Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

IdManagement_Meeting

Identity Management Discussion with CDES
Date: Sept 18, 2008
Time: 10:00-11:00
Location: 203 Johnston Hall
Invited:
John Grosen, Mike Reeves, Chris Bongaarts, Arash Forouhari
Attended:
John Grosen, Mike Reeves, Chris Bongaarts
Agenda
Gather current/future authentication /authorization requirements
1. Who are the users/systems that need access to resources?
Users:






Internal Users(Student, faculty, staff)
Volunteers
Conference attendees
Alumni
External Professors
“lifelong learners” – professional continuing ed (Architecture)
2. What are resources that need access? And where?







Card locks for access: doors, studios, wood shops. Maintained both central
and locally.
File service
Web-based intranets (central and internal auth)
Applications services
Mac and PC authentication systems
Pharaos print management (U Card)
Multifunction devices (print/scan/copy/fax) –using local, would like
central auth
The University of Minnesota is an equal opportunity educator and employer. This publication/material is available in
alternative formats upon request. Direct requests to the director of the Office of Communications and Advancement,
Office of Information Technology, 2218 University Avenue S.E., Minneapolis, MN 55414, 612- 626-3737,
oca@umn.edu.
Printed on recycled and recyclable paper with at least 10 percent postconsumer material. ©2008
Regents of the University of Minnesota. All rights reserved. OIT0615
3/8/2016
Page 1 of 5
Identity Management Discussion with CDES




Date: Sept 18, 2008
Time: 10:00-11:00
Location: 203 Johnston Hall
Digital Repositories with CLA
SQL /DBMS servers
Arch Library
License management for software, servers
3. What are platforms/applications do you use that require central and/or local
authentication?






Mac
PS
Linux
Card Lock systems
Apache
IIS servers, ASP.NET
4. What form of authentication (local/central) is used for each application?
(username/password, MKey, etc.)






CAH
Central AD
Mac using local authentication, Kerberos for AD
MKEY
Outreach - External application maintained their own U/P
U Card swipe (door card access)
The University of Minnesota is an equal opportunity educator and employer. This publication/material is available in
alternative formats upon request. Direct requests to the director of the Office of Communications and Advancement,
Office of Information Technology, 2218 University Avenue S.E., Minneapolis, MN 55414, 612- 626-3737,
oca@umn.edu.
Printed on recycled and recyclable paper with at least 10 percent postconsumer material. ©2008
Regents of the University of Minnesota. All rights reserved. OIT0615
3/8/2016
Page 2 of 5
Identity Management Discussion with CDES
Date: Sept 18, 2008
Time: 10:00-11:00
Location: 203 Johnston Hall
5. How are roles & groups defined?



Based on faculty, staff, Student,
Based on resource (e.g. class folder -> member of class)
Based on function(web content provider -> can update across web sites)
Roles and groups are created using SQL to generate lists, then the lists are sent back
to central.
6. What privileges/restrictions are needed?
CDEDS would like to be able to separate authentication from authorization requests.
Allowing CDES to maintain roles and groups internally, plus guest access. Like to
get away from departmental ids access but need more fine-grained authorization.
Time-specific authz –card access limited to time and da. Location-specific authz –
limit card access to specific buildings. Composition of authorization rules (e.g. role +
location + time).
Login to network jacks (802.1x).
7. How do you approve/revoke access?
a. Decentralized provisioning?
Get notifications from HR, Student System (enrollment) processes. Maintaining
lists and sending these lists back to central. Shadow system to allow access for users
not yet known to central.
The University of Minnesota is an equal opportunity educator and employer. This publication/material is available in
alternative formats upon request. Direct requests to the director of the Office of Communications and Advancement,
Office of Information Technology, 2218 University Avenue S.E., Minneapolis, MN 55414, 612- 626-3737,
oca@umn.edu.
Printed on recycled and recyclable paper with at least 10 percent postconsumer material. ©2008
Regents of the University of Minnesota. All rights reserved. OIT0615
3/8/2016
Page 3 of 5
Identity Management Discussion with CDES
Date: Sept 18, 2008
Time: 10:00-11:00
Location: 203 Johnston Hall
8. What business requirements do you currently have that are not implemented?
External users need access to internal systems (e.g. adjunct prof using their
company’s laptop).
Faculty on 9 month appointments – can’t tie authorization solely to payroll.
Student has an incomplete and needs access to the labs after class is completed.
Would like persistent IDs for certain kinds of “guests” like adjunct profs, continuing
ed “students” (who are not necessarily alums) – way to tie into CCE’s non-credit
registration system.
Professors need access before the HR record available.
Credit card processing for services that CDES provides – customer expectation: enter
name and credit card, click OK, get access NOW.
Reconciling multiple roles: e.g. student who is also a TA. Lots of time spent building
DW queries. Want to know about existing centrally-defined groups (affinities?)
High turnover in some areas – esp adjunct faculty. Makes maintaining groups
manually more time consuming.
Business workflow system (suggested digital signatures, but central system might
work as well).
Scan to file share (join scanner to AD).
9. Do you have any requirements with federal agencies and vice versa (FDA, NIH,
etc.)?
Maybe NIH grant for one faculty member.
The University of Minnesota is an equal opportunity educator and employer. This publication/material is available in
alternative formats upon request. Direct requests to the director of the Office of Communications and Advancement,
Office of Information Technology, 2218 University Avenue S.E., Minneapolis, MN 55414, 612- 626-3737,
oca@umn.edu.
Printed on recycled and recyclable paper with at least 10 percent postconsumer material. ©2008
Regents of the University of Minnesota. All rights reserved. OIT0615
3/8/2016
Page 4 of 5
Identity Management Discussion with CDES
Date: Sept 18, 2008
Time: 10:00-11:00
Location: 203 Johnston Hall
10. Do you currently use X.500 directory data for any non-authentication uses?
Use LDAP for directory use only (white pages lookup on
printer/scanner/copier/fax devices).
11. Do you use any non-centralized authentication? Why? Are you open to converting
to using centralized authentication?
Very limited. Like to use central whenever possible.
The University of Minnesota is an equal opportunity educator and employer. This publication/material is available in
alternative formats upon request. Direct requests to the director of the Office of Communications and Advancement,
Office of Information Technology, 2218 University Avenue S.E., Minneapolis, MN 55414, 612- 626-3737,
oca@umn.edu.
Printed on recycled and recyclable paper with at least 10 percent postconsumer material. ©2008
Regents of the University of Minnesota. All rights reserved. OIT0615
3/8/2016
Page 5 of 5
Related documents
Food Preservation Recordbook Form
Food Preservation Recordbook Form
Workshop/Presentation Agreement (SC251)
Workshop/Presentation Agreement (SC251)
Agreement for Student Classroom Participation
Agreement for Student Classroom Participation
Sample4
Sample4
Project Idea Brief - University of Minnesota Extension
Project Idea Brief - University of Minnesota Extension
Cass Gilbert Fellowship in Architecture
Cass Gilbert Fellowship in Architecture
Sample5 - Evergreen Park Public Library
Sample5 - Evergreen Park Public Library
Office of Institutional Research
Office of Institutional Research
Download