P U R D U E U N I V E R S I T Y



Similar documents
Shibboleth Authentication. Information Systems & Computing Identity and Access Management May 23, 2014

Shibboleth User Verification Customer Implementation Guide Version 3.5

Canadian Access Federation: Trust Assertion Document (TAD)

Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services

Canadian Access Federation: Trust Assertion Document (TAD)

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

Getting Started with Single Sign-On

MACE-Dir SAML Attribute Profiles

Best Practices for Libraries and Library Service Providers

Getting Started with Single Sign-On

Please type or print clearly: Licensee (Institution) Name: Licensee Address: Agreement Date:

Information for Students Seeking Re-Admission to Meredith College

ONLINE CREDIT REPORTING S SUITE SOLUTIONS MEMBERSHIP GUIDELINES

Account Management Standards

Single Sign On at Colorado State. Ron Splittgerber

DEPARTMENTAL POLICY. Northwestern Memorial Hospital

SAML Authentication within Secret Server

Merit Cloud Media User Guide

How To Use Saml 2.0 Single Sign On With Qualysguard

Configuring the OAuth 2.0 Authentication module

Introducing Shibboleth

Regulations and Procedures for the International Registry

STUDENT RECORD POLICY, PROCEDURES AND DEFINITIONS

Integrating a Shibboleth IdP with Microsoft Active Directory

An introduction of several development activities related to Shibboleth and Web browser-based simple PKI

LDAP and Active Directory Guide

Auditing a Private Third-Party Claims Processor for Medicare Case background developed by Yan Xiong, Ph.D. and Daniel W. Law, Ph.D.

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY

California State University, Sacramento INFORMATION SECURITY PROGRAM

Memorandum of Understanding (U_Club) For the Mobilize, Organize, Elect (MOE) System

Palomar Community College District Procedure AP 5520

AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommon Federation

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Youngevity Essential Life Sciences & Youngevity International, Inc.

Timekeeping Ethics Policy

Canada-Ontario Integrated Student Loans Continuation of Interest-Free Status/ Confirmation of Enrolment (Schedule 2)

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only)

Subpoena Compliance and Special Investigations. Law Enforcement Assistance Guide for Internet Investigations

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Acceptable Use Policy

Pacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009

Connecting Web and Kerberos Single Sign On

Feide Technical Guide. Technical details for integrating a service into Feide

Identity and Access Management: Access Management Survey 1

Academic Honor Code 1

1.0 PURPOSE AND SCOPE RESPONSIBILITIES DEFINITIONS PROCEDURE REFERENCES APPROVALS...

COMPUTER USE IN INSTRUCTION

Oklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention

Self-Administrative Manual. Self- Administration Manual

MEN'S FASHION UK Items are ranked in order of popularity.

Canadian Access Federation: Trust Assertion Document (TAD)

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

Student Initiated etranscript Request for Active Students

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

Operating Level Agreement for NYU Login Service

The purpose of Mohawk College s Purchasing Card Policy ( policy ) is to:

COMPUTER NETWORK FOR EDUCATION

Transcription:

P U R D U E U N I V E R S I T Y IAMO Shibboleth Attribute Release Memorandum of Understanding Between the designated Purdue University administrative or educational group, called the Client, and the Department of Human Resource Services and/or the Office of the Registrar, for the electronic distribution of Purdue University attribute data to the Client for purposes of federated authentication and authorization using Shibboleth. I. PARTIES This document constitutes an agreement between the designated Purdue University administrative or educational group, called the Client, and the Department of Human Resource Services and/or the Office of the Registrar. The Identity and Access Management Office (IAMO), a unit of the Networks and Security Division in the Office of the Vice President for Information Technology, is an advisor to Human Resource Services and/or the Office of the Registrar for this agreement. II. PURPOSE A. Background and Goals The purpose of this Memorandum of Understanding (MOU) is to define the practices, guidelines, approvals, security and specific University attribute data to be released from Human Resource Services and/or the Office of the Registrar via IAMO to the Client. B. Definitions and Principles 1) For the purposes of this document, Purdue University includes, but is not limited to, the West Lafayette Campus, other Purdue campuses including Statewide Technology, Continuing Education, and other Purdue stakeholders. 2) The Department of Human Resource Services is the steward of Purdue University personnel data, via the human resource data steward. Human Resource Services rules for use of the attribute data take precedence over IAMO and Client requirements. 3) The Office of the Registrar is the steward of Purdue University student data, via the student services data steward. Office of the Registrar rules for use of the attribute data take precedence over IAMO and Client requirements. 4) Approved Clients are Purdue University administrative and educational groups for whom the use of University attribute data are necessary for conducting official business, or to support distributed operations, for the purpose of authentication and authorization. 5) A Client requesting attributes must sign this Memorandum of Understanding with Human Resource Services and/or the Office of the Registrar, and the signed MOU must be reviewed by and made available to IAMO before attributes can be released. 6) Best security practices will be used to transfer attributes and to administer the systems to which attributes are transferred, including IAMO and Client systems. 7) The Client receiving University attributes will hold those attributes in strict confidence according to best security practices and current regulations, and will Page 1 of 7

