Please report any problems to wiki-admin(a)lists.wisc.edu or use our support form. For more info Shared Tools KB
Child pages
  • IT Policy Forum 2018-11 Discussion Results

To follow disabled (grey) links, please log in to the wiki.

Skip to end of metadata
Go to start of metadata

Contents

Questions (full text)

I. What are you doing now or in the near future with credentials for people who use your services?
    Examples:

  • Managing your own credentials
  • Active Directory
  • Federation
    • Accepting federated credentials
    • Using other services via federation
    • Social media authentication

II. In the next five years, how do you see your interaction with your customers changing?
    Examples:

  • Changes in your mix of users
  • Things you see your peers doing
  • Trends in higher education
  • External factors such as:
    • Use of external services
    • Regulations
        

III. What does a perfect world in credentials and authentication look like?

Group 1

Question 1

What are you doing now or in the near future with credentials for people who use your services?

  • Social media auth for Canvas
  • Own active directory (x3)
  • Full ID management suite; Duo with web-based tools, roster
  • Own active directory
  • Campus Active Directory; NetID; Manifest groupings
  • Small population of external users
    • Manual - nice to have something else
  • Lots of external collaborators / researchers; dev, system
  • Create accounts for external users that need access
  • LDAP directory; integration but with the two not as one
  • Cloud
    • Manifest
  • Non-degree - pay and set up service
  • Student coming in/out - provision/deprovision
    • Someone does this
  • Huge gap between NetID and what id does
    • 200-500 - all fully automated
  • Use cases: collaborate with other labs
    • would be cool if we could accept their credentials and provision temporarily
    • concern with access to buildings
    • challenge with guests and managing creation of guest accounts
  • Don't know if BTAA ahead of us - they've been having this conversation about universal goal of being collaborative (granting access)
  • Instructors - Short-term programs / guest lecturers, etc. need to be able to have access to things (classrooms, canvas, etc.)

Question 2

In the next five years, how do you see your interaction with your customers changing?

  • Change in how business works
    • stuff in publishing world
      • how resource delivered
      • how to provide expansion of person's auth to access those resources
    • toward procuring resoruces for small populations - targeted to them
    • who can access this thing
      • publishers development
    • attribute expression; level of integration w/ systems that haven't existed
  • Credit and non-credit students
    • Recognize some credentails over schools / universitities / systems
  • More restricted data
    • Data contracts and agreements
    • Genetic data
    • Develop environment to store and analyze this data
      • Already has MFA - Switch to DUO, but have question of external collaborators working on these projects
  • A lot of work for vol. appt.
  • Challenges outside collaborators
    • Zero dollar appt.
    • This is why running own directory service - can onboard
    • If service evolving - tight local file sharing controls but cuts off outside collaborators
    • Is a pain to set up secure Box folder
    • Collaborators have to sign off on so much
      • Would be nice to find process to make this work easier
        • Policy
    • Should be able to provide NetID for collaborators and force MFA greater than their gmail account
    • Hosts say NetID, just need for authentication
    • Licensing agreement
      • Box if don't have UW appt.
      • Can't use Box accnt.
      • Lots of accnts with UW Health (has own system) but can't use Box now
  • Lost time/productivity
    • What services need Box or similar (share point?)
    • Research projects - everything ready but sign-off to allow to do this
  • Trends
    • External ID - 5 of big 10 schools use social ID
      • Google, FB, etc. - not generate NetID
      • Low risk data (LMS getting content)
    • Tech problem - getting service providers to know what to do with it (like Canvas)
    • Service by service project
      • Med School wouldn't have need
        • Patient education
    • 4H becoming part of school
      • Can't get NetID's for everyone
      • Could use K12 google account
    • Realising security does not come from ID but authentication
    • Local public school google environment
      • Why can't we transition ID's
      • Wouldn't have same level of security?
        • ID is an ID
    • Social media - security controls to allow - might not be same level as NetID
      • Or maybe they've become more secure
    • Google not own social media
    • Users want to access things fast
      • Not wait for NetID - Use social ID
    • Student payment parent portal
      • Similar here at UW-Madison
      • Limited use here.
    • If they've been vetted through trusted system, why care what the ID is
      • Why is NetID any more secure?
    • They way authentication systems work together - federate
    • Five years - what can do to federate systems already built; tech is there

Question 3

What does a perfect world in credentials and authentication look like?

