Versions Compared

Old Version 1

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

* Astrid Fingerhut, University of Chicago

Lightning Talk : Trusted Agent Program

...

University of Chicago
High Level

(TAG)

TAG is a distributed authorization system Was designed to address 3 access management problems:

- Faculty coming joining University of Chicago in the summer want access to use CHALK and emailemail and Chalk (https://chalk.uchicago.edu/webapps/portal/frameset.jsp)

- Don't have true HR, have payroll system. So people new faculty often don't appear in the system for 2 two weeks or a monthSo . Therefore getting an email and Chalk account right away is a problem. People need access day 1 not day 20

When people come into the campus they want ? access

challenge.

Trusted agent is distributed authorization.  Pete Jackson to the deans.  There are 70 trusted agents

Dean appoints trusted agent or 2

Trusted agent can assign Temp temporary accounts is for folks people who are not employees of university .
Trusted agent can give temp accountsor are not yet recognized as such in the payroll system.

These Temp accounts can last for Trusted agents can give temp accounts – up to one year Meeting IDs

Each meeting ID lasts one day long and expires at midnight
Preview accounts?

Temp accounts – problem that different people need different services.

Some resolved ad hoc. Some resolved by given a group a di
639 temp accounts

since inception been widely used
Problems we've had.

Since inception, TAG has been widely used

Problem occurs when the When trusted agent leaves a dept department, but not the university that's a problemNeed a solution.

Q: do Do trusted agents have to go through certification?
A: Astrid is in charge of the trusted agent program and she goes to everyoneevery new trusted agent's office to personally train them.
When it the program grows, it gets harder to manage
Help once per year updates, try to keep trackthrough this one-on-one training procedure.
 Once per year updates are very helpful for the trusted agents.

Q: RL Bob: We have a similar program at University of Washington for Q: BOB : we have similar program
For temporary wireless access. No training needed. We are looking to see if it creates abuse.

Q: Do you also have classic sponsored account?

A: we We had that before we had TAG.  Was a piece of paper.
Caused problems w with accounts left open and we didn't know what to do with them.