Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Masahiro Obana Kyushu University
|
|
- Ethelbert Washington
- 8 years ago
- Views:
Transcription
1 Migration of the student user ID scheme for intra-institutional information service in Kyushu University Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Masahiro Obana Kyushu University 2016/1/26 APAN 41st in Manila, Philippines 1
2 Introduction IT service is fundamental part of education and research activities in a university Maintaining user accounts independently for each service is troublesome for both users and admins Demand for unified user credentials Demand for unified authentication infrastructure Today I talk about user ID for students in Kyushu University 2
3 Fukuoka city, Kyushu Island of Japan Kyushu University Established 1911 Staffs (Academic Researcher) Students Undergraduates Post graduates 8,000 (3,000) 11,000 9,
4 "Student ID" Traditional user ID for each student since 1995 Derived from "Student Number" which is assigned by Student Affairs Department We gradually realized our Student ID had some disadvantages Security concerns Availability (especially for pre-entrance candidate) Discontinuity between undergraduate and graduate 2016/1/26 APAN 41st in Manila, Philippines 4
5 New user ID scheme In 2014, we introduced a new user ID scheme named "Student SSO-KID" independent from Student Number, to solve these problems Derived from a user ID scheme for staff members named "SSO-KID" I'll talk about the design, deployment, effects and future work about our "Student SSO-KID" 2016/1/26 APAN 41st in Manila, Philippines 5
6 Brief history of students' user ID Year Event 1994 Started issuing user accounts for all the students in Kyushu Institute of Design 1995 Started issuing user accounts for all the students in Kyushu University (based of student number) 2003 Merger of Kyushu University and Kyushu Institute of Design 2005 Started trial operation of unified authentication infrastructure (including LDAP servers) Feb Jul Decision made to issue campus-wide unified user ID for every staff member Started issuing campus-wide user ID for staff members (SSO-KID) 2011 Update of ID management system Mar Update of ID management system and introduction of Student SSO-KID 2016/1/26 APAN 41st in Manila, Philippines 6
7 Beginning of User ID for Students Replacement of "Educational Information System" in the end of 1995 Managed by Educational Center for Information Processing, Kyushu University At that time Internet and its service started to become popular Windows 95 Demand for "Information Literacy" education for all the students 7
8 New Educational Information System UNIX server and Windows PCs Server Sun Solaris 2.4 PC Fujitsu FMV running Windows 95 Decided to issue accounts for all the students Before that, accounts were issued on-demand Had to decide ID scheme ID strings created from Student Number 2016/1/26 APAN 41st in Manila, Philippines 8
9 Details of "Student Number" "Student Number" in Kyushu University Course Code [1-9] Faculty Code [A-Z][A-Z] Entrance Year [0-9][0-9] Serial Number [0-9][0-9][0-9] Check Code [A-Z] Student Number 1 A B X It should be straightforward to use this string as the ID string, but 9
10 Details of "Student ID" Limitation of Solaris2.4 (SunOS 5.4) No more than 8 characters (bytes) The first character should be an alphabetic SunOS 5.9, useradd(1) manpage Student Number 1 A B X Student ID (~2008) a b The login (login) and role (role) fields accept a string of no more than eight bytes consisting of characters from the set of alphabetic characters, numeric characters, period (.), underscore (_), and hyphen (-). The first character should be alphabetic and the field should contain at least one lower case alphabetic character. A warning message will be written if these restrictions are not met. A future Solaris release may refuse to accept login and role fields that do not meet these requirements. The conversion remained until the end of 2008 After that Student ID became identical to Student Number 10
11 After that 2007 Kyushu University introduced another ID managementsystem (IDM) and started to provide user IDs for all the staff members A unique 10-digit pseudorandom number SSO-KID Single Sign On - Kyushu University ID 2013 Two ID management systems (for students,and staff members) were merged Decided to introduce a new ID scheme for students similar to SSO-KID To solve problems with using Student ID derived from a student number 2016/1/26 APAN 41st in Manila, Philippines 11
12 End of fy 2012 Other workers data Personnel DB (Staff) Student DB User (staff members) Staff IDM Students Account activation Password change passchg server Sun LDAP (SJSDS) Student IDM (called UMS) Account activation Password change Office System AD Office Win PCs Matrix AuthN WisePoint SP (Reverse Proxy) Course Reg. School Rec. System (teachers) Library System EZ proxy My Library SPs (E-Journals) Shibboleth IdP Software DL Site Researcher DB Syllabus system Course Reg. Grading (Students) Open LDAP WebCT Net Academy Student Portal IC Staff ID Card Facility System kitenet LDAP kitenet (Wi-Fi) RADIUS edunet AD edunet (Wi-Fi) RADIUS LDAP for Mail Student Mail System Provision Module AXIOLE LDAP Staff Mail System Mac Open Directory AD Educational Info. PC room (Mac) PC room (Win PC) Open LDAP AD Campus Cloud (CloudStack) (VCL) (File server) (Win7, Linux)
13 New campus-wide authentication system (fy2014) Personnel DB (Staff) Student DB Other workers Manage all members in Kyushu Univ. Manage ID and password Provisioning to various IT system (Synchronization of various attribute data) Unified ID Management Account activation Password change Register emergency contacts users AuthZ data (CSV) Office System AD Matrix AuthN WisePoint SP (Reverse Proxy) (A) Open LDAP (B) Open LDAP Open w/ SSO-KID LDAP AD AD Open LDAP Provision System Open LDAP Provision System Open AD LDAP Provision System Open LDAP Library System Office PCs Course Reg. School Rec. System (teachers) Researcher DB Syllabus system Course Reg. Grading (Students) Others Net Academy Student Portal IC Staff ID Card Facility SMS Shibboleth IdP SPs (E-Journals) Others edunet Wi-Fi RADIUS Software DL Site Others kitenet Wi-Fi RADIUS Primary Mail Service (Staff, Students) Educational Information System WebCT Campus Cloud (CloudStack)
14 Demands for New ID Scheme Security Concerns Availability Especially in the beginning of new comers Discontinuity Between graduation/migration 2016/1/26 APAN 41st in Manila, Philippines 14
15 Security Concerns Same as Student number and considered public Commercial service providers and retail shops casually copy students ID Cards for their purposes Easy to forge valid IDs (contains a sequence number) Susceptible to reverse brute-force attacks Used for local-part (before ) of address Spammable Become a seed of other valid IDs 2016/1/26 APAN 41st in Manila, Philippines 15
16 Availability Student Number is finalized after April 1st Handed to students during an entrance orientation around April 7th Students cannot use IT services using Student ID immediately after entrance Demands to provide services for Pre-entrance candidates User ID independent from "Student number" is needed 2016/1/26 APAN 41st in Manila, Philippines 16
17 Health Checkup and BYOD PC Orientation All the newly enrolled students (~2,700) must Get a health checkup Join a BYOD orientation class before receiving their ID cards Efficient identification method without ID cards needed Provide student s SSO-KID with barcode printed on an acceptance letter 2016/1/26 APAN 41st in Manila, Philippines 17
18 Discontinuity of User Accounts A student number (= Student ID) changes when: Proceeding to a graduate school Moving to a different department because it contains course and faculty code They need to migrate their data by their own Introduce student SSO-KID as an unchanging unique ID throughout student s campus life 2016/1/26 APAN 41st in Manila, Philippines 18
