InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
Transcript of InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
![Page 1: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/1.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 1/49
InCommon and Your Identity Management
Infrastructure: Strategies from CIOs
Joel Cooper, CITO Swarthmore CollegeJohn O’Keefe VP for ITS and CIO Lafayette College
![Page 2: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/2.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 2/49
What is Identity Management?
Identity and access management is a way to enable a person toaccess information and services based on their roles with theinstitution while ensuring data security
An identity and access management system (IAM) shouldfacilitate everything from student enrollment and course rosters,lab access and grant reporting, email and ticketing systems tosecure and efficient collaborations with colleagues across theglobe.
![Page 3: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/3.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 3/49
![Page 4: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/4.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 4/49
Federated Identity Management
•
Parties agree to leverage the identity provider’s database,rather than creating separate data stores
• Users no longer register with the service provider, using theiruniversity credentials for transactions
•
Single sign-on convenience for users
• Identity provider does the authentication; service providerdoes the authorization
• Attributes are the key – maintain privacy and security
![Page 5: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/5.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 5/49
Technology and Policy
•
Technology - Shibboleth, SAML, eduPerson
• Policy – InCommon Federation
![Page 6: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/6.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 6/49
So, what is Shibboleth?
•
Middleware application
• Sits between IdM (e-Directory, OpenLDAP, AD) and Web(Apache, IIS)
•
Sends/Receives attributes about users through XML-based
“assertions”
• Attributes sent/received by institution determined by eitherthe IdP, SP, or both
![Page 7: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/7.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 7/49
Shibboleth’s Two Heads
•
Identity Provider (IdP) - Sharing authentication and personattributes with others
• Service Provider (SP) - Sharing hosted services with others
![Page 8: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/8.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 8/49
What is InCommon?
•
The organization that manages the trust relationships
• Issues certificates
• Manages standards and best-practices required by members
• Negotiates inter and intra-federation relationships
![Page 9: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/9.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 9/49
Federated Identity: Why?
•
Trusted Identity in Education and Research (TIER), part ofthe cyberinfrastructure Internet2 is building out
• Trust relationship between identity provider (you) and serviceprovider (cloud service)
•
Better security for access to cloud services• Single sign-on, no multiple username/password silos
•
Service providers don’t need to provision or de-provisionaccounts
• Important to our faculty (research teams, virtual
organizations!
) students, and administrators (lots of cloudservices)
![Page 10: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/10.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 10/49
Challenges/Opportunities
•
Lots of organizational heavy lifting
• It’s not just an IT project—involve other campus stakeholders
• Auditors and risk management folks can be allies
• Easier than it used to be?
• HR employee intake procedures
• Provost requiring signed contracts
![Page 11: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/11.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 11/49
Implementing IdM
•
Business process reengineering
• Buy or build IdM provisioning software or service
• Automate provisioning and deprovisioning processes
• Implement EDUPERSON directory schema (LDAP, AD)
• Do nothing more and you’ll have achieved a lot
• Implement Shibboleth (identity attributes fed by LDAP, AD)—authentication and authorization
• And federate!
![Page 12: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/12.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 12/49
Join InCommon
•
THE organization in higher education providing the trustframework between educational institutions, researchorganizations, and service providers
• 450 higher education participants
•
32 labs, research organizations• 185 commercial partners (see
http://www.incommonfederation.org/participants/)
• Having the InCommon framework in place eliminates lots ofwork for everyone, improves service and security
![Page 13: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/13.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 13/49
Join InCommon
•
Once federated, setting up the service is straightforward
• Attribute information superior to CAS
• Improved security of cloud services
• Improved security of campus credentials and identity
• Service providers are starting to “get” the benefits offederation
![Page 14: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/14.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 14/49
Swarthmore’s Journey
•
Got involved in identity management project to solve internalproblem
• Adopted cloud-based identity management system
•
Did massive business process reengineering
•
Implemented IdM strategy
• And then!
![Page 15: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/15.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 15/49
Federation!
•
IdM project prepared us for next steps!
