BUILDING A DISTRIBUTED ACCESS MANAGEMENT INFRASTRUCTURE Reports from the Real World
Jan 10, 2016
BUILDING A DISTRIBUTED ACCESS MANAGEMENT INFRASTRUCTUREReports from the Real World
UW-Madison
History/Current IdM Infrastructure
Next up: Populations, Affiliations and Service Entitlements (PASE)
Business Drivers
• Efficiently manage the identities of persons and their relationship with the university.
• Securely and effectively conduct business with other institutions and government agencies.
• Examples:– Granting a visiting professor access to the network and course
management system.– Giving non-university employees (e.g. UW Hospital) to university
managed resources (e.g. parking).– Providing new hires with an email address to receive employment
communications before they begin work.
Requirements
• Rapid response to customer requests– New affiliations (groups)– Access to services by new or existing affiliations
• A stable and reliable authorization infrastructure• Standard provisioning processes• Standard system interfaces for accessing group and entitlement
information• Support for large numbers of affiliations and diverse populations• Better visibility into who has access to service• Improved audit and logging capability • Reduce the need for custom development when addressing customer
requests
The Concept
Approach/History
• Improved reconciliation process• Developed standard interface to the UDS• 2001 - Started PASE
– Made the decision use internal development• Enabled the registry (UDS) to store affiliation data• A lot of project ups and downs. Changes is staff and management• 2005 - Reinitiated UI requirements gathering
– Looked like it was going to take a long time• Decided to step back, do a survey of the market
– Did a build vs. acquire analysis• Determined that acquiring a solution would be the most time-efficient and
economical path• Acquired a real project manager• Adopted and implemented a rigorous
project management mindset
Project Approach
Governance/Policy Roadmap
Technology Gaps/Roadmap in more detail
The PASE Team
• Chris Holsman - Executive Sponsor• Pam Allen - Project Manager• Monica Crawford - Lead Developer• Steve Devoti - Enterprise Architect• Chuck Miller - Business Analyst• Mark Weber - Solution Architect• Keith Hazelton - Enterprise Architect