IAM Service Catalog version 1.1

Transcription

1 IAM Service Catalog version 1.1 Table of Contents Contents Service Catalog Introduction... 1 Service Model... 2 Service Category Detail... 4 Service Catalog List... 7 Service Catalog Detail... 9 Terminology Contact Information Service Catalog Introduction The purpose of this document is to identify the Identity and Access Management services that are under development or proposed for development. Additional services will be defined as the project matures. The initial set of IAM services will be centered on the and will include: Applications and systems access to the CPR information. Management services for maintaining: o Identities o Contact information o Affiliations o PSU IDs o Penn State Access Account user IDs o Sponsored Accounts o Identity Assurance Profiles Matching services (with the goal of minimizing duplicate identities in central systems). Address validation services. Batch interfaces for maintenance of the CPR data from other entities. Management services for assignment of affiliations from systems of records. In the pages to follow, we provide a summary of the IAM services that are currently being developed, scheduled for development and/or under consideration. We ve also included a detailed listing of the services. Detailed developer information is available on the IAM Developers site, Page 1 of 23 IAM Service Catalog 12/6/2010

2 Service Model The following page provides a high level model of the IAM Services. Page 2 of 23 IAM Service Catalog 12/6/2010

3 IAM SERVICE MODEL This is a high level overview of the IAM services. December 3, 2010 ServiceModelDiagram.vsd SERVICE MODEL CENTRAL PERSON REGISTRY PSU ID CENTRAL PERSON REGISTRY AILIATION CENTRAL PERSON REGISTRY CONTACT & IDENTITY INO... CENTRAL PERSON REGISTRY SPONSORED ACCOUNTS Service Provider Registration Authority CENTRAL PERSON REGISTRY Systems of Record IAM IDENTITY ASSURANCE PROILE... GENERALIZED INTERACE Message Services: Get/ind Add Update Delete MATCHING CENTRAL PERSON REGISTRY ADDRESS VALIDATION BATCH BATCH INTERACES... Page 3 of 23 IAM Service Catalog 12/6/2010

4 Service Category Detail The following pages provide a high level description of the IAM Services by Category. Page 4 of 23 IAM Service Catalog 12/6/2010

5 ServiceCategory Detail ServiceCategory Affiliation Category Description This collection of services enables an authorized registration authority to add, delete, or update an affiliation type and modifier for a person. Registration authorities and authorized principals also have the capability to retrieve information about a person s internal affiliation (PSU affiliates) and external affiliations (e.g. affiliates from another university or federation e.g eduperson). Codeset Contact Info This collection of services retrieve information about an Integrated Business Information Systems (IBIS) or Student Information Systems (ISIS) codeset. These services are provided by the Generalized Interface and will be called by the system. The contact information about a person maintained in the includes: Name Address (multiple addresses) E mail Phone Photo (ID+) This collection of services enables an authorized registration authority to add, delete, or update contact information for a person. Registration authorities and authorized principals also have the capability to retrieve contact information about a person. Interfaces to service providers will include messaging (e.g. an address has changed, etc.). Validation services are included that will process data elements as input and 1) standardization of content 2) validate if address exists. The next release of the will include services that: provide for blocking and un blocking a person from the registry. E.g. to block their wireless provide for enabling and disabling a person in the registry. E.g. for authentication. include a collection of ID+ picture services that will obtain the photo via a) data view b) web service or c) LDAP jpeg photo. will provide the ability to flip address types of persons (e.g summer, winter, fall, temporary, etc.) logging of Departmental Identity IAP A future collection of services related to university organizational units. or example, Information Technology Services, Adinistrative Information Services, Outreach, World Campus, University Budget Office, etc.. This collection of services enables authorized principles to retrieve Identity Assurance Profiles for Penn State persons and persons external to Penn State. The next release of the will include services that will update the Identity Assurance Profile level and retrieve data associated with a registration event. Location A future collection of services related to university locations. or example, Room 223 Computer Building, 2 Shields Buidling, The Dining Room at the Nittany Lion Inn, etc. Page 5 of 23 IAM Service Catalog 12/6/2010

