ITANA Screen2Screen, April 16, 2009

*Attendees*

Jim Phelps, University of Wisconsin-Madison (chair)
Marina Arseniev, University of California, Irvine
David Bantz, University of Alaska
Jeffrey Barnett
Tom Barton, University of Chicago
John Borne
Rob Carter, Duke University
Leo de Sousa, University of British Columbia
Tom Dopirak, Carnegie Mellon University
Shelly Feran
Renee Frost, Internet2
Jim Green, Michigan State
Jens Haeusser, Univ. of British Columbia
Paul Hobson,
Steve Olshansky, Internet2
Shilen Patel, Duke University
Sue Sharpton, University of Alaska
Saul Tannenbaum
David Walker, University of California, Davis
Dean Woodbeck, Internet2 (scribe)

*Action Items*

*Agenda*

*Screen2Screen*
Marina Arseniev presented an overview of Enterprise-wide Authorization. The presentation slides will be posted on the ITANA wiki and at www.itana.org. The Screen2Screen was operated through Adobe Connect, including the slides, a chat area, and discussion notes.

Marina's slide deck is available at the ITANA wiki, as is a link to the entire presentation and discussion: https://spaces.at.internet2.edu/display/itana/Screen2Screen, or you can access the archived presentation directly at http://internet2.acrobat.com/p65621337/

*Discussion*

Following the presentation, the working group discussed various aspects of implementing an enterprise-wide authorization program and developing a number of ideas for work that might come out of ITANA.

  • Systems can appear expensive and time-consuming to develop or purchase and deploy. Part of educating CIOs and other decision-makers is compiling the cost of NOT doing something (potential data breaches, substantial duplication of effort and expense around the campus). A severe security breach at UC-Irvine turned out to be the result of an identity theft ring at a third-party supplier. The expense, in time and resources, was astronomical.
  • Culture change is a challenge. Departments and others must "own" the problem of data breaches - it is not just an IT problem. Education is key to motivate the culture change.
  • A lack of standards make it a challenge to integrate enterprise identity systems and applications.
  • It is important to define terms. For example, "roles," could have two different meanings: 1) something a person does for an organization, or 2) a set of permissions driven by attributes.
  • Campus policy discussions and agreements are a necessary precursor for implementing an access management solution. Some suggestions include: 1) having a steering committee from across the organization; 2) develop a process that will attack issues incrementally, so it isn't an overwhelming experience; 3) start at a place where the functional people are most sympathetic to the need for IdM.

Potential ITANA working group topics:

  • Collect Use Cases
  • Best practices - terminology of roles, entitlements, privileges. Work with MACE paccman on Glossary of Terms
  • Pragmatic ways for changing the campus culture
  • Common language for RFPs. Integration with software service providers. For example, rights need to reside with the institution, not at a vendor website.

Jim will send email to the list seeking feedback for these topics..

*Next Call, Thursday, April 30, 2009, 2 p.m. EDT*

  • No labels