Luca Fillipozzi, University of British Columbia

Lightning Talk: A physical access management solution

I work for an academic unit at University of BC. In 2004-2005, computer science and electrical engineering received government funds for expansion of buildings. Allowed for improvement of physical access issues.

Deliver electronics programs, etc.   Every term we have a large turnover of students who had access to computer systems or space in computer labs. CS had a punch code given to students in a particular course. But problem: punch code got widely shared.

We shopped for a secure access program to find an automated solution.
Didn't find one, so we wrote our own.

ACSM access control mgmt system. Mostly access management with a little IdM.

After that it's a role based access control system.

It has implicit and explicit aspects

Implicit - you are enrolled in this class so you have this access

Explicit - role assignment for employees faculty and staff

Has an element of delegation.  Each dept can control who gets on their floor over which they have authority.

Biggest challenge was that the product that was chosen was in 1990s, window based application.   Better version uses mssql.

So wrote glue to push data into the mssql database

Tried to write in a vendor agnostic way

Q: For roles that are implicit,  do you have a process for people who don't have a relationship with the university?

A: We only need to care about regular enrolled students.  We do have some oddball students.  IEEE local branchs ends some folks take courses.  Those are handled manually.

The hope is that this system will get folded into the central offering.