* Astrid Fingerhut, University of Chicago
Lightning Talk : Trusted Agent Program (TAG)
TAG is a distributed authorization system designed to address access management problems:
- Faculty joining University of Chicago in the summer want access to use email and Chalk (https://chalk.uchicago.edu/webapps/portal/frameset.jsp)
- Don't have true HR, have payroll system. So new faculty often don't appear in the system for two weeks or a month. Therefore getting an email and Chalk account right away is a challenge.
There are 70 trusted agents
Trusted agent can assign temporary accounts for people who are not employees of university or are not yet recognized as such in the payroll system.
These Temp accounts can last for up to one year
Since inception, TAG has been widely used
Problem occurs when the trusted agent leaves a department, but not the university.
Q: Do trusted agents have to go through certification?
A: Astrid is in charge of the trusted agent program and she goes to every new trusted agent's office to personally train them.
When the program grows, it gets harder to manage through this one-on-one training procedure.
Once per year updates are very helpful for the trusted agents.
Q: RL Bob: We have a similar program at University of Washington for temporary wireless access. No training needed. We are looking to see if it creates abuse.
Q: Do you also have classic sponsored account?
A: We had that before we had TAG. Was a piece of paper.
Caused problems with accounts left open and we didn't know what to do with them.