wikipedia says… “single sign on (sso) is a property of access control of multiple, related, but...
TRANSCRIPT
![Page 1: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/1.jpg)
Wikipedia Says…“Single Sign On (SSO) is a property of
access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.”
![Page 2: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/2.jpg)
• Reduce password fatigue• Reduce time spent re-entering
passwords• Abstract authentication from systems• Lower calls to Help Desk about
passwords• Centralized reporting for compliance• Can rationalize multiple authentication
methods• Improved interaction with 3rd Party
![Page 3: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/3.jpg)
True Single Sign On is often hard to accomplish
“keys to the castle”
High Availability becomes the new IdM buzzword (well one of them)
![Page 4: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/4.jpg)
Jasig CASCoSignKerberosOpenSSO JOSSOShibboleth
![Page 5: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/5.jpg)
What protocol do they use? What kind of “clients” do they have? Features:
Opt Out of Single Sign On Management Monitoring High Availability / Scalability Flexibility “ClearPass”
Deployment/Maintainability
![Page 6: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/6.jpg)
Its easy! (relatively) Assumes you’ve already solved your ID
problem
It’s a “big” win
Highly visible
Oh, and all that stuff listed under Benefits
![Page 7: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/7.jpg)
• Documentation!• Present, Present, Present! (Education)• A Compelling Reason
– Features– Ease-Of-Use– Auditing– Superior User Experience
• Support It!• Strong Arm (not a pleasant experience)
![Page 8: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/8.jpg)
Goes well with… Self-Password Reset/Change Lookup Id Profile
User EducationHelp Desk SupportTrusted SSL Certificates
![Page 9: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/9.jpg)
Single Sign Out
OpenID – decentralized authentication system
Federation
Facebook Connect - API to let user log in via Facebook
InfoCards -
![Page 10: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/10.jpg)
Rolling out an SSO will raise some of the following questions/concerns: We can’t use SSO because it doesn’t
support all types of guests easily* What’s your SLA? Why does it take so long to get an ID?* What about access control?* What is the password policy? What’s the identifier usage policy?
![Page 11: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/11.jpg)
![Page 12: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/12.jpg)
![Page 13: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/13.jpg)
(but it sucks!)
![Page 14: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/14.jpg)
Store identity data about your people
Reconciles different versionsMakes (usually) intelligent choicesHelps feed other systems
Directory builder Provisioning Reporting
![Page 15: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/15.jpg)
Not too many! Very few higher education options Most non-Higher Education ones don’t
get “higher ed”▪ Multiple sources for a person▪ Multiple possible hierarchies▪ Every university is (slightly) different
![Page 16: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/16.jpg)
What is OpenRegistry? OpenRegistry is an OpenSource Identity Management
System (IDMS). It's a place for data about people affiliated with your organization.
Core Functionality Interfaces for web, batch, and real-time data transfer Identity data store Identity reconciliation from multiple systems of record Identifier assignment for new, unique individuals
Additional Functionality Data beyond Persons: Groups, Courses, Credentials,
Accounts Business Rule based data transformations More than just a Registry, some periphery too Directory Builder Provisioning and Deprovisioning
![Page 17: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/17.jpg)
Two Options:
▪ “The Big Bang”
▪ Transitional
![Page 18: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/18.jpg)
Benefits Not maintaining two versions for extended
period of time Direct Developer Resources towards new
project Cons
This stuff better work! (or expect some pissed off people)
Significant investment in testing phase What’s the back up plan? Restrictions on flexibility
![Page 19: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/19.jpg)
Benefits Significant time to test system “in
production” with real data Built-in Back Up Plan More flexible scheduling
Cons Maintaining multiple systems for
extended period Ambiguity about where to go for data In some instances, double the work!
![Page 20: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/20.jpg)
We totally confuse the issue We’ve “big banged” ourselves for Dec 2010
(PeopleSoft deployment) We’ve committed to maintaining the legacy
system feeds We are gradually rolling it out!
Why? It seemed like a good idea at the time! “Big Bang” attachment to PeopleSoft gets IdM on
the radar and stresses importance Pilot Groups much earlier! Unfortunately, it puts IdM on the radar With schedule, no time to update all legacy feeds
![Page 21: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/21.jpg)
Building a registry is tough! Deploying a registry is tougher! Touches everything!
▪ Data is owned by others▪ Policies around accessing data, identifiers, etc.▪ Downstream concerns with new populations▪ Poorly written tools that won’t work with the new
system▪ Help Desk Nightmare!▪ Start Looking at EVERYTHING
What does it all mean?
![Page 22: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/22.jpg)
![Page 23: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/23.jpg)
![Page 24: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/24.jpg)
![Page 25: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/25.jpg)
![Page 26: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/26.jpg)
![Page 27: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/27.jpg)
![Page 28: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/28.jpg)
![Page 29: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/29.jpg)
![Page 30: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/30.jpg)
![Page 31: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/31.jpg)
Governance is the activity of governing. It relates to decisions that define expectations, grant power, or verify performance. It consists either of a separate process or of a specific part of management or leadership processes. Sometimes people set up a government to administer these processes and systems.
In the case of a business or of a non-profit organization, governance relates to consistent management, cohesive policies, processes and decision-rights for a given area of responsibility. For example, managing at a corporate level might involve evolving policies on privacy, on internal investment, and on the use of data.
(according to Wikipedia)
![Page 32: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/32.jpg)
PoliciesResponsibilityCoordination and PrioritizationComplianceSome of them like the details (i.e.
text on the page!) really really annoying
Making the CaseCommunication
![Page 33: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/33.jpg)
Not too early
But not too late
Becomes important when you start depending on others
![Page 34: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/34.jpg)
Some level of actual authorityA method for measuring
accountabilityTransparentLeave us better of!
![Page 35: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/35.jpg)
Fiefdoms continue to exist
Duplicate data everywhere!
Duplicate application development
Misuse of information
![Page 36: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/36.jpg)
None – just like it soundsExplicitly Decentralized
High level group sets policy Specialized groups implement policy
Centralized Makes just about all the decisions
Hybrid
![Page 37: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/37.jpg)
1. initial – no process.
2. repeatable – starting to understand processes
3. defined – process documented, standardized and integrated.
4. Managed
5. optimized
(according to Burton)
![Page 38: Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649dd85503460f94acd92a/html5/thumbnails/38.jpg)
Two key points:
You need a champion of sufficient authority
Feedback mechanism needs to be in place