Plurk

64 responses to this plurk (Jump to bottom)

  • saltybeagle
    I suspect they'll cover single sign on?
  • ryanlim says
    i've actually lost interest in IdM since we're stuck here in UNL where they seem to do nothing about IdM.
  • ryanlim says
    it is nice to know what other people are doing, but then once you realize the state UNL is in... you feel depressed.
  • smeranda says
    Geneseo Public Arts school in western NY
  • smeranda says
    What is the source of record for somebody's identity?
  • smeranda says
    Students versus Faculty/Staff
  • smeranda says
    How do you identify somebody electronically?
  • smeranda says
    What about "generic" accounts?
  • daugustine says
    what about people that are students and staff
  • daugustine says
    flexible definitions of people and groups
  • smeranda says
    Must define business process, policies and programs
  • smeranda says
    and find a way to handle the life cycle of an identity
  • saltybeagle
    hmm, what about guest/visitor accounts?
  • daugustine says
    need a way to synchronize between UNIX and Windows machines
  • smeranda says
    CIO declared portal to be only personalized, no generic content.
  • smeranda says
    Can't use banner self-service modules because the students forgot the password for this. They used to portal only.
  • smeranda says
    Using LDAP protocol to contain the attributes and provide authentication
  • smeranda says
    Second part: harvester: they grab the sources of truth to get attribute updates.
  • smeranda says
    Map business process to ID MGMT action
  • smeranda says
    Third/Final piece: CAS and Shibboleth.
  • smeranda says
    CAS alone wouldn't handle the needs
  • smeranda says
    Storing IDs for life. Everything ever created will be in OID.
  • smeranda says
    OID - Oracle Identity Database, I belive?
  • smeranda says
    DIP is protocol between OID and directory servers
  • saltybeagle
    CAS alone wouldn't? is that because of additional attributes they needed to communicate between apps?
  • smeranda says
    DAS=Delegated Administration Service for self service password reset, self editable attributes
  • smeranda says
    ACL= Access Control lists, used to protect prying eyes. (could use for alumni donors?)
  • daugustine says
    lots of acronyms in here
  • smeranda says
    yes, very technical. Lot's of glossy eyes
  • daugustine says
    Tall tree vs. Flat tree, flat the way to go, easier to manage
  • smeranda says
    use attributes to defined standard
  • smeranda says
    otherwise, data sharing will be difficult
  • smeranda says
    working on photos tied to identity
  • smeranda says
    iTunes U uses eduPerson as ID
  • smeranda says
    showing an example of LDIF file. Lot's going on.
  • smeranda says
    Shibboleth is a big piece from internet2 middleware.
  • smeranda says
    SAML is good
  • smeranda says
    Showing a sample SAML 2.0 transaction.
  • smeranda says
    So why do this? Reduce the number of usernames/passwords.
  • smeranda says
    Reduce the number of places for "personal info". One directory to rule them all!
  • daugustine says
    somebody gets married, or changes their name to Ocho Cinco, how many places do you need to change their name
  • smeranda says
    Security, Policies can kick in to protect passwords (force user to change password, use a strong password, etc...)
  • smeranda says
    Self-service: Let the user control their experience.
  • daugustine says
    users only have to remember one password
  • smeranda says
    Ocho Cinco hehe :-)
  • smeranda says
    Student today expect personalized service. IDM can begin this.
  • smeranda says
    Discussing personalized social network, shares similar ideas.
  • smeranda says
    refine messaging... talking about CRM integration without mentioning CRM.
  • smeranda says
    Simpa, mailing list system that hooks up to LDAP.
  • smeranda says
    Confluence, as soon as an individual becomes a member they get access. Sounds cool.
  • smeranda says
    The future for SOA revolves around IDM
  • smeranda says
    InCommon: Internet2 community to allow access based on status.
  • smeranda says
    Must d/l these slides. Lot's of great info/graphs
  • smeranda says
    A huge part is developing the policies!
  • smeranda says
    Technology isn't enough, you must protect the initiative with policies.
  • smeranda says
    Process should be based on policy
  • smeranda says
    Q: Is single sign-on secore because of only one password?
  • smeranda says
    A: It's an education process. Enforce strong password, non-sharing of password. Deeper level access could require another level of security.
  • evilpythagoras says
    iu uses cas system wide (for all but a few specialized systems)

Ads