You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

From attendee #1:

PSU
LDAP is the data store as objects
100 or so role admins giving assignments
1000 or so people with assignments
10000s of assignments
no auto expiration or other limitations
not linked to IdM lifecycle
financially focused - need to do academic, research, hr

MIT
Delegation

Washington
Delegation
authorization poaching

directory specs?
federated users?
3-tier?

stanford
delegation
proxy
"acting approver"
IDE for creating priv systems

signet

-------------------
From attendee #2

There were presentations from Washington State, Penn State, Stanford, and MIT, outlining their current permission system work, and the major components of their architecture.

Take Aways:

  • Permissions to the rest of the Application world
  • Data out? XACML
  • IDE?
  • UI?
  • Layering as UI?
  • As a group, with greater interest / relevance for Developers:

o Data Classification

o BI

o Risk Mgmnt system integration

  • Central Mgmnt / Application Mgmnt
  • OSID

Issue: Often, Developers aren't interested in Security aspects of the functions they develop, or of the environment they develop for, until they HAVE to consider them in order to move out of development into testing / QA.

  • How can we get them interested and invested in Security so that it's a primary development aspect rather than being viewed as a minor aspect that needs to be added on.

o Management emphasis on Security and Security architecture as a major development concept

§ Security Policy

§ Integration with Enterprise risk assessment & management (HIPAA, ID theft, etc., Customer/Client satisfaction & retention)

o Development standards / policy

o Testing policy / process

o Promotion policy / requirements

Question: Are people here willing to share what they're doing in this area?

PSU: Renee Shuey is working PSU's Risk Management Team to review and update their policy. As it is defined, she will share the results with the group. i.e. She will identify the touch points of the policy and the SDLC / IdLM as applied to PMS. (IdLM = Idnetity Life cycle Management)

University of Washington - Ian Taylor will share the Questions and Answers of what they currently do for PMS and Developer discussions.

Mike Gettes drew a diagram which the group discussed and the finished image was:

  • No labels