19 Deployment We should consider Sudden change of ID scheme must be confusing for students Adopt all the IT systems in our university at once is impossible To compensate above 2016/1/26 APAN 41st in Manila, Philippines 19
20 Migration Strategy Internally sssign student SSO-KID to all the students, but Give SSO-KID information only to newly enrolled students Allow existing students to use their student IDs until graduation and/or proceeding to graduate school Continue to provide Student ID based authentication system for IT systems which cannot adopt student SSO- KID immediately 2016/1/26 APAN 41st in Manila, Philippines 20
21 Acceptance Letter Now we can include student SSO-KID and relevant information in an acceptance letter (including an activation code and a barcode of SSO-KID) Students can self-activate their IDs and use a part of IT services before entrance The letter is required for a health checkup and BYOD orientation class 2016/1/26 APAN 41st in Manila, Philippines 21
22 A sample of Acceptance Letter 2016/1/26 APAN 41st in Manila, Philippines 22
23 Modification of Student ID Card Student SSO-KID is printed on the backside of ID cards from 2014 Difficult to replace all the existing ID cards at once because it contains an IC chip The barcode still denotes student number, not SSO-KID for compatibility 2016/1/26 APAN 41st in Manila, Philippines 23
24 Modification of Student ID Card ~fy2013 fy2014~ Student ID Activation Code SSO-KID Barcode of Student ID Student SSO-KID 24
25 Effects Overall effects have been favorable The reception process of a BYOD class was reduced from 30 minutes to 5 minutes Staff of health checkup welcomed barcode of an acceptance letter because it simplified the identification process Pre-entrance service was partially provided in 2014, which was impossible before introducing student SSO- KID Account continuity couldn t be fully evaluated because most of students still needed to change their IDs (to student SSO-KID) 2016/1/26 APAN 41st in Manila, Philippines 25
26 Future Works Due to mismatch of account handling with IDM, service had several service interruption and need some modification in both system Need to refine and improve account management and IDM operation Each IT service needs some modification to adopt student SSO-KID, especially systems not under our direct control 2016/1/26 APAN 41st in Manila, Philippines 26
27 Also We realize that co-existing student ID and student SSO-KID caused more problems than we first expected Planning to migrate all the remaining students to use student SSO-KID in the end of fiscal year /1/26 APAN 41st in Manila, Philippines 27
28 Security Concerns? Actually it is hard to evaluate the effect There were a couple of account breaches with spam incidents during Student ID era Currently no such incident after Student SSO-KID migration But it should have little effect against phishing /1/26 APAN 41st in Manila, Philippines 28
29 2.3 全 学 共 通 認 証 基 盤 ID 管 理 データベース 構 成 員 の 身 元 情 報 ( 氏 名, 所 属, 職 種, 電 話 番 号, ) IDとパスワード アカウントデータのProvisioning 認 証 サーバ LDAP 認 証 サーバ Shibboleth IdP マトリックスパスワード 認 証 装 置 (+Reverse Proxy) 2013 年 度 末, 新 システムへ 更 新 この 機 会 に, 学 生 番 号 と 異 なる 利 用 者 ID 学 生 用 SSO- KID も 導 入 29
30 入 試 の 合 格 通 知 書 に 同 封 する 学 生 SSO-KIDの 通 知 書 学 生 SSO-KIDのバーコードも 印 字 別 紙 で 案 内 ガイダンスのWebページを 案 内 : 新 入 生 健 康 診 断,PC 必 携 化 講 習 会 学 生 SSO-KID とバーコードで 学 生 を 識 別 2014 年 3 月 24 日 以 降 にアカウント 有 効 化 Web 学 習 システムで 入 学 前 自 習 ( 情 報 リテラシー) 30
Management of Identity and related Topics in Kitami Institute of Technology
APAN39- APRICOT2015, 1-6 March 2015, Fukuoka, Japan Management of Identity and related Topics in Kitami Institute of Technology Hiroshi MASUI, Katsunori MIURA Information Processing Center (IPC) Kitami
More informationToward campus portal with shibboleth middleware
Toward campus portal with shibboleth middleware Eisuke Ito and Masanori Nakakuni itou@cc.kyushu u.ac.jp, Kyushu University nak@fukuoka u.ac.jp, Fukuoka University Outline 1. Background 2. Shibboleth 3.
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationE-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine.
