Gary Brown, Senior Systems Developer, Portal Development Team

Identity Management Toolkita JISC sponsored project

2 What is identity?

• The sameness of a person or thing at all times or in

all circumstances; the condition or fact that a

person or thing is itself and not something else

(Oxford English Dictionary)

• Which is not to say that attributes attached to an

identity cannot change e.g. address

3 What is identity management (IdM)?

• Establishing, verifying and maintaining identity– Informal: self-assertion / hearsay– Official: birth certificates, passports, ID cards, biometrics– IT: passwords, certificates, chip cards, biometrics

• Access management– Authentication, policies, roles, groups, privileges, federations

• Targeting – Push / pull of data / services that are relevant and appropriate

• Provisioning– Timely, consistent and accurate data throughout systems

• Auditing– Who did what, when and under what authority?

4 The Identity Project

• JISC sponsored. Undertaken by LSE and Cardiff.

• Produced: – a comprehensive broad survey of the current state of IdM in UK

academic institutions; – a set of in-depth audits of IdM in a representative set of institutions.

• and also: – investigated practice and policy around institutional membership; – investigated how having NHS links affects an institution's

requirements from IdM– investigated how having Grid Infrastructure affects an institution's

requirements from IdM– identified common problems (and their solutions if possible) with

regards to institutional IdM – attempted to establish consensus on best practice in IdM – identified areas where further work is required

5 Why a toolkit?

• Bristol wanted concrete recommendations – similar

to the UCISA Information Security Toolkit 

• JISC keen to use results of Identity Project to help

institutions implement best practice IdM

• Cardiff and LSE will largely produce the toolkit.

Bristol and Kidderminster will road test the toolkit

• 18 month project starting from January 2009

• Production Toolkit to be published/launched at JISC

and UCISA annual conferences in March 2010

6 Structure of the toolkit

1. Definitions (including constituent components)

2. Requirements

3. How to conduct a readiness audit

4. How to conduct a gap analysis

5. How to make a business case

6. How to create a roadmap

7. Summary of available system solutions

8. Walk-in users & network access

7 Example issues Bristol would like to solve

1. Grey users

2. Roles and relationships

3. Duplication and consistency

8 Issue 1: grey users

• A grey user is someone who is not an official

student or member of staff but who needs access

to University systems e.g. Library, VLE

• Sometimes made an honorary member of staff

• Often given local accounts on individual systems

• Would like to:– mainstream users in central system without having to make

everyone an honorary member of staff

– use federated (Shibboleth) identities when available

– apply appropriate policies to different classes of user

9 Issue 2: roles and relationships

• Departments know which staff (including grey

users) teach which students, when, and where,

but, when we do vertical projects e.g. timetabling,

id cards (for buildings access), VLE, CMS and

Portal, there is little appropriate central data and no

guarantee that what we have is up-to-date

• Don’t know structures below organisational unit or

who manages who

10 Issue 3: duplication and consistency

• Bristol has a very devolved structure – so faculties,

departments and other units often develop

separate systems and policies

• We are in danger of solving similar problems in

different (incompatible) ways for different systems

– and we would rather not do that!

• Need central system which can support the

devolved structure but allow common policies

11 Links

• Identity Project– http://www.jisc.ac.uk/whatwedo/programmes/ein

frastructure/identity.aspx

• Identity Management Toolkit Project– http://www.jisc.ac.uk/whatwedo/programmes/ai

m/idmtoolkit.aspx

• UCISA Information Security Toolkit– http://www.ucisa.ac.uk/ist