Policy and Technology in Policy and Technology in Enterprise Directory and Enterprise Directory and Authentication Services Authentication Services No Room to Swing a Cat No Room to Swing a Cat Michael Gettes, MACE, Duke University Keith Hazelton, MACE, University of Wisconsin - Madison Carrie Regenstein, University of Wisconsin - Madison Ann West, NMI-EDIT Outreach, EDUCAUSE/Internet2
36
Embed
Policy and Technology in Enterprise Directory and Authentication Services No Room to Swing a Cat Michael Gettes, MACE, Duke University Keith Hazelton,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Policy and Technology in Policy and Technology in Enterprise Directory and Enterprise Directory and Authentication ServicesAuthentication Services
No Room to Swing a CatNo Room to Swing a Cat
Michael Gettes, MACE, Duke UniversityKeith Hazelton, MACE, University of Wisconsin - MadisonCarrie Regenstein, University of Wisconsin - MadisonAnn West, NMI-EDIT Outreach, EDUCAUSE/Internet2
SERC, June 7, 2004
A Word from the sponsors: A Word from the sponsors: What is NSF interested in? What is NSF interested in?
Analogous to building the NSFnet NSF Middleware Initiative (NMI)
– Scientists and engineers can transparently use and share distributed resources, such as computers, data, and instruments
– Research and education communities can effectively collaborate using advanced communications tools
– Internet users around the world can benefit.
SERC, June 7, 2004
What is NMI-EDIT?What is NMI-EDIT?
NMI-Enterprise and Desktop Integration Technologies Consortium (NMI-EDIT)– Internet2, EDUCAUSE, and SURA– Project Goals
Create a common, persistent and robust core middleware infrastructure for the R&E community
Provide tools and services in support of inter-institutional and inter-realm collaborations
Focus on intra and inter-institutional identity and access management and related services
SERC, June 7, 2004
Range of Motion: Cat SwingingRange of Motion: Cat Swinging
Definition of key terms Context Strategies for success Moving it forward
SERC, June 7, 2004
Today’s goal: Focus on Today’s goal: Focus on people, people, service and functionality!service and functionality!
To support the synergistic relationship among technologists, policy folks, and administrators as an ongoing modus operandi (m.o.)
A perspective or methods of managing, deploying and maintaining future infrastructures, IT and more.
Enterprise Directory Services - where electronic identifiers are reconciled and institutional identity is established and maintained for all entities of interest
Sample core principles– Data infrastructure serves more than one institutional
application– Data is protected and requires permission for its use
unless declared “public” by the data custodians or owners
– Access to private directory data must be granted for each application and be approved by the data custodians.
– Applications using that data should meet the security and data definition guidelines put forth by the technical service administrators.
– Data will be made available for all valid administrative and educational purposes
SERC, June 7, 2004
Strategies: OversightStrategies: Oversight
Oversight and ownership Data and technical service may be different Application and infrastructure may be different
– Create, read, update, and delete (CRUD)– On-going legal, source system, and policy
changes Requires business functions to be involved Requires changes in the infrastructure
SERC, June 7, 2004
Strategies: OversightStrategies: Oversight
Sample Oversight functions: Access and use of the data and compliance with
University policy Access and use of service for performance and
security implications Dissemination of directory maintenance
information and changes Documentation of applications and attribute use Changes in requirements, procedures, and
applications using the directory once per year
SERC, June 7, 2004
Strategies: People IssuesStrategies: People Issues
Whom did you include? Whom did you forget? In what order did you include them? What did you hope for or expect from
each one to bring to the table? Where are the more difficult
interactions/relationships?
SERC, June 7, 2004
Strategies: Real lifeStrategies: Real life
Cultural / technical assumptions vs. reality– “Public directories will be mined by
spammers” Honeypot: “Does it really happen?” Nope! (How we show data matters)
– Centralization vs. flexibility Distributed management tools Be careful what you ask for
–Most anything can be done -- cost??
SERC, June 7, 2004
Strategies: Topics - 1Strategies: Topics - 1
When should a policy be developed vs. a technical fix?
What are some strategies for creating polices on-the-fly? When should this be done?
How does a technical person know when a policy decision needs to be made?
SERC, June 7, 2004
Strategies: Topics - 2Strategies: Topics - 2
How might we modify services to encourage high-level customers/stakeholders to work more effectively on policy issues?
SERC, June 7, 2004
Strategies: Topics - 3Strategies: Topics - 3
What should we do with special cases or exceptions?
–Title entries in white pagesChancellor, Provost, VP, EVP, etc
–Vanity netIDs?
–Nicknames?
–Privacy opt-in, opt-out?
SERC, June 7, 2004
Moving it Forward
SERC, June 7, 2004
Forward: Applying what we learned?Forward: Applying what we learned?
Consider the problem, scope, and alternatives
–Big P Policies
–Little p policies
SERC, June 7, 2004
Big P policies– FERPA FERPA FERPA– USA Patriot Act
Policy supports compliance Practice includes guidelines for operational staff
– HIPAA Defining Health Care Components (HCCs) on
campus How can a central IT organization support
compliance?
Forward: Compliance with Federal regulations-Forward: Compliance with Federal regulations-Due Diligence and the central IT organizationDue Diligence and the central IT organization
SERC, June 7, 2004
Forward: Compliance with State regulations-Forward: Compliance with State regulations-Due Diligence and the central IT organizationDue Diligence and the central IT organization
Big P policies
–Electronic Records Management
–Education and communication
Example:
http://archives.library.wisc.edu/rm/rechome.htm
SERC, June 7, 2004
Forward: Core principlesForward: Core principles
Big P policies
–Data and service as strategic resources
–Data and service ownership and stewardship
–Use of infrastructure
–Attribute privacy
SERC, June 7, 2004
Forward: Local considerationsForward: Local considerations
Little p policies– Relates to environment, role, and culture