KAREN wiki

KIWI ADVANCED RESEARCH AND EDUCATION NETWORK

Identity and Access Management

From KAREN wiki

Jump to: navigation, search

Identity and Access Management (IAM)


Contents

Introduction

Identity and Access Management is concerned with making sure that approved users have access to online resources. These resources are often distributed across many different organisations which leads to users and organisations having to remember and authenticate many passwords or many users. The Ministry of Research, Science and Technology (MoRST) is sponsoring a committe Identity and Access Management Action Group for Education & Research (IMAGER) to discover the best approach that New Zealand institutions can take to overcome the challenges of identity and access management. More about IMAGER will follow after the introduction to Federated Access Management. Follow the link to find out about Neil James's 2007 IAM Workshops to understand what has been done in IAM before IMAGER.


Key Points

Identity and Access Management (IAM) areas of responsibility

  • MoRST:[1]IAM strategic directions and policy in the eResearch area
  • REANNZ:[2] resources and information on IAM
  • BestGRID:[3] practical applications of IAM
  • Ministry of Education:[4] New Zealand Education Sector Authentication and Authorisation (ESAA) policy & mechanism


Goals

  • Users have a single account for all their services.
  • Authentication is done only at user’s home organisation.
  • User data is maintained only once.
  • Collaboration between multiple organizations is simplified.


Without Federated Access and Identity Management

  • Tedious user registration at all resources.
  • Unreliable and outdated user data at resources.
  • Different login processes.
  • Many different passwords.
  • Many resources not protected due to difficulties.
  • Often IP-based authorisation.
  • Costly implementation of inter-institutional access.


Federated Access and Identity Management

  • No user registration and user data maintenance at resource needed.
  • Single login process for the users.
  • Many new resources available for the users.
  • Enlarged user communities for resources.
  • Authorisation independent of location.
  • Efficient implementation of inter-institutional access.


IMAGER The Identity and Access Management Action Group for Education & Research

Why does MoRST have such a group? Well, it aims to help New Zealand researchers and institutions to select the best access management solution that will allow them to also take full advantage of KAREN (Kiwi Advanced Research and Education Network).


Issues

The research and education network is not without its challenges, one of these how best to secure a collective approach to identity and access management that protects the security and rights of access,data,and resources that can be supported by the network.

IMAGER has been set up to complement and support the work of Education and Research sector agencies, 'REANNZ' Research and Education Network New Zealand, and independently funded research project groups such as Broadband enabled Science and Technology 'BeSTGRID', providing the government with an independent perspective on the progress of identity and access management initiatives. IMAGER is aimed at reviewing operationally focused policy, representing research and education in New Zealand. In the future, IMAGER may also assume a role for the representation of identity and access management outside of New Zealand.

Resources

Wellington IAM 2008 Conference Videos

[[5]] Managing Identity in New Zealand- Identity Conference 2008 Te Papa, Wellington, New Zealand 29-30 April 2008

US Resources

EDUCAUSE

EDUCAUSE has an Identity Management Working Group. Its web site is: http://www.educause.edu/idm

There is also a wiki that posts various bit of information about IAM activities, including upcoming webinars etc.:http://connect.educause.edu/wiki/Identity+Management

The is a short article that appeared in the September/October EDUCAUSE Review publication last year titled “What Higher Ed Leaders Need to Know about IdM”. This was written by the EDUCAUSE President, Brian Hawkins. He comes at the issue from the point of view of the need for universities and colleges to limit there risk in regard to online services, but does not note the key role that sound IAM practices have to play in the move towards IT trust federations and collaboration across institutions and countries. The article can be downloaded from: http://connect.educause.edu/display/45001

NMI-Edit Consortium - Identity and access management for higher education and research

The primary goal of the NMI-EDIT Consortium, which is part of the NSF Middleware Initiative (NMI) in the US, is to improve the productivity of the research and education community through development, testing, and dissemination of architectures, software, and practices in the areas of identity and access management. Their web site is:http://www.nmi-edit.org

Two key resources that can be found there are the “The Enterprise Directory Implementation Roadmap”:http://www.nmi-edit.org/roadmap/dir-roadmap_200510

and a draft of “The Enterprise Authentication Implementation Roadmap”

http://www.nmi-edit.org/roadmap/draft-authn-roadmap-03/

This latter report is a good resource for those people in organisations who are expecting to embark on an IAM project.

