• Save
Develop a single, clear managed process for IAM - John Hay
Upcoming SlideShare
Loading in...5
×
 

Develop a single, clear managed process for IAM - John Hay

on

  • 1,017 views

Before embarking on federated access, we need to be sure that we can be trusted when we verify that an identity is authorised to have access to a service, and have the tools to deliver the relevant ...

Before embarking on federated access, we need to be sure that we can be trusted when we verify that an identity is authorised to have access to a service, and have the tools to deliver the relevant attributes. We are in the process of implementing a new identity and access management system at the University of Bristol and I intend to use our experience as an example to draw out the types of issues faced, the principles we are adopting and goals we have

Statistics

Views

Total Views
1,017
Slideshare-icon Views on SlideShare
934
Embed Views
83

Actions

Likes
0
Downloads
0
Comments
0

5 Embeds 83

http://storify.com 60
http://www.eduserv.org.uk 20
http://webcache.googleusercontent.com 1
http://www.eduservinternet.testing 1
http://www.eduserv.ac.uk 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Develop a single, clear managed process for IAM - John Hay Develop a single, clear managed process for IAM - John Hay Presentation Transcript

    • FAM12 - Broadening Horizons Identity and Access Management Develop a single, clear managed process for IAMJ Hay - Identity Manager at the University of BristolTues 6 Nov 2012
    • FAM12 - Broadening Horizons Develop a single, clear managed process for IAM Agenda • What are we trying to achieve? • What are the challenges? • Where are we at Bristol • Questions…
    • FAM12 - Broadening Horizons Develop a single, clear managed process for IAM What are we trying to achieve? • IAM! • Accuracy • Flexibility • Clarity • Accessibility • Delegation • Security In a complex environment
    • FAM12 - Broadening Horizons Develop a single, clear managed process for IAM
    • FAM12 - Broadening Horizons Develop a single, clear managed process for IAM What are the challenges?• Multiple types of membership & management• Multiple appointments• Duplicate identities• Single authoritative audited source of who has access to what – on whose authority• Grey users• Granularity & Group management• Spaghetti
    • FAM12 - Broadening Horizons Develop a single, clear managed process for IAM ID Management (6 )th Data flow diagram Script to create V 2.0 2/2/2012 User accounts - User id Registration Library username changes (on change of status) - Group name - Group id Database External users with a unique id. Registration (4th) DB Library Staff no. 6pm (0hr) Card no system create user id. (uses person Person_id id.) (5th) Change Person id. notifications Changes (1st) new users, incl. Current duplicates usersUser-id + leavers & (Staff Changes of student delivery Notification address data) Personal DB SITS change data PIMS Changes (2nd) New rec + person id. only (6th) OnGuard Old rec User id.+ CHECKED username Personal User-id (3rd) change data (Staff & Staff & student + photo student data data) pulled off Google a/cs Telephone Service Sports Data card Hub Person id. Tel no. etc. Person id. Image Some CMS User name library content (will be taken directly from (6th) PIMS or SITS) User Common name group name + Contact other users Directory Holds all types of person identifiers Updated every 2hrs Web/CMS Authenticates LDAP all services Personal Active address Directory books Web interface Address lookup Mailstore lookup + Address authentication Personal lookup address SSO books Email clients Email clients Celeras UNIX authentication Windows authentication Calendar Sports Integration (Mulberry, (other) + other E journals / app Existing mailboxes SquirrelMail) LDAP clients Shibboleth Kerberos + CMS Blackboard COBS (isys, eis/sis, imap Information on many people Personal contacts Information on one person
    • FAM12 - Broadening Horizons Develop a single, clear managed process for IAM Where are we at Bristol? • We have a home grown ‘system’ which performs well – but the need has changed • Provisions to – AD – Mail – internal and google – Blackboard – U-card – File shares – Unix – etc
    • FAM12 - Broadening Horizons Develop a single, clear managed process for IAM What are we doing about it? • Product and Partner • 4 phases – Copy identity data into FIM – Implement Associates – Remove legacy system – End system provisioning • Self service password reset Process Diagram
    • FAM12 - Broadening Horizons Develop a single, clear managed process for IAM
    • FAM12 - Broadening Horizons - Develop a single, clear managed process for IAMBristol Associates Process as example – but generic Identity CheckingRequest Process Approval Process Process MaintenanceProvisioning Process Warning Process Process Archive / DeletionDisabling Process REPORTS Process
    • FAM12 - Broadening Horizons Develop a single, clear managed process for IAM The result of poor communications
    • FAM12 - Broadening Horizons Develop a single, clear managed process for IAM Reference http://www.jisc.ac.uk/whatwedo/programmes/ aim/idmtoolkit.aspx