• Implement Shibboleth
• Join InCommon
• Documentation from IdM project=POP document forInCommon
• We did our own Shibboleth implementation
• Set up 4 service providers this past summer
• Planning underway with TriCo library consortium and MoodleCMSes
![Page 16: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/16.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 16/49
Swarthmore Use Cases
•
student judicial (cloud service)
• IRB administration (cloud service)
• JSTOR (especially alumni access)
• see Lafayette’s list of service providers
•
evolving Net+ services
![Page 17: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/17.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 17/49
Lafayette’s IAM Journey
![Page 18: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/18.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 18/49
About the College
•
Approximately 2,350 Students, 218 Faculty, about 534 Staff
• Small, residential, private liberal arts college withEngineering
•
Endowment driven ($870M as of July 2014)
![Page 19: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/19.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 19/49
About ITS
•
Centralized IT with 36 staff
• Open-source centric
• 2 FTE dedicated to IAM
• IT Budget - $1.9M Opex, $2.3M Capex
![Page 20: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/20.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 20/49
ITS Strategy
•
Integrate with best-of-breed
• Web services architecture
• Private and public cloud integration
• Own the data!
•
Authentication is the glue
![Page 21: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/21.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 21/49
![Page 22: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/22.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 22/49
![Page 23: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/23.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 23/49
The Problems
•
Access to college-run services did not scale
• Too many user accounts to manage
• Decentralized authorization
• Security and privacy varied from service to service
•
Poor accuracy and timeliness of account provisioning
![Page 24: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/24.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 24/49
![Page 25: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/25.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 25/49
![Page 26: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/26.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 26/49
![Page 27: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/27.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 27/49
![Page 28: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/28.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 28/49
![Page 29: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/29.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 29/49
More problems!
•
Access to new outsourced services did not scale
• Still too many user accounts to manage
• Authorization was managed by the Service Provider withoutinstitutional verification
•
Security and privacy varied from hosted service to hostedservice
•
Poor accuracy and timeliness of account provisioning forhosted services
![Page 30: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/30.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 30/49
![Page 31: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/31.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 31/49
![Page 32: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/32.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 32/49
![Page 33: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/33.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 33/49
![Page 34: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/34.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 34/49
What We Do With Federated Identity
![Page 35: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/35.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 35/49
InCommon Federation Benefits
Convenience – Single sign-on with higher educationcredentials
Safety –Enhanced security with fewer data spills
Privacy – Release of only the minimum information necessary
to gain access to resourcesScalability – Once implemented, federated access relativelysimple to extend
Authentication – Campus does the authentication, maintainingcontrol of user information
Authorization – Service provider makes access decisionsbased on attributes
![Page 36: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/36.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 36/49
![Page 37: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/37.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 37/49
How Good FIdM Helps Us Sleep
•
Used InCommon’s guidelines as a cookbook
• Effective attribute collection and maintenance has enabledother projects
•
Secure and automated credentialing
![Page 38: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/38.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 38/49
![Page 39: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/39.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 39/49
![Page 40: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/40.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 40/49
Is It Better Yet?
•
College-hosted information and services co-mingled withcloud-hosted information and services
• Non-federated internal and external use cases for SSO
•
Increasing complexity of SSO
![Page 41: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/41.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 41/49
![Page 42: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/42.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 42/49
So why involve CAS?
•
Instances where there are no federated use cases
• Not all systems have Shibboleth SP capabilities
• More deterministic control over user experience
![Page 43: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/43.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 43/49
![Page 44: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/44.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 44/49
CAS and Shibboleth Together
•
Comprehensive single sign-on for web applications
• Seamless transition from internal to external services
• Better UX for the users
• Provides SSO mechanism for institutional web apps
regardless of federating• Federated when needed, CAS when not
![Page 45: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/45.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 45/49
Lessons Learned
•
Require use of CAS or Shibboleth in RFPs
• Sponsor partners to join InCommon
• Both federated and non-federated services is a reality
• Standards all the way
•
Centralize and close off external access to directory services
• IDENTITY IS INFRASTRUCTURE!
![Page 46: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/46.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 46/49
![Page 47: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/47.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 47/49
What’s Next
•
Group management
• High availability
• Standard attribute release policy (R&S)
• Automation never ends!
•
Service Providing
![Page 48: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/48.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 48/49
Questions?
Joel Cooper
John O’Keefe
![Page 49: InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)](https://reader034.fdocuments.in/reader034/viewer/2022052515/577cc4691a28aba7119933b1/html5/thumbnails/49.jpg)
8/11/2019 InCommon and Your Identity Management Infrastructure: Strategies from CIOs (242312596)
http://slidepdf.com/reader/full/incommon-and-your-identity-management-infrastructure-strategies-from-cios 49/49
Help Us Improve and Grow
Thank you for participating
in today’s session.
We’re very interested in your feedback. Please take
a minute to fill out the session evaluation found within
the conference mobile app, or the online agenda.