IAM Online Friday, February 12, 2010
-
Upload
datacenters -
Category
Technology
-
view
229 -
download
0
Transcript of IAM Online Friday, February 12, 2010
![Page 1: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/1.jpg)
IAM OnlineFriday, February 12, 2010
“Introduction to Federated Identity Management”
John O’Keefe, Lafayette College
Questions either via Adobe Connect chat or the conference call.
Dial-in numbers:
+1-734-615-7474 Preferred (from any phone where long distance has no add'l cost)
+1-866-411-0013 (US/Canada only and only if above number costs user more than 800/866
calls)
Access Code: 0189081#
Brought to you by InCommon, in cooperation with Internet2 and the EDUCAUSE Identity and Access
Management Working Group
![Page 2: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/2.jpg)
Introduction to Federated Identity Management
John O’Keefe
Director, Academic Technology and Network Services
Lafayette College
1
![Page 3: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/3.jpg)
What is Federated Identity Management (FIdM)
2
![Page 4: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/4.jpg)
The Questions
• How many off campus applications do you have (or are you planning to
have)?
• How do these service providers
• verify the identity of your users?
• know who’s eligible to receive these services?
• know the user is active and hasn’t left the institution?
• How comfortable are you with the privacy and security of the identity data?
3
![Page 5: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/5.jpg)
The Problems
• Access to outsourced services in a traditional way does not scale
• Authentication is managed by identity holder (user) on a case-by-case basis
• Authorization is managed by the Service Provider without institutional
verification
• Security and privacy varies from service to service, user to user
• Accuracy and timeliness not managed by anyone
• In 2005, 11 different LC username/password combinations
4
![Page 6: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/6.jpg)
Traditional Identity Management
Institution A
Institution B
= Credentialing / Authentication = Authorization = User Credential
Research Projects
Physics Homework
Service
Shared Courses
Library Provider
Student Loan Service
5
![Page 7: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/7.jpg)
Federated Identity Concept
Institution A
Institution B
= Credentialing / Authentication = Authorization = User Credential
Research Projects
Physics Homework
Service
Shared Courses
Library Provider
Student Loan Service
Federation
6
![Page 8: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/8.jpg)
InCommon Federation
• US Research and Education Federation
• http://www.incommonfederation.org
• Over 200 participants representing over 4 million users and growing
• Sponsored partners include the National Science Foundation, the TeraGrid, the National
Institutes for Health, EDUCAUSE, the National Student Clearinghouse, and companies
offering library databases, human resource systems, and other important services
• Higher ed. participants include all types of colleges and universities – from the liberal arts (like
Lafayette) to large research institutions (like University of Florida)
• Members agree to common participation rules and basic practices that allows each to inter-
operate with the others
7
![Page 9: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/9.jpg)
Use Cases @ Lafayette College
8
![Page 10: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/10.jpg)
The College
• 2,382 Students, 206 Faculty
• Small, residential, private liberal arts college
• Merged IT/Library organization with 29 IT staff
• Open-source centric
• Centralized IT
• 30% of 1 FTE dedicated to FIdM
9
![Page 11: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/11.jpg)
What We Do With Federated Identity
• Library Applications (Jstor, RefWorks)
• Moodle Spaces (Lafayette’s collaborative Moodle instance)
• University Tickets Online
• e2Campus
• Google Apps (Not Email)
10
![Page 12: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/12.jpg)
What We Do With Federated Identity
• Spaces (I2 wiki)
• University of Washington Technology Wiki
• DreamSpark
• Internal network management apps
11
![Page 13: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/13.jpg)
University Tickets
• Provides online ticket sales for campus events
• Student Life had previous arrangement with vendor
• Wanted to validate affiliation via LDAP import into THEIR system
• We pointed them to InCommon
• Now sending only basic attributes, no LDAP information
12
![Page 14: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/14.jpg)
e2Campus
• SMS-based emergency notification system
• Spam-like emails sent to campus users requesting password changes
prompted project
• Collaborated with Public Safety
• Went live in October 2009
• Makes using service easier and more secure
13
![Page 15: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/15.jpg)
Moodle Spaces
• Our first use of SP
• Alumni Ambassadors (213 users)
• Oomycete Undergrad Molecular Genetics Network
• Alumni Chapter Volunteers (26 users)
• Uses ProtectNetwork IDs - http://www.protectnetwork.org/
• Solved credential issuance problem for “lightly-affiliated” users
14
![Page 16: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/16.jpg)
What’s Next for LC and FIdM: IdP
• Collaborations with other schools
• Financial Aid Applications
• iTunesU
• NSF & Grant Application/Management
15
![Page 17: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/17.jpg)
What’s Next for LC and FIdM: SP
• WordpressMU
• Single Sign-On for web applications
• Banner
• Drupal
• Zimbra
16
![Page 18: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/18.jpg)
Why Does This Matter?
17
![Page 19: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/19.jpg)
Facilitates Collaboration
• Enables faculty, staff, and students both within and beyond your institution to
use a common set of applications
• Enables faculty, staff, and students both within and beyond your institution to
access, share, and manipulate a common set of data
• Enables faculty, staff, and students both within and beyond your institution to
access research tools over the Internet and Internet2
18
![Page 20: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/20.jpg)
Protects Collaboration
• Privacy - Sends the minimum amount of attributes
• Security - Keeps person attributes secured in your local identity vault and
limits number of UserIDs and passwords
• Outsourcing - Enables integrated institutional use of external applications
• Regulations - Access that must adhere to Federal regulations can easily be
provisioned
19
![Page 21: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/21.jpg)
Questions?
John O’Keefe
email: [email protected]
web: http://its.lafayette.edu
twitter: okeefej_62
20
![Page 22: IAM Online Friday, February 12, 2010](https://reader031.fdocuments.us/reader031/viewer/2022030318/5a6874407f8b9a4a258b4dc3/html5/thumbnails/22.jpg)
IAM Online
Please take a few minutes and complete the survey about today’s IAM Online:
http://www.surveymonkey.com/s/ZJRK9KP
Upcoming IAM Online:
March 11, 2010, 1 p.m. (EST) “Provisioning of Remote Users,” by Mark
Scheible, North Carolina State University
April 8, 2010, 1 p.m. (EDT) “Making Federation Happen,” by Joel
Cooper, Carleton College
Go to CAMP! June 21-23, 2010 – InCommon CAMP – Raleigh, North Carolina
“Exploring and Supporting Federated Access” Details soon at www.incommon.org
Brought to you by InCommon, in cooperation with Internet2 and the EDUCAUSE Identity and Access
Management Working Group