identity management: past, present, and future wait, the requirements have changed again
TRANSCRIPT
Identity Management: Past, Present, and Future
Wait, the requirements have changed again
Session Outline
• A little bit of history of IdM• Where are we now– Demo of U of S IdM system
• What does the future hold– Technical– Non-technical
• A look at some tools and techniques
A quick walk down memory lane
• In biblical times people figured out which side you are on by how you pronounced shibboleth (Judges 12:6)
• In the 1990’s companies were struggling with identity management especially around compliance
• In the late 1990’s, Educause formed a group around IdM
A quick walk down memory lane
• In 2000, U of S started a project to implement a IdM provisioning system known then as SSAM.
• Sun and Oracle became the market leaders for IdM through the 2000’s until Oracle bought Sun in 2009/10
• Single-Sign-On has been largely dropped, but Web Single-Sign-On is widely supported (CAS, OpenID, Shibboleth)
Where we are now
• Oracle market leader according to Gartner and others
• Open source – OpenIAM (based on Sun work)– Grouper
• In house systems• What issues are people still having?– Policy and Governance
U of S landscape
• 5 people largely dedicated to IdM• Using Jboss Seam for front end• Oracle back end• Use Agile development practices– Iterations planned in Jira– Continuous Integration builds/tests with Jenkins– SVN for source control– Code reviews using Fisheye and Crucible
• Still challenged to keep up with demand
U of S Landscape
• Banner (student, finance) and Peoplesoft (HR)• AD, OpenLDAP, Unix systems, Windows
systems, Library• Support for guest self registration• Password self recovery using email, SMS &
questions• Shared name and address database
Successes
• “Fix what’s bugging me” during slow times– Quick search– Performance improvements– See who is logged in now– Client Dashboard
• Retrospectives
Demo
• Iam.usask.ca – support interface• Mits.usask.ca – self service interface
What does the future hold (tech)• Federation
– Shibboleth– OpenID– EduRoam
• Hosted Services (Cloud)– Provisioning and integration to directory services (AD, LDAP)
• Two-factor authentication• Assurance of identity
– Directory services• Other kinds of access controls (doors, network, library, etc.)
What does the future hold (non-tech)
• Budget/resource challenges– Infrastructure is not sexy– People will only miss it if it is not there
• Setting priority amongst competing interests• Policy around cloud services and privacy of
information
Demo tools we are using
• Agile tools– Jira & Greenhopper demo– Jenkins (CI and code coverage)– Retrospectives
• Coming to shared understanding– Gamestorming/innovation games– Dialogue mapping
Suggested Reading