an identity management vision for california education a. michael berman, cal poly pomona mark...
Post on 18-Dec-2015
216 views
TRANSCRIPT
An Identity Management Vision for California Education
A. Michael Berman, Cal Poly Pomona
Mark Crase, CSU Office of the Chancellor
Copyright A. Michael Berman and Mark Crase, 2004. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.
3/4/2004 Berman/Crase Id Management 2
The Vision: Identity Management for California Education
• Your old men shall dream dreams, your young men shall see visions. Joel ii. 28
• Some men see things as they are and say why. I dream things that never were and say, why not? G.B.Shaw / R. F. Kennedy
3/4/2004 Berman/Crase Id Management 3
Scaling…
“The issue is always scaling… Anytime you think it’s something else, it isn’t. It’s always scaling.”
- “Noteworthy Failures, Ulysses, and the Heart of Rock and Roll”,
Kenneth J. Klingenstein, EDUCAUSE 2003
3/4/2004 Berman/Crase Id Management 4
What is Identity Management?
An identity management infrastructure is a collection of technology and policy that enables networked computer systems to determine who has access to them, what resources the person is authorized to access, while protecting individual privacy and access to confidential information.
3/4/2004 Berman/Crase Id Management 5
Analyzing the Definition
• Infrastructure - the software and hardware
• Collection of technology and policy - Policy is as important as technology
• Networked computer systems - implies distributed systems and network communication - not one service
• Access - Who am I
• Authorized - What am I allowed to do
• Protecting - limiting access, protecting confidential info
3/4/2004 Berman/Crase Id Management 6
The Vision
An identity management infrastructure supporting the secure, transparent, privacy-preserving exchange of student information
among educational entities in California.
3/4/2004 Berman/Crase Id Management 7
CA Higher Ed Population 2002(source: www.cpec.ca.gov)
Community Colleges 1,647,214 62%
CSU 406,515 15%
Univ. of California 201,297 8%
CCC District Office 99,388 4%
Other public 1,263 <1%
All non-public 274,638 10%
TOTAL 2,666,195 100%
3/4/2004 Berman/Crase Id Management 8
CA Higher Ed Population 2002(source: www.cpec.ca.gov)
Community Colleges 1,647,214 62%
CSU 406,515 15%
Univ. of California 201,297 8%
CCC District Office 99,388 4%
Other public 1,263 <1%
All non-public 274,638 10%
TOTAL 2,666,195 100%
3/4/2004 Berman/Crase Id Management 9
The 15% Solution: CSU’s IdM Project SIMI
• California State University is 23 campuses, 400,000 students, 500,000+ people
• SIMI: Secure Identity Management Infrastructure– Concept developed by campus CIO’s group with
support from Chancellor’s Office– After long consultation has now received support from
technology subcommittee of campus presidents
3/4/2004 Berman/Crase Id Management 10
What is the SIMI proposal?
• A coordinated, system-wide effort to develop a Secure Identity Management Infrastructure
• A technology and policy infrastructure to support the secure, private, and reliable transactions related to the identities of individuals in the CSU system
3/4/2004 Berman/Crase Id Management 11
Where did it come from?
• SIMI is a campus-based initiative– Pilots at Cal Poly Pomona, Cal Poly SLO, CSU
Northridge and CSU Hayward– Championed by the CSU IT leadership group
(Info. Tech. Advisory Committee)– Support from Library Directors – Supported by Chancellor’s Office IT organization– Support from NMI-EDIT, an initiative of NSF,
EDUCAUSE and Internet2
3/4/2004 Berman/Crase Id Management 12
Campus Drivers for SIMI
• Legal, regulatory, security imperatives• Support for on-line learning• Support for effective use of information
resources – libraries etc.• Support for multi-campus ERP (PeopleSoft)
project• Every CSU campus is already engaged in some
level of activity in this area
3/4/2004 Berman/Crase Id Management 13
System Drivers for SIMI:Control Costs
• The CSU can no longer afford to build 23 unique IT infrastructures
• The CSU has to leverage its resources• The SIMI project promises more
functionality (because we can share identities among campuses) for less cost (because we leverage our development and implementation)
3/4/2004 Berman/Crase Id Management 14
Why the CSU can’t wait
• Campuses need this functionality now• If we don’t have a coordinated effort, we will
develop 23 approaches• Budget pressure makes it more urgent to
coordinate this work system-wide instead of doing it differently 23 times
• If we don’t do it together now, we will end up doing it over at a higher cost
3/4/2004 Berman/Crase Id Management 15
The CSU Digital Marketplace
• A priority initiative from CSU Academic Technology plan
• An electronic commerce trading presence to sell and distribute academic technology goods, educational content and services to the CSU
• CSU-wide IdM infrastructure can help enable
3/4/2004 Berman/Crase Id Management 16
SIMI Project Status
• Approved by Technology Steering Committee (subcommittee of Executive Council)
• Initial funding strategy complete
• Feasibility Statement being prepared
• Position descriptions being drafted
3/4/2004 Berman/Crase Id Management 17
SIMI Project Outline
• Three year project with proposed central budget of ~ $3 million– ~ $750,000/yr in personnel– $800,000 to support one-time costs
• Starting with 4 dedicated coordinating staff:– Project Director/Middleware Architect– Directory Architect– Project Manager– Documentation Specialist
3/4/2004 Berman/Crase Id Management 18
SIMI Project Objectives
• Near-term– Establish SIMI Policy Board– Update CSU EduPerson Object Classification– Create a Federated Directory Structure– Deploy Shibboleth for common Library
resources
3/4/2004 Berman/Crase Id Management 19
SIMI Project Objectives
• Long-Term– Support additional campus and enterprise
applications– Create unique CSU Identifier– Secure messaging/digital signatures– Role-based Authorization– Extend to institutions outside the CSU
3/4/2004 Berman/Crase Id Management 20
The Case for Inter-institutional IdM in California
• Support articulation– CSU-CSU– CCC-CSU– CSU-UC
• Simplify application and admission process – exchange information with K-12
3/4/2004 Berman/Crase Id Management 21
The Case for Inter-institutional IdM in California
• Leverage resources across K-20 (CalREN DC)– e.g., enable effective use of technologies, e.g.
SIP-based video conferencing over CalVIP
• Political and professional imperative to show stewardship of public resources
3/4/2004 Berman/Crase Id Management 22
We can’t do this alone
• We are looking for representatives across the educational spectrum who want to begin a dialog on these issues
• We don’t envision “one big project” but sharing of concepts, standards, and strategies: “multiple RR’s but one gauge”
• Any volunteers?
3/4/2004 Berman/Crase Id Management 23
A Word from the Sponsors
• National Science Foundation Middleware Initiative (NMI)
• Enterprise and Desktop Integration Technologies Consortium (NMI-EDIT) - Internet2, EDUCAUSE, and SURA
• Project Goals• Common, persistent and robust core middleware
infrastructure• Tools and services in support of inter-institutional and
inter-realm collaborations
3/4/2004 Berman/Crase Id Management 24
NMI-EDIT – More Info
• NSF Middleware Initiative - EDIT Consortium– www.nmi-edit.org and middleware.internet2.edu– Ann West, NMI-EDIT Outreach,
• Upcoming Id and Access Management Events– Shibboleth CAMP June 28-30, Boulder Colorado
