Identity Management Architecture Principles and Standards
Policy | Standard | Procedure | Informative
Version:
Last Updated: 8/25/06
University Computing and Communications Services
Identity Management Principles and Standards used in the design and implementation of Georgia State's networking infrastructure and for connection to that infrastructure.

About
Identity Management Principles
Identity Management Technical Standards
Help

 

About:

Identity Management Architecture Principles represent the highest level of guidance for technology infrastructure planning and decision making. Principles are simple statements of the University’s beliefs about how it wants to use Identity Management over the long term. They provide the primary linkage between business strategies and identity management strategies, and thus between the administration and management of the Identity Management system. Principles are derived from business goals and corporate values and play a key role in developing any technology architecture. They formalize a commitment by upper management to make investments in the Identity Management infrastructure. Three categories of Principles - Management, Vendor, and User - are presented for guiding current and future development of the Identity Management system.

Identity Management Architecture Technical Standards work in conjunction with Principles to create a uniform system. Standards are predetermined rules, which assure uniformity during the design and implementation phases of a new identity management infrastructure. The technical standards included in this document present those technical approaches that afford the best opportunity to meet the management principles and goals of the University.

Identity Management Principles:

Management Principles
Vendor Principles
User Principles

Management Principles (6)
Management Principles define how an organization addresses the use of identity management from a business standpoint. Issues include the acceptability of technological risk, requirement for flexibility, the use of identity management to differentiate Georgia State University, where architecture and design decisions are made, compliance stance and the acceptance of technology risk.

  1. The enterprise will mitigate or transfer risks appropriately, based on policy.

    Implications
    The University will assess risk and consequences on an individual project or basis and make decisions based on the individual project’s potential risks and rewards. These decisions will be guided by the Universities strategic directions and policies.

    Pros
    Risk acceptance and mitigation will be more aligned to the needs of the individual project and its strategic importance to the University.

    Cons
    The absence of a single simple guideline for risk acceptance will require additional time, resources and management attention to resolve risk acceptance and mitigation issues.

  2. The identity infrastructure will enable the flexibility to support future applications.

    Implications
    The Identity Management system will over time encompass all or most computing systems including future new systems.

    Pros
    • IT infrastructure could accommodate new applications at a rapid rate.
    • Developers would not have to worry as much about capacity constraints or availability of appropriate identity or privacy protections in developing new applications.
    • Users are able to experiment more with new applications and may discover new uses for the servers and the network.

    Cons
     Total expenses would be higher because capacity that might never be used, such as underutilized storage, server processing power, and advanced features or functions, would be implemented.
     Managing the identity infrastructure could be more difficult because more generalized technology may be more complex.
    Generic identity management systems might not offer full coverage for functionality in the specific applications deployed by the University.

  3. The University will manage the identity infrastructure as a production mission critical infrastructure cost center.

    Implications
    The Identity Management System will be critical to the efficient operation of the University, but it is not considered as strategic differentiator for the University. Enhancements and additions will be weighed on the basis efficiency gains, expense reductions and proven business cases.

    Pros
    • IT costs will be lower.
    • Continuing expenses will be predictable.
    • The applications environment for users and developers will be more stable due to fewer changes.
    • Training and maintenance costs may be lower due to a more stable environment.

    Cons
    • There may be an inability to capitalize on new technology and innovations that could provide competitive advantage
    • The lack of new additional identity information might make it difficult to develop new innovative personalized applications.
    • Talented employees may leave to work in enterprises with newer and more exciting technology.

  4. Identity Management infrastructure decisions are made at the University level.

    Implications
    A central identity management agency has the best information for making the decisions across the enterprise. This makes for easier overall management of the Identity Management System, in that it has the efficiency of a single decision maker. Enforcement of standards is easier here since installation and operations are centrally administered and procedures are centrally developed and distributed.

    Pros
    • Decisions can be made more quickly by a centralized group.
    • There is clear understanding and coordination of enterprise-wide actions.
    • IT resource management is easier.
    • Costs are easier to derive and allocate.

    Cons
    • Variations in local requirements may be harder to implement because they require central permission and coordination.
    • Responsiveness to users may be more difficult to achieve.
    • Retention of departmental unit IT staff may be more difficult, particularly if they perceive themselves as “technical maintenance staff members” rather than IT professionals.

5. The University will put forth only the effort necessary to meet compliance requirements.

    Implications
    The University will meet, but not expend resources to exceed in complying with regulations.

    Pros
    • Costs of compliance are minimized.
    • Technology choices may be more varied, because compliance-related controls are minimal.

    Cons
    • Judicial or administrative regulators may not consider the enterprise's “minimal” effort sufficient, and consequently may deem it noncompliant.
    • Knowledge of the minimal compliance stance may inhibit implementation of otherwise beneficial IT projects.
    • Minimal security technology might not cover threats posed by typical attacks, thus subjecting the enterprise not only to compliance scrutiny but also to damaging intrusions or security breaches. The university may only be postponing the inevitable cost of stronger compliance. Legislative or administrative changes such as new regulations might cause costly and intrusive projects to become compliant on an emergency basis.

