220 likes | 360 Views
KEAS K -State E nterprise A uthentication S ystem. CITAC April 26, 2002. Project Management Staff. Project Web Site: keas.cns.ksu.edu. Chuck Gould Project Manager chuck@ksu.edu 532-4923. Neil Erdwien Senior Technical Sponsor neil@ksu.edu 532-4905. Harvard Townsend
E N D
KEASK-State EnterpriseAuthentication System CITAC April 26, 2002
Project Management Staff Project Web Site:keas.cns.ksu.edu Chuck Gould Project Manager chuck@ksu.edu 532-4923 Neil Erdwien Senior Technical Sponsor neil@ksu.edu 532-4905 Harvard Townsend Senior Management Sponsor harv@ksu.edu 532-6311 CITAC Briefing
Agenda • Project scope – Harvard • Authentication 101 – Neil • Discussion/Questions CITAC Briefing
The Goal • Build a university-wide directory and authentication service to support authorized access to university information and technology resources. • Store identity + role information about EVERYONE affiliated with K-State. • Using state IT Project Management Methodology to guide the process • Expect to complete phase I in April, 2003 CITAC Briefing
Why? • Multiple IDs and passwords • Goal: One (few?) ID and password to remember • Goal: Uniform ID name space • Complexity for user and for system administrators • Goal: Reduced frustration for users and simplified access to IT resources • Goal: Reduced management costs • Goal: Replace current CNS ID management system • Support for distance students • Goal: Same access as resident students • Goal: Instant access CITAC Briefing
Why? • Support new applications • Foundation technology for III, SIS/FRS, digital library, portal, wireless networking, Peoplesoft 8, etc. • Improve security • Fewer passwords to keep track of • Password stored in fewer places • Can force choosing “good” passwords • Simplifies shutting off people’s access CITAC Briefing
Why? • Authenticate with other universities • Goal: support EDUCAUSE EduPerson initiative • Goal: Inter-realm authentication with KU • Transaction integrity (PKI) • Goal: encrypt e-mail • Goal: validate sender • Goal: guarantee message not altered CITAC Briefing
Phase 1 • Uniform ID/name space • Build directory service with ID/password authentication • Directory-enable central services managed by CNS: • Central e-mail server (POP/IMAP) • Central UNIX and Web servers • Netscape Calendar • SAMBA server • Remote access to library electronic journals and databases CITAC Briefing
Phase 2 Possibilities • K-State Online • KATS • Telecom dialup modems • PeopleSoft • Wireless network • Novell NDS • Microsoft Active Directory • Departmental servers/applications CITAC Briefing
Later Phases • K-State Web Portal • III • SIS/FRS replacement • Authenticate with other universities • Public Key Infrastructure (PKI) for digital signatures, secure messaging • Single sign-on where you authenticate once and get access to all the services you need without re-entering the authentication information CITAC Briefing
Authentication 101Neil Erdwien CITAC Briefing
Authentication vs. Authorization • Authentication is checking credentials to verify identity • Authorization is the use of identity to control access to resources CITAC Briefing
Unified Name Space • Existing systems have separate name spaces • Integration with KEAS will have name conflicts • Possible scenarios (3-8 character IDs) • Eliminate student license plate IDs? • Personal preference, first come, first serve for all faculty, staff, and students? • Standard naming convention? • 1st initial, first 7 characters of last name • 1st initial, 2nd initial, first 6 characters of last name • Conflict resolution, i.e. jsmith05@ksu.edu • Steering committee will decide in June. CITAC Briefing
Questions? CITAC Briefing
Who Is On The Steering Committee? • John Streeter, ISO • Mike Crow, Registrar • Patricia Havenstein, Human Resources • Tom Schellhardt, VPAF • Roger Terry, IET • Robert Burgess, Housing • Pat Akard, Faculty Senate • Karen Cole, Hale Library • Rebecca Gould, iTAC • Rob Caffey, DCE • Dave Hillier, DIA • Gail Simmonds, Salina • Andrew Bell, Student Senate CITAC Briefing
How Long Will The Project Take? • Project plan approved January 25, 2002. • Requirements defined – January through mid-May 2002. • LDAP solutions tested and selected – January through February 2002. • Design developed – mid-May through June 2002. • LDAP server implemented – July through October 2002. • Phase 1 applications converted to KEAS – November through mid-February 2003. • UNIX, UNIX e-mail, Samba server • Hale Library services • K-State web server, central calendar server • E-mail forwarding, White pages • Documentation finalized, project closeout – mid-April 2003. CITAC Briefing