use attribute information only for the purpose defined in this agreement and will not redistribute it to another party. 8) When policy changes are required, the Client, Human Resource Services, and/or the Office of the Registrar, with IAMO advice, will cooperate in their development. III. RESPONSIBILITIES The Purdue University Department of Human Resource Services and/or the Office of the Registrar will: Provide accurate and complete descriptions of the data delivered to IAMO and the Client. Consult with IAMO about the provisions of this MOU and forward a signed copy of this MOU to IAMO for execution. Provide University data for attribute release to IAMO on a regular basis and in a secure fashion. Advise the IAMO of changes in data format and content. Make prompt and timely changes to errors in data reported by the Client to the IAMO. The Client will: Agree to a specific set of data items to be released as attributes by IAMO. Agree to an initial and subsequent regular security audits of the receiving Client system. Agree to provide the secure attribute data transfer mechanism defined by IAMO. Agree to hold the received attribute data in strict confidentiality and abide by current regulations. Agree to use the attribute data only for the purposes defined in this agreement. The Client must execute a new agreement to define new uses of the attribute data. Agree not to redistribute the received attribute data to any third party. Provide information to Human Resource Services and/or the Office of the Registrar and IAMO on use, protection, and release of University attribute data, as requested. Report errors in received attributes to the IAMO. The Identity and Access Management Office will: Receive the signed Client MOU from Human Resource Services and/or the Office of the Registrar and arrange for the secure release of University attributes to the Client system; Audit Client systems before initiating attribute data release to insure their system security; and audit them subsequently on a regular basis to insure continued security; Describe and release approved attribute data to the Client system in a secure fashion, and monitor attribute release to the Client destination system to insure their correct and secure delivery; Notify Human Resource Services and/or the Office of the Registrar of errors in the data and request prompt and timely corrections; Page 2 of 7

When requested, provide reports to Human Resource Services and/or the Office of the Registrar on attributes that have been released. Page 3 of 7

IV. TERMINATION This agreement terminates automatically upon termination of the University data distribution (agreement) between Human Resource Services and/or the Office of the Registrar, and IAMO. This agreement may also be terminated ninety (90) days after either party presents a written notice of termination, signed by the school or department representative who authorized this agreement. V. PENALTIES Violation of this agreement will be adjudicated by the Executive Director of Networks and Security, the Director of Human Resource Services and/or the Registrar from the Office of the Registrar. Violation may result in temporary or permanent suspension of the release of University attributes from the IAMO to the client. Page 4 of 7

VI. CLIENT AUTHENTICATION/AUTHORIZATION REQUIREMENTS 1) For the purposes of effecting this agreement, these specific Client definitions are in force: Client Contact Information Client Area Name: Client Department or School: Client Department or School Head: Client Technical Contact Name: Client Technical Contact Campus Email Address: Client Technical Contact Campus Telephone Number: Federated Application and Use Definition (list for each application/use): Name of Application: Application/Use Description: Vendor Name InCommon Member: Yes No Service Provider Metadata URL: Service Provider Entity-ID: Page 5 of 7

Requested Attributes to be Released: Request Y/N Attribute SAML 1 Name SAML 2 Name uid urn:mace:dir:attribute-def:uid urn:oid:0.9.2342.19200300.100.1.1 mail urn:mace:dir:attribute-def:mail urn:oid:0.9.2342.19200300.100.1.3 displayname urn:mace:dir:attributedef:displayname urn:oid:2.16.840.1.113730.3.1.241 cn urn:mace:dir:attribute-def:cn urn:oid:2.5.4.3 sn urn:mace:dir:attribute-def:sn urn:oid:2.5.4.4 givenname urn:mace:dir:attributedef:givenname urn:oid:2.5.4.42 employeenumber urn:mace:dir:attributedef:employeenumber urn:oid:2.16.840.1.113730.3.1.3 employeetype urn:mace:dir:attributedef:employeetype urn:oid:2.16.840.1.113730.3.1.4 edupersonprincipalname (eppn) urn:mace:dir:attributedef:edupersonprincipalname urn:oid:1.3.6.1.4.1.5923.1.1.1.6 edupersonscopedaffiliation urn:mace:dir:attributedef:edupersonscopedaffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.9 Y edupersontargetedid urn:mace:dir:attributedef:edupersontargetedid urn:oid:1.3.6.1.4.1.5923.1.1.1.10 educourseoffering urn:oid:1.3.6.1.4.1.5923.1.6.1.1 urn:oid:1.3.6.1.4.1.5923.1.6.1.1 The edupersontargetedid attribute is included by default. Attribute descriptions are available at: https://www.purdue.edu/apps/account/docs/shibboleth/shibboleth_information.jsp Page 6 of 7

SIGNATURES Client Director or Department Head Signed: Date: Please forward in campus mail to the Director of the Identity and Access Management Office for further processing: IAMO Director / ITNS / ROSS. Human Resource Services Data Steward Signed: Date: Student Services Data Steward Signed: Date: Director of Identity and Access Management Office Signed: Date: Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information