Project: Identity & Access Management Strategy Project
IAM Strategy Project
4/26/2013 - The Strategic IT Accountability Board unanimously endorsed the IAM Roadmap, bringing the IAM Strategy project to a successful close. Implementation of the roadmap initiatives will begin in summer 2013.
The Identity and Access Management (IAM) Strategy project will provide a roadmap for implementing a comprehensive and full-featured set of IAM services to encourage collaboration, facilitate stakeholder engagement, and support online interactions with a variety of users, while maintaining the security and integrity of the university’s digital assets. To develop this roadmap, the project team will identify key campus IAM business requirements and drivers, research IAM solutions and best practices, and map out the desired future state for IAM at the university.
The goals of the IAM Strategy project are as follows:
- Identify key high-level IAM business requirements and drivers.
- Define the IAM Strategy, which will include:
- Map of the desired future state for IAM at UT Austin.
- Sequence of solution implementation, addressing priorities and interdependencies.
- Guidelines for solution selection.
- Define a long-term IAM governance structure for UT Austin.
This project will establish high-level business requirements, investigate solutions and best practices for meeting those requirements, and define a strategic roadmap that address the following IAM topic areas:
- Identity Lifecycle Management – The management of identity creation, identifier assignment, attribute profiles, identity reconciliation, and authenticators (e.g., passwords, digital certificates).
- Group & Role Management – The management of collections of identities that represent groups and roles. Identities can be assigned to groups and roles based on identity attributes, business rules, or on an ad hoc basis.
- Authentication – The process of proving that a user or non-person entity (such as a device or application) is who they claim to be, using a password, certificate, or other authenticator. Includes single sign-on, authentication for non-web applications, and multi-factor authentication.
- Federation – The implementation of trusted connections to allow UT Austin constituents to use their local identifier (e.g., UT EID) to access resources provided by other institutions and organizations, and to allow authorized users from outside UT Austin to access UT Austin resources using their local identifiers.
- Authorization – The process of determining if an individual should have access to a system or function. Includes role-based authorization.
- Service Provisioning Orchestration – The coordination of processes that create accounts and grant system access for individuals affiliated with the university, and the revocation of that access when no longer required or appropriate.
- Directory Services – Directory services provide a repository of information about identities for use by campus users, services/applications, and the public.
- ID Card Services – The provisioning and management of physical UT ID cards, which are used to verify the cardholder’s status as a member of the university community and to control physical access to campus facilities (e.g., via BACS – Building Access Control System).
- Auditing & Reporting – The collection and storage of IAM-related transactions, and the mechanisms used to analyze and report on those transactions.
Out of Scope
This project will not:
- Develop detailed technical requirements for IAM topic areas.
- Develop Request for Proposals for IAM solutions.
- Select vendors and/or products for IAM solutions.