InCommon Silver @ Michigan State

Common Solutions Group, January 2011Matt Kolb <mk@msu.edu>

Goals

Improve our Identity Management infrastructure Higher Levels of Assurance Better documentation of process and procedures

Enable collaboration Build trust with external partners Facilitate access to services

Initial Challenges

Difficulty interpreting the Bronze/Silver Identity Assurance Profile (IAP)

Infrastructure incompatibility (password policy)

Sorely lacking: Documentation Policy

Scope Taming wild provisioning processes

Where’s the killer app? (Motivation)

Approach

Work with other institutions (CIC, etc) Partner with campus stakeholders Identify a subset of the population for Silver Likely a pilot comprised of research faculty

Leverage our ID Office Verification process Credentialing

Investigating second credential (certificates) through iClass ID Cards

Reasons for Hope Flexible technical architecture

Solid person registry MIT Kerberos Shibboleth

ID Office Created in Central IT, migrated existing physical and digital provisioning activities

Cross functional campus participation Specifically strong commitment from Internal Audit

We’re not alone (CIC Partners)

Future State

Assert LoA Silver through our Shibboleth Identity Provider (IdP) Authentication-time calculated attribute

Continue to maintain a single IdP for all Levels of Assurance (we hope)

Implement multifactor Authentication This puts us on a track for Gold (someday)

Silver credential provisioning through ID Office

A Haiku; for InC Silver

Spring of assurancecollaboration the goal;Silver, together