Identity Management: Past,

seedjaggedInternet and Web Development

Nov 12, 2013 (3 years and 5 months ago)

65 views

Identity Management: Past,
Present, and
Future

Wait, the requirements have changed
again

Session Outline


A
little bit of history of
IdM


Where are we
now


Demo of U of S
IdM

system


What does the future
hold


Technical


Non
-
technical


A look at some tools and techniques


A quick walk down memory lane


In biblical times people figured out which side
you are on by how you pronounced shibboleth
(Judges 12:6)


In the 1990’s companies were struggling with
identity management especially around
compliance


In the late 1990’s, Educause formed a group
around IdM


A quick walk down memory lane


In 2000, U of S started a project to implement
a
IdM

provisioning system
known then as
SSAM.


Sun and Oracle became the market leaders for
IdM

through the 2000’s until Oracle bought
Sun in 2009/10


Single
-
Sign
-
On has been largely dropped, but
Web Single
-
Sign
-
On is widely supported
(
CAS,
OpenID
, Shibboleth)


Where we are now


Oracle market
leader according to Gartner and
others


Open source


OpenIAM

(based on Sun work)


Grouper


In house systems


What issues are people still having?


Policy and Governance

U of S landscape


5 people
largely dedicated
to
IdM


Using
Jboss

Seam for front end


Oracle back end


Use Agile development practices


Iterations planned in
Jira


Continuous Integration builds/tests with Jenkins


SVN for source control


Code reviews using Fisheye and Crucible


Still challenged to keep up with demand

U of S Landscape


Banner (student, finance) and
Peoplesoft

(HR)


AD,
OpenLDAP
, Unix systems, Windows
systems, Library


Support for guest self registration


Password self recovery using email, SMS &
questions


Shared name and address database


Successes


“Fix what’s bugging me” during slow times


Quick search


Performance improvements


See who is logged in now


Client Dashboard


Retrospectives



Demo


Iam.usask.ca



support interface


Mits.usask.ca



self service interface

What does the future hold (tech)


Federation


Shibboleth


OpenID


EduRoam


Hosted Services (Cloud
)


Provisioning and integration to directory services (AD, LDAP)


Two
-
factor authentication


Assurance of
identity


Directory services


Other kinds of access controls (doors, network, library, etc.)

What does the future hold (non
-
tech)


Budget/resource challenges


Infrastructure is not sexy


People will only miss it if it is not there


Setting priority amongst competing
interests


Policy around cloud services and privacy of
information


Demo tools we are using


Agile tools


Jira

&
Greenhopper

demo


Jenkins (CI and code coverage)


Retrospectives


Coming to shared understanding


Gamestorming
/innovation games


Dialogue mapping


Question


Ken.glover@usask.ca


@
gloverken


Chris.gaschler@usask.ca

Suggested Reading