Identifying the Identity Managers


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Identifying the Identity Managers

  1. 1. Identifying the Identity Managers John Paschoud Identity Management Matters Lakeside Conference Centre, Aston University 16-Nov-2010
  2. 2. 2 What are the business drivers for better Identity Management? • Process efficiency – cost-savings on duplicated processes and systems • Good information governance – knowing who has access to what! • Joined-up learning environments – with library resources, research data,… • National standards (UK Access federation) • International standards (parallel education federations now in most developed countries)
  3. 3. 3 Who is the IdM Toolkit for? Answer A: • University & college ICT directors, CIOs etc – …who would go to jail for really bad IdM – …or at least have to explain to someone why they’ve been kicked out of the UK federation Answer B: • Their staff who are either: – Already quite good at the technicalities – but could do with some guidance on what’s expected; OR – Suddenly tasked with becoming the local expert in IdM - and a bit scared
  4. 4. 4 What’s in the Toolkit? [1] • Introduction to Identity Management – Defines basic terms and concepts of Identity Management used or assumed elsewhere. Should be read by anyone using the Toolkit. • Identity Management governance and policies – Describes the roles, structures and policies required for Identity Management and how they relate to Identity Management systems and processes. Useful for Chief Information Officers or Directors responsible for IT, and staff who need to draft or apply institutional policies. • Identity Management systems, components and functions – The technical components and functions of Identity Management systems in an academic institution. Good background reading for IT service managers and staff, and anyone discussing Identity Management with potential system suppliers. • Defining institutional requirements – Functional requirements for each component of an Identity Management system, which may be useful in defining the objectives of an in-house implementation project or in detailed specifications to suppliers. • Discovering and Auditing current institutional Identity Management – A detailed guide to finding out the state of Identity Management in an institution with a comprehensive audit (based on work of the JISC Identity Project which developed and tested IdM audits in several universities).
  5. 5. 5 What’s in the Toolkit? [2] • Gap analysis – Explains how to establish the current and desired states of affairs for Identity Management, gives a list of common gaps in FHE institutions, and suggests ways for developing a strategy. • Institutional Roadmap – Producing an overall roadmap or programme plan. Prioritising major deliverables and milestones by achievability, cost and institutional impact. • Designing and Managing an Identity Management project – Project management issues particular to implementing Identity Management, including key institutional benefits of improved Identity Management for use in an institutional business case. • Selecting supplier solutions – Where commercial procurement of systems or components is required, this section aims to help understand the IdM system solutions available, produce procurement criteria, and construct tender documents.
  6. 6. 6 Other useful things you’ll find at the bottom of the toolbox • Identity Management Glossary • Providing network access for 'walk-in' users • Identity Management Policy checklist • Measuring user security behaviour – How to run the “Passwords for Chocolate” test on your campus
  7. 7. 7 Auditing Identity Management in a university or college • What is meant by an IdM audit • How to propose an IdM audit to senior management • Project-managing an audit • Finding the Identity Managers • Finding out how IdM is done • Analysing the information collected • Presenting the results of an IdM audit
  8. 8. 8 What's an IdM audit, and why do one? What: An IdM audit is a comprehensive detailed study of an organisation's identity management systems and procedures. The aim is to find out how identity management is carried out, even if some of the practitioners do not realise they are identity managers. Why: Know where you are (many institutions probably don't), before deciding which direction you need to go! Limitations: Not quantitative in the same way as a financial audit. May decide to outscope paper-based processes
  9. 9. 9 Making the business case for an IdM audit • To be useful an IdM audit can be a substantial job, needing project management and proper justification • The IdM Toolkit includes an outline business case template based on the OGC recommended structure
  10. 10. 10 Managing an IdM audit as a project Who should be involved Senior staff (project board) Key Researcher Preparation KR knowledge gaps – technical or organisational? Project planning
  11. 11. 11
  12. 12. 12 Stage 1 checklist  a member of senior management backing the audit  a board that will oversee the project and are agreed on scope, aims and methods  a key researcher who is freed-up from other work; and familiar (enough) with the technicalities of IdM and the peculiarities of the institution  a timetable and project plan  a plan for the organisation of material collected by the audit
  13. 13. 13 Discovering where IdM goes on, and who does it • 'Obvious' processes • Local knowledge (starting with the project board) • Good internal publicity • Gathering documentation
  14. 14. 14 Stage 2 checklist  A long list of contacts (suspects?)  A catalogue of documentation (found so far)
  15. 15. 15 Investigating IdM processes • Prioritising contacts • Arranging interviews • (more) Internal PR • Capturing information from interviews • Template interview questions from the IdM Toolkit • Organising and storing interview material
  16. 16. 16 Stage 3 checklist  a short list of further contacts for interview  a collection of interview recordings and transcripts/notes
  17. 17. 17 Analysing and presenting findings Executive summary Methodology Context: general description of the organisation How identity information is managed Integration of IdM systems and processes Security and access control Legal compliance and governance of IdM Conclusions and recommendations
  18. 18. Where to get it: How to contact us: