IAMREFERENCE ARCHITECTURE BRICKSEMBEDED ARCHITECTS COMMUNITY OF PRACTICEMARCH 5, 2015

AGENDA

>What is IAM?>Vision & mission>Evolution: the why behind “bricks”>Practice: making “bricks”>Discussion, reflection, etc.

TOPICS DISCUSSED

WHAT IS IAM?

“Identity and access management is a security, risk management, and business discipline that ensures the right individuals have the right access to the right resources at the right time for the right reasons.”(Source: Gartner, Inc.)

DEFINITION

WHAT IS IAM?

A team?

At the UW, IAM is anorganizational unitwith these responsibilities:

• Identity registration& administration

• Account & passwordmanagement

• Access management• Authentication &

Authorization• Non-person identity

management• Federation & trust

WHAT IS IAM?

A set of services.

We offer these IAMservices through thecentral IT service catalog:

• UW NetID• Access Management• Authentication• Directory Services• UW Windows

Infrastructure

WHAT IS IAM?

A set of capabilities.

The essential workof our IAM team iscoordinating theseIAM processes andactivities with ourdiverse customersand stakeholders.

IDENTITY REGISTRATION & ADMINISTRATION

“Help me register people affiliated with the university to participate in online activities.”

CUSTOMER ASKS:

ACCOUNT & CREDENTIAL MANAGEMENT

“Give me and my users trustworthy identification to use online.”

CUSTOMER ASKS:

ACCESS GOVERNANCE & ADMINISTRATION

“Help me manage how I enable and disable access to my resources.”

CUSTOMER ASKS:

PROVISIONING & INTEGRATION

“Help me integrate with identity services and orchestrate processes to provision data and access.”

CUSTOMER ASKS:

ACCESS CONTROL

“Help me authenticate and authorize users as they access my resources and make online transactions.”

CUSTOMER ASKS:

REPORTING & ANALYTICS

“Give me reports and activity data I can analyze to make decisions and manage risk.”

CUSTOMER ASKS:

IAM VISION

“Trusted online identities enriched with the attributes of the UW.”

INSPIRES OUR WORK & CREATIVITY

IAM MISSION

“To help our community apply IAM solutions in ways that promote trust, privacy, collaboration, and innovation in research and education.”

GIVES OUR WORK PURPOSE & DIRECTION

REFERENCE ARCHITECURES

>Help us manage complexity in an evolving ecosystem

>Help us develop situational awareness

>Help us provide guidance>Help us communicate consistently>Help us identify costs of decisions

PURPOSE

IAM REFERENCE BRICKS

A “brick” describes the status of technical standards, protocols, service options, and other technologies used for identity and access management (IAM) within the IT environment at the University of Washington.

PURPOSE

IAM REFERENCE BRICKS

Each “brick” focuses on a set of IAM technologies from the same functional area and uses the same set of designations to describe the lifecycle status of individual options coming into or exiting from the environment.

WHAT

IAM REFERENCE BRICKS

Each “brick” focuses on a set of IAM technologies from the same functional area and uses the same set of designations to describe the lifecycle status of individual options coming into or exiting from the environment.

WHAT

BRICKS TEMPLATE

The template describes the designations used within a brick to categorize technology options according lifecycle status, related customer risk, investment levels, support, adoption, etc.

HOW

BRICKSTEMPLATE

HOW

BRICKS PRACTICE

BRICKS PRACTICE: STRATEGY MAP

BRICKS PRACTICE: STRATEGY MAP

BRICKSTEMPLATE

HOW, CONT.

BRICKS PRACTICE