Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Filter by type
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Access Control [x]
- Authentication [x]
- Identity and Access Management [x]
- Cybersecurity (18)
- Authorization (7)
- Security Management (4)
- Single Sign On (SSO) (4)
- Information Technology Management and Leadership (3)
- Middleware (2)
- Network Applications (2)
- Network Security and Applications (2)
- Networking and Emerging Technologies (2)
- Policy and Law (2)
- Shibboleth (2)
- Digital Libraries (1)
- Enterprise Information Systems (1)
- Identity Theft (1)
- Outsourcing (1)
- Privacy (1)
- Staffing (1)
Identity management refers to the policies, processes, and technologies that establish user identities and enforce rules about access to digital resources. In a campus setting, many information systems–such as e-mail, learning management systems, library databases, and grid computing applications–require users to authenticate themselves (typically with a username and password). An authorization process then determines which systems an authenticated user is permitted to access. With an enterprise identity management system, rather than having separate credentials for each system, a user can employ a single digital identity to access all resources to which the user is entitled. Federated identity management permits extending this approach above the enterprise level, creating a trusted authority for digital identities across multiple organizations. In a federated system, participating institutions share identity attributes based on agreed-upon standards, facilitating authentication from other members of the federation and granting appropriate access to online resources. This approach streamlines access to digital assets while protecting restricted resources. [Source: 7 Things You Should Know About Federated Identity Management]
- New! 2011 ECAR Identity Management in Higher Education Report
- EDUCAUSE/InCommon Partnership: EDUCAUSE has partnered with the InCommon Federation to provide members who use our web resources, the benefits and ease of Federated Identity Management access.
- Identity & Access Management (IAM) Working Group: This EDUCAUSE working group operates an open mailing list for general discussion of Identity and Access Management (IAM) topics and maintains a website with additional resources and links. The Higher Education Information Security Council (HEISC) also maintains a chapter dedicated to Access Control as part of the Information Security Guide.
- IAM Tools & Effective Practices Wiki: The IAM Tools & Effective Practices project team (IAM-TEP) is focused on providing a set of resources for IAM Architects to use in implementing a cohesive program on their respective campuses.
- IAM Online: IAM Online is a new monthly series delivering interactive education on Identity and Access Management (IAM), including federated identity management essentials, advanced issues in IAM, and hot topics from the EDUCAUSE Identity and Access Management Working Group. Experts will provide overviews, answer questions and lead discussions.
- InCommon: The InCommon Federation eliminates the need for researchers, students, and educators to maintain multiple passwords and usernames. Online service providers no longer need to maintain user accounts. Identity providers manage the levels of their users' privacy and information exchange. InCommon uses SAML-based authentication and authorization systems (such as Shibboleth®) to enable scalable, trusted collaborations among its community of participants. InCommon also offers a Certificate Service for the higher education community, as well as a number of training and education programs such as CAMP.
- National Strategy for Trusted Identities in Cyberspace (NSTIC): Resources include a July 2011 response to the Department of Commerce Notice of Inquiry for Models for a Governance Structure for NSTIC (prepared by EDUCAUSE, Internet2, and InCommon).
- Shibboleth®: The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.
- US Trust Federations: This community collaboration group is exploring the building of federations within and across state boundaries. Invited participants include StateNets and Higher Education Systems staff. This effort is supported by and .
Updated July 2011
InCommon will be heavily involved in a $1.8 million grant awarded to Internet2 to build a consistent and robust privacy infrastructure. Partners include Carnegie Mellon, Brown, University of Texas...
Virginia Tech has become the first identity provider to achieve Bronze and Silver certification as part of the InCommon Assurance Program.
The annual EDUCAUSE Conference in Denver will provide an opportunity to explore the range and depth of issues that campuses must consider as they build...
Advance CAMP will be held October 4-5, 2012, after the Internet2 Fall Member Meeting in Philadelphia, PA. The meeting will feature an unconference-style agenda, providing substantial time for...
NSTIC Welcomes Trusted Federal Systems as Secretariat of the Identity Ecosystem Steering Group (IESG)
A major milestone in the implementation of the NSTIC, "Trusted Federal Systems (TFS) will facilitate collaboration among multiple stakeholders to help drive the creation of consensus standards...
Eve Maler, an expert on emerging identity and security at Forrester Research, discusses the past, present, and future of SAML in this webinar recording.
Library Items on this Topic
EDUCAUSE Library Items for Identity and Access Management
- Leadership Discussion: Identity and Access Management in Higher Education
Wednesday, May 29, 2013 8:30am-9:30am
A session at the Southeast Regional Conference
Has your campus established an enterprise strategy for identity and access management? Does your IAM architecture facilitate easy migration to the cloud? Is your IAM system standards-based and inte…
- Account Provisioning/De-Provisioning Table
December 8, 2009
The account provisioning/de-provisioning spreadsheet is one example of an institution's attribute mapping table for campus roles and services. The accompanying Word document provides a brie…
- Flexible Access Control: Shibboleth and the InCommon Federation
February 20, 2008
A session at the EDUCAUSE Southwest Regional Conference 2008
Texas A&M deployed Shibboleth single sign-on and federating software to control access to on-campus applications as well as licensed third-party course content through the InCommon Federation a…
- Protecting Networked Assets: Logical- and Physical-based Access Control
February 14, 2008
How can IAM be helpful in managing network intrusion and access? A researcher wants to show a national grid-enabled resource to her class, but can't access it because she's in a classroom…
- Appropriate Access: Levels of Assurance
February 14, 2008
A level of assurance (LoA) refers to the degree of certainty that (1) a resource owner has that a person's physical self has been adequately verified before credentials are issued by a registr…
- Authorization Strategies Panel: Provisioning, Deprovisioning, and Related Methodologies
February 14, 2008
Provisioning access is an IAM function, and deprovisioning that access is a security objective. How might these combined objectives be met with common process, and what sorts of access should be ma…
- Seminar 01F - Architecting the Institutional Directory Service: Advanced Issues, Problems, and Solutions PLEASE NOTE: Separate registration and fee is required to attend this seminar.
October 23, 2007
A session at the EDUCAUSE 2007 Annual Conference
Institutional directory service architects and designers face a number of unique technical challenges in higher education. Directory architects from the University of Southern California and the Un…
- Student Use of Rich Media
May 9, 2007
A session at the EDUCAUSE Western Regional Conference 2007
Many institutions provide rich-media environments for their students via podcasting and Webcasting. This presentation will report on two studies of how students use these media. Survey-response dat…
- AegisUSA and University of Colorado at Boulder - Managing the Life Cycle of Users Through Identity and Access Management
April 11, 2007
A session at the Security 2007
Institutions of higher education must assess and balance specific security actions against the fundamental commitment to freedom and openness that lies at the heart of academic values. Learn how CU…
- Affiliates/Guests: Who Are These People, and How Do We Give Them Services?
January 17, 2007
A session at the EDUCAUSE Mid-Atlantic Regional Conference 2007
The University of Maryland provides limited services to affiliates/guests (not faculty, staff, or students). Previously, there was no coordinated process or system to track this population, facilit…