Luca Fillipozzi, University of British Columbia

Lightning Talk: A physical access management solution

I work for an academic unit at University of BC.

In 2004-2005, CS and electrical engineering received government funds for expansion of buildings. Allowed for improvement of physical access issues.

Deliver electronics programs etc.   Every term w have a giant turnover of students who had access to computer systems or space in computer labs.

CS had a punch code given to students in a particular course. But problem: punch code got widely shared

Applied funding to older buildings for access code

Shopping for secure access program to get automation into this.
Didn't find one, so we wrote our own.

ACSM access control mgmt system

Mostly access management with a little IdM

After that it's a role based access control system

It has implicit and explicit aspects

Implicit - you are enrolled in this class so you have this access

Explicit - role assignment for employees faculty and staff

Has an element of delegation.  Each dept can control who gets on their floor over which they have authority

Biggest challenge was that the product that was chosen was in 1990s, window based application.   Better version uses mssql.

So wrote glue to push data into the mssql database

Tried to write in a vendor agnostic way

Q: For roles that are implicit,  do you have a process for people who don't have a relationship with the university?

A: We only need to care about regular enrolled students.  We do have some oddball students.  IEEE local branchs ends some folks take courses.  Those are handled manually.

The hope is that this system will get folded into the central offering.