E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine. Yaroshenko Tetiana, yaroshenko[@]ukma.kiev.ua Introduction The Kyiv Mohyla Foundation of America and the National University of Kyiv Mohyla
More informationIAMUCLA 2.0 SSO Updates
IAMUCLA 2.0 SSO Updates Common Systems Group Meeting July 27, 2015 IAMUCLA 2.0 Projects Password Security Concerns Technology Evolution Health Systems SSO Support Departmental/Service Accounts Testing
More informationProvisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1
Item Count Provisioning/Deprovisioning Automated Deprovisioning 1 Automated on/off boarding from an authoritative source AUTOMATED [DE-]PROVISIONING 1 Removal of resources at the appropriate time 1 Timeliness
More informationIntegrating Multi-Factor Authentication into Your Campus Identity Management System
Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context
More informationIDENTITY MANAGEMENT ROLLOUT: IN A HURRY. Jason Blackader, UNIX Systems Administrator
IDENTITY MANAGEMENT ROLLOUT: IN A HURRY Jason Blackader, UNIX Systems Administrator Undergraduate, Graduate, Continuing Ed Industrial Design, Communication Design, Design Sciences, Arts & Media Two Campuses
More informationESA EO Identify Management
ESA EO Identify Management The ESA EO IM Infrastructure & Services A. Baldi ESA: Andrea.Baldi@esa.int M. Leonardi ESA: m.leonardi@rheagroup.com 1 Issues @ ESA with legacy user management Users had multiple
More informationShibboleth Federation. Manabu Higashida manabu@cmc.osaka-u.ac.jp
On Issuing Grid User Certificates based on MICS profile using Shibboleth Federation 2009/03/03 Manabu Higashida manabu@cmc.osaka-u.ac.jp Outline Motivation On Issuing Grid User Ceritificates based on MICS
More informationIntegrated Approach to User Account Management
Mission Critical Enterprise Systems Symposium 2006 Integrated Approach to User Account Management Kesselman, Glenn and Smith, William Lockheed Martin Mission Services Quest Software Public Sector October
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationNetwork Identity Management Concepts and Standards: The Key Role of Middleware
Network Identity Management Concepts and Standards: The Key Role of Middleware Keith Hazelton, University of Wisconsin IT Architect Internet2 Middleware Architecture Committee for Education hazelton@doit.wisc.edu
More informationFujitsu Enterprise Security Architecture
Fujitsu Enterprise Security Architecture V Tetsuo Shiozaki V Masayuki Okuhara V Nobuo Yoshikawa (Manuscript received November 9, 2006) Recently, there has been a growing need for enterprises to respond
More informationWHITE PAPER. Active Directory and the Cloud
WHITE PAPER Active Directory and the Cloud HyperOffice, 2011 What is Active Directory? What are its benefits? Active Directory (AD) is a directory service created by Microsoft. Active Directory is popularly
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationCERN Single Sign On. http://cern.ch/login. Emmanuel Ormancey CERN IT/IS. CERN IT Department CH-1211 Genève 23 Switzerland www.cern.
