BCNet IDM Workshop – Identity and Access Managment @ UBC

 enterprise architecture  Add comments
May 032010
 

Doug Gregg and Luca Filipozzi

Business Case for IAM – Doug

Started with a 96 page project charter and condensed to a 26 page PowerPoint

  • Objective : build the policies, processes and technologies to allow end to end lifecycle mgmt of person centric digital identities within a 2 year window
  • List of success criteria : reduced # of separate sign-ons, same username and password on most systems, simplified and automated provisioning and de-provisioning, etc

Where are we now?

IT Challenges

  • review of UBC IT – was not very favourable
  • commodity computing challenges – too much effort spent on the bottom of the technology stack

IAM Relationships

  • person, org, roles/groups, permissions, resources – all important entities – good diagram of a simplified view
  • presented a view of identity management, provisioning/deprovisioning, identity lifecycle, IAM connected sources, sinks today, next 6 months and within 2 years
  • provisioning an Enterprise AD and Grouper (group management)

People

  • IAM committees – steering committees (small group with senior management) and architectural advisory committee (representation from 20 areas)
  • key stakeholder groups – lots of touch points to keep these other committees informed
  • challenge dealing with the urgent tactical issues ahead of working on strategic directions – tough to balance
  • hard to communicate strategy when it is not fully developed

Milestone 1 – Luca

  • objective to leverage the CWL id and pwd for authentication and group access
  • push CWL ids into Enterprise Active Directory – June 15, 2010
  • migrate enterprise LDAP service from Sun to OpenLDAP – October 2010
  • use Grouper to manage provisioning and deprovisioning of groups – October 2010
  • need to look at Sympa – provides a canonical source particularly for mailing list management
  • need to look at Grouper – provides group management to talk back to AD, strong on group algebra for working on sets and needs to talk to an LDAP

Related posts:

  1. BCNet IDM Workshop – SFU LDAP, CAS, Shibboleth and OpenRegistry (Oh My!)
  2. BCNET IDM Workshop – Oracle IDM
  3. BCNET IDM Workshop – BC Provincial IDM Project
  4. BCNET IDM Workshop – BC Campus IDM Initiatives
  5. SGHE Summit – Banner Enterprise Identity Management (BEIS)

Leo de Sousa

  One Response to “BCNet IDM Workshop – Identity and Access Managment @ UBC”

  1. Tweets that mention BCNet IDM Workshop – Identity and Access Managment UBC: Doug Gregg and Luca Filipozzi Business Case for IAM – Do... -- Topsy.com says:
    May 3, 2010 at 15:57

    [...] This post was mentioned on Twitter by Leon Lewis Jr. Leon Lewis Jr said: BCNet IDM Workshop – Identity and Access Managment @ UBC: Doug Gregg and Luca Filipozzi Business Case for IAM – Do… http://bit.ly/aw6Xzd [...]

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Switch to our mobile site