SlideShare a Scribd company logo

SIF IDM Profile Introduction

Richard Tong
Richard Tong
Education
1 of 27
Download to read offline
SIF IDM 101: Identification Management Profile Introduction Hattie Leary Hattie.Leary@anoka.k12.mn.us Richard Tong rtong@amplify.com Vince Paredes vparedes@sifassociation.org Linda Marshall Linda.Marshall@nsip.EDU.AU
A Primer of the SIF IDM Profile  Background for a comprehensive IDM profile  The new solution  The use cases  Logical IDM model  IDM workflow best practice (Also covered in IDM 102)  Migration path from 2.0 (To-be-covered in IDM 102)  The real-world story and next steps (To-be-covered in IDM 102)  Appendix
Background for SIF IDM Profile Why do we need SIF Identity Management Profile?
User ID and password are needed for all kinds of web applications in education. SIF Enabled Educational Infrastructure needs to provide mechanism to seamless authenticate end users and grant authorization request. User ID and password from mobile clients into SIF Enabled Educational Infrastructure API and/or hosted applications need to be supported. APIs, Desktop or backend applications and Custom Apps (such as data ingestion engine, sync engine, ESB, Data Warehouse, administrative applications, collaboration tools, custom Apps, etc.) need to identify themselves and pass credentials from their end users for participating in the overall SIF Enabled Educational Infrastructure community. Where is identity needed?
Benefits of Identity Integration (Single Sign-On or Same Sign-On)  Reduced Administrative Costs  All user authentication information resides in SEA/LEA, which reduces the need to maintain, monitor and potentially synchronized multiple stores.  Reduces password-related user support requests.  Increased ease of use / adoption  Each user only has a single username and password which grants them seamless access to all of their current resources and SIF Enabled Educational Infrastructure resources.  Single Sign-On also saves users time, since each individual sign-on process can take 5 to 20 seconds to complete.  Enhanced Security  Password policies established for SEA/LEA network will also be in effect for SIF Enabled Educational Infrastructure.  Automatic provisioning and deprovisioning of users prevents unwarranted access.  Sending an authentication credential that is only valid for a single use can increase security for users who have access to sensitive data.
Beyond SSO  Before SSO can happen, how are Identifications in both IDP and SP provisioned and linked to ensure consistency?  How are authorization and entitlement information exchanged in either SSO enabled environment or even Same-sign-on environments?  We also need cross-app authorization,
Requirement for the SIF IDM Profile Solution  Provide a common logical data model for all participant applications  Provide a standard least-common-denominator data schema for compliant applications to exchange IDM related data  Expand on the current SIF 2.5 profiles  Align with CEDS (We already embed the new profile in CEDS 3.0 by working with the CEDS team)  Provide a best practice workflow framework to support the common use cases  Provide a migration path and real-world case studies to ease the adoption and transition
The SIF IDM Profile Solution Scope, Logical Model, Individual Entity Objects, and Recommended Workflow
Scope of SIF IDM Use Cases
Scope of SIF IDM Use Cases  Provisioning of Identity and Access across multiple connected systems  Provisioning of identity in a directory service provider  Provisioning or de-provisioning of identity in an existing system  on-demand (personal event driven)  Batch (at BOY, EOY, MOY, etc.)  Provisioning of identity and profile in a new system  Single-Sign-On among multiple education systems
IDM Logical Model 2013
SIF 2.7 IDM ProfileIdentificationManagementLogicalEntityModel StudentPersonal RefId Student_Id Personal_Attributes OrganizationUser RefId PersonId OrginalAssociationId AssociationType Org_Id StartDate EndDate AuthoritativeSourceId IDM_Authentication RefId OrgUserId IDP_Login_Id IDP_App_Id IDP_Type StartDate EndDate AuthoritativeSourceId IDM_Authorization RefId OrgUserId App_Id App_Function StartDate EndDate AuthoritativeSourceId StaffPersonal RefId Staff_Id Personal_Attributes StudentContactPersonal RefId StudentContact_Id Personal_Attributes SchoolInfo RefId Org_Attributes ParentOrgId IDM_Applications RefId App_Name App_URI App_Default_Function App_Function_List App_Default_IDP_Id App_IDP_List StartDate EndDate
From 2.7 to 3.1  2.7 Focus on backward compatibility. The OrganizationUser provides the key connection to studentpersonal, staffpersonal, and studentcontactpersonal as well as schoolinfo. It can be adopted immediately in 2.x environment.  3.1 Uses the new 3.0 PartyOrganizationAssociation object to replace OrganizationUser. Therefore it is more flexible.
IDM Entities * Note: We primarily use the 2.7 entity names in this section. For 3.1, the logic is the same, but the names and relationships are a little different to reflect the new entities.
OrganizationUser  This object is the link from the IDM data to the existing StudentPersonal, StaffPersonal, etc. in the current SIF model. This is directly corresponding to the CEDS 2.0 OrgPersonRole, which is an association of Person, Role and Organization.  The Ed-Fi model equivalents are Student/Staff/Parent.  For organization mapping, CEDS/Ed-Fi define them as Educational Organization/Programs.  The time dimension (StartDate (required field), EndDate (optional field)) would be the key aspect to identify the LifeCycle of the OrganizationUser. This object would become the key reference object for all identification propagation across systems.