6 ServiceCategory Matching PSUID Category Description This collection of services will allow an authorized principal to locate persons within the Central Person via various combinations of data. This collection of services enables a registration authority and authorized principals the capability to assign a PSU ID to a person in the, as well as the capability to retrieve, delete and update the PSU ID for a person. The next release of the will include services that will provide the ability to update CIDR with the PSU ID. Registration Authority The next release of the will include services that will enable authorized principals to add, delete, suspend and retrieve data for registration authorities. In addition, services will be developed around the collection of registration and proofing data for a person. Sponsored Account USERID The second release of IAM services will include services to enable authorized principals to add, delete, disable and retrieve data for sponsored accounts. This collection of services enables an authorized principal to add, delete, update and retrieve information for persons USER ID. Page 6 of 23 IAM Service Catalog 12/6/2010

7 Service Catalog List The following pages list the IAM Services. Page 7 of 23 IAM Service Catalog 12/6/2010

8 ServiceCatalog List Note: An "" next to the service name indicates a "uture" service. (e.g. not part of the first release) Service Category / Service Name AILIATION Get Internal Affiliations Add Affiliation Update Affiliation Delete Affiliation Get User Affiliations Get External Affiliations CODESET Get ISIS Codeset Get IBIS Codeset CONTACT INO Update Person Update Address Type Log Unblock Person Block Person Disable Person Get Phone Get Photo ID Plus Set Primary Address Add Phone Add Address Validate Address Get Person Service Enable Person Get Delete Address Add Name CONTACT INO Delete Name PSUID Get PSU ID by SSN Get Name Update Name Update Address Delete Add Person Update PSU ID Delete PSU ID Update CIDR PSU ID Get Next PSU Id Add PSU ID Update REGISTRATION AUTHORITY Delete Phone Get Address Update Phone Delete Person Add DEPARTMENTAL Add Registration Authority Agent Suspend Registration Authority Agent Get Registration Authority Status Proof User Register User Delete Registration Authority Agent Departmental Identity SPONSORED ACCOUNT IAP Get Registration Events IAP Add Sponsored Account Update Sponsored Account Update IAP Disable Sponsored Account Get External Identity Assurance Profile Get PSU Identity Assurance Profile SSN Enable Sponsored Account LOCATION Update CIDR SSN Location USERID MATCHING Get Match Codes ind User PSUID Update UserID Delete UserID Get Userid Add Userid Get PSU ID Page 8 of 23 IAM Service Catalog 12/6/2010

9 Service Catalog Detail The following pages list the IAM Services along with a detailed description of the service. Page 9 of 23 IAM Service Catalog 12/6/2010

10 Service Catalog Detail Id Service Name Description Requestor Provider Category: AILIATION uture / Dependent Service 6 Add Affiliation This service enables an authorized Registration Authority to add an affiliation (type and modifier) for a user. The calling parameters to the service specify the affiliation type and its associated modifier. If the type and modifier do not represent a valid affiliation, the service returns an error. If user has no affiliation relationship one is created. If an affiliation relationship exists and the current and new match, return success. If the affiliations do not match and the affiliation transition is valid, expire current affiliation and create new affiliation relationship. Otherwise return exception. The service returns either an exception (reason the add didn't happen) or success. Person 9 Delete Affiliation This service enables an authorized Registration Authority to delete (archive) an affiliation for a user. The calling parameters to the service specify the affiliation type and affiliation modifier. If the user has the specified affiliation, it will be archived. The service returns either an exception (reason the remove didn't happen) or success. Person 15 Get External Affiliations This service enables all authorized principals to retrieve external affiliations, i.e. eduperson for a user. The service returns either an Person /Ser exception (reason the retrieve didn't happen) or success. 12 Get Internal Affiliations This services allow authorized principals to retrieve Penn State affiliations for a user. This service returns either an exception (reason Person /Ser retrieve didn't happen) or success. 43 Get User Affiliations A service to be developed in the next release that will obtain all of the to be determined Yes / No user's that have a particular affiliation. 16 Update Affiliation This service enables an authorized Registration Authority to update an affiliation for a user. The calling parameters to the service specify the affiliation type and modifier. If user has no affiliation relationship one is created. If an affiliation relationship exists and the current and new match return success. If the affiliations do not match and the affiliation transition is valid, expire current affiliation and create new affiliation relationship. Otherwise return exception. The service returns either an exception (reason the update didn't happen) or success. Person Category: CODESET Page 10 of 23 IAM Service Catalog 12/6/2010