They have good directory to software downloads and other information resources at:http://www.nmi-edit.org/releases/index.cfm

UK Resources

JISC

The “Joint Information Systems Committee” in the UK is funded by a group of higher education authorities. They have an Identity Project with a web site at:http://www.angel.ac.uk/identity-project/

They have undertaken a substantial project investigating IAM higher education in the UK, as part of their e-Infrastructure programme.

Australian Resources

MAMS - Meta Access Management System

This project allows for the integration of multiple solutions to managing authentication, authorisation and identities, together with common services for digital rights, search services and metadata management. The web site is:https://mams.melcoe.mq.edu.au/zope/mams/

The main dashboard for navigation to the MAMS project is at:http://www.mams.org.au/confluence/dashboard.action

IAMSuite — Identity and Access Management Suite:http://www.mams.org.au/confluence/display/IAM/IAMSuite

Glossary - Federated Identity and Access Management Glossary:https://mams.melcoe.mq.edu.au/zope/mams/kb/glossary

AAF - Australian Access Federation

The Australian Access Federation Project will develop and deploy an infrastructure to facilitate trusted electronic communications and collaboration within and between higher education and research institutions both locally and internationally as well as with other organizations, in line with the NCRIS objective of providing researchers with access to an environment necessary to support world-class research. The web site is:http://www.aaf.edu.au/ Useful documentation can be found at http://www.aaf.edu.au/documentation

AARNet

AARNet have supported an number of initiatives related to IAM. A key recent activity has been the Ozeconf Identity Management Primers. This was a series of three events held in 2007 via Access Grid. Material from these events is available at:http://www.aarnet.edu.au/Article/PastEvents.aspx?p=146&c=7&y=2007

Past events

IAM Workshops 2007

Neil James, Deputy Chair of the Capability Build Panel, was contracted to run a series of national workshops in 2007 on identity and access management (IAM). The purpose of the workshops was to provide a stocktake of the readiness of KAREN members to adopt IAM best practices.

The goals of the workshops

  • Raise IAM awareness
  • Create a shared understanding of IAM issues among KAREN members.
  • Describe the current use of IAM among members.
  • Ensure KAREN members have the knowledge to adopt IAM.

The findings of the workshop

  • KAREN members are generally well informed about IAM issues
  • KAREN members are working with and comfortable with joining the Australian Access Federation (AAF).
  • The Ministry of Education and other government departments are helping the adoption of IAM. Even better communication between KAREN members and all interested government departments will speed up the adoption of IAM federation.
  • IAM federation will provide more services, more service providers, and more secure identities for the members of the federation.
  • Follow the links to read the full workshop reports.

Workshops Report

Supplementary Report

James Dalziel's presentation

International conference ‘Managing Identity in New Zealand: User-Centric Identity in the 21st Century’ in Te Papa, Wellington, 29 & 30 April 2008.

The Conference was led by Victoria University and sponsored by the NZ State Services Commission, Department of Internal Affairs and Office of the Privacy Commissioner.

The following national and international key note speakers participated:

  • Brendan Boyle, Chief Executive, Department of Internal Affairs, NZ
  • Stefan Brands, CEO of Credentica & McGill University, Canada
  • Roger Clark, Xamax Consultancy & Universities of Hong Kong, NSW and ANU, Australia
  • Malcolm Crompton, Managing Director of Information Integrity Solutions and former Australia’s Privacy Commissioner, Australia
  • Dick Hardt, Founder & CEO of Sxip Identity, Canada
  • Miriam Lips, Professor of E-government, Victoria University of Wellington, NZ
  • Eve Maler, Principal Engineer at Sun Microsystems, USA
  • Mark Prebble, State Services Commissioner, NZ
  • Bob Russell, Chief Executive and Commissioner of Inland Revenue, NZ
  • Marie Shroff, Privacy Commissioner, NZ

For further information on the conference please visit http://www.identityconference.victoria.ac.nz/ or contact Miriam Lips,Professor of E-Government,Victoria University of Wellington School of Information Management & School of Government Cellphone: 027-5637411 Email: miriam.lips@vuw.ac.nz

Retrieved from "http://wiki.karen.net.nz/index.php/Identity_and_Access_Management"