Application  Application Profile – The application System(s) that participates in the overall integration App Ecosystem where SSO and coordinated Access Control are needed.  App_Name and App_URI are for navigation and display  App_Default_Function could be used for service invocation (for example, within an EcoSystem, there could be several applications that provide “chat” functions or even “IdP” functions)  App_Default_IDP point to the Application that authenticate the users for this app. For example, the “ParentDashboard” application might be using “DistrictLDAP” as its ID Provider.
Authentication  Authentication Profile – to establish authentication map between OrganizationUser and IDP’s LoginID. This profile will also be used to provision or deprovision user from SIS/HR to IDP (Identity Provider such as Active Directory, LDAP, or OpenID provider).  LoginID as defined in the IDP Directory of the SEA/LEA institutions.  IDP_App_ID - the IDP where this user is provisioned on (for example, staff might use one IDP called “StateStaffDirectory”, and parent might use another IDP service called “OpenIDProvider” to log in)  OrganizationUserID – A reference to the OrganizationUser  StartDate  EndDate
Authorization  Authorization Profile – to establish role/permission map between OrganizationUser and Downstream Application’s role and permission. This profile will primarily be used to provision or deprovision user from SIS/HR to one particular educational system.  OrganizationUserID reference the OrganizationUser (  App_ID – Reference to the target application where this OrganizationUser is provisioned. For example, Hattie Leary as a Staff in Anoka will be mapped to Administrator in Library Management System.  App_Function is the function that the application is providing for the OrganizationUser. For example, Hattie is using “Moodle” to serve “LMS” function for her.
OrganizationPartyAssociation (3.x)  This object is almost functional equivalent to the OrganizationUser in the 2.7 logical model. There are several subtle differences:  The OrganizationPartyAssociation does not have start/end date, so it can be used to trigger a scheduled provision event.  “OrganizationUser” has a field “OriginalAssociationId” which can be used to store the StateID, EmployeeID, StudentID or other non-GUID type keys, while OrganizationPartyAssociation does not. For implementation purpose, it is would be easier to control data quality when keys can be checked against existing database keys. Therefore, OrganizationUser object is better suited when backward compatibility is required.
Person (A 3.x concept, also connected to the 3.0 student object)  The objective for the person object is to establish the cross- domain longitudinal reference link to any personal information within the SIF framework. All personal and demographical information will be referred to this object. For identity management purpose, the information carried in the Person Profile should be consistent throughout the systems and first created from SIS/HR.  The reality is that a lot of the existing system does not share master data management (MDM) for person and it is recommended to have this person linkage to be optional rather than mandated to allow existing system adoption of the new IDM paradigm and allow continuous improvement.
Design highlight and consideration  Person vs. OrganizationUser  Person is longitudinally traceable and consistent.  OrganizationUser is more relevant in application identity and role-based access control context. OrganizationUser is conceptually equivalent to the union of StudentPersonal, StaffPersonal and StudentContactPersonal. In CEDS 3.0, OrganizationUser = OrgPersonRole  Authentication  SIF IDM data interchange does not really care that much about the specific authentication mechanism, as long as single-sign- on could be established.  Authorization  Similarly, SIF IDM data interchange does not enforce the RBAC mechanism in applications, as long as the authorization is honored.  Application  New 3.0 object that reflects the ecosystem reality
SIF IDM Service Workflow 2013
IDM Workflow Diagram IDM Workflow 1. OrganizationUser 2. (StudentPersonl, StaffPersonal, StudentContactPersonal) 3. Person ~ Optional 4. EducationalOrganization ~ Optional * Authentication 1. OrganizationUser 2. (StudentPersonl, StaffPersonal, StudentContactPersonal) 3. Person ~ Optional 4. EducationalOrganization ~ Optional * Authorization Target Applications (Portal, LMS, or other SSO Participants) App User Management (Person and Organization) App RBAC Service Identity Administration And Configuration Facility App Identity To Domain Provision and Synchronization Service Identity Federation Runtime Authoritative Sources (HR, SIS, SLDS) App Provisioning Source (Person and Organization) App Domain Access Control Identity Administration And Configuration Facility Source Identity To Domain Provision and Synchronization Service Application Registry (Optional application references populated through the Application Registration Service or Manual Entry) Application Profile Identity Provider (Owned by SEA/LEA Directory (eg. AD or LDAP or NDS ) LogOn ID Federated SSO (eg. ADFS or SiteMinder Or OpenSSO) 1. Application Registration (optional) 2. User Authentication Provisioning 3. User Authorization Provisioning 4. Run-time SSO 1 2 3 4 2 3
Appendix: CEDS Conceptual Mapping to the SIF IDM Profile (Source: CEDS)
Conceptual Model Organizations People Teaching, Learning, Assessment Roles Time
27 All can be represented as Roles Key Concept: OrgPersonRole

