leading an effort to define roles a “tripod” view of iam
Post on 27-Dec-2015
214 Views
Preview:
TRANSCRIPT
Leading an Effort Leading an Effort to Define Rolesto Define Roles
A A “Tripod” “Tripod” View of View of
IAMIAM
I AMI AM I AMI AM
Assistant ControllerAssistant ControllerAssistant ControllerAssistant ControllerAssistant TreasurerAssistant TreasurerAssistant TreasurerAssistant Treasurer
Budget AdministratorBudget AdministratorBudget AdministratorBudget Administrator
Purchasing Card Purchasing Card AdministratorAdministrator
Purchasing Card Purchasing Card AdministratorAdministrator
Purchasing Card ReconcilerPurchasing Card ReconcilerPurchasing Card ReconcilerPurchasing Card Reconciler
EmployeeEmployeeEmployeeEmployee
Alum – Liberal ArtsAlum – Liberal ArtsAlum – Liberal ArtsAlum – Liberal Arts
Alum – Smeal Alum – Smeal College of College of BusinessBusiness
Alum – Smeal Alum – Smeal College of College of BusinessBusiness
Conference Conference AttendeeAttendee
Conference Conference AttendeeAttendee
Workflow Workflow “Mother” of all Roles“Mother” of all Roles
Workflow Workflow “Mother” of all Roles“Mother” of all Roles
DONORDONORDONORDONOR Chair Residency Chair Residency AppealsAppeals
Chair Residency Chair Residency AppealsAppeals
Member WPSUMember WPSUMember WPSUMember WPSUThespian Alumni Thespian Alumni Interest GroupInterest Group
Thespian Alumni Thespian Alumni Interest GroupInterest Group
I AM
Director of Director of Information Systems Information Systems Auxiliary & Business Auxiliary & Business
ServicesServices SupervisorSupervisor
Budget AdministratorBudget Administrator
Director in Director in Finance & BusinessFinance & Business
EmployeeEmployee
Alum – Health & Alum – Health & Human Human
DevelopmentDevelopment
Parent of a Parent of a freshman freshman (tuition payer!)(tuition payer!)
I AM
Senior Systems EngineerSenior Systems Engineer
Budget AdministratorBudget AdministratorDirector/ManagerDirector/Manager
Team Leader in Team Leader in ITS Emerging ITS Emerging Technologies Technologies
GroupGroupEmployeeEmployee
Parent of an Parent of an alumalum
DONORDONOR
Lead ArchitectLead Architect
Member of Nittany Member of Nittany Lion ClubLion Club
Co-Chair Co-Chair InCommon InCommon Technical Technical Advisory Advisory
CommitteeCommittee
I AM
dmm4dmm4
9-0000-00039-0000-0003
211-00-0000211-00-0000
602068 602068 20987528902098752890
dmm4@psu.edudmm4@psu.edu
jlw2jlw2
9-0000-00019-0000-0001
466-00-9999466-00-9999
602068 602068 12345678901234567890
jlw2@psu.edujlw2@psu.edu
prs4prs4
9-0000-00029-0000-0002
962-00-1212962-00-1212
602068 602068 3976511230939765112309
rshuey@psu.edurshuey@psu.edu
Leading an Effort to Define Roles Historical PerspectiveHistorical Perspective
Electronic Approval since 1988 Approval Paths
Based on individual – dmm4 Financial and HR Processes Only Route based on mnemonics
Implementing Role-Based Workflow Standard workflow for process Authorization through roles and
related attributes
Leading an Effort to Define Roles IAM at Penn State IAM at Penn State
Identity & Access Management Identity & Access Management Road MapRoad Map Co-Chaired by Renee Shuey & Joel
Weidner Sub-Groups:
• Policy and Governance• Risk Assessment• Vetting, Proofing and Registration
Authorities• Life Cycle and Affiliations• Levels of Assurance
Report being presented next week
Leading an Effort to Define Roles PolicyPolicy
HOW CAN WE FOCUS THE IAM LENS? Governance
• Coordination and collaboration • Three-level structure proposed at Penn State
Policy• Comprehensive Overarching Policy• Standards vs. best practices vs. objectives• Audience beyond organization
Leading an Effort to Define Roles PolicyPolicy
CHALLENGESOrganizational Issues
• Workflow driving roles but broader use being implemented
• Department Identity• Financial Organization is not representative of rest of
the organization
• Cultural Change• Communication/Cooperation
Cross-Organization Collaboration
Leading an Effort to Define Roles PolicyPolicy
CHALLENGESRoles
• Creation of roles that work in multiple systemsCreation of roles that work in multiple systems• Roles – access and securityRoles – access and security• Role versus Position versus AffiliationRole versus Position versus Affiliation
Can we use the term “roles” in academic processes?
