Your SlideShare is downloading. ×
0
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
The UW-Madison IAM Experience
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

The UW-Madison IAM Experience

323

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
323
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • The UW Madison has been doing IAM for a number of years with a mix of Open Source and custom development. Inflexible Meets current needs but does not provide the foundation and options for expansion that will allow for new services
  • Back track a minute. Your probably here because you have something in common with us One of the larger institutions in the US. If we can solve our problems, you probably can solve yours. One of the largest research institutions in the US. 42,000 students 16,000 faculty and staff More collaborative research Being asked to provide more services to groups not traditionally associated with the university
  • Though we got out to good start, we let things get a way from us. We were really doing most of this off the cuff. We lacked a plan.
  • So why should you listen to us? Well, we’ve retrenched, we’ve developed a plan and have high confidence we’re going deliver for our campus.
  • Where did we go wrong and why do we thing we’re back on the right track? Mostly not about IAM or IAM expertise, but about project management and planning. Not professional project managers, poor communication and documentation of goals and objectives. So… out with Larry, Moe and Curly and in with a structured approach. We formalized the process, it’s really now a project and assigned dedicated resources.
  • Lesson learned. This is taking too long. Lack of defined goals and objectives. The IT world changes a lot in 4 years..
  • Working under old assumptions we decided and continued to think we could build this thing.
  • Lesson, thoroughly investigate your options. If a lot of time goes by, reevaluate.
  • Don’t let what you like to do get in the way of what you should do. We all have biases. At some point you have to decide whether you want to deliver or you want to play.
  • It’s tough to track what actually happened as everyone it gone. Old decisions carry over. Poor documentation.
  • Nothing wrong with building it, but keep it simple at first. Deliver incremental value so you can keep people engaged.
  • The bottom line “a project” Identify stakeholders Communicate Have goals and objectives. This can’t just happen!
  • How did we get off our dysfunctional path? It’s the customers stupid. This isn’t about IT. Customers are demanding that progress be made in this area.
  • Back to communication. You must deliver or if not, communicate why.
  • Deliver something! It was time for a change (recognize and take advantage). New executive and new staff.
  • Fresh view. Someone who’s actually seen this thing work. Able to counter the excuses of the incumbents.
  • Cannot stress enough the value of a real project manager. This is not a sideline for a techie!
  • General direction. Start at a high level. Analysis. Start to gather data that can help you decide on a direction.
  • Fit very well with our culture. It would be exciting to be part of something like this.
  • Investigate. This is a big decision.
  • Investigate. Don’t over promise. Be relatively certain of what you can deliver.
  • Funding is a problem and will influence how you do this. But… you have to do it.
  • Look outside you borders. Who can you partner with. We all have the same problem!
  • Scope. We had been applying scope to the wrong level. Needs to be applied to what we actually do, not what we acquire.
  • Because we used bricks, this was a lot easier.
  • Metadata worksheets for disk
  • Transcript