Recommended

SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceRichard Tong
 
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...IRJET Journal
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0John Bernhard
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Business Intelligence
Business Intelligence Business Intelligence
Business Intelligence Athari_1996
 
Acc Updated Resume
Acc Updated ResumeAcc Updated Resume
Acc Updated ResumeMadhavaReddy Pandhiri
 
IDM Introduction
IDM IntroductionIDM Introduction
IDM IntroductionAidy Tificate
 

Recommended

SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceRichard Tong
 
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...IRJET Journal
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0John Bernhard
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Business Intelligence
Business Intelligence Business Intelligence
Business Intelligence Athari_1996
 
Acc Updated Resume
Acc Updated ResumeAcc Updated Resume
Acc Updated ResumeMadhavaReddy Pandhiri
 
IDM Introduction
IDM IntroductionIDM Introduction
IDM IntroductionAidy Tificate
 
Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewEmpowerID
 
A Proposed Security Model for Web Enabled Business Process Management System
A Proposed Security Model for Web Enabled Business Process Management SystemA Proposed Security Model for Web Enabled Business Process Management System
A Proposed Security Model for Web Enabled Business Process Management SystemCSCJournals
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Systems, Inc.
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Microsoft Norge AS
 
Two Factor Authentication for Salesforce
Two Factor Authentication for SalesforceTwo Factor Authentication for Salesforce
Two Factor Authentication for SalesforceArrayShield Technologies Private Limited
 
Design Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningMike Reams
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCloudIDSummit
 
External Search Match
External Search MatchExternal Search Match
External Search MatchAnoop Savio
 
project on Agile approach
project on Agile approachproject on Agile approach
project on Agile approachPrachi desai
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 
How to Get More Out of Your Integration Systems
How to Get More Out of Your Integration SystemsHow to Get More Out of Your Integration Systems
How to Get More Out of Your Integration Systemstibbr
 
Social intranet portal on share point for a global infrastructure company
Social intranet portal on share point for a global infrastructure companySocial intranet portal on share point for a global infrastructure company
Social intranet portal on share point for a global infrastructure companyMike Taylor
 
Open am and_radiantone
Open am and_radiantoneOpen am and_radiantone
Open am and_radiantoneJose R
 
Digital Library iPad Application for Referring Documents
Digital Library iPad Application for Referring DocumentsDigital Library iPad Application for Referring Documents
Digital Library iPad Application for Referring DocumentsSoftweb Solutions
 
Identity and Authentication in Office 2013 and Office 365 from Microsoft
Identity and Authentication in Office 2013 and Office 365 from MicrosoftIdentity and Authentication in Office 2013 and Office 365 from Microsoft
Identity and Authentication in Office 2013 and Office 365 from MicrosoftDavid J Rosenthal
 
CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008
CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008
CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008Journal For Research
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES) International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES) irjes
 
Securing Oracle Database 12c
Securing Oracle Database 12cSecuring Oracle Database 12c
Securing Oracle Database 12cInprise Group
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityWSO2
 
