Use of Institutional Access Control Services (IAccess)
Policy issued by the Vice Provost for Information Technology, effective: Dec 1, 2009.
Updated Jun 20, 2013. See: https://kb.wisc.edu/itpolicy/
The history of the policy and ongoing implementation activities are documented below.
To comment on draft documents or any other aspect of IT policy, please add your comments at the bottom of the page in question, or send email to email@example.com. Comments are welcome on any document at any time.
|07/21/16||Discussed the need to revise the IAccess policy and standard to include an exception procedure for requesting that NetiD authentication be enabled for an applicaiton or system when the NetID Login Service cannot meet the need.|
|01/05/16||2013-06-20 version of IAccess policy, maintenance revision A. Renamed to "Access Control Services". Migrated to IT Policy KB. Fixed links. In the standards document, rearranged some text for improved readability, added "Standards", "Contact" and "References" sections. No substantive changes.|
|08/2015||Migrated to IT.WISC.EDU. No substantive changes.|
|01/2015||Migrated to interim CIO web site. No substantive changes.|
|06/2013 to 06/2016||NetID Login Service remained the main solution for integrating NetID authentication for an application or system. The service continued to expand its technical implementation options, as technology became available and was implemented at UW-Madison. Details published in KB. No need to update the IAccess policy or implementation.|
|12/03/13||Revised NetID AUS to permit one's personal NetID password to be stored in password management software. Other minor maintenance (fixed links, etc.)|
It was pointed out on Tech Partners that the NetID Approrpiate Use Standard apparently prohibits storing of the NetID password in a password vault or other password management system. Question: Is this the intent? Or was that aimed primarily at other authentication systems that are processing NetID username and NetID password, and are caching the password for convenience or efficiency. Note that:
|06/25/13||Published 2013-06-20 version of IAccess policy. Minor changes only. Updated several links, improved meta-data, standardized format.|
|06/20/13||Drafted version 2013-06-20 of the policy. This is a maintenance update. The update was prompted by current and antcipated changes to the Campus Active Directory Service, and the addition of the Manifest service which allows units to more easily issue NetID's to populations beyond the traditional faculty, staff and student populations. Those changes will make compliance with the IAccess policy practical for more units. The changes to the campus active directory and addition of Manifest, while very significant for enabling greater compliance, did not result in any change to policy, per se. There were, however, several broken links, plus format and meta-data changes for consistency with other IT policies.|
|01/2010 to 05/2013||Lots of activity along the lines of improving the Campus Active Directory service, implementing the IAM project, developing Manifest, working toward InCommon Silver certification, and more. The most critical factors relavent to the IAccess policy were improvement of the Campus Active Directory service and development of Manifest (to make it much easier to get NetID's for populations beyond faculty, staff and students.)|
IAccess Policy effective as of this date.
Announced the effective date of the policy at the IT Policy Forum.
Effective date of the policy and compliance standards was determined to be Dec, 1, 2009. Modified the compliance standards to include the Campus Active Directory as an available institutional access control service. Added the Appropriate Use of University Directory Service (UDS) Data Policy as an relevant appropriate use standard.
Met with representatives of DoIT EIS, DoIT Architecture, DoIT Middleware and the IAM project. Discussed the current list of institutional access controls services that are production-ready, and the nature and timeframe of additional institutional access controls services (i.e. those related to the IAM project.)
Plan is to roll out the IAccess policy and compliance standards in conjunction with the November IT Policy Forum, which will focus on identity management.
CIO Endorses the policy. Effective date TBD. Compliance standards may need to be revised prior to that time.
Comment period ends. No comments received.
Email sent requesting comments on IAccess Policy through April 15th.
Revised IAccess Policy.
Meeting of IAccess implementation team.
Next IAccess meeting delayed until late February, to allow time to learn more about plans for an Active Directory service.
First meeting of IAccess implementation team.
Recruiting members for implementation team.
Minor revisions to charter of implementation team
Charter of implementation team drafted.
Strategy meeting with ACT co-chair regarding how to proceed: decided to propose that ACT create a sub-team.
CIO approves recommendation from PPT
Policy Planning Team (PPT) recommends that a campus team be identified to assist in vetting and implementation.
Third draft of the documents, start second round of review by informal implementation team
Second draft of the documents, start review by informal implementation team.
First draft of "UW-Madison Policy for Use of Institutional Access Control Services" and a supplementary "Appropriate Use Standards for NetID"
03/2008 and 4/2008
Consulted with access control service implementers (DoIT Middleware Systems Technology (MST), DoIT Customer Application Services (CAS).
Included IAccess in the IT Policy Plan.
Note: During the 18 month period following the NetID PIT final report, the recommendations were on hold but not forgotten. There was a lot of foundation building necessary before proceeding with the policy: