Identity Management at Virginia Tech CTSSR Annual Meeting August 7, 2013 Identity Management presentation Karen Herrington.

Identity Management at Virginia TechIdentity Management at Virginia Tech

CTSSR Annual Meeting August 7, 2013Identity Management presentationKaren Herrington

2

What is Identity Management? Why is it Important at Virginia Tech?

What is Identity Management? Why is it Important at Virginia Tech?

• Who are you and what can you do?• Increasingly, interactions with users take

place electronically rather than in person• Being asked to provide online services to a

broad audience – not just employees and students

• Safety and Security – we must know who is accessing our resources – safety, legal, financial, reputational ramifications

3

IMS Manages Electronic IdentitiesIMS Manages Electronic Identities

• Over 800,000 electronic identities• ~40 defined affiliations• An affiliation describes an individual’s

connection or association with the university• Affiliations are programmatically derived or

assigned based on the information present in the system about the individual

• Useful for making authorization decisions

4

Student/Alumni Affiliations(Numbers as of July 2013)

Student/Alumni Affiliations(Numbers as of July 2013)

• VT-STUDENT-ENROLLED 4309• VT-STUDENT-FUTURE 26813• VT-STUDENT-RECENT 33145• VT-STUDENT-WAGE 6634• VT-STUDENT 355882• VT-ALUM 253719• VT-ALUM-CONSTITUENT 556147• VT-ALUM-FRIEND 91787• VT-ALUM-PARENT 198103

5

Employee AffiliationsEmployee Affiliations• VT-EMPLOYEE-EMERITUS 759• VT-EMPLOYEE-LEAVE  148• VT-EMPLOYEE-NON-STATE 1223• VT-EMPLOYEE-PREHIRE 1384• VT-EMPLOYEE-RETIREE 4427• VT-EMPLOYEE-STATE 7415• VT-EMPLOYEE-TEMPORARY 533• VT-EMPLOYEE-WAGE 3021• VT-EMPLOYEE-FORMER 83726

• VT-FACULTY 4427 • VT-STAFF 5930 

• VT-EMPLOYEE 12925

6

OthersOthers

• VT-ACTIVE-MEMBER 17316

• VT-GUEST 106992• VT-AFFILIATE-LCI 2168• VT-AFFILIATE-TEMPORARY 2939

7

VCOM/Carilion AffiliationsVCOM/Carilion Affiliations• VCOM-ALUM 1086• VCOM-AFFILIATE 3   • VCOM-ACTIVE-MEMBER 1071• VCOM-EMPLOYEE-FORMER 90• VCOM-STUDENT-ENROLLED 846• VCOM-EMPLOYEE 225• VCOM-STUDENT-FORMER 164• VCOM-STAFF 92• VTC-ACTIVE-MEMBER 211• VTC-EMPLOYEE 36• VTC-STUDENT-ENROLLED 175 

8

Non-State, Affiliate-TemporaryNon-State, Affiliate-TemporaryVT-EMPLOYEE-NON-STATE 1223

VT-AFFILIATE-TEMPORARY 2939• Federal employees• Foundation• Bookstore• VT Inn• Summer Campers• State Auditors• Supervisors of VT employees• CRC employees• Undergraduate researchers• Northern Virginia Consortium Architecture students• Korean engineers attending 6-month seminar in Arlington• Contractors working on long-term projects• “Guest” faculty

9

Two Sizes Don’t Fit AllAffiliate-Temporary (XS)

Non-State (XL)

Two Sizes Don’t Fit AllAffiliate-Temporary (XS)

Non-State (XL)• No standard way to enter• Varying amounts of identity information• Varying needs and entitlements to VT

resources and services• Some need “student-like” access, some need

“employee-like” access, some need only select services

• Length of time access is needed varies• No reliable way to deprovision Non-State

10

Affiliate SystemAffiliate System

• One Stop Shop• “Smart” entry interface• Support both employee-like and student-like

access• Workflows including approvals• Potentially feed other systems such as

Banner

11

GIS Authorization ModelGIS Authorization Model

• Proof of concept authorization model• Joint project with CGIT• CGIT grad student – presentation layer• IMS grad student – authorization layer

• GeoServer - open source software server for sharing and editing geospatial data

• CAS - authentication• Entitlements – authorization

12

13

EntitlementsEntitlements

• Assigned to individuals• Way of expressing access rights• Flexible, customizable• Can enable granular authorization• Can be easily provisioned/deprovisioned –

expiration dates

14

EntitlementsEntitlements• User_role/authorized_locality/data_layer

• Individual1: VT Police/Blacksburg/buildings• Individual1: VT Police/VT Campus/building interiors• Individual2: VT building manager/VT Campus/buildings• Individual2: VT building manager/VT Campus/Burruss Hall

interior• Individual3: Contractor/VT Campus/Pamplin Hall interior

**(expires in 2 weeks)• Individual4: VT Emergency Mgt/Blacksburg/buildings• Individual4: VT Emergency Mgt/VT Campus/building

interiors• Individual4: VT Emergency Mgt/VT Campus/underground

utilities

15

Questions?Questions?