Study on Use Case Model for Service Oriented Architecture Development
Study on Use Case Model for Service Oriented Architecture DevelopmentStudy on Use Case Model for Service Oriented Architecture Development
Study on Use Case Model for Service Oriented Architecture Developmentijwtiir
 
Introduzione a GAE - Alessandro Aglietti e Lorenzo Bugiani
Introduzione a GAE - Alessandro Aglietti e Lorenzo BugianiIntroduzione a GAE - Alessandro Aglietti e Lorenzo Bugiani
Introduzione a GAE - Alessandro Aglietti e Lorenzo Bugianifirenze-gtug
 
Programming objects with android
Programming objects with androidProgramming objects with android
Programming objects with androidfirenze-gtug
 

More Related Content

What's hot

Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewEmpowerID
 
A Proposed Security Model for Web Enabled Business Process Management System
A Proposed Security Model for Web Enabled Business Process Management SystemA Proposed Security Model for Web Enabled Business Process Management System
A Proposed Security Model for Web Enabled Business Process Management SystemCSCJournals
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Systems, Inc.
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Microsoft Norge AS
 
Design Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningMike Reams
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCloudIDSummit
 
External Search Match
External Search MatchExternal Search Match
External Search MatchAnoop Savio
 
project on Agile approach
project on Agile approachproject on Agile approach
project on Agile approachPrachi desai
 
How to Get More Out of Your Integration Systems
How to Get More Out of Your Integration SystemsHow to Get More Out of Your Integration Systems
How to Get More Out of Your Integration Systemstibbr
 
Social intranet portal on share point for a global infrastructure company
Social intranet portal on share point for a global infrastructure companySocial intranet portal on share point for a global infrastructure company
Social intranet portal on share point for a global infrastructure companyMike Taylor
 
Open am and_radiantone
Open am and_radiantoneOpen am and_radiantone
Open am and_radiantoneJose R
 
Digital Library iPad Application for Referring Documents
Digital Library iPad Application for Referring DocumentsDigital Library iPad Application for Referring Documents
Digital Library iPad Application for Referring DocumentsSoftweb Solutions
 
Identity and Authentication in Office 2013 and Office 365 from Microsoft
Identity and Authentication in Office 2013 and Office 365 from MicrosoftIdentity and Authentication in Office 2013 and Office 365 from Microsoft
Identity and Authentication in Office 2013 and Office 365 from MicrosoftDavid J Rosenthal
 
CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008
CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008
CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008Journal For Research
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES) International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES) irjes
 
Securing Oracle Database 12c
Securing Oracle Database 12cSecuring Oracle Database 12c
Securing Oracle Database 12cInprise Group
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityWSO2
 
Study on Use Case Model for Service Oriented Architecture Development
Study on Use Case Model for Service Oriented Architecture DevelopmentStudy on Use Case Model for Service Oriented Architecture Development
Study on Use Case Model for Service Oriented Architecture Developmentijwtiir
 

What's hot (20)

Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite Overview
 
A Proposed Security Model for Web Enabled Business Process Management System
A Proposed Security Model for Web Enabled Business Process Management SystemA Proposed Security Model for Web Enabled Business Process Management System
A Proposed Security Model for Web Enabled Business Process Management System
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate Edition
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)
 
Two Factor Authentication for Salesforce
Two Factor Authentication for SalesforceTwo Factor Authentication for Salesforce
Two Factor Authentication for Salesforce
 
Design Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity Provisioning
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSO
 
External Search Match
External Search MatchExternal Search Match
External Search Match
 
project on Agile approach
project on Agile approachproject on Agile approach
project on Agile approach
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm Workshop
 
How to Get More Out of Your Integration Systems
How to Get More Out of Your Integration SystemsHow to Get More Out of Your Integration Systems
How to Get More Out of Your Integration Systems
 
Social intranet portal on share point for a global infrastructure company
Social intranet portal on share point for a global infrastructure companySocial intranet portal on share point for a global infrastructure company
Social intranet portal on share point for a global infrastructure company
 
Open am and_radiantone
Open am and_radiantoneOpen am and_radiantone
Open am and_radiantone
 
Digital Library iPad Application for Referring Documents
Digital Library iPad Application for Referring DocumentsDigital Library iPad Application for Referring Documents
Digital Library iPad Application for Referring Documents
 
Identity and Authentication in Office 2013 and Office 365 from Microsoft
Identity and Authentication in Office 2013 and Office 365 from MicrosoftIdentity and Authentication in Office 2013 and Office 365 from Microsoft
Identity and Authentication in Office 2013 and Office 365 from Microsoft
 
CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008
CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008
CHATBOT FOR COLLEGE RELATED QUERIES | J4RV4I1008
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES) International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
Securing Oracle Database 12c
Securing Oracle Database 12cSecuring Oracle Database 12c
Securing Oracle Database 12c
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
 
Study on Use Case Model for Service Oriented Architecture Development
Study on Use Case Model for Service Oriented Architecture DevelopmentStudy on Use Case Model for Service Oriented Architecture Development
Study on Use Case Model for Service Oriented Architecture Development
 

Viewers also liked

Introduzione a GAE - Alessandro Aglietti e Lorenzo Bugiani
Introduzione a GAE - Alessandro Aglietti e Lorenzo BugianiIntroduzione a GAE - Alessandro Aglietti e Lorenzo Bugiani
Introduzione a GAE - Alessandro Aglietti e Lorenzo Bugianifirenze-gtug
 
Programming objects with android
Programming objects with androidProgramming objects with android
Programming objects with androidfirenze-gtug
 
Gae cloud computing_bar_camp_bologna
Gae cloud computing_bar_camp_bolognaGae cloud computing_bar_camp_bologna
Gae cloud computing_bar_camp_bolognafirenze-gtug
 
Aidilab - Android Firenze GTUG
Aidilab - Android Firenze GTUGAidilab - Android Firenze GTUG
Aidilab - Android Firenze GTUGfirenze-gtug
 
Youtube broadcast live - Massimiliano D'Ambrosio
Youtube broadcast live - Massimiliano D'AmbrosioYoutube broadcast live - Massimiliano D'Ambrosio
Youtube broadcast live - Massimiliano D'Ambrosiofirenze-gtug
 
Html5 apps - GWT oriented
Html5 apps - GWT orientedHtml5 apps - GWT oriented
Html5 apps - GWT orientedfirenze-gtug
 
Intel ndk - a few Benchmarks
Intel ndk - a few BenchmarksIntel ndk - a few Benchmarks
Intel ndk - a few Benchmarksfirenze-gtug
 
Arduino - Massimiliano D'Ambrosio
Arduino - Massimiliano D'AmbrosioArduino - Massimiliano D'Ambrosio
Arduino - Massimiliano D'Ambrosiofirenze-gtug
 
Firenze Gtug Kick Off QP
Firenze Gtug Kick Off QPFirenze Gtug Kick Off QP
Firenze Gtug Kick Off QPfirenze-gtug
 

Viewers also liked (9)

Introduzione a GAE - Alessandro Aglietti e Lorenzo Bugiani
Introduzione a GAE - Alessandro Aglietti e Lorenzo BugianiIntroduzione a GAE - Alessandro Aglietti e Lorenzo Bugiani
Introduzione a GAE - Alessandro Aglietti e Lorenzo Bugiani
 
Programming objects with android
Programming objects with androidProgramming objects with android
Programming objects with android
 
Gae cloud computing_bar_camp_bologna
Gae cloud computing_bar_camp_bolognaGae cloud computing_bar_camp_bologna
Gae cloud computing_bar_camp_bologna
 
Aidilab - Android Firenze GTUG
Aidilab - Android Firenze GTUGAidilab - Android Firenze GTUG
Aidilab - Android Firenze GTUG
 
Youtube broadcast live - Massimiliano D'Ambrosio
Youtube broadcast live - Massimiliano D'AmbrosioYoutube broadcast live - Massimiliano D'Ambrosio
Youtube broadcast live - Massimiliano D'Ambrosio
 
Html5 apps - GWT oriented
Html5 apps - GWT orientedHtml5 apps - GWT oriented
Html5 apps - GWT oriented
 
Intel ndk - a few Benchmarks
Intel ndk - a few BenchmarksIntel ndk - a few Benchmarks
Intel ndk - a few Benchmarks
 
Arduino - Massimiliano D'Ambrosio
Arduino - Massimiliano D'AmbrosioArduino - Massimiliano D'Ambrosio
Arduino - Massimiliano D'Ambrosio
 
Firenze Gtug Kick Off QP
Firenze Gtug Kick Off QPFirenze Gtug Kick Off QP
Firenze Gtug Kick Off QP
 

Similar to SIF IDM Profile Introduction

Oracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via IdmOracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via Idmedwinlorenzana
 
