CAMP: Practical Building Blocks for Access Management
...
June 15-17, Philadelphia
...
- The perspective of CAMP is that there are small things that can be done in access management that are a good start and are easier to do than the large things. There are modest problems that need an access management solution.
- Rob Carter of Duke has developed categorized use cases to make things clear.
- We will attempt to identify a small set of solution patterns to address use cases.
- We look forward to hearing wisdom and experience from folks in the room.
Access Management Building Blocks
* Tom Dopirak,Senior Consulting IT Architect, Carnegie Mellon University (slides)
Q: What are the different terminologies in this access management space?
...
Categorizing Access Management Challenges (slides)
* Rob Carter, Consultant, IT, Duke University , * Scott Fullerton, Sr IT Architect, University of Wisconsin-Madison (slides)
Q: Thinking in terms of an application a campus might buy, how do you hook it up? Who has what role? What questions should we ask vendors?
A: When we are looking at implementations, think in terms of what IdM info we have available and what will the applications want to consume? Also, ask to what extent the potential application meshes with business processes you have in place, and If it does not mesh, how does the data support the new business process it's forcing on you.
...
* Moderator: Tom Barton, Senior Director for Integration, University of Chicago
...
* Cal Caleb Racey, Newcastle University
Access Controlling Online Resources -- Wikis, Lecture capture, Room Booking (notes)
...
* Michael McDermott Brown University
Security Faculty Information Systems(slides)
...
* David Langenberg, University of Chicago
Quarterly Instructor Access, Student testing(slides)
...
* Jimmy Vuccolo, Pennsylvania State University
Financial Workflows (notes)
...
* Liz Salley, University of Michigan
Organizations as Subjects (notes)
...
* Jim Beard, University of Oregon
Thorns in Password Reset (notes)
...
Day 2 (16-June-2009)
| Anchor | ||||
|---|---|---|---|---|
|
Describing the Solution Patterns and Real World Examples
* Elizabeth A. Salley, Product Manager, Michigan Administrative Information Services, University of Michigan-Ann Arbor (Moderator and Presenter),
* Tom Barton, Senior Director for Integration, University of Chicago
* Caleb Racey, Middleware ISS, Newcastle University
(slides - Elizabeth, Tom and Caleb)
* Steven Carmody, IT Architect, Brown University (slides)
http://www.educause.edu/sites/default/files/library/presentations/CAMP092/GS06/Patterns.pptx
http://www.educause.edu/sites/default/files/library/presentations/CAMP092/GS06/Ad-hoc%2BLists.ppt
Discussion and Lightning Rounds: Testing the Solution Patterns
...
Shibboleth attributes for sharepointSharePoint (slides)
...
* Paul Hill, MIT
perMIT (notes)
...
* Cal aleb Racey, Newcastle University
Access control with Shibboleth and Grouper. How to populate identity stores. (notes)
...
* David Bantz, University of Alaska
Organizational hierarchy & the phone bookbook (slides)
...
* Luca Fillipozzi, University of British Columbia
A physical access management solution (notes)
...
* Astrid Fingerhut, University of Chicago
Trusted Agent program (notes)
...
Environmental Scan - What Technology Tools Work (and Don't Work)?
* Moderator: Tom Barton,Senior Director for Integration, University of Chicago
*Bill Kasenchar, Project Leader, University of Pennsylvania (slides)
* Laura Hunter, Identity Architect, Oxford Computer Group (slides)
* Bob Bailey, Sr. Developer, Lafayette College College (slides)
Q for Bob Bailey: How are you dealing with latency issues for synchronous writes into the OpenLDAP directory?
A: we only have 5000 entries in our LDAP dir. So we don't have a problem.
Q: If someone in the business school, for example, wants to know groups in other part of campus. How do you handle appropriate boundaries for sharing?
A: from Bill Kasenchar: You can allow or deny that level of sharing.
A: from Bob Baily: with OpenLDAP, you just add somebody to a group. The simple solution is that access is granted based on group affiliation.
A: from Laura Hunter: AD natively makes that challenging, everyone has access to everything. There are ways to tweek around it.
...
Environmental Scan - What Policy and Process Approaches Work (and Don't Work)?
* Elizabeth A. Salley, Product Manager, Michigan Administrative Information Services, University of Michigan-Ann Arbor (moderator and panelist) (slides)
*Andrea Beesing Assistant Director, IT Security, Cornell University (slides)
* Renee Shuey, Senior Systems Engineer, The Pennsylvania State University (slides)
Q: Why did the University of Michigan project need to go back several times to get funded? What was that process like?
A: Our project was one of the first, and there was the question of "how do we fund projects like this." We thought we could get funded without knowing what technology to put in place. Then we did the RFP, and we chose Novell IdM. Key stakeholders wanted to know the technology before approving funding.
Q: What are the key awareness and education issues involved?
A: We need to work hard to find ways to create the understanding that this is not just an IT effort, it's about the community.
...
Bringing the Workshop Home: Applying Your Knowledge to Your Access Mangement Challenges
...
Grouper Future Features, (slides)
...
* Kent Fong, University of British Columbia
...
IdM Implementation from the Rear View Mirror (notes)
...
Looking Forward
Moderator: Elizabeth A. Salley, Product Manager, Michigan Administrative Information Services, University of Michigan-Ann Arbor
Panel: * Ken Klingenstein, Director, Internet2 Middleware and Security, Internet2
* Tom Dopirak, Senior Consulting Architect, Carnegie Mellon University
* Michael McDermott, Senior Programmer/Analyst, Brown University
* Bob Bailey, Sr. Developer, Lafayette College
...