CERN Single Sign On http://cern.ch/login Emmanuel Ormancey CERN IT/IS Agenda History CERN Authentication Main goals Authentication methods Demo overview Technical background Identity provider Service providers
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationOracle Fusion Middleware 11gR2: Forms, and Reports (11.1.2.0.0) Certification with SUSE Linux Enterprise Server 11 SP2 (GM) x86_64
Oracle Fusion Middleware 11gR2: Forms, and Reports (11.1.2.0.0) Certification with SUSE Linux Enterprise Server 11 SP2 (GM) x86_64 http://www.suse.com 1 Table of Contents Introduction...3 Hardware and
More informationCA SiteMinder SSO Agents for ERP Systems
PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security
More informationEntrust IdentityGuard Comprehensive
Entrust IdentityGuard Comprehensive Entrust IdentityGuard Comprehensive is a five-day, hands-on overview of Entrust Course participants will gain experience planning, installing and configuring Entrust
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationWhat s New in Centrify Server Suite 2015
C E N T R I F Y S E R V E R S U I T E 2 0 1 5 W H A T S N E W What s New in Centrify Server Suite 2015 Centrify Server Suite Standard Edition Hadoop support Big Data adoption by industry is around 25%
More informationKenneth Hee Director, Business Development Security & Identity Management. Oracle Identity Management 11g R2 Securing The New Digital Experience
Kenneth Hee Director, Business Development Security & Identity Management Oracle Identity Management 11g R2 Securing The New Digital Experience This document is for informational purposes. It is not a
More informationIdentity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees
Identity Management and Shibboleth h at MSU Jim Green Manager, Identity Management Michigan State t University it Academic Technology Services Identity Management Definition: Identity management is the
More informationAdding Federated Identity Management to OpenStack
Adding Federated Identity Management to OpenStack David Chadwick University of Kent 3 December 2012 University of Kent 1 Some Definitions What is Identity? A whole set of attributes that in combination
More informationCentralized Oracle Database Authentication and Authorization in a Directory
Centralized Oracle Database Authentication and Authorization in a Directory Paul Sullivan Paul.J.Sullivan@oracle.com Principal Security Consultant Kevin Moulton Kevin.moulton@oracle.com Senior Manager,
More informationFederations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase
Authentication and Authorisation for Research and Collaboration Federations 101 An Introduction to Federated Identity Management Peter Gietz, Martin Haase AARC NA2 Task 2 - Outreach and Dissemination DAASI
More informationLync Online Deployment Guide. Version 1.0
Date 28/07/2014 Table of Contents 1. Provisioning Lync Online... 1 1.1 Operating System Requirements... 1 1.2 Browser Requirements Administrative Centre... 1 2. Obtaining your login Credentials & Logging
More informationBlending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:
More informationProtectID. for Financial Services
ProtectID for Financial Services StrikeForce Technologies, Inc. 1090 King Georges Post Road #108 Edison, NJ 08837, USA http://www.strikeforcetech.com Tel: 732 661-9641 Fax: 732 661-9647 Introduction 2
More informationCERN Single Sign On solution
CERN Single Sign On solution Emmanuel Ormancey System Architect, CERN IT/IS CERN, Route de Meyrin, CH-1211 Geneva 23, Switzerland E-mail: Emmanuel.Ormancey@cern.ch Abstract. The need for Single Sign On
More informationOracleAS Identity Management Solving Real World Problems
OracleAS Identity Management Solving Real World Problems Web applications are great... Inexpensive development Rapid deployment Access from anywhere BUT. but they can be an administrative and usability
More informationCAMPUS EXPERIENCES USING NET+ TRUST, IDENTITY, AND SECURITY SERVICES
CAMPUS EXPERIENCES USING NET+ TRUST, IDENTITY, AND SECURITY SERVICES Nicholas Roy Penn State (Pennsylvania State University, The) Andrea Harrington Penn State (Pennsylvania State University, The) Michael
More informationFeatures of AnyShare
of AnyShare of AnyShare CONTENT Brief Introduction of AnyShare... 3 Chapter 1 Centralized Management... 5 1.1 Operation Management... 5 1.2 User Management... 5 1.3 User Authentication... 6 1.4 Roles...