11 Id Service Name Description Requestor Provider Category: CODESET uture / Dependent Service 71 Get IBIS Codeset Retrieves information about an IBIS Codeset code. Retrieves an IBIS codeset. The response size arrays are 1:? Indicating the returned array will be the sized to fit the number of values in the codeset. This is available from the Generalized Interface etibiscodeset. Generalized Interface No / Yes 72 Get ISIS Codeset Retrieves an ISIS codeset. The response size arrays are 1? Indicating the returned array will be the sized to fit the number of values in the codeset. This is available from the Generalized Interface etisiscodeset. Generalized Interface No / Yes Category: CONTACT INO 1 Add Address to add an address for a user. The calling parameters to the service will specify the address along with the address type. If the user already has an address of the type specified, it will be expired prior to the new address being added. In addition, since we are dealing with an address it will cause new match codes to be generated and interfacing with service providers to let them know of the new address change. The service will either return an exception (with the reason the add did not happen) or success. Person 10 Add to add an e mail address for a user. The calling parameters to the service will specify the e mail address along with the e mail address type. If the user already has an e mail address of the type specified, it will be expired prior to the new e mail address being added. The service will either return an exception (with the reason the add did not happen) or success. Person 4 Add Name to add a name for a user. The calling parameters to the service will specify the name along with the name type. If the user already has a name of the type specified, it will be expired prior to the new name being added. The service will either return an exception (with the reason the add did not happen) or success. Person Page 11 of 23 IAM Service Catalog 12/6/2010

12 Id Service Name Description Requestor Provider Category: CONTACT INO uture / Dependent Service 30 Add Person to add a person to the registry. The calling parameters to the service will specify a minimal amount of data necessary for matching. If the user already exists in the registry, an exception will be returned to the user to indicate that along with the pertinent data. Otherwise, the user will be added to the registry and the service providers will be notified of the new person. The service will either return an exception (with the reason the add did not happen) or success. Registration Authority 22 Add Phone to add an phone number for a user. The calling parameters to the service will specify the phone along with the phone type. If the user already has a phone of the type specified, it will be expired prior to the new phone being added. The service will either return an exception (with the reason the add did not happen) or success. Person 47 Block Person A service to be developed in the next release will enable an Registration Authority Yes / No authorized registration authority to be able to block a person to the registry (for wireless). 3 Delete Address to delete (archive) an address for a user. The calling parameters to this service will specify which address to archive. Since address is used by service providers, they will be notified of the archival. The service will either return an exception (with the reason the add did not happen) or success. Person 11 Delete to delete (archive) an e mail address for a user. The calling parameters to this service will specify which e mail address to archive. Since name is used by service providers, they will be notified of the archival. The service will either return an exception (with the reason the archive did not happen) or success. Person 5 Delete Name to delete (archive) a name for a user. The calling parameters to this service will specify which name to archive. Since name is used by service providers, they will be notified of the archival. The service will either return an exception (with the reason the archive did not happen) or success. Person Page 12 of 23 IAM Service Catalog 12/6/2010

13 Id Service Name Description Requestor Provider Category: CONTACT INO uture / Dependent Service 32 Delete Person to delete a person to the registry. In the case of a delete, the user data will not be removed, it will be archived. However data that exists on the various service providers could be deleted. That decision is up to the service provider. The service will either return an exception (with the reason the add did not happen) or success. Registration Authority/Other authorized entity 24 Delete Phone to delete (archive) an phone number for a user. The calling parameters to this service will specify which phone number type to archive. Since phone number is used by service providers, they will be notified of the archival. The service will either return an exception (with the reason the add did not happen) or success. Person 46 Disable Person A service to be developed in the next release will enable an authorized Registration Authority Yes / No registration authority to be able to disable a person to the registry (for authentication). 45 Enable Person A service to be developed in the next release will enable an authorized Registration Authority Yes / No registration authority to be able to enable a person to the registry (for authentication). 21 Get Address This service will enable an authorized agent to obtain address information for a user in the CPR. The service will either return an Person exception (with the reason the get did not happen) or success. 13 Get This service will enable an authorized agent to obtain address information for a user in the CPR. The service will either return an Person exception (with the reason the get did not happen) or success. 7 Get Name This service will enable an authorized agent to obtain name information for a user in the CPR. The service will either return an Person exception (with the reason the get did not happen) or success. 33 Get Person Service to obtain information about a person in the CPR. The service will either return an exception (with the reason the get did not happen) or success. Registration Authority/Other authorized entity 25 Get Phone This service will enable an authorized agent to obtain phone information for a user in the CPR. The service will either return an Person exception (with the reason the get did not happen) or success. Page 13 of 23 IAM Service Catalog 12/6/2010