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson UniversityCampus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson UniversityCampus Consortium
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementEMC
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
Identity is key - Robin Gorris
Identity is key - Robin GorrisIdentity is key - Robin Gorris
Identity is key - Robin GorrisInspireX
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Gluu
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Managementrver21
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference ArchitectureHannu Kasanen
 
Integrating SIS’s with Salesforce: An Accidental Integrator’s Guide
Integrating SIS’s with Salesforce: An Accidental Integrator’s GuideIntegrating SIS’s with Salesforce: An Accidental Integrator’s Guide
Integrating SIS’s with Salesforce: An Accidental Integrator’s GuideSalesforce.org
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureDataWorks Summit
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONInfosec Train
 
Power BI Security Best Practices.pdf
Power BI Security Best Practices.pdfPower BI Security Best Practices.pdf
Power BI Security Best Practices.pdfSparity1
 
Directions Answer each question individual and respond with full .docx
Directions Answer each question individual and respond with full .docxDirections Answer each question individual and respond with full .docx
Directions Answer each question individual and respond with full .docxmariona83
 
Identity Management
Identity ManagementIdentity Management
Identity Managementrver21
 
User Manager
User ManagerUser Manager
User ManagerEmpowerID
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudAjit Bhingarkar
 
mainppt-210725060740.pdf
mainppt-210725060740.pdfmainppt-210725060740.pdf
mainppt-210725060740.pdfSTYLISHGAMER1
 

Similar to SIF IDM Profile Introduction (20)

Oracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via IdmOracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via Idm
 
Campus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson UniversityCampus Consortium EdTalks Featuring Clemson University
Campus Consortium EdTalks Featuring Clemson University
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
 
Identity is key - Robin Gorris
Identity is key - Robin GorrisIdentity is key - Robin Gorris
Identity is key - Robin Gorris
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Management
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference Architecture
 
Integrating SIS’s with Salesforce: An Accidental Integrator’s Guide
Integrating SIS’s with Salesforce: An Accidental Integrator’s GuideIntegrating SIS’s with Salesforce: An Accidental Integrator’s Guide
Integrating SIS’s with Salesforce: An Accidental Integrator’s Guide
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTION
 
Power BI Security Best Practices.pdf
Power BI Security Best Practices.pdfPower BI Security Best Practices.pdf
Power BI Security Best Practices.pdf
 
GDPR
GDPRGDPR
GDPR
 
Directions Answer each question individual and respond with full .docx
Directions Answer each question individual and respond with full .docxDirections Answer each question individual and respond with full .docx
Directions Answer each question individual and respond with full .docx
 
Identity Management
Identity ManagementIdentity Management
Identity Management
 
Saipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_VitaeSaipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_Vitae
 
User Manager
User ManagerUser Manager
User Manager
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloud
 
mainppt-210725060740.pdf
mainppt-210725060740.pdfmainppt-210725060740.pdf
mainppt-210725060740.pdf
 

Recently uploaded

Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 

Recently uploaded (20)

Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 

SIF IDM Profile Introduction

  • 1. SIF IDM 101: Identification Management Profile Introduction Hattie Leary Hattie.Leary@anoka.k12.mn.us Richard Tong rtong@amplify.com Vince Paredes vparedes@sifassociation.org Linda Marshall Linda.Marshall@nsip.EDU.AU
  • 2. A Primer of the SIF IDM Profile  Background for a comprehensive IDM profile  The new solution  The use cases  Logical IDM model  IDM workflow best practice (Also covered in IDM 102)  Migration path from 2.0 (To-be-covered in IDM 102)  The real-world story and next steps (To-be-covered in IDM 102)  Appendix
  • 3. Background for SIF IDM Profile Why do we need SIF Identity Management Profile?
  • 4. User ID and password are needed for all kinds of web applications in education. SIF Enabled Educational Infrastructure needs to provide mechanism to seamless authenticate end users and grant authorization request. User ID and password from mobile clients into SIF Enabled Educational Infrastructure API and/or hosted applications need to be supported. APIs, Desktop or backend applications and Custom Apps (such as data ingestion engine, sync engine, ESB, Data Warehouse, administrative applications, collaboration tools, custom Apps, etc.) need to identify themselves and pass credentials from their end users for participating in the overall SIF Enabled Educational Infrastructure community. Where is identity needed?
  • 5. Benefits of Identity Integration (Single Sign-On or Same Sign-On)  Reduced Administrative Costs  All user authentication information resides in SEA/LEA, which reduces the need to maintain, monitor and potentially synchronized multiple stores.  Reduces password-related user support requests.  Increased ease of use / adoption  Each user only has a single username and password which grants them seamless access to all of their current resources and SIF Enabled Educational Infrastructure resources.  Single Sign-On also saves users time, since each individual sign-on process can take 5 to 20 seconds to complete.  Enhanced Security  Password policies established for SEA/LEA network will also be in effect for SIF Enabled Educational Infrastructure.  Automatic provisioning and deprovisioning of users prevents unwarranted access.  Sending an authentication credential that is only valid for a single use can increase security for users who have access to sensitive data.
  • 6. Beyond SSO  Before SSO can happen, how are Identifications in both IDP and SP provisioned and linked to ensure consistency?  How are authorization and entitlement information exchanged in either SSO enabled environment or even Same-sign-on environments?  We also need cross-app authorization,
  • 7. Requirement for the SIF IDM Profile Solution  Provide a common logical data model for all participant applications  Provide a standard least-common-denominator data schema for compliant applications to exchange IDM related data  Expand on the current SIF 2.5 profiles  Align with CEDS (We already embed the new profile in CEDS 3.0 by working with the CEDS team)  Provide a best practice workflow framework to support the common use cases  Provide a migration path and real-world case studies to ease the adoption and transition
  • 8. The SIF IDM Profile Solution Scope, Logical Model, Individual Entity Objects, and Recommended Workflow
  • 9. Scope of SIF IDM Use Cases
  • 10. Scope of SIF IDM Use Cases  Provisioning of Identity and Access across multiple connected systems  Provisioning of identity in a directory service provider  Provisioning or de-provisioning of identity in an existing system  on-demand (personal event driven)  Batch (at BOY, EOY, MOY, etc.)  Provisioning of identity and profile in a new system  Single-Sign-On among multiple education systems
  • 12. SIF 2.7 IDM ProfileIdentificationManagementLogicalEntityModel StudentPersonal RefId Student_Id Personal_Attributes OrganizationUser RefId PersonId OrginalAssociationId AssociationType Org_Id StartDate EndDate AuthoritativeSourceId IDM_Authentication RefId OrgUserId IDP_Login_Id IDP_App_Id IDP_Type StartDate EndDate AuthoritativeSourceId IDM_Authorization RefId OrgUserId App_Id App_Function StartDate EndDate AuthoritativeSourceId StaffPersonal RefId Staff_Id Personal_Attributes StudentContactPersonal RefId StudentContact_Id Personal_Attributes SchoolInfo RefId Org_Attributes ParentOrgId IDM_Applications RefId App_Name App_URI App_Default_Function App_Function_List App_Default_IDP_Id App_IDP_List StartDate EndDate
  • 13.
  • 14. From 2.7 to 3.1  2.7 Focus on backward compatibility. The OrganizationUser provides the key connection to studentpersonal, staffpersonal, and studentcontactpersonal as well as schoolinfo. It can be adopted immediately in 2.x environment.  3.1 Uses the new 3.0 PartyOrganizationAssociation object to replace OrganizationUser. Therefore it is more flexible.
  • 15. IDM Entities * Note: We primarily use the 2.7 entity names in this section. For 3.1, the logic is the same, but the names and relationships are a little different to reflect the new entities.
  • 16. OrganizationUser  This object is the link from the IDM data to the existing StudentPersonal, StaffPersonal, etc. in the current SIF model. This is directly corresponding to the CEDS 2.0 OrgPersonRole, which is an association of Person, Role and Organization.  The Ed-Fi model equivalents are Student/Staff/Parent.  For organization mapping, CEDS/Ed-Fi define them as Educational Organization/Programs.  The time dimension (StartDate (required field), EndDate (optional field)) would be the key aspect to identify the LifeCycle of the OrganizationUser. This object would become the key reference object for all identification propagation across systems.