    • 1. The UW-Madison IAM Experience Building our Dream Home Presented by Steve Devoti, Senior IT Architect © 2007 Board of Regents of the University of Wisconsin System
    • 2. The UW-Madison needs to remodel and expand its IAM services © 2007 Board of Regents of the University of Wisconsin System
    • 3. You probably look a lot like us © 2007 Board of Regents of the University of Wisconsin System
    • 4. We are clearly not meeting the needs of campus, we lack a blueprint © 2007 Board of Regents of the University of Wisconsin System
    • 5. Analysis and an organized approach can get this thing built © 2007 Board of Regents of the University of Wisconsin System
    • 6. Form a project, assign resources and recommend a direction © 2007 Board of Regents of the University of Wisconsin System
    • 7. We had been working on a small space for over 4 years © 2007 Board of Regents of the University of Wisconsin System
    • 8. We decided to build it our selves © 2007 Board of Regents of the University of Wisconsin System
    • 9. There were no vendors that could meet our needs © 2007 Board of Regents of the University of Wisconsin System
    • 10. We love to build things © 2007 Board of Regents of the University of Wisconsin System
    • 11. Who knows? All the original decision-makers are gone! © 2007 Board of Regents of the University of Wisconsin System
    • 12. Overly complex design © 2007 Board of Regents of the University of Wisconsin System
    • 13. Never really structured as a project © 2007 Board of Regents of the University of Wisconsin System
    • 14. Customers are getting grumpy © 2007 Board of Regents of the University of Wisconsin System
    • 15. For 4 years, customers have been told that PASE will solve everything © 2007 Board of Regents of the University of Wisconsin System
    • 16. The executive sponsor decided it was time for some changes © 2007 Board of Regents of the University of Wisconsin System
    • 17. A new enterprise architect was assigned © 2007 Board of Regents of the University of Wisconsin System
    • 18. A “real” project manager was assigned © 2007 Board of Regents of the University of Wisconsin System
    • 19. The team reexamined the requirements and the decision to build VS © 2007 Board of Regents of the University of Wisconsin System
    • 20. We formalized our requirements and did a high level evaluation of the options See: WIBuyVSBuild.xls Build vs. Open Source vs. Buy © 2007 Board of Regents of the University of Wisconsin System Functional/Non Functional IAM Category Scope Requirement Compliance Module or Feature Effort F Authorize System Shall provide the ability to define combinations of create, retrieve (read), update (modify) and delete permissions to created appropriate system roles (e.g. "Affiliation Manager") None Authorization Manager Difficult F Authorize System The system shall support integration with the institutional and/or standards-based authentication mechanisms (e.g. pubcookie, Shibboleth, SAML). None Authentication Manager Moderate F Authorize System The system shall support an "auditor" role which allows a subject to read and create reports from system logs, but allows no other system access. None Authorization Manager/UI Moderate F Log System Shall support logging of, and reporting on governance activities. Partial Log/Audit facility Easy
    • 21. We also completed a high-level pros and cons analysis <ul><li>Acquire Total Solution ( Commercial Vendor) Pros: </li></ul><ul><ul><li>Consulting resources . Consulting resources are readily available to assist in commercial vendor implementations. </li></ul></ul><ul><ul><li>Provisioning . Commercial vendor identity management suites include advanced provisioning functionality. </li></ul></ul><ul><ul><li>Workflow . Commercial vendor identity management suites include workflow. </li></ul></ul><ul><ul><li>Functionality . In addition to provisioning, many vendor suites include other advanced identity management functionality that might be useful to the organization (web access control, federation services, virtual directory or meta-directory, etc.). </li></ul></ul><ul><li>Acquire Total Solution ( Commercial Vendor) Cons: </li></ul><ul><ul><li>Cost . Is more expensive than some other solutions. </li></ul></ul><ul><ul><li>Lack of higher education community . Though there is high adoption of commercial identity management software in private industry, there is much less adoption in higher education, particularly at large institutions </li></ul></ul>See: WIProsAndCons.xls © 2007 Board of Regents of the University of Wisconsin System
    • 22. We decided that the Grouper/Signet solution best met our needs © 2007 Board of Regents of the University of Wisconsin System
    • 23. We went to some camps, and installed a POC system © 2007 Board of Regents of the University of Wisconsin System
    • 24. The natives were getting even more restless © 2007 Board of Regents of the University of Wisconsin System
    • 25. Priorities have changed © 2007 Board of Regents of the University of Wisconsin System
    • 26. Our customers wanted us to address provisioning first © 2007 Board of Regents of the University of Wisconsin System
    • 27. That was going to take a lot of building or maybe purchase of another product © 2007 Board of Regents of the University of Wisconsin System
    • 28. The only reasonable thing to do was look at vender solutions © 2007 Board of Regents of the University of Wisconsin System
    • 29. We did proof-of-concepts with Oracle and Sun © 2007 Board of Regents of the University of Wisconsin System
    • 30. Our sponsor was exploring ways to pay for the solution © 2007 Board of Regents of the University of Wisconsin System
    • 31. Through hard work and masterful persuasion funding was secured © 2007 Board of Regents of the University of Wisconsin System
    • 32. We began an RFP, dividing the work into 3 high-level capabilities © 2007 Board of Regents of the University of Wisconsin System Directory Services Identity Management Integration Access Management History Support Cost
    • 33. Each capability section was built with standard bricks See: WIRFPSpecs.doc © 2007 Board of Regents of the University of Wisconsin System
    • 34. Capabilities, functions and “other considerations” were weighted © 2007 Board of Regents of the University of Wisconsin System
    • 35. We ended up with something like this: See: WIRFPSpecs.xls © 2007 Board of Regents of the University of Wisconsin System 3 Web Access Management Capability Rating Guidance Points     Total Points= 3,400     We define Web Access Management Capability as a central policy and enforcement infrastructure capable of protecting heterogeneous web resources for the purpose of providing users with single sign-on. Note, in the context of this RFP, Web Access Management includes federation functionality and the protection of SOAP-based web services.   3.1. Architecture: Describe at a high level the elements and technologies that make up this capability and their relation to each other. Provide diagrams. What are the advantages of this architecture? Specify any disadvantages or limitations of this architecture. If your solution supports multiple high-level configurations, describe the advantages and disadvantages of each. Describe the logical architecture of the servers that make up your solution. SHOULD follow good application architecture practices with an architecture that is compatible with the University of Wisconsin's Common Systems technology infrastructure. 544 3.1.1. Policy Administration Points (PAPs): Describe how the PAP(s) are deployed. Do you provide a single PAP or must policies be individually managed on each Policy Decision Point (PDP)? SHOULD provide a single point of policy management 72
    • 36. We developed an evaluation methodology © 2007 Board of Regents of the University of Wisconsin System Evaluation Definition Score No Support No support according to the ratings guidance.  No documentation. Extension to meet requirement is difficult, extremely expensive, or not possible to extend.   0 Partial Support Partially supported, with some aspects missing according to the ratings guidance or the answer doesn't follow expected format. Lacking clear or specific documentation. Unreasonable, or somewhat expensive to extend. 1 Strong Support Mostly supported, with a couple aspects missing according to the ratings guidance. Somewhat well documented in the vendor response with reference to technical documentation. Provides functionality out-of-the-box or easy to extend to provide functionality. 3 Full Support Completely supported according to the rating guidance. Fully or somewhat documented in the vendor response with reference to technical documentation. Requirement requires standard expertise to implement, perform, or meet. 9
    • 37. We sent it out, received the responses and scored them © 2007 Board of Regents of the University of Wisconsin System
    • 38. And the winner is….. © 2007 Board of Regents of the University of Wisconsin System
    • 39. Where do we go from here? © 2007 Board of Regents of the University of Wisconsin System
    • 40. Questions? © 2007 Board of Regents of the University of Wisconsin System

    ×