14 Id Service Name Description Requestor Provider Category: CONTACT INO uture / Dependent Service 44 Get Photo ID Plus A service to be developed in the next release refers to a collection of services needed for the ID+ Photo: a) Obtain the photo via a data view b) Obtain the photo via a service or c) obtain the photo via LDAP jpegphoto to be determined Yes / No 49 Log A service to be developed in the next release to be defined around Yes / No logging of . Person 75 Set Primary Address to set an e mail address as the primary address for a user. The calling parameters to the service will specify the e mail address type. If the user already has a primary e mail address specified, it will be unset as primary prior to the new e mail address type being set as primary. The service will either return an exception (with the reason the set did not happen) or success. Person 48 Unblock Person A service to be developed in the next release will enable an authorized Registration Authority Yes / No registration authority to be able to unblock a person to the registry (for wireless). 20 Update Address to update an address for a user. The calling parameters to the service will specify the address along with the address type. Since an update is being performed, the existing address will be prior to adding the new address. In addition, since we are dealing with an address it will cause new match codes to be generated and interfacing with service providers to let them know of the address change. The service will either return an exception (with the reason the add did not happen) or success. Person 50 Update Address Type A service to be developed in the next release that will provide the Yes / No ability to filp address types of persons. E.g. summer address, winter Person address, temporary address, etc. 14 Update to update an e mail address for a user. The calling parameters to the service will specify the e mail address along with the type. If the user already has an e mail address of the type specified, it will be expired prior to the new e mail address being added. The service will either return an exception (with the reason the update did not happen) or success. Person Page 14 of 23 IAM Service Catalog 12/6/2010

15 Id Service Name Description Requestor Provider Category: CONTACT INO uture / Dependent Service 8 Update Name to update a name for a user. The calling parameters to the service will specify the name along with the name type. If the user already has a name of the type specified, it will be expired prior to the new name being added. The service will either return an exception (with the reason the update did not happen) or success. Person 31 Update Person to update information about a person in the registry. The service will either return an exception (with the reason the update did not happen) or success. Registration Authority 23 Update Phone This service will enable an authorized registration authority to update a phone number for a user. The calling parameters to the service will specify the phone along with the phone type. If the user already has a phone of the type specified, it will be expired prior to the new phone being added. The service will either return an exception (with the reason the update did not happen) or success. Person 40 Validate Address This service will receive address data elements as input and perform two operations. The service will perform standardization of the address data elements and determine whether the address exists. The capability for testing whether an address exists will depend on the final selection of address validation database. There will likely be three conditions for the existence of an address (found, not found and unknown). A status of unknown would result if the coverage of the address database does not include the country of the input address. The inputs and outputs of the service are also dependent on the the final selection of address validation software., Registration Authorities Category: DEPARTMENTAL 51 Departmental Identity A service to be developed in a future release s related to linkage and Registration Yes / No university organizational units Authorities/ Registr Category: IAP 18 Get External Identity This service enables authorized services to retrieve External Identity Assurance Profile Assurance Profiles Person /Ser 17 Get PSU Identity This service enables authorized services to retrieve PSU Identity Assurance Profile Assurance Profile. Person /Ser Page 15 of 23 IAM Service Catalog 12/6/2010

16 Id Service Name Description Requestor Provider Category: IAP uture / Dependent Service 52 Get Registration Events A service to be developed in the next release that will get data Registration Yes / No IAP associated with a registration event Authorities/ Registr 53 Update IAP A service to be developed in the next release that will update the Registration Yes / No Identity Assurance Profile level. Authorities/ Registr Category: LOCATION 76 Location A service to be developed in a future release related to linkage and Registration Yes / No physical locations. Authorities/ Registr Category: MATCHING 42 ind User This service allows a requester to find a person within the CPR using various combinations of input data. Person Repository 74 Get Match Codes Accepts up to ten name name/value pairs and returns match codes for the DI Blue usion server. The input for this service is an array of up to sub arrays. Each sub array consists of two elements, the name of a match code type, and the value for which a match code is needed. The possible names of match code types are: NAME, ADDR, CITY, STATE, ZIP. This is a Generalized Interface service at etmatchcodes. Generalized Interface No / Yes Category: PSUID 26 Add PSU ID to request the assignment of a PSU ID to a person in the CPR. The service will either return an exception (with the reason the add did not happen) or success. Person 56 Delete PSU ID A service to be developed in the next release will enable an authorized Yes / No registration authority to be able to delete the assignment of a PSU ID to Person a person in the CPR. Page 16 of 23 IAM Service Catalog 12/6/2010