  • 17. Application  Application Profile – The application System(s) that participates in the overall integration App Ecosystem where SSO and coordinated Access Control are needed.  App_Name and App_URI are for navigation and display  App_Default_Function could be used for service invocation (for example, within an EcoSystem, there could be several applications that provide “chat” functions or even “IdP” functions)  App_Default_IDP point to the Application that authenticate the users for this app. For example, the “ParentDashboard” application might be using “DistrictLDAP” as its ID Provider.
  • 18. Authentication  Authentication Profile – to establish authentication map between OrganizationUser and IDP’s LoginID. This profile will also be used to provision or deprovision user from SIS/HR to IDP (Identity Provider such as Active Directory, LDAP, or OpenID provider).  LoginID as defined in the IDP Directory of the SEA/LEA institutions.  IDP_App_ID - the IDP where this user is provisioned on (for example, staff might use one IDP called “StateStaffDirectory”, and parent might use another IDP service called “OpenIDProvider” to log in)  OrganizationUserID – A reference to the OrganizationUser  StartDate  EndDate
  • 19. Authorization  Authorization Profile – to establish role/permission map between OrganizationUser and Downstream Application’s role and permission. This profile will primarily be used to provision or deprovision user from SIS/HR to one particular educational system.  OrganizationUserID reference the OrganizationUser (  App_ID – Reference to the target application where this OrganizationUser is provisioned. For example, Hattie Leary as a Staff in Anoka will be mapped to Administrator in Library Management System.  App_Function is the function that the application is providing for the OrganizationUser. For example, Hattie is using “Moodle” to serve “LMS” function for her.
  • 20. OrganizationPartyAssociation (3.x)  This object is almost functional equivalent to the OrganizationUser in the 2.7 logical model. There are several subtle differences:  The OrganizationPartyAssociation does not have start/end date, so it can be used to trigger a scheduled provision event.  “OrganizationUser” has a field “OriginalAssociationId” which can be used to store the StateID, EmployeeID, StudentID or other non-GUID type keys, while OrganizationPartyAssociation does not. For implementation purpose, it is would be easier to control data quality when keys can be checked against existing database keys. Therefore, OrganizationUser object is better suited when backward compatibility is required.
  • 21. Person (A 3.x concept, also connected to the 3.0 student object)  The objective for the person object is to establish the cross- domain longitudinal reference link to any personal information within the SIF framework. All personal and demographical information will be referred to this object. For identity management purpose, the information carried in the Person Profile should be consistent throughout the systems and first created from SIS/HR.  The reality is that a lot of the existing system does not share master data management (MDM) for person and it is recommended to have this person linkage to be optional rather than mandated to allow existing system adoption of the new IDM paradigm and allow continuous improvement.
  • 22. Design highlight and consideration  Person vs. OrganizationUser  Person is longitudinally traceable and consistent.  OrganizationUser is more relevant in application identity and role-based access control context. OrganizationUser is conceptually equivalent to the union of StudentPersonal, StaffPersonal and StudentContactPersonal. In CEDS 3.0, OrganizationUser = OrgPersonRole  Authentication  SIF IDM data interchange does not really care that much about the specific authentication mechanism, as long as single-sign- on could be established.  Authorization  Similarly, SIF IDM data interchange does not enforce the RBAC mechanism in applications, as long as the authorization is honored.  Application  New 3.0 object that reflects the ecosystem reality
  • 23. SIF IDM Service Workflow 2013
  • 24. IDM Workflow Diagram IDM Workflow 1. OrganizationUser 2. (StudentPersonl, StaffPersonal, StudentContactPersonal) 3. Person ~ Optional 4. EducationalOrganization ~ Optional * Authentication 1. OrganizationUser 2. (StudentPersonl, StaffPersonal, StudentContactPersonal) 3. Person ~ Optional 4. EducationalOrganization ~ Optional * Authorization Target Applications (Portal, LMS, or other SSO Participants) App User Management (Person and Organization) App RBAC Service Identity Administration And Configuration Facility App Identity To Domain Provision and Synchronization Service Identity Federation Runtime Authoritative Sources (HR, SIS, SLDS) App Provisioning Source (Person and Organization) App Domain Access Control Identity Administration And Configuration Facility Source Identity To Domain Provision and Synchronization Service Application Registry (Optional application references populated through the Application Registration Service or Manual Entry) Application Profile Identity Provider (Owned by SEA/LEA Directory (eg. AD or LDAP or NDS ) LogOn ID Federated SSO (eg. ADFS or SiteMinder Or OpenSSO) 1. Application Registration (optional) 2. User Authentication Provisioning 3. User Authorization Provisioning 4. Run-time SSO 1 2 3 4 2 3
  • 25. Appendix: CEDS Conceptual Mapping to the SIF IDM Profile (Source: CEDS)
  • 27. 27 All can be represented as Roles Key Concept: OrgPersonRole