Changes between Version 1 and Version 2 of WikiStart


Ignore:
Timestamp:
06/07/11 10:01:46 (13 years ago)
Author:
jpmitchell@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • WikiStart

    v1 v2  
    1 Welcome to the IAM Wiki! 
     1Identity and Access Management Services (IAM) exists to enhance and simplify users' secure access to information resources to which their roles authorize them. 
     2 
     3IAM consolidates responsibility for the University of Alaska's 
     4 
     5* system-wide digital identities (identifiers, passwords or other tokens used to gain access to resources) central password store (Kerberos KDC) 
     6* enterprise directory and registry (authoritative repository of identities, affiliations, and other attributes pertinent to accessing resources) 
     7* authentication (login and identity assertion at appropriate levels of assurance) 
     8* secure single-sign-on (i.e., single log-in event enables access to multiple resources without exposing users' credentials via Shibboleth and other tools) 
     9* policy-based attribute release (assertions of institutional affiliation, roles, and other appropriate attributes) 
     10* role-based authorization (establishing, maintaining, and releasing to services appropriate institutional roles and attributes) 
     11* support for internal information service providers to protect their services with appropriate central authentication service and role-based authorization 
     12* inter-institutional federation (enabling acces to services external to UA via mutual trust of members of InCommon or other federations) 
     13IAM has responsibility for developing and integrating these technologies with a wide range of information service providers; will deploy and promote processes that protect individual privacy and data security and that meet emerging best practices and standards; and will collaborate with other departments to enhance and simplify users' secure access to information resources to which their roles authorize them. 
     14 
     15Depictions of some key concepts for IAM and UA infrastructure for IAM: 
     16* Secure Privacy-Preserving Single Sign-on 
     17* Coordination: IdM, Banner, Microsoft Active Directory 
     18* Benefits of Trust Federation 
     19* Description of multiple methods of authentication in UA infrastructure 
     20 
     21While a central point of coordination of these activities, IAM of course relies upon other units for essential services; specifically, it relies on Technical Services for hosting servers and database administration, on Network Operations for data communications within UA and to external services, on Enterprise Application Services for authoritative timely data on students and employees, on Core Applications for end user web interfaces and the integation of core applications with IAM, on the Support Center for supporting users' interaction with IAM services and the management and resolution of incidents, on Training & Documentation for creating and delivering materials that make all this technology intelligible and useful to people, on the OIT Business Office to manage budget, procurement, the copy machine and a hundred details, and on the Executive Directors and Chief Technology Officer to keep us on the straight and narrow.