17 Id Service Name Description Requestor Provider Category: PSUID uture / Dependent Service 41 Get Next PSU Id This service will choose the next available Penn State Id number for assignment. The next id number is selected at random from a pool of unused Penn State id numbers. Random means that there should be no way to predict the value of the next Penn State id to be selected. The service will place the selected id number in a pending status temporarily so the number will not be reused. or the pilot deployment, available Penn State ids will begin with a letter /Registration Authority 27 Get PSU ID This service will enable an authorized agent to obtain PSU ID information for a user in the CPR. The service will either return an Person exception (with the reason the get did not happen) or success. 73 Get PSU ID by SSN This service will receive a SSN and will return the individual`s PSU ID. This is available from the Generalized Interface etpsu IDBySsn. Generalized Interface No / Yes 57 Update CIDR PSU ID A service to be developed in the next release that will provide the Yes / No ability to update CIDR with PSU ID 55 Update PSU ID A service to be developed in the next release will enable an authorized Yes / No registration authority to be able to request the assignment of a PSU ID Person to a person in the CPR. Category: REGISTRATION AUTHORITY 61 Add Registration A service to be developed in the next release that will add a Yes / No Authority Agent Registration Authority Agent. Person 63 Delete Registration A service to be developed in the next release that will delete a Yes / No Authority Agent Registration Authority agent. Person 62 Get Registration A service to be developed in the next release that will return the status Yes / No Authority Status of a Registration Authority. Person 60 Proof User A service to be developed in the next release that will collect and store Yes / No proofing data from a user (e.g. existing user, password reset, lost password, etc. ) 59 Register User A service to be developed in the next release that will collect and store Yes / No registration data from a user (for the purpose of establishing behind the scenes LOA/IAP) 64 Suspend Registration A service to be developed in the next release that will suspend a Yes / No Authority Agent Registration Authority agent. Person Page 17 of 23 IAM Service Catalog 12/6/2010

18 Id Service Name Description Requestor Provider Category: SPONSORED ACCOUNT uture / Dependent Service 65 Add Sponsored Account A service to be developed in the next release that will allow an Yes / No authorized user to add a Sponsored Account. Person 67 Disable Sponsored A service to be developed in the next release that will allow an Yes / No Account authorized user to disable a Sponsored Account. Person 68 Enable Sponsored A service to be developed in the next release that will allow an Yes / No Account authorized user to enable a Sponsored Account. Person 66 Update Sponsored A service to be developed in the next release that will allow an Yes / No Account authorized user to update a Sponsored Account. Person Category: SSN 58 Update CIDR SSN A service to be developed in the next release that will provide the Yes / No ability to update CIDR with SSN Category: USERID 28 Add Userid to add a network id to a user. The calling parameters to the service will specify the person identifier. The service will either return an exception (with the reason the add did not happen) or success. Person 70 Delete UserID A service to be developed in the next release that will allow an Yes / No authorized user to delete the list of all user ids associated with a person Person id number. 29 Get Userid This service will enable an authorized agent to obtain userid information for a user in the CPR. The service will either return an Person exception (with the reason the get did not happen) or success. 69 Update UserID A service to be developed in the next release that will allow an Yes / No authorized user to update the list of all user ids associated with a Person person id number. Page 18 of 23 IAM Service Catalog 12/6/2010

19 Terminology Terminology Affiliation Identity and Access Management Definition Affiliation is the combination of one's relationship with Penn State (which may allow access to electronic services) and some form of trusted (may not be Penn State) identity. At Penn State, affiliations are not roles; they are never deleted. One may have zero, one or many active relationships. Zero occurs if all relationships have been deactivated; the affiliation is active if one has one or more active relationships. When the affiliation is active, there is a single "dominant" relationship. Identity Management is multidisciplinary and covers multiple dimensions: Penn State: The alignment of University business processes, policies, and technologies that manage identities to support the delivery of rich and diverse array of online services for faculty, staff, and students. Administrative: An administrative process coupled with a technological solution that validates the identity of individuals and allows owners of data, applications, and systems to either maintain centrally or distribute responsibility for granting access to their respective resources to anyone participating within the IAM framework. Technical: With identity management systems (identification, implementation, administration and termination of identities with access to information systems, buildings and data within an organization). Legal: Such as legislation for data protection. Police. or instance for dealing with identity theft. Social: Dealing with issues such as privacy. Security. With elements such as access control. See the IAM inal Report and Recommendations for concepts, goals and strategic recommendations related to Penn State's IAM initiatives. or example: At Penn State, a cohesive IAM strategy and implementation ensures that the right people have access to the right Page 19 of 23 IAM Service Catalog 12/6/2010

