Please report any problems to the Shared Tools Team at    Broken Links? Missing Macros? WIKI Retiring Plugins
Skip to end of metadata
Go to start of metadata

Use of Institutional Access Control Services (IAccess)

The policy on Use of Institutionally Managed Access Control Services (IAccess) requires UW-Madison providers of electronic services secured by access controls to use the institutionally managed access control services when those services are suitable for the application.

Policy issued by the Vice Provost for Information Technology, effective: Dec 1, 2009.
Updated Jun 20, 2013. See: 

The history of the policy and ongoing implementation activities are documented below.

Meeting Schedule

Implementation Team


To comment on draft documents or any other aspect of IT policy, please add your comments at the bottom of the page in question, or send email to Comments are welcome on any document at any time.





07/21/16Discussed the need to revise the IAccess policy and standard to include an exception procedure for requesting that NetiD authentication be enabled for an applicaiton or system when the NetID Login Service cannot meet the need.
01/05/162013-06-20 version of IAccess policy, maintenance revision A. Renamed to "Access Control Services". Migrated to IT Policy KB. Fixed links. In the standards document, rearranged some text for improved readability, added "Standards", "Contact" and "References" sections. No substantive changes.
08/2015Migrated to IT.WISC.EDU. No substantive changes.
01/2015Migrated to interim CIO web site. No substantive changes.
06/2013 to 06/2016NetID Login Service remained the main solution for integrating NetID authentication for an application or system. The service continued to expand its technical implementation options, as technology became available and was implemented at UW-Madison. Details published in KB. No need to update the IAccess policy or implementation.
12/03/13(tick) Revised NetID AUS to permit one's personal NetID password to be stored in password management software. Other minor maintenance (fixed links, etc.)

It was pointed out on Tech Partners that the NetID Approrpiate Use Standard apparently prohibits storing of the NetID password in a password vault or other password management system. Question: Is this the intent? Or was that aimed primarily at other authentication systems that are processing NetID username and NetID password, and are caching the password for convenience or efficiency. Note that:

06/25/13(tick) Published 2013-06-20 version of IAccess policy. Minor changes only. Updated several links, improved meta-data, standardized format.
06/20/13Drafted version 2013-06-20 of the policy. This is a maintenance update. The update was prompted by current and antcipated changes to the Campus Active Directory Service, and the addition of the Manifest service which allows units to more easily issue NetID's to populations beyond the traditional faculty, staff and student populations. Those changes will make compliance with the IAccess policy practical for more units. The changes to the campus active directory and addition of Manifest, while very significant for enabling greater compliance, did not result in any change to policy, per se. There were, however, several broken links, plus format and meta-data changes for consistency with other IT policies.
01/2010 to 05/2013Lots of activity along the lines of improving the Campus Active Directory service, implementing the IAM project, developing Manifest, working toward InCommon Silver certification, and more.  The most critical factors relavent to the IAccess policy were improvement of the Campus Active Directory service and development of Manifest (to make it much easier to get NetID's for populations beyond faculty, staff and students.)


(tick) IAccess Policy effective as of this date.


(info) Announced the effective date of the policy at the IT Policy Forum.


Effective date of the policy and compliance standards was determined to be Dec, 1, 2009. Modified the compliance standards to include the Campus Active Directory as an available institutional access control service. Added the Appropriate Use of University Directory Service (UDS) Data Policy as an relevant appropriate use standard.


Met with representatives of DoIT EIS, DoIT Architecture, DoIT Middleware and the IAM project. Discussed the current list of institutional access controls services that are production-ready, and the nature and timeframe of additional institutional access controls services (i.e. those related to the IAM project.)


Plan is to roll out the IAccess policy and compliance standards in conjunction with the November IT Policy Forum, which will focus on identity management.


(tick) CIO Endorses the policy. Effective date TBD. Compliance standards may need to be revised prior to that time.


Created IAccess Plan.


(tick) Comment period ends. No comments received.


(info) Announcement at forum requesting comments on IAccess Policy through April 15th.


(info) Email sent requesting comments on IAccess Policy through April 15th.


Revised IAccess Policy.


Meeting of IAccess implementation team.


Next IAccess meeting delayed until late February, to allow time to learn more about plans for an Active Directory service.


First meeting of IAccess implementation team.


(info) CIO decides to move ahead with tne NetID AUS separately from policy. Implementation team charter revised accordingly. CIO also has DoIT Customer Application Services begin drafting terms of use for NetID. The terms of use will focus on those who are using NetID, while the NetID AUS is primarily about how authentication systems interact with the NetID.


Recruiting members for implementation team.


(tick) Presented draft documents and proposed charter of implementation team to ACT Act approves.


Minor revisions to charter of implementation team


Charter of implementation team drafted.


Strategy meeting with ACT co-chair regarding how to proceed: decided to propose that ACT create a sub-team.


(tick) CIO approves recommendation from PPT


Policy Planning Team (PPT) recommends that a campus team be identified to assist in vetting and implementation.


(info) Discussed at the IT policy forum. Discussion results.


Third draft (Rev B) of the documents (minor changes). This version to be presented at the IT policy forum


Third draft of the documents, start second round of review by informal implementation team


Second draft of the documents, start review by informal implementation team.


First draft of "UW-Madison Policy for Use of Institutional Access Control Services" and a supplementary "Appropriate Use Standards for NetID"

03/2008 and 4/2008

Consulted with access control service implementers (DoIT Middleware Systems Technology (MST), DoIT Customer Application Services (CAS).


Included IAccess in the IT Policy Plan.

(info) Note: During the 18 month period following the NetID PIT final report, the recommendations were on hold but not forgotten. There was a lot of foundation building necessary before proceeding with the policy:

  • There was considerable work on the PASE project.
  • The PASE project was replaced by the IAM project which started the lengthy process necessary for acquiring a major IAM system.
  • Policy and planning developed an IT Policy Process which was based in large measure on the successful process employed by ACT and the NetID PIT team.
  • In the midst of the above, UW-Madison had an interim CIO, redefined the role of the CIO, and hired a new CIO.
  • Policy and Planning held the first three IT policy forums from 08/2007 thru 02/2008, which built a community-of-interest with consensus around how UW-Madison should proceed with necessary IT policies.


(tick) NetID PIT final report


NetID Policy Issues Team (NetID PIT) Charter.


  • No labels


  1. Anonymous

    1. who determines and by what standards is it determined that there is a protected resource that presumably would require multiple sign-on?

    2. If we desire to better enable single sign-on, shouldn't we have such standards to avoid overkill?

    3. If we desire to better enable single sign-on, shouldn't we have tighter standards for Net ID password change, i.e. every 3 months versus 6 months, and automatic expiration?

  2. I will take these points forward as we continue to work on the documents.

    These questions suggest to me that follow up work may be needed to address issues associated with the Level of Assurance of the NetID credential. OCIS has developed some documents that begin to address this. They can be found at: PPT Meeting 2008-05-22.

    Thanks for commenting!

    Peace be with you,