More informationMigration Best Practices for OpenSSO 8 and SAM 7.1 deployments O R A C L E W H I T E P A P E R M A R C H 2015
Migration Best Practices for OpenSSO 8 and SAM 7.1 deployments O R A C L E W H I T E P A P E R M A R C H 2015 Disclaimer The following is intended to outline our general product direction. It is intended
More informationGetting Started with Single Sign-On
Getting Started with Single Sign-On I. Introduction Your institution is considering or has already purchased Collaboratory from Treetop Commons, LLC. One benefit provided to member institutions is Single
More informationeschoolpad for ipad INSTALLATION GUIDE v3.0 Prepared by: Avrio Solutions Company Limited
eschoolpad for ipad INSTALLATION GUIDE v3.0 Prepared by: Avrio Solutions Company Limited Content Version History... 2 Prerequisites for eschoolpad Installation... 3 Step 1: Supervision (for non-supervised
More informationEasy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant
Easy as 1-2-3: The Steps to XE Mark Hoye Services Portfolio Consultant September 25, 2015 Objective / Agenda Objective Provide relevant information about Banner XE Provide a framework for understanding
More informationBill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support
Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support Learning & Development Specialist Customer Support Services Been with Microsoft for 7 years Professionally
More informationFederation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015
Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding
More informationIntroducing FUJITSU Software Systemwalker Centric Manager V15.1.1
Introducing FUJITSU Software Centric Manager V15.1.1 < Version 1.0 > May 2015 FUJITSU LIMITED 0 Contents Integrated Monitoring Required in Virtualization/Server Integration Characteristics of Centric Manager
More informationUsing Shibboleth for Single Sign- On
Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review
More informationAuthentication: Password Madness
Authentication: Password Madness MSIT 458: Information Security Group Presentation The Locals Password Resets United Airlines = 83,000 employees Over 13,000 password reset requests each month through the
More informationAgenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization
Agenda Office 365 Identity overview 1 Federation and Synchronization Federation using ADFS and Extensibility options 2 3 What s New in Azure AD? Cloud Business App - Overview 4 Identity Management is
More informationAbout Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack
Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer
More informationAAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle lukas.haemmerle@switch.ch
AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes Lukas Hämmerle lukas.haemmerle@switch.ch Berne, 13. August 2014 Introduction App by University of St. Gallen Universities
More informationLync SHIELD Product Suite
Lync SHIELD Product Suite The Natural Solution For Securing Lync Connectivity For today s mobile enterprise, the need to connect smartphones to the corporate network has become a vital business requirement.
More informationA Guide to Managing Microsoft BitLocker in the Enterprise
20140410 A Guide to Managing Microsoft BitLocker in the Enterprise TABLE OF CONTENTS Introduction 2 Why You Can t Ignore Effective FDE 3 BitLocker by Default 4 BitLocker s Total Cost of Ownership 5 SecureDoc
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationAuthentication and Single Sign On
Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationSwivel Multi-factor Authentication
Swivel Multi-factor Authentication White Paper Abstract Swivel is a flexible authentication solution that offers a wide range of authentication models. The use of the Swivel patented one-time code extraction
More informationConnected Data. Connected Data requirements for SSO
Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More informationWorkflow Templates Library
Workflow s Library Table of Contents Intro... 2 Active Directory... 3 Application... 5 Cisco... 7 Database... 8 Excel Automation... 9 Files and Folders... 10 FTP Tasks... 13 Incident Management... 14 Security
More informationAlex Wong Senior Manager - Product Management Bruce Ong Director - Product Management
Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release
More informationIntroduction to UNIX and SFTP
Introduction to UNIX and SFTP Introduction to UNIX 1. What is it? 2. Philosophy and issues 3. Using UNIX 4. Files & folder structure 1. What is UNIX? UNIX is an Operating System (OS) All computers require
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationFederated AAA middleware and the QUT SSO environment
Federated AAA middleware and the QUT SSO environment Bradley Beddoes Senior Network Programmer AAA eview Project Manager b.beddoes@qut.edu.au Shaun Mangelsdorf Network Programmer s.mangelsdorf@qut.edu.au
More informationUNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University
UNI TY UNIfied identity management Krzysztof Benedyczak ICM, Warsaw University Outline The idea Local database Groups, Entities, Identities and Attributes UNITY Authorization Local authentication Credentials
More informationActivity sectors of UCOPIA. www.ucopia.com
Activity sectors of UCOPIA www.ucopia.com European market leader in high-performance access controllers, UCOPIA Communications secures IP networks for mobile users, visitors or employees (BYOD). The UCOPIA
More informationCorralling the culture, collaboration and computing, to make it all work seamlessly!
