wiki:WikiStart

Version 14 (modified by dabantz@…, 13 years ago) (diff)

--

Overview Presentation
Shibboleth User Demo
IdP Install Recipe
Operational Tasks & Targets
UA Attribute Release Policy
UA PoP

UA IAM

Identity and Access Management Services (IAM) exists to enhance and simplify users' secure access to information resources to which their roles authorize them.

IAM consolidates responsibility for the University of Alaska's

  • system-wide digital identities (identifiers, passwords or other tokens used to gain access to resources) and central password store
  • enterprise directory and registry (authoritative repository of identities, affiliations, and other attributes pertinent to accessing resources)
  • authentication (login and identity assertion at appropriate levels of assurance)
  • secure single-sign-on (i.e., single log-in event enables access to multiple resources without exposing users' credentials via Shibboleth and other tools)
  • policy-based attribute release (assertions of institutional affiliation, roles, and other appropriate attributes)
  • role-based authorization (establishing, maintaining, and releasing to services appropriate institutional roles and attributes)
  • support for internal information service providers to protect their services with appropriate central authentication service and role-based authorization
  • inter-institutional federation (enabling acces to services external to UA via mutual trust of members of InCommon or other federations)

IAM has responsibility for developing and integrating these technologies with a wide range of information service providers; will deploy and promote processes that protect individual privacy and data security and that meet emerging best practices and standards; and will collaborate with other departments to enhance and simplify users' secure access to information resources to which their roles authorize them.

Depictions of some key concepts for IAM and UA infrastructure for IAM:

While a central point of coordination of these activities, IAM of course relies upon other units for essential services; specifically, it relies on Technical Services for hosting servers and database administration, on Network Operations for data communications within UA and to external services, on Enterprise Application Services for authoritative timely data on students and employees, on Core Applications for end user web interfaces and the integation of core applications with IAM, on the Support Center for supporting users' interaction with IAM services and the management and resolution of incidents, on Training & Documentation for creating and delivering materials that make all this technology intelligible and useful to people, on the OIT Business Office to manage budget, procurement, the copy machine and a hundred details, and on the Executive Directors and Chief Technology Officer to keep us on the straight and narrow.

Attachments