campus portal

12
IAM Benefits
  • Economies of Scale
  • The identity information that is populated into
    the identity and access management infrastructure
    comes from administrative systems like the Human
    Resources and Student Administration systems
  • Additional identity information will be populated
    from other systems or interfaces as required.
    These entries will have explicit expiration dates
    associated with them.

13
IAM Benefits
  • Provides better application standards around
    authentication and authorization
  • Not only are applications using a common
    directory for identification, but a standard
    (single) interface to authenticate
  • Applications will be easier to build, will be
    more consistent with each other, and provide a
    common user experience around authentication and
    authorization

14
IAM Benefits
  • Economies of Scale continued
  • Provides a unified means of enabling and
    disabling access to a wide range of online
    services infrastructure for access control
    information
  • It requires more support staff to have each
    application maintain its own accounts and access
    privileges
  • Since all applications authenticate and authorize
    against the same directories, the training costs
    are reduced (and users are more comfortable as
    well)
  • It is easier to outsource an application that are
    compliant to our standards since we would not
    need the vendor to provide access control

15
IAM The Proposal
  • The model that we are pursuing to solve the IAM
    problem is based on the work of the National
    Science Foundation Middleware Initiative and
    Internet 2.
  • We are committed to an open standards solution.
  • We are committed to an extensible solution.

16
IAM The Proposal
  • We will address initial sign-on for web
    applications
  • We will attempt to address initial sign-on for
    desktop/client applications
  • We will address the affiliate user issue and
    provide mechanisms for adding such users to the
    database to allow access to only those services
    that they should receive

17
IAM The Proposal
  • The next slide shows the roadmap for the identity
    and access management infrastructure for UConn.
  • This will be adapted as necessary during the
    project, but is strongly based on the recommended
    roadmap from the NSF Middleware Initiative.

18
(No Transcript)
19
IAM Who?
  • The design of the Identity Management component
    of the IAM infrastructure will require both
    technical staff from UITS and functional staff
    from a variety of areas
  • The functional staff will provide the business
    processes by which we can eliminate duplicate
    identities for the same person, determine the
    roles we care about, and help us to understand
    where besides the Human Resources and Student
    Administration Systems we must look for
    identities.

20
IAM Who continued?
  • The Identity Management component will also
    require technical staff with expertise in
    identity management, programming, and database
    administration.
  • The Provisioning Engine will require either a
    purchased product or some programming staff.
    This component will also require system and
    application administrators.

21
IAM Who needs to be involved?
  • The Access Management component requires
    programmers, system administrators, identity
    management experts, and application
    administrators.

22
IAM Where do we start?
  • Our goal is to carve out a manageable piece of
    this huge project and build for extensibility.
  • We have initiated a short project to investigate
    what is available in the market.
  • RFIs are in we just got them and we need to
    start reviewing them.
Write a Comment
User Comments (0)
About PowerShow.com