Prepared for IAC Scott Baily, Interim Director of ACNS August 13, 2008.

Prepared for IACScott Baily, Interim Director of

ACNSAugust 13, 2008

A collection of administrative processes coupled with a technological solution which enables the validation of individuals’ identity and conditionally authorizes access to systems, applications, and data.

Today, we use eID for identity management

8/13/2008 2IAM Presentation

Locally developed several years ago 50,000+ lines of code – extremely complex

No viable commercial alternatives at that time Significant extensions imply a major re-write eID successfully authenticates central services

RamCT, ARIESweb, VPN, etc. And departmental apps as well

Preview CSU, Parking Services eID’s 2 primary authors have left the University


Is eID the IAM solution to carry CSU into the future?


Conducted 20 face-to-face interviews with campus “stakeholders”

Conducted an informal survey for additional input from the campus

Attended conferences, seminars, webinars, and spoke with other institutions about their solutions


CSU has relationships with far more than students, faculty and staff

An IAM solution must also accommodate: Visiting scientists Collaborative research partners Community patrons at the library Development Opportunities Contractors Facility access control (safety issues) Many others


Legislation requires protection of: Student information Health information Financial information Credit Card Info (PCI DSS) Personally identifiable information

Who has access to this information? How is it controlled? How, and by whom, is it reviewed?

8/13/2008 IAM Presentation 7

eID was not designed to do authorization Several departments have “rolled their own”

eID has only rudimentary auditing capabilities

eID is not sufficiently extensible Need more granularity than just “associates”

The most difficult issue may be the development, implementation and management of access and authorization policies


CSU is implementing innovative research and education initiatives for a 21st–century, dynamic global economy Super Clusters School of Global Environmental Sustainability Collaborative participation in Kuali

Development (Financial and Research) We must provide the underlying support

infrastructure (including IAM) that supports these activities


Examples of requests we cannot fulfill Parent access to student accounts, other records Additional information to support development

efforts Participation in National federated identity

initiatives Multiple levels of assurance when issuing

identities Good reporting tools for authorization and access Grant appropriate levels of access to a wide

variety of “guests” Several others


This may sound like an IT initiative, but it is not!

Identity and Access Management is something that affects every College and Administrative Unit on the campus

The only way to ensure a successful outcome going forward is for representatives from each of the key areas to participate in the process

This is one of the principal lessons learned from other sites who have traveled this road


IAC should recommend to ITEC that the University begin the process of replacing eID with an extensible and scalable IAM solution. Reiterate that this is not an IT initiative All campus stakeholders have indicated a

willingness to engage in this activity Anticipated to take about 24 months to

complete Wise investments in the future usually reap

substantial rewards


To everyone who has participated in our recent discovery process, and

To those who offered to continue contributing in the future should this activity proceed to the next level


Are most welcome


Prepared for IAC Scott Baily, Interim Director of ACNS August 13, 2008.

Documents

Transcript of Prepared for IAC Scott Baily, Interim Director of ACNS August 13, 2008.