  • As easy as biometrics - user shouldn't have to be bothered providing ID
  • Less ID's - choose ID provider - that will be by my auth. system
  • Want to make sure save (SSN)
    • Guessword if challenged

Group 2

Question 1

What are you doing now or in the near future with credentials for people who use your services?

  • Active Directory
  • Hospital AD
  • Security groups for role-based access
  • NetID & Role-based
  • Some Manifest groups
  • Role-based outside of AD or NetID
  • Social credentials for some access
    • Parental credentials
    • Student Parent Financial Portal - Discontinued
  • Standard install of password manager
    • 1 password
    • LastPass
  • Pass-thru identification (PowerBroker) (SSO)

Question 2

In the next five years, how do you see your interaction with your customers changing?

  • Cloud
  • Increased student services - jumping from service to service (housing, testing, enrollment, etc.) - collecting & distributing
  • Increased collaborators: number and type
  • Supporting external ID (non-NetID) clients
  • Managing resistance to change
  • Off-boarding challenges - vendors, employees
  • Management of I.P.
  • Management of student vs employee accounts
  • Integration of specialized services

Question 3

What does a perfect world in credentials and authentication look like?

  • Federatng / SSO
  • Breaking down barriers to collaboration
  • Advanced authentication
  • Consensus-based, industry-specific simplication of administrative tools
    • Research, Health, Education, Administration

Group 3

Question 1

What are you doing now or in the near future with credentials for people who use your services?

  • Unit A
    • 99% Linux
    • Kerberos against campus AD
    • No federation
    • Use campus auth for most
    • Outside of unit, do not use mmps auth
    • Local not optimal. Fed. would be better
    • Net mgmt
    • Improve with Kerberos and AD
  • Unit B
    • Most use Shib, other AD
    • Onboard/off-board
      • User of service (onboard)
        • Sit down with person
      • Admins
        • No real checklist
          • Know what access is needed
      • Roles: Admins, Staff, Users
      • Auth for special users.
  • Unit C
    • Onboarding
      • Subnet LAN authorize from website
      • Different Q's about provided services and what access should be provided
      • Supposed to be 2 weeks in advance
      • Some emergency requests handled directly
    • Off-boarding
      • Socialize customer contacts to report when someone leaves
  • Unit D
    • Staff 20 +/-
    • Look for people on user list
    • Manifest - use central system, 4 roles
  • How may people rely on "hearing from someone"?
  • Not everyone familiar with Shib
    • Info not widely known
  • Challenges with Intel
    • There are tools to assist
    • Not necessarily easy to use
    • Usable by folks who know IAM
  • Challenge - IAM Design
    • Local group with no IT staff
    • Cloud provider
    • Hard to retrofit architecture
  • IAM subject matter is complicated
  • Research computing
    • Work with researchers
    • Some like to have a point person vs. doing it themselves
  • Campus Champions Model
    • Technical IAM - comples but not hardest problem in IT
    • Problem with the business model and compliance reporting
  • Domain specific complexity
  • Convincing users they need to learn something
    • Incentives
  • How do we contribute to campus culture - transparency / accountability
  • Populations we don't hear from...
    • Low tech, ESL
    • Trying to figure out how to best onboard folks in these situations.
  • How to manage user experience? (a.k.a. Customer experience)

Question 2

In the next five years, how do you see your interaction with your customers changing?

  • Secure and trusted cyberspace
  • NSF - Show competencies, to be considered secure for funding
  • MFA/Strong auth - Timing 5 years
    • Leverage campus solutions
    • Off campus - leverage cloud based
  • Fed. SSH - May become a thing
    • Enrich through relationships and access
  • MFA ubiqutious
    • Digital experience
    • Digital ID's with university other than service provider
  • Cloud migration
  • Identity space
    • see as compartmentalized
    • trying to navigate for setting
  • Role-based, esp. w/student hourlies
    • What we've struggled with we've solved
  • Cloud-based strategies
    • What does employee have access to?
    • Exiting employees
  • Groups of students working with faculty
    • Swap in - Swap out
  • Services/Service providers
    • Articulate who works with who
  • Rollout software, then determine who has access
  • Challenge - who really needs access to what services?
    • As campus, figure out who really gets what
    • Service provider work with groups
    • Need way to manage institutionally

Question 3

What does a perfect world in credentials and authentication look like?

  • Christmas - App is the best blend of tech and social
  • UDDS; Customer lose access and freak out
  • Knowing when someone falls out of a population and IN ADVANCE what happens if customer loses access
    • Customer will call.
  • Policy/compliance happens by default.

Group 4

(pending)

  • No labels