Prepared for IAC Scott Baily, Interim Director of ACNS August 13, 2008
Dec 30, 2015
A collection of administrative processes coupled with a technological solution which enables the validation of individuals’ identity and conditionally authorizes access to systems, applications, and data.
Today, we use eID for identity management
8/13/2008 2IAM Presentation
Locally developed several years ago 50,000+ lines of code – extremely complex
No viable commercial alternatives at that time Significant extensions imply a major re-write eID successfully authenticates central services
RamCT, ARIESweb, VPN, etc. And departmental apps as well
Preview CSU, Parking Services eID’s 2 primary authors have left the University
8/13/2008 3IAM Presentation
Conducted 20 face-to-face interviews with campus “stakeholders”
Conducted an informal survey for additional input from the campus
Attended conferences, seminars, webinars, and spoke with other institutions about their solutions
8/13/2008 5IAM Presentation
CSU has relationships with far more than students, faculty and staff
An IAM solution must also accommodate: Visiting scientists Collaborative research partners Community patrons at the library Development Opportunities Contractors Facility access control (safety issues) Many others
8/13/2008 6IAM Presentation
Legislation requires protection of: Student information Health information Financial information Credit Card Info (PCI DSS) Personally identifiable information
Who has access to this information? How is it controlled? How, and by whom, is it reviewed?
8/13/2008 IAM Presentation 7
eID was not designed to do authorization Several departments have “rolled their own”
eID has only rudimentary auditing capabilities
eID is not sufficiently extensible Need more granularity than just “associates”
The most difficult issue may be the development, implementation and management of access and authorization policies
8/13/2008 IAM Presentation 8
CSU is implementing innovative research and education initiatives for a 21st–century, dynamic global economy Super Clusters School of Global Environmental Sustainability Collaborative participation in Kuali
Development (Financial and Research) We must provide the underlying support
infrastructure (including IAM) that supports these activities
8/13/2008 IAM Presentation 9
Examples of requests we cannot fulfill Parent access to student accounts, other records Additional information to support development
efforts Participation in National federated identity
initiatives Multiple levels of assurance when issuing
identities Good reporting tools for authorization and access Grant appropriate levels of access to a wide
variety of “guests” Several others
8/13/2008 IAM Presentation 10
This may sound like an IT initiative, but it is not!
Identity and Access Management is something that affects every College and Administrative Unit on the campus
The only way to ensure a successful outcome going forward is for representatives from each of the key areas to participate in the process
This is one of the principal lessons learned from other sites who have traveled this road
8/13/2008 IAM Presentation 11
IAC should recommend to ITEC that the University begin the process of replacing eID with an extensible and scalable IAM solution. Reiterate that this is not an IT initiative All campus stakeholders have indicated a
willingness to engage in this activity Anticipated to take about 24 months to
complete Wise investments in the future usually reap
substantial rewards
8/13/2008 IAM Presentation 12
To everyone who has participated in our recent discovery process, and
To those who offered to continue contributing in the future should this activity proceed to the next level
8/13/2008 IAM Presentation 13