Identity Services Technical Briefing Tuesday, November 5, 2013 Nicholas Roy – Technical Manager...
-
Upload
piers-phillips -
Category
Documents
-
view
212 -
download
0
Transcript of Identity Services Technical Briefing Tuesday, November 5, 2013 Nicholas Roy – Technical Manager...
Identity Services Technical Briefing 1
Identity ServicesTechnical Briefing
Tuesday, November 5, 2013Nicholas Roy – Technical Manager
11/5/13
Identity Services Technical Briefing 2
Central Person Registry
• Current state– Primed with 1.2 million person records as of
September– Daily batch consumption of records from:
• ISIS• IBIS• CIDR• CACTUS• Hershey Medical Center Lawson (Hospital Staff HR)
– Affiliations using the current set of eduPerson values and rules, some gaps identified
11/5/13
Identity Services Technical Briefing 3
Central Person Registry
• Future State– New data from Hershey Medical Center Faculty
List (HY faculty, emeritus) to complete current affiliations
– Integration with CIDR and CACTUS to make CPR authoritative for person identity excluding SSN
– Allows real-time operations against web services– Implement rules engine and fine grained
affiliations better access control
11/5/13
Identity Services Technical Briefing 4
Access Management
• Grouper– Foundation for richer access control• Nesting, group math, enterprise groups, permissions,
privileges, roles
– LDAP Groups– Group Views– Group API
11/5/13
Identity Services Technical Briefing 5
Federated Identity
• InCommon– Multilateral Federation– Assurance
• Shibboleth– Core Technology
• SAML– Core Protocol– Other Protocols (the future?)
• Interfederation– Other Federations
• Social Identity– Other Sources of Authentication (maybe not attributes)
11/5/13
Identity Services Technical Briefing 6
Two Factor Authentication
• The problem with passwords• The current state of 2FA at Penn State• Enterprise solution – Duo Security• Pilots feedback and service refinement• Planning for self-enrollment and identity
verification• Service roll-out/planning a transition paths to
Duo
11/5/13