An Integrated Framework for Identity and Access Management IAM

1
An Integrated Framework for Identity and Access
Management (IAM)

• RLBob Morgan, U Wash., MACE
• Keith Hazelton, U Wisc., MACE
• Internet2 Spring Member Meeting
• May 3, 2005, Arlington, VA

2
Session overview

• Integration IAM and applications (Keith)
• Drivers requirements (RL Bob)
• From talking to doing (Keith again)

3
I From Construction to Integration

• Construction
• Raw materials into systems
• Integration
• Subsystems into whole systems
• Multiple systems into ecosystems
• Were all moving from construction to integration
• Lets review state of middleware systems
  readiness for integration

4
IAM Generic Functions

5
Reflect, Join, and Manage Credentials
Enterprise Directory
Systems of Record
Stdnt
Registry
LDAP
Reflect
HR
Join
Other
Manage Credentials
6
Reflect, Join, and Manage Credentials

• Collect bits of identity information in all the
  relevant IT systems
• Use business logic to
• Establish which records correspond to the same
  person
• Maintain that identity join in the face of
  changes to data in collected systems
• Assign a unique identifier for cross-system link

7
Manage Credentials

• When to assign, activate credentials
• (as early as possible)
• Who gets them? Applicants? Prospects?
• Guest NetIDs (temporary, identity-less)
• Reassignment (never except)
• Please send me a feed
• Argument for WebISO

8
Manage IAM Info and Provide it via run-time calls
or provisioning
Apps / Resources
Enterprise Directory
Central AuthN/WebISO
AuthZ
Systems of Record
Log
Reflect
AuthN
Provision
Join
Manage Creds
AuthZ
Manage Groups, Privs.,...
Log
Provide
9
IAM functions big pictures
10
IAM functions big pictures
Manage Grps
Log
AuthZ
Reflect
Provide/run-time
Join
Credential
Manage Privs
Provide/provision
(AuthN)
11
Another aspect or perspectiveCourtesy of Mark
Poepping, CMU

• The User to Service Provider slice across the
  systems

12
Another aspect or perspectiveCourtesy of Mark
Poepping, CMU
13
The User to Service Providerperspective
14
The User to Service Providerperspective
15
Next-up integration services

• Message queuing (pub-sub, point-to-point)
• Workflow (business process orchestration)
• Policy info mgmt
• Policy decision point
• Service Oriented Architecture (SOA) as current
  buzz-word for the overall vision
• The vision will outlast the name

16
Middleware -- Application Integration

• ERPs
• SAKAI
• uPortal

17
IAM and Application Integration
18
Inter-institutional integration

• Virtual Organization (VOs)
• Federations
• League of Federations

19
Part II Drivers Requirements
20
Part III Doing Integration Service Oriented
Architecture (SOA)

• Goals
• What software is deployed during an integration,
  where and how is it deployed?
• What development is needed to accomplish an
  integration?
• What is the development / deployment process?
• How is the installation managed, maintained and
  expanded?
• How do individual integrations work together to
  form an infrastructure?

21
Service Oriented Architecture (SOA) Migration
Strategy

• Courtesy of Jim Phelps, Architect
• U Wisconsin System Initiative
• Common Systems Interoperability Architecture
  Working Group (CSIAWG)

22
Migration Strategy - SOA

• Organization - Change Management
• Process - Business Process Analysis
• Information - Enterprise Data Definitions
• Infrastructure - Architecture and Technology
• Vendors Fill the Gaps

23
Migration Strategy - SOA

• Organization - Change Management
• Culture shift from data to services
• Staff Training and Support
• New Expertise
• Service Interface Designer(2)
• Service Library Manager(2)
• Integration Competency Centers(3)

24
Integration Competency Center
25
Migration Strategy - SOA

• Organization - Change Management
• Culture shift from data to services
• Staff Training and Support
• New Expertise
• Service Interface Designer(2)
• Service Library Manager(2)
• Integration Competency Centers(3)

26
Migration Strategy - SOA

• Process - Business Process Analysis
• Prioritization -Most Pain, Most Gain
• Define/Document Business Processes
• Look for optimization opportunities
• Data needs (timeliness, availability, etc)
• Use disruption to your advantage

27
Migration Strategy - SOA

• Information - Enterprise Data Identification
• Let the Business Process Analysis drive the data
  definitions.
• Dont build a complete dictionary
• Start with the most needed definitions
• Build on standards

28
Migration Strategy - SOA

• Infrastructure - Architecture and Technology
• Gap analysis - what pieces are missing
• Architecture Analysis
• Business Process Analysis and Enterprise Data
  Identification lead the efforts.

29
Migration Strategy - SOA

• We want to fix this business process.
• It needs data and services to/from these systems.
• We need these adaptors and data stores.
• We need these technologies to deploy these
  services.

30
Migration Strategy - SOA

• Vendor - Evaluation to fill gaps
• Business Process Analysis
• Enterprise Data Identification
• Data Definitions / schema development
• Service Design
• Technology Gaps

31
Migration Strategy - SOA

• Always ask is the request for data really a
  request for service

32
Roadmap to SOA
UW System Level
Business Application Level
Campus Level
33
Roadmap to SOA
UW System Level

• Integration Competency Center ( ICC )
• Registry
• Establish Governance
• Development Standards
• Common Tools

34
Roadmap to SOA
Business Application Level

• Analysis of Interfaces
• Analysis of Business Processes
• Reduction of Interfaces
• Schema Definitions
• Migration to Services

35
Roadmap to SOA
Campus Level

• ICC
• Take advantage of disruption
• Analysis of Business Processes
• Reduction of Interfaces
• Migration to Services

36
References

• Enterprise Application Integration, Revere Group
  Presentation June 26, 2003
• Service-Oriented Architecture, A Field Guide to
  Integrating XML and Web Services, Thomas Erl
• Introduction to Integration Competency Centers,
  Darwinmag.com http//www.darwinmag.com/read/070104
  /integration.html
• Enterprise Service Bus, David A. Chappell
• ICC - The Fab Five - Competency Center Models and
  core skill sets, CIO Magazine http//www.cio.com/a
  rchive/110104/office.html

37
References

• OASIS on Tuesday is announcing the formation of a
  technical committee that will develop a reference
  model to provide clarity on the definition of an
  SOA, said Duane Nickull, chairman of the new
  OASIS SOA-RM (Reference Model) Technical
  Committee and senior standards strategist at
  Adobe.
• -- Infoworld, May 03, 2005

38
(No Transcript)