Leading an Effort to Define Roles PolicyPolicy
CHALLENGESRole Stewardship
• Attributes define access and authority• Who determines?• Some attributes are unique to individual – User ID• Other attributes relate to process
• Privileges that are inherent in position• Role of President, Provost, Dean• Delegates and Proxies
• Some roles can be automated• Principal Investigator – drive from account set-up
Leading an Effort to Define Roles PolicyPolicy
CHALLENGESRole Steward
• Defines roles used in various processes
Role Assigner• Authority to grant access to role• May also require workflow approval• Person in role may have authority to grant
access to delegates and proxies
Leading an Effort to Define Roles PolicyPolicy
CHALLENGES Relationship of IAM to Other Issues
• Privacy • Information Security• Data Classification• Workflow• List Serve Management
Leading an Effort to Define Roles PolicyPolicy
Who will be Who will be your Role your Role Stewards?Stewards?
or as Jimmy V says or as Jimmy V says “Muddah” of “Muddah” of
All RolesAll Roles
Leading an Effort to Define Roles Focus onFocus on Business ProcessesBusiness Processes
Three Different LensesThree Different Lenses
The Customer or Consumer of online resources
The Application/Resource Provider
The Administrator
The Customer Lens – the consumerThe Customer Lens – the consumer
““Don’t care how;Don’t care how;
I want it NOW!”I want it NOW!”
Leading an Effort to Define Roles Focus onFocus on Business ProcessesBusiness Processes
The Customer Lens – the consumerThe Customer Lens – the consumerDriving the development of online servicesDriving the development of online servicesBringing expectations from commercial Bringing expectations from commercial
experiencesexperiencesWant it nowWant it nowDemand simplicityDemand simplicityWant it pushedWant it pushed
Leading an Effort to Define Roles Focus onFocus on Business ProcessesBusiness Processes
Customer ChallengesCustomer ChallengesDon’t care about roles—only know what they Don’t care about roles—only know what they
want to dowant to doHow can intelligence be embedded into the How can intelligence be embedded into the
business processes to simplify the customer business processes to simplify the customer experience?experience?
How can we integrate existing business How can we integrate existing business processes (admissions, hiring, registration) with processes (admissions, hiring, registration) with the automated updating of roles?the automated updating of roles?
Leading an Effort to Define Roles Focus onFocus on Business ProcessesBusiness Processes
Resource/Application ProviderResource/Application Provider
Leading an Effort to Define Roles Focus onFocus on Business ProcessesBusiness Processes
Resource/Application ProviderResource/Application ProviderCharged with providing online services to Charged with providing online services to
the university communitythe university community• Admission applications, housing contracts, meal Admission applications, housing contracts, meal
plans, class resources, procurement, parking plans, class resources, procurement, parking permits, online testing …permits, online testing …
Need to efficiently place user in a context Need to efficiently place user in a context and role to execute the transactionand role to execute the transaction• May require both user and approver rolesMay require both user and approver roles
Leading an Effort to Define Roles Focus onFocus on Business ProcessesBusiness Processes
Resource/Application Provider ChallengesResource/Application Provider ChallengesDynamic environment where individuals are Dynamic environment where individuals are
moving in and out of roles dailymoving in and out of roles dailyReconciliation of a single identity with Reconciliation of a single identity with
multiple rolesmultiple roles• In what role is the customer acting today--or for In what role is the customer acting today--or for
this particular application?this particular application?
Leading an Effort to Define Roles Focus onFocus on Business ProcessesBusiness Processes
The Administrator Lens – The business of The Administrator Lens – The business of managing the businessmanaging the business
Leading an Effort to Define Roles Focus onFocus on Business ProcessesBusiness Processes
The Administrator Lens – The business of The Administrator Lens – The business of managing the businessmanaging the businessEnsuring that policy is being followedEnsuring that policy is being followedOversight for fiscal responsibilityOversight for fiscal responsibilityOversight for academic integrityOversight for academic integrity
Leading an Effort to Define Roles Focus onFocus on Business ProcessesBusiness Processes
Administrator ChallengesAdministrator Challenges Responsible for role managementResponsible for role management
• Knowing “who’s on first”Knowing “who’s on first”
Keeping the business runningKeeping the business running• Proxies and delegatesProxies and delegates
Audits & controlsAudits & controls• Reconstruction of business transactionsReconstruction of business transactions• Encouraging people to “do the right thing”Encouraging people to “do the right thing”
Leading an Effort to Define Roles Focus onFocus on Business ProcessesBusiness Processes
Leading an Effort to Define Roles TechnologyTechnology
A mechanism must be provided for:Assignment and
management of roles.
Establishment of new roles and attributes.
Assignment of authority
Leading an Effort to Define Roles TechnologyTechnology
Develop a Schema with “Agility Ability”Meets both needs
of Today and Unknown of Tomorrow
Necessary & Challenging
Leading an Effort to Define RolesLeading an Effort to Define RolesQuestions, Comments, and FarewellQuestions, Comments, and Farewell
Debbie MederDebbie Mederdmm4@psu.edudmm4@psu.edu
Joel WeidnerJoel Weidnerjlw2@psu.edujlw2@psu.edu
Renee ShueyRenee Shueyrshuey@psu.edurshuey@psu.edu
top related