BCNet IDM Workshop – Identity and Access Managment @ UBC

by | May 3, 2010

Doug Gregg and Luca Filipozzi

Business Case for IAM – Doug

Started with a 96 page project charter and condensed to a 26 page PowerPoint

  • Objective : build the policies, processes and technologies to allow end to end lifecycle mgmt of person centric digital identities within a 2 year window
  • List of success criteria : reduced # of separate sign-ons, same username and password on most systems, simplified and automated provisioning and de-provisioning, etc

Where are we now?

IT Challenges

  • review of UBC IT – was not very favourable
  • commodity computing challenges – too much effort spent on the bottom of the technology stack

IAM Relationships

  • person, org, roles/groups, permissions, resources – all important entities – good diagram of a simplified view
  • presented a view of identity management, provisioning/deprovisioning, identity lifecycle, IAM connected sources, sinks today, next 6 months and within 2 years
  • provisioning an Enterprise AD and Grouper (group management)


  • IAM committees – steering committees (small group with senior management) and architectural advisory committee (representation from 20 areas)
  • key stakeholder groups – lots of touch points to keep these other committees informed
  • challenge dealing with the urgent tactical issues ahead of working on strategic directions – tough to balance
  • hard to communicate strategy when it is not fully developed

Milestone 1 – Luca

  • objective to leverage the CWL id and pwd for authentication and group access
  • push CWL ids into Enterprise Active Directory – June 15, 2010
  • migrate enterprise LDAP service from Sun to OpenLDAP – October 2010
  • use Grouper to manage provisioning and deprovisioning of groups – October 2010
  • need to look at Sympa – provides a canonical source particularly for mailing list management
  • need to look at Grouper – provides group management to talk back to AD, strong on group algebra for working on sets and needs to talk to an LDAP

One thought on “BCNet IDM Workshop – Identity and Access Managment @ UBC

  1. Pingback: Tweets that mention BCNet IDM Workshop – Identity and Access Managment UBC: Doug Gregg and Luca Filipozzi Business Case for IAM – Do... --

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.