Completion of Identity Management Directions Project: Phase One
12 May 2008
The management of electronic identities at the University of Sydney is currently being improved. Phase 1 of ICT's Identity Management Directions project is now complete.
Since September last year, the Identity Management Directions (IDM) Project, under Project Manager Byron Williams, has been improving the process of creating and managing UniKeys for new staff and students. During Phase 1 of the IDM project an entirely new identity and access management system was built for the University, laying the groundwork for better management of electronic identities (UniKeys) and the entitlements associated with them. The new system also provides an audit trail across UniKeys, to better understand how errors come about and to detect instances where individuals have tried to provide system access to non-entitled UniKeys.
Currently, ICT's Strategy and Architecture area is working on defining the future directions for identity management. This includes work on understanding the 'identity lifecycle': the ways that people can be affiliated with the University and the entitlements associated with each mode of affiliation.
This work feeds into remodelling the way access to resources is managed on the role-based access control model. In essence, this entails building a set of policies that associate roles such as 'Undergraduate Student', with a corresponding set of entitlements. These policies are then applied to each individual in the university when they try to access electronic resources.
This is not only beneficial in protecting resources, but provides a much more streamlined approach to granting and revoking entitlements to these resources, with much of it being done automatically based on their roles and affiliations within the university.
"I think that the most significant aspect of the project is that it brings an awful lot of rigor to the university environment that wasn't there beforehand," says Chris Albone, Technical Lead of the project.
"The aim of the system is one-person one-identity on the one hand, and on the other hand, ensuring that person can access the resources they are entitled to - and only those resources - in a timely fashion."
As a whole, the IDM project will increase security in terms of the uniform application of password policies, improve auditability due to the centralised storage of security policies, as well as improve timeliness when it comes to obtaining UniKeys for new staff and visiting scholars.
