Identity Management at Virginia TechIdentity Management at Virginia Tech

CTSSR Annual Meeting August 7, 2013Identity Management presentationKaren Herrington

2

What is Identity Management? Why is it Important at Virginia Tech?

What is Identity Management? Why is it Important at Virginia Tech?

• Who are you and what can you do?• Increasingly, interactions with users take

place electronically rather than in person• Being asked to provide online services to a

broad audience – not just employees and students

• Safety and Security – we must know who is accessing our resources – safety, legal, financial, reputational ramifications

3

IMS Manages Electronic IdentitiesIMS Manages Electronic Identities

• Over 800,000 electronic identities• ~40 defined affiliations• An affiliation describes an individual’s

connection or association with the university• Affiliations are programmatically derived or

assigned based on the information present in the system about the individual

• Useful for making authorization decisions

4

Student/Alumni Affiliations(Numbers as of July 2013)

Student/Alumni Affiliations(Numbers as of July 2013)

                                                  

• VT-STUDENT-ENROLLED 4309• VT-STUDENT-FUTURE 26813• VT-STUDENT-RECENT 33145• VT-STUDENT-WAGE 6634• VT-STUDENT 355882• VT-ALUM 253719• VT-ALUM-CONSTITUENT 556147• VT-ALUM-FRIEND 91787• VT-ALUM-PARENT 198103

5

Employee AffiliationsEmployee Affiliations• VT-EMPLOYEE-EMERITUS 759• VT-EMPLOYEE-LEAVE  148• VT-EMPLOYEE-NON-STATE 1223• VT-EMPLOYEE-PREHIRE 1384• VT-EMPLOYEE-RETIREE 4427• VT-EMPLOYEE-STATE 7415• VT-EMPLOYEE-TEMPORARY 533• VT-EMPLOYEE-WAGE 3021• VT-EMPLOYEE-FORMER 83726

• VT-FACULTY 4427 • VT-STAFF 5930 

• VT-EMPLOYEE 12925

6

OthersOthers

• VT-ACTIVE-MEMBER 17316

• VT-GUEST 106992• VT-AFFILIATE-LCI 2168• VT-AFFILIATE-TEMPORARY 2939

7

VCOM/Carilion AffiliationsVCOM/Carilion Affiliations• VCOM-ALUM 1086• VCOM-AFFILIATE 3   • VCOM-ACTIVE-MEMBER 1071• VCOM-EMPLOYEE-FORMER 90• VCOM-STUDENT-ENROLLED 846• VCOM-EMPLOYEE 225• VCOM-STUDENT-FORMER 164• VCOM-STAFF 92• VTC-ACTIVE-MEMBER 211• VTC-EMPLOYEE 36• VTC-STUDENT-ENROLLED 175 

8

Non-State, Affiliate-TemporaryNon-State, Affiliate-TemporaryVT-EMPLOYEE-NON-STATE 1223

VT-AFFILIATE-TEMPORARY 2939• Federal employees• Foundation• Bookstore• VT Inn• Summer Campers• State Auditors• Supervisors of VT employees• CRC employees• Undergraduate researchers• Northern Virginia Consortium Architecture students• Korean engineers attending 6-month seminar in Arlington• Contractors working on long-term projects• “Guest” faculty

9

Two Sizes Don’t Fit AllAffiliate-Temporary (XS)

Non-State (XL)

Two Sizes Don’t Fit AllAffiliate-Temporary (XS)

Non-State (XL)• No standard way to enter• Varying amounts of identity information• Varying needs and entitlements to VT

resources and services• Some need “student-like” access, some need

“employee-like” access, some need only select services

• Length of time access is needed varies• No reliable way to deprovision Non-State

10

Affiliate SystemAffiliate System

• One Stop Shop• “Smart” entry interface• Support both employee-like and student-like

access• Workflows including approvals• Potentially feed other systems such as

Banner

11

GIS Authorization ModelGIS Authorization Model

• Proof of concept authorization model• Joint project with CGIT• CGIT grad student – presentation layer• IMS grad student – authorization layer

• GeoServer - open source software server for sharing and editing geospatial data

• CAS - authentication• Entitlements – authorization

12

13

EntitlementsEntitlements

• Assigned to individuals• Way of expressing access rights• Flexible, customizable• Can enable granular authorization• Can be easily provisioned/deprovisioned –

expiration dates

14

EntitlementsEntitlements• User_role/authorized_locality/data_layer

• Individual1: VT Police/Blacksburg/buildings• Individual1: VT Police/VT Campus/building interiors• Individual2: VT building manager/VT Campus/buildings• Individual2: VT building manager/VT Campus/Burruss Hall

interior• Individual3: Contractor/VT Campus/Pamplin Hall interior

**(expires in 2 weeks)• Individual4: VT Emergency Mgt/Blacksburg/buildings• Individual4: VT Emergency Mgt/VT Campus/building

interiors• Individual4: VT Emergency Mgt/VT Campus/underground

utilities

15

Questions?Questions?