20 Terminology Level of Assurance (LOA) Access Account (Penn State) Registration Authority Identity Provider Affiliate Definition services. The degree of confidence in the vetting and proofing processes used to establish the identity of the individual to whom the credential is issued. Levels of Assurance also consider the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued. See "Assurance Levels" for related information. A Penn State Access Account is a user ID and password that enables Penn State students, faculty, and staff to use the full range of the University's Internet services, on or off campus, at computer labs or on personal computers. Once a user's Access Account is active, it provisions for authentication (user ID/password), an entry in Penn State's Directory Services, service and file storage space known as Penn State Access Storage Space (PASS). These entitlements are associated with a full Access Account. Slim Access Accounts may also be issued, which provide only for authentication and an entry in Directory Services. Penn State Personal Web space may also be obtained by taking and passing a short quiz (upon successful completion of the quiz, Web space is created within one's PASS folder). Currently the Kerberos realm name for Access Accounts is dce.psu.edu. or example: xyz5000 (a sample user ID) plus a password equals an Access Account. A University entity that has the authority to verify user information and issue credentials. or example, Penn State World Campus is a Registration Authority for World Campus students. Commonly referred to as IdP, it is the originating location for a user. or InCommon, an IdP is a campus or other organization that operates and manages an identity management system and offers information about members to other InCommon participants. or example: Information Technology Services (ITS) is an IdP for Penn State (Penn State's IdP is established as Penn State University). A person who has some connection to the University. or example: A student, faculty, staff, vendor, spouse, alumni, donors, guests, etc. A centralized person registry is a single data store that combines and consolidates identity information currently stored in separate and Page 20 of 23 IAM Service Catalog 12/6/2010

21 Terminology Definition non-integrated sources throughout the University. At its simplest form, a person registry is a data store of user information or Example: Central ID Repository (CIDR) riends of Penn State (PS) Central Accounts Coordination Tracking of User Services (CACTUS) Integrated Student Information System (ISIS) Integrated Business Information System (IBIS) Many others Service Provider PSU ID User ID and Password (Penn State) A Service Provider is a Penn State University entity that makes online resources available to users based in part on information about them that it receives from the. or example: The ANGEL course management system, Penn State , Admissions applications, etc. A Penn State Identification Number or PSU ID is assigned to individuals and is to be used as the primary identifier in Penn State's administrative and academic systems. The PSU ID is a nine digit number, beginning with 9 in the following format: 9-XXXX-XXXX. The PSU ID is unique to the individual and is a lifetime assignment used for multiple and changing relationships with Penn State. or more information on the application and use of the PSU ID, see Policy AD19. or example: A PSU ID is issued to anyone enrolling in Penn State academic offerings - including credit and non-credit instruction - that are recorded in the Integrated Student Information System (ISIS). or example: All Penn State employees, including wage payroll, are issued a PSU ID at the time of employment. Your user ID is the "public" part of your Access Account. This is the part you should share with others so that they know where to send you electronic mail. Your user ID is usually your initials followed by a 1- to 3-digit number such as xyz101. The letters are lowercase. Your password, on the other hand, should be kept private. Your password is the "key" that lets you open electronic doors. Guard your password just as you guard your bank card PIN. Don't write it down or make it easy for someone to "crack." Don't share your password with others, as they would then have the opportunity to read your , see your grades, obtain your transcript, and forge and news postings from you. Page 21 of 23 IAM Service Catalog 12/6/2010

22 Terminology Identity Assurance Profile (IAP) Definition A set of data, associated with an individual, that reflects the degree of confidence in the vetting and proofing processes used to establish the identity of the individual to whom the credential is issued at a given point in time. See "Assurance Levels" and "Levels of Assurance" for related information. Page 22 of 23 IAM Service Catalog 12/6/2010

23 Contact and Community Information E Mail: [email protected] Web Site: ollow PennStateIAM on: Delicious Twitter YouTube acebook Page 23 of 23 IAM Service Catalog 12/6/2010