1 / 26

Cross-Institutional Authentication

Cross-Institutional Authentication. Cross-Institutional Authentication and Sharing of On-Line Course Materials. Bill Gordon Academic Information Technology & Libraries University of Cincinnati Medical Center April 9, 2003. With Thanks To.

preston
Download Presentation

Cross-Institutional Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cross-Institutional Authentication Cross-Institutional Authentication and Sharing of On-Line Course Materials Bill Gordon Academic Information Technology & Libraries University of Cincinnati Medical Center April 9, 2003

  2. With Thanks To • UC IAIMS team (IAIMS is the Integrated Advanced Information Management Systems project of the National Library of Medicine) • AAMC Group on Information Resources (AAMC-GIR) • University of Texas Health Science Center at San Antonio (UTHSCSA)

  3. Project Overview (1) • Develop Compliance Training and Tracking system for UC • Provide training customized for other institutions (AAMC-GIR) • Conduct peer review evaluation of customized training and delivery system (GIR and UTHSCSA)

  4. Project Overview (2) • Cooperate with affiliated institutions to share cost of developing training materials • Provide training to people from outside institutions, via UC web site, on honor system • Provide training via log ins from external sites, as a test system for Shibboleth • Reference: www.ecourses.uc.edu

  5. The Institutional Problem (1) • Funding agencies and OSHA require Compliance Training, including • Blood Borne Pathogens training • HIPAA Privacy and Policies training • Animal Research Regulatory training • Unfunded mandate • Expensive to provide

  6. The Institutional Problem (2) • Each university must • Identify people requiring training • Maintain historic records of training completed • Ensure that all people requiring training are in compliance with their training requirements • Otherwise, the university may be fined or prohibited from conducting federally funded research.

  7. The eCourses Solution • Training requirements assigned to people • Groups assigned training automatically, based on business rules • Administrative management of individual training requirements • Deliver on-line training on demand • Track compliance with training requirements • Alert people to current, unfulfilled training requirements

  8. eCourses – Additional Features • Content agnostic • Any web-hosted course can be included • Minimal requirements for tracking course completion • Access to courses can be restricted based on authorization • Reporting of completion based on institutional, departmental affiliation

  9. Underlying Architecture • Integrated Database • Identity Management System • Subschemas for application data, e.g. • eCourses • IRB System (Human Subjects research) • Media Repository • Web based front ends for applications

  10. Integrated Database Model

  11. Results of Architecture • Role and position information available to all applications • Applications can share information as business rules require • IRB Office can check for compliance with training requirements during application submission process • Training requirements can be automatically assigned based on role and position, or • Managed by immediate supervisor

  12. Sharing the Work – UC Med Center • Affiliated institutions cooperate in development of training materials, esp. HIPAA • Training can be “branded” by institution • Data for employees of affiliated institutions loaded into database • Reports of training compliance provided to departments at affiliated institutions

  13. Access (from UC) to Training • Log on to UC web site via institutional affiliation, username, and password • Can self-register if not included in database – on honor system • Select type of training, e.g. HIPAA • Training delivered based on institutional affiliation and role-based access rights

  14. Limitations of This Approach • Must connect through UC site, rather than from home institution • eCourses cannot verify identity of persons self registering • Cannot guarantee delivery of correctly customized training • Cannot validate authorization for access to restricted training

  15. AAMC-GIR Pilot Project • Motivation: Share cost of developing, delivering HIPAA training among institutions • Purpose: Demonstrate that central site can effectively provide compliance training and tracking to multiple institutions • Purpose: Develop criteria for evaluating on-line compliance training • Research by Aggie Manwell, graduate student at UTHSCSA, using data from GIR pilot study

  16. Results To Date • UC users: Since July, 2001, more that 3000 people have taken Blood Borne Pathogens training via eCourses • GIR Pilot: 97 users from GIR member institutions used and rated eCourses • Evaluative Criteria Study (UTHSCSA): 77 users used MERLOT criteria to evaluate Blood Borne Pathogens course

  17. Goal: Externally Provided Training • Agreement with outside institutions for UC to provide and track training • Customize existing training for outside institutions • Log on at external sites, with redirection to UC eCourses site or specific course - or - • Log on directly to UC eCourses site with validated institutional information

  18. eCourses Requirements • Each person taking training must have a “person” record in the database, to track compliance and report results • Authorization is required to access certain resources and course materials • Reports to cooperating institutions include personal identification data

  19. Issues to Resolve • Personal Identification vs. Privacy • Remote authorization for use of resources Not an Issue • Managing persistent identifiers is not an issue, because eCourses requires person records to track compliance training

  20. A Possible Approach • User logs on to non-UC site (origin) • On connection to eCourses, origin sends identification handle to UC • UC requests additional information from origin as needed to create new person record • UC requests additional authorization tokens from origin as needed for access to selected resource

  21. Personal Identification vs. Privacy • Origin institutions and UC agree on attributes used to create the eCourses person record. • Origin institution must be able to identify its citizens uniquely by their handles; a person’s handle must not change over repeated connections to eCourses • If a person logs in from multiple origins, “gluing” of the corresponding records will be at that person’s discretion

  22. Remote Authorization • Access to courses can be based on position (faculty, student, clinical staff), role (financial officer, researcher), or work environment (in contact with patients or specimens) • UC can use authorization tokens provided by origin to control access to resources

  23. Implementation Challenges • Determine set of personal attributes that can be used by eCourses without compromising privacy rights • Develop restricted vocabulary specifying many of the position / role/ environmental factors controlling access to resources • Modify eCourses as needed to integrate properly with Shibboleth

  24. Timeline (1) • Develop eCourses – July, 2001 • GIR pilot project to test external access to eCourses – Jan, 2003 • UTHSCSA evaluation of BBP Course – Jan & Feb, 2003 • Sharing of content development at UC Medical Center – April, 2003

  25. Timeline (2) • Installation of Shibboleth software at UC – August, 2003 • Using eCourses to provide compliance training (BBP and / or HIPAA) for a cooperating institution – Summer, 2004

  26. Bill Fant Jack Kues Ralph Brueggemann Lou Ann Emerson Gil Hageman Dorothy Air Judy Jarrell John Littlefield Aggie Manwell Jerry York Roger Guard Stephen Marine Leslie Schick Acknowledgements • Josette Riep • Robert Kraft • Sandra Sanders • Bruce Merz • Delores Mincarelli • Li Huang • Madhavi Nallari • Savio Reddimasu • Richard Schauseil • Anshul Sharma • The UC Medical Center Colleges of Allied Health, Medicine, Nursing, and Pharmacy • AIT&L

More Related