The Next Challenge for Western Michigan University Corralling the culture, collaboration and computing, to make it all work seamlessly! Office of Information Technology March 2005 Copyright Western Michigan
More informationCopyright Giritech A/S. Secure Mobile Access
Secure Mobile Access From everywhere... From any device... From user......to applications Page 3...without compromising on security and usability... and to my PC in the office: Secure Virtual Access Contrary
More informationUniversity of Maine System Active Directory Services - RFP# 2016-027 ADDENDUM #01
QUESTIONS 1. On page 12 of the RFP, it mentions the use of a Custom Identity Management (IdM) solution. Could you please share with us the platform and nature of the IdM System or any other relevant details,
More informationHP IMC Firewall Manager
HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this
More informationS P I E Information Environments Shibboleth and Its Integration into Security Architectures. EDUCAUSE & Internet 2 Security Professionals Conference
Shibboleth and Its Integration into Security Architectures Christian Fernau, Francisco Pinto University of Oxford EDUCAUSE & Internet 2 Security Professionals Conference Denver, CO 10-12 April 2006 16:47:29
More informationOpen Directory. Apple s standards-based directory and network authentication services architecture. Features
Open Directory Apple s standards-based directory and network authentication services architecture. Features Scalable LDAP directory server OpenLDAP for providing standards-based access to centralized data
More informationAVG Business SSO Connecting to Active Directory
AVG Business SSO Connecting to Active Directory Contents AVG Business SSO Connecting to Active Directory... 1 Selecting an identity repository and using Active Directory... 3 Installing Business SSO cloud
More informationAn Overview of Samsung KNOX Active Directory-based Single Sign-On
C E N T R I F Y W H I T E P A P E R. S E P T E M B E R 2013 An Overview of Samsung KNOX Active Directory-based Single Sign-On Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationSecurity in Federated e-infrastructure
Security in Federated e-infrastructure and Identity Management Boris Parák 2 Slávek Licehammer 1,2 1 Masaryk University 2 CESNET May 18, 2015 www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework
More informationSecure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security
Secure WiFi Access in Schools and Educational Institutions WPA2 / 802.1X and Captive Portal based Access Security Cloudessa, Inc. Palo Alto, CA July 2013 Overview The accelerated use of technology in the
More informationMcAfee Cloud Identity Manager
Salesforce Cloud Connector Guide McAfee Cloud Identity Manager version 1.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,
More informationSophos Mobile Control Startup guide. Product version: 3.5
Sophos Mobile Control Startup guide Product version: 3.5 Document date: July 2013 Contents 1 About this guide...3 2 What are the key steps?...5 3 Log in as a super administrator...6 4 Activate Sophos Mobile
More informationInformation Infrastructure Initiative, Kyushu University
Information Infrastructure Initiative, Kyushu University Procedures for Connecting to wireless LAN for Education (edunet) Kyushu University provides its faculty, staff and students with a wireless LAN
More informationFrom centralized to single sign on
The LemonLDAP::NG project Abstract LemonLDAP::NG is a modular WebSSO (Web Single Sign On) software based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationSelf-Service, Anywhere
2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Mobile users warned of password expiry 2 3 Reset forgotten, cached password while away from the office 2 4 Unlock encrypted
More informationEXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger January 2015 by Martin Kuppinger mk@kuppingercole.com January 2015 Content 1 Introduction... 3 2 Product Description... 4 3 Strengths and Challenges...
