1 / 10

Exploring InCommon

Learn how to navigate the process of creating an identity management roadmap with the University of Oregon's experience in deploying and refining their IdM system and offering federated services.

sdegroot
Download Presentation

Exploring InCommon

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Exploring InCommon Getting Started with InCommon: Creating Your Roadmap

  2. University of Oregon Identity Management Roadmap • Deployed phase 1 of our Identity Management system in August 2007 • Deployed Shibboleth for intra-campus authentication/SSO and attribute delivery fall 2008 • Joined InCommon February 2010 • Continuing to expand and refine IdM system and starting to offer federated services

  3. Identity Providers: IdM Prep - Policy • *Review Participant Operating Practices (POP) to familiarize yourself with policies and practices your organization will need in joining a federation • Ensure basic identity management policies are in place, including data stewardship and acceptable use policies • *Define policies related to single sign-on (SSO) and authentication

  4. *Define and publish account creation and termination policies • Define policies on log retention for identity management and provisioning • Join InCommon • *Submit InCommon Participant Agreement • *Once approved, designate your Executive and Administrator(s) • Post your Participant Operational Practices (POP) • Submit metadata for your Identity Provider and/or Service provider

  5. Identity Provider: IdM Preparation – Business Practice Steps • *Provision/de-provision accounts for your users (faculty, staff, and students) based on published policies • Create problem resolution process for when users forget or lose passwords • Create Help Desk support procedures for authentication problems and password changes • *Create a process to address reports of abuse

  6. Identity Provider: IdM Prep, Technical Step • *Install/operate/manage the identity provider package of a SAML federating software system such as Shibboleth

  7. IdP IdM Attribute Provisioning - Policy • *Identify who governs the decision to release attributes • Develop policy governing use of your attributes by service providers such as attribute retention, sharing, etc. • Consider setting up tiers or groups of attribute release policies for different categories of service providers

  8. IdP IdM Attribute Provisioning – Business Practice • * Identify who is responsible for editing/implementing the attribute release policies • Define process a service provider would use to request attributes and the process used to respond to the request • Define process to follow when a service provider requests an attribute that is not currently available as defined by the policy above

  9. * Define problem escalation procedure if identity information is released in conflict with organization policies

  10. IdP IdM Attribute Provisioning – Technical Steps • *Extend directory and/or person registry schemas if needed to support eduPerson • Configure the identity provider attribute resolver for the appropriate sources

More Related