E-mail /
Phone Numbers |
Wednesday 18 September 2024 | University of Exeter > Identity management > Proof of concept |
|
Identity management - Proof of conceptIntroductionIntroductionSince 2005/2006 the need for a comprehensive Identity Management solution has been recognised and there have been several associated projects which have begun the process of analysing requirements, researching tools, technologies and prototyping solutions. These are well documented at http://www.projects.ex.ac.uk/iam/ and http://gilead.ex.ac.uk/ and it is assumed that the reader is familiar with the benefits of Identity Management and its importance for the University. One of the key lessons learnt within these projects was that an Identity Management system is not simply a single new IT system which can be introduced overnight as a panacea for replacing all existing methods of access to resources which have grown up over several decades. Any Identity Management system must be carefully designed to fit in within the existing environment and to work in parallel whilst a process of migration occurs over a period of perhaps several years. This migration process will lead to many other projects in their own right the timing and priority of which are likely to be driven by the business. The aim of this project is to build upon the experience and information gathered previously along with latest developments and best of breed tools to deliver an identity management core system which initially proves that a single University wide application may be supported in terms of capacity, scaling, security, ease of use and reliability. The chosen application is itself a new development of Electronic Library Access via the UK Access Management Federation using Shibboleth. Business AnalysisBusiness AnalysisThe development of a successful Identity Management system hinges on understanding the business processes and rules which dictate how classes of people within the University community gain access to resources. This may well currently be implemented manually or on IT systems but is defined by policies and procedures. The policies and procedures may well have developed and been constrained by the lack of an Identity Management system previously so must be discussed and reviewed with all relevant parties to determine a set of requirements for the longer term solution. Key systems of origin in particular HR, Student Records and Associate data held in the card office database are the primary feeds for what will become a central registry of identities. Example Application: UK Access Management Federation and ShibbolethExample Application: UK Access Management Federation and ShibbolethThe Shibboleth architecture defines a way of exchanging information between an individual and a provider of digital data resources. Shibboleth is able to protect both the security of the data and the privacy of the individual viewing it. The institution joins the federation to become part of a trusted group which then allows authentication to be delegated back to institution whenever a resource is requested. Top of this document | Next tab (Design) Design and Implementation Considerations |
Academic Services, The University of Exeter, Main Library,
Stocker Road, Exeter, Devon, UK EX4 4PT |
NOTE FOR NETSCAPE 4 users: This website has been produced to be standards compliant. If you can read this message, you may be viewing the site using an older browser. Whilst all the content in this site will be accessible to you, some of the presentational aspects may not. To see this site as it is intended , you should consider using a modern browser. See the Web Standards Project for more details. |