More informationVENDOR QUESTIONS AND ANSWERS FOR RFP Req# 08072013 BUDGET DEVELOPMENT SOFTWARE
VENDOR QUESTIONS AND ANSWERS FOR RFP Req# 08072013 BUDGET DEVELOPMENT SOFTWARE NOTE: TO ALLOW ADEQUTE TIME TO ADDRESS AND POST EACH QUESTION IN TIME FOR THIS RFP, NO ADDITIONAL QUESTIONS WILL BE ACCEPTED
More informationFederated Identity: Leveraging Shibboleth to Access On and Off Campus Resources
Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Paul Riddle University of Maryland Baltimore County EDUCAUSE Mid-Atlantic Regional Conference January 16, 2008 Copyright
More informationEvolving Strong Authentication at The University of Arizona
Evolving Strong Authentication at The University of Arizona Gary Windham Senior Enterprise Systems Architect The University of Arizona, UITS gary.windham@arizona.edu Where are we today? credential strength
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationTop Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering
Top Five Security Must-Haves for Office 365 Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering Today s Agenda Introductions & Company Overview Cloud App Trends, Risks
More informationTrust but Verify: Best Practices for Monitoring Privileged Users
Trust but Verify: Best Practices for Monitoring Privileged Users Olaf Stullich, Product Manager (olaf.stullich@oracle.com) Arun Theebaprakasam, Development Manager Chirag Andani, Vice President, Identity
More informationKeeping access control while moving to the cloud. Presented by Zdenek Nejedly Computing & Communications Services University of Guelph
Keeping access control while moving to the cloud Presented by Zdenek Nejedly Computing & Communications Services University of Guelph 1 Keeping access control while moving to the cloud Presented by Zdenek
More informationTechnology Day 2015 Xylos
Stay in control of your identity with Azure Active Directory (Premium) Technology Day 2015 Xylos Robin Vermeirsch Sr. IT consultant CCM Azure Active Directory Introduction Competence Center Messaging (CCM)
More informationApps. Devices. Users. Data. Deploying and managing applications across platforms is difficult.
Users Devices Apps Data Users expect to be able to work in any location and have access to all their work resources. The explosion of devices is eroding the standards-based approach to corporate IT. Deploying
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationExtranet Access Management Web Access Control for New Business Services
Extranet Access Management Web Access Control for New Business Services An Evidian White Paper Increase your revenue and the ROI for your Web portals Summary Increase Revenue Secure Web Access Control
More informationRequest Manager Installation and Configuration Guide
Request Manager Installation and Configuration Guide vcloud Request Manager 1.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationIdentity. Provide. ...to Office 365 & Beyond
Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A
More informationOSS Open Lab, the New Service for OSS Promotion in Japan
OSS Open Lab, the New Service for OSS Promotion in Japan Shunsuke Horai s-hourai@ipa.go.jp Open Software Center, Information-technology Promotion Agency (IPA), Japan Open Software Center, IPA, Japan promotes
More informationEnabling SAML for Dynamic Identity Federation Management
Enabling SAML for Dynamic Identity Federation Management Patricia Arias, Florina Almenárez, Andrés Marín and Daniel Díaz-Sánchez University Carlos III of Madrid http://pervasive.gast.it.uc3m.es/ WMNC 2009
More informationSTATE OF NEW YORK IT Transformation. Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses
STATE OF NEW YORK IT Transformation Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses June 8, 2012 Appendix B Consolidated Vendor Questions with
More informationInformation Technology 2016-2021 Strategic Plan
Information Technology 2016-2021 Strategic Plan Draft Table of Contents Table of Contents... 3 Introduction... 4 Mission of IT... 4 Primary Service Delivery Objectives... 4 Availability of Systems...
More informationImplementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.
Implementing two-factor authentication: Google s experiences Cem Paya (cemp@google.com) Information Security Team Google Inc. Google services and personalization Identity management at Google 1. Internal
More informationDAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture
DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture Sascha Neinert Marseille, 06.02.2008, Sascha Neinert, 06.02.2008 Seite 1 Overview Project Goals Partners Network
More informationPervasive PSQL Vx Server Licensing
Pervasive PSQL Vx Server Licensing Overview The Pervasive PSQL Vx Server edition is designed for highly virtualized environments with support for enterprise hypervisor features including live application
More information