Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Executive Summary

After attending BaseCAMP in 2019, SMU joined CSP to learn more about open source, the community, and if the Trusted Access Platform was a good fit to or if a commercial solution was needed. Our achievements were non-traditional, and the biggest wins were recognition that the products can do the work we need, there is ongoing work to integrate them all together, potentially in one user interface. To know that they can work in our environment, in our use case, and we determined that it was a good fit. Ultimately, our decision was driven by budget, but with the knowledge learned in CSP, we were more confident that this was the right decision for our campus and able to explain why.

Solution Summary

Track: Lifecycle Management

Trusted Access Platform Components: All TAP components were researched as part of this project.

Project Team: Tommy Doan (SMU), Tom McMahon (SMU), Pery Doan (SMU), Allen Hughes (SMU), SMU Global Online department, Chris Hyzer (UPenn), Chris Hubing (Internet2), Nick Roy (Internet2), Scott Koranda (Spherical Cow Group), Benn Oshrinn (Spherical Cow Group), Paul Caskey (Internet2)

The Environment: Small to mid-sized private university, not affiliated with a system, with a really small team.

Benefits to Organization: SMU Global Online and others are interested in the future outcome of this project, current community outside of IT doesn't see the gaps, looking forward to efficiencies and business enabler, not sure where IAM will land

The Project

Problem Statement:

The purpose of this project is to evaluate and select Identity Access Management (IAM) software and a professional services partner to assist with implementation.  

Impact Statement:

The existing account provisioning system, Account Maintenance Automation (AMA), is a PeopleSoft customization designed and developed by SMU personnel in 2009. Due to its limited focus and PeopleSoft-centric foundation, it does not address many of the current and future objectives of the Identity and Access Management (IAM) program that is being developed.

Scale and Scope: 

During this project the following high-level activities will be performed.  

  • Throughout the project, communication materials will periodically be prepared and presented or otherwise distributed to inform the various university-wide sponsors and stakeholders on the basis and progress of the project  
  • A Request for Information (RFI) will be prepared and sent to a short-list of IAM package software vendors 
    • RFI responses will be reviewed and scored, with the scores feeding a quantitative evaluation scorecard 
  • A SMU specific product demonstration will be executed by each vendor that achieves a qualifying score 
    • The software’s coverage of SMU requirements will be scored, with the scores feeding a quantitative evaluation scorecard 
  • A final report containing summary findings from the RFI process and a justifiable software recommendation will be prepared and presented to finalize the software selection 
  • A Request for Proposal (RFP) will be prepared and sent to the selected software vendor professional services group as well as professional services partners experienced in implementing the selected software. 
    • RFP responses will be reviewed and scored, with the scores feeding a quantitative evaluation scorecard 
  • In-person professional services presentation will be conducted by each vendor that achieves a qualifying score enabling us to meet key vendor resources and hear / ask questions about their implementation approach, prior successes, etc. 
    • SMU participant qualitative responses will be gathered and factored 
  • A final report containing summary findings from the RFP process and a justifiable professional services vendor recommendation will be prepared and presented to finalize the professional services vendor selection

The Solution

A final report containing summary findings from the RFP process and a justifiable professional services vendor recommendation will be prepared and presented to finalize the professional services vendor selection

The Result

Initial Plan:

Completion of Key Deliverables:

  • Reference Architecture Document 
  • Concrete Architecture Document 
  • Software Selection Report 
  • Prioritized Roadmap 
  • Discovery of Marketplace Capabilities Document 
  • Services Vendor Selection Report  

Actual Implementation:

The Reference Architecture was completed based on the InCommon reference architecture, and the more that was learned about the TAP components, the more we realized they were reasonable and would meet the need.

We are still working on the Concrete Architecture document for our implementation with Unicon and Spherical Cow. The Software Section report is also in progress, but it’s looking like we'll go with Grouper & COmanage, but are not sure yet on midPoint.

The rest of the items have not been completed yet, there are discussions around working with others in a CACTI working group on the Discovery of Marketplace Capabilities Document. COVID interrupted a lot of working group activity, but we still think this is a useful document for us and the community.

Conclusions & Lessons Learned

Success Metrics: Success was determined by completion of the key deliverables.

Our achievements were non-traditional, and the biggest wins were recognition that the products can do the work we need, there is ongoing work to integrate them all together, potentially in one user interface. To know that they can work in our environment, in our use case was key, because there was some initial concern that Grouper was only for a Unix/Linux environment, not a Windows/AD environment, but that's not the case.

The Problem

Southern Methodist University (SMU) has a home-grown account provisioning system designed and developed in 2009 as a tie-in to PeopleSoft. This system no longer addresses many of the current and future objectives of the university’s identity and access management program. 

SMU planned to gather information about open source solutions, with the ultimate goal of evaluating and selecting identity and access management software to meet future needs, as well as identifying a professional services partner for implementation. In the words of the project plan, “Vendors come to campus with a team to sell, and open source does not do this, so it can be difficult to convince people that these are stable products with a future and that they won't be abandoned.” 

The Solution

SMU joined the Collaboration Success Program (CSP) to dig into the details of the community-developed InCommon Trusted Access Platform open source solutions for identity and access management. Specifically, they wanted to gauge the level of support available from the open source software developers and the associated community. Ultimately, this would help with determining whether the InCommon software was a good fit or if a commercial solution was needed.

During the CSP, SMU studied the InCommon Trusted Access Platform reference architecture, which provides an overview of the functional components for identity and access management in a higher education institution and how those components relate to one another. SMU used that document to develop its own reference architecture as a way to evaluate both open source and commercial offerings.

The Result

The SMU analysis concluded that the InCommon Trusted Access Platform would work in their environment and meet their needs. As the team’s final report stated, “Participating in the CSP made us feel more comfortable with the commitment to these products and long-term sustainability. We received an education on what open source means. Ultimately, our decision was driven by budget, but with the knowledge learned in CSP we were more confident that this was the right decision for our campus.”

The SMU staff continue to work on an IAM architecture plan. Early drafts indicate the university will look at adopting Grouper and COmanage and likely hire a consulting company to help with the implementation.

Lessons Learned

  • Vendors come to campus with a team to sell, and open source does not do this, so it can be difficult to convince people that these are stable products with a future

...

  • Participating in the CSP made

...

  • the project team feel more comfortable with the commitment to

...

  • the open source software and long-term sustainability

...

Understanding the relationship between Evolveum and Internet2 was important, knowing if midPoint was viable and if it was going to be around? Additionally, we would like to have more reading understanding the scope of implementation, how many universities are using each software package, what version they're running, tally marks & have them be willing to act as a reference.

...

  • The team spent more time investigating access management and guest systems

...

  • than expected. 
  • Initially there was a preference for having a commercial solution due to perceived supportability, but in the end it came down to budget

...

  • . With the onset of the COVID-19 virus, having no budget left

...

  • open source

...

  • as the

...

  • choice.

About Southern Methodist University

Southern Methodist University (SMU) is a private research university in University Park, Texas. Enrollment totals about 12,000, including about 5,000 graduate students, and has a Carnegie classification of “Doctoral Universities - High Research Activity.”

Project Team: Tommy Doan (SMU), Tom McMahon (SMU), Pery Doan (SMU), Allen Hughes (SMU), SMU Global Online department, Chris Hyzer (UPenn), Chris Hubing (Internet2), Nick Roy (Internet2), Scott Koranda (Spherical Cow Group), Benn Oshrinn (Spherical Cow Group), Paul Caskey (Internet2)