| saltybeagle | I suspect they'll cover single sign on? |
| ryanlim | says | i've actually lost interest in IdM since we're stuck here in UNL where they seem to do nothing about IdM. |
| ryanlim | says | it is nice to know what other people are doing, but then once you realize the state UNL is in... you feel depressed. |
| smeranda | says | Geneseo Public Arts school in western NY |
| smeranda | says | What is the source of record for somebody's identity? |
| smeranda | says | Students versus Faculty/Staff |
| smeranda | says | How do you identify somebody electronically? |
| smeranda | says | What about "generic" accounts? |
| daugustine | says | what about people that are students and staff |
| daugustine | says | flexible definitions of people and groups |
| smeranda | says | Must define business process, policies and programs |
| smeranda | says | and find a way to handle the life cycle of an identity |
| saltybeagle | hmm, what about guest/visitor accounts? |
| smeranda | says | saltybeagle, a topic to be discussed soon. |
| daugustine | says | need a way to synchronize between UNIX and Windows machines |
| smeranda | says | CIO declared portal to be only personalized, no generic content. |
| smeranda | says | Can't use banner self-service modules because the students forgot the password for this. They used to portal only. |
| smeranda | says | Using LDAP protocol to contain the attributes and provide authentication |
| smeranda | says | Second part: harvester: they grab the sources of truth to get attribute updates. |
| smeranda | says | Map business process to ID MGMT action |
| smeranda | says | Third/Final piece: CAS and Shibboleth. |
| smeranda | says | CAS alone wouldn't handle the needs |
| smeranda | says | Storing IDs for life. Everything ever created will be in OID. |
| smeranda | says | OID - Oracle Identity Database, I belive? |
| smeranda | says | DIP is protocol between OID and directory servers |
| saltybeagle | CAS alone wouldn't? is that because of additional attributes they needed to communicate between apps? |
| smeranda | says | saltybeagle yes. |
| smeranda | says | DAS=Delegated Administration Service for self service password reset, self editable attributes |
| smeranda | says | ACL= Access Control lists, used to protect prying eyes. (could use for alumni donors?) |
| daugustine | says | lots of acronyms in here |
| smeranda | says | yes, very technical. Lot's of glossy eyes |
| daugustine | says | Tall tree vs. Flat tree, flat the way to go, easier to manage |
| saltybeagle | says | daugustine - referring to ldap directory hierarchy? |
| daugustine | says | yep |
| smeranda | says | use attributes to defined standard |
| smeranda | says | otherwise, data sharing will be difficult |
| smeranda | says | working on photos tied to identity |
| smeranda | says | iTunes U uses eduPerson as ID |
| smeranda | says | showing an example of LDIF file. Lot's going on. |
| smeranda | says | Shibboleth is a big piece from internet2 middleware. |
| smeranda | says | SAML is good |
| smeranda | says | Showing a sample SAML 2.0 transaction. |
| smeranda | says | So why do this? Reduce the number of usernames/passwords. |
| smeranda | says | Reduce the number of places for "personal info". One directory to rule them all! |
| daugustine | says | somebody gets married, or changes their name to Ocho Cinco, how many places do you need to change their name |
| smeranda | says | Security, Policies can kick in to protect passwords (force user to change password, use a strong password, etc...) |
| smeranda | says | Self-service: Let the user control their experience. |
| daugustine | says | users only have to remember one password |
| smeranda | says | Ocho Cinco hehe  |
| smeranda | says | Student today expect personalized service. IDM can begin this. |
| smeranda | says | Discussing personalized social network, shares similar ideas. |
| smeranda | says | refine messaging... talking about CRM integration without mentioning CRM. |
| smeranda | says | Simpa, mailing list system that hooks up to LDAP. |
| smeranda | says | Confluence, as soon as an individual becomes a member they get access. Sounds cool. |
| smeranda | says | The future for SOA revolves around IDM |
| smeranda | says | InCommon: Internet2 community to allow access based on status. |
| smeranda | says | Must d/l these slides. Lot's of great info/graphs |
| smeranda | says | A huge part is developing the policies! |
| smeranda | says | Technology isn't enough, you must protect the initiative with policies. |
| smeranda | says | Process should be based on policy |
| smeranda | says | Q: Is single sign-on secore because of only one password? |
| smeranda | says | A: It's an education process. Enforce strong password, non-sharing of password. Deeper level access could require another level of security. |
| saltybeagle | says | good Q&A |
| evilpythagoras | says | iu uses cas system wide (for all but a few specialized systems) |
© copyright 2007-2010 Plurk Search People Search APIFAQ
Contact Us About Blog Jobs Terms Privacy