6. The University will manage the identity infrastructure as a production mission critical infrastructure
cost center.

    Implications
    New IT technologies and services would not be implemented until after they are proven to be successful in order to:
    • Minimize the risk in the near term and reduce learning curves for faculty, staff and students.
    • Minimize internal technical support requirements

    Pros
    • This approach reduces costs and risk by avoiding investments in technologies or services that are not proven.

    Cons
    • The University may lose some standing to early adopters willing to make investments in new unproven technology.

Vendor Principles (4)
Vendor Principles address aspects of network technology procurement and relationships with suppliers of hardware, software, and services. They address issues such as preferred vendors, degree of vendor independence, or degree to which partnership arrangements are acceptable.

    1. Novell Inc. is the universities strategic identity management vendor and where possible and reasonable Novell’s identity management tools will be implemented.

      Implications
      With this Principle, the university puts its faith in the abilities and product direction of Novell. As long as Novell’s product line and direction continues to fits the needs of the university, this is very efficient method of doing business. It leverages the universities existing investments in software and staff expertise in Novell technology.

      Pros
      • The Novell Academic Licensing program provides very low cost access to Novell’s extensive and mature Identity Management Suite.
      • Interoperability may be eased, at least for products from the same vendor.
      • Some System integration help is usually available at no cost
      • Total costs may be lower because of the lack of integration costs.
      • When security failures or performance problems are encountered, having fewer vendors can reduce finger pointing.

      Cons
      • If the vendor is not tracking mainstream or current identity management technologies, the enterprise may find itself at risk in a technological dead end.
      • Due to lack of competition, prices may go up once the enterprise is locked into using a particular vendor.
      • New technologies may be more expensive to integrate if they come from a vendor other than the strategic one.
      • A single vendor may suffer from common exploitable security failures among its products.

    2. The university will implement open protocols and solutions where practical, but recognizes that many portions of a complete Identity Management solution will utilizes close or proprietary products and interfaces.

      Implications
      This principle recognizes that while open interoperable solutions are desirable, that the current state of open technologies is not mature and full featured enough to support a completely open identity management system implementation.

      Pros
      • Individual components will utilize the open or closed solutions and protocols best suites to that components needs.
      • Closed or partially closed products may be more effective or efficient than ones using only lowest-common denominator standards.
      • Open, interoperable products give the enterprise considerable flexibility in deployment and choice of vendors.

      Cons
      • Requires that each component be individually asses as to whether an open or closed solution is appropriate
      • Will experience the disadvantages of both types of approaches on an individual component level.

    3. The university will only buy from well-established vendors with large market shares.

      Implications
      Larger companies with an established track record are better, more reliable, and less risky. However, adopting such a principle can be limiting since it precludes taking advantage innovative new venture-funded startup vendors.

      Pros
      • Major suppliers have established channels and inventories that can ensure that customers get on-time delivery of products or services.
      • Administration of vendors is easier because there are typically fewer of them with larger, "mature" vendors.
      • Less risk of the vendor going out of business or dropping a product line, leaving the enterprise with unsupported products.
      • Mature vendors typically have a better developed service and support infrastructure.
      • Large market share equates to large market acceptance and therefore higher likelihood of 3rd-party vendor support or ancillary products/services.

      Cons
      • Prices may be higher in some cases due to the overhead needed to maintain inventory and administrative staff.
      • Attention and support may not be as personal as it could be from a small startup firm with fewer customers.
      • Well-established vendors usually are slower to introduce new products, because they have to worry about compatibility with an installed base of products and customers.
      • Well-established vendors are susceptible to business failure, merger or acquisition.

    4. The enterprise will own, operate, and control all IT services and applications related to identity management.

      Implications
      This position implies that the university will own private IT resources, such as computers, network, security, and storage. The enterprise will employ people to operate the IT resources. IS&T will also own and operate facilities to control the IT resources and will have responsibility for managing digital identities for the university.

      Pros
      • The university can maintain more complete control over the IT infrastructure's operation and potentially provide a higher level of security for applications that need it.
      • More flexibility is provided; the university is free to make changes to IT services, and security infrastructure whenever necessary.
      • The university may be able to obtain unique features not supported by some outsourcers (for example, unique support, specialized equipment, or geographic reach).

      Cons
      • It may be difficult to find and retain the skilled in-house staff necessary to plan or operate a complex IT services infrastructure.
      • Support costs may be higher if some of the technology is not mainstream.
      • The enterprise may not have the same economies of scale as outsourced service providers, resulting in higher total cost of ownership.

User Principles (2)
User Principles address the responsibilities and capabilities of individuals, groups, and business units outside the IT department who ultimately use the products and services provided by IT, or create applications and use patterns that affect the IT infrastructure.

  1. Users and applications can access and utilize the IT infrastructure with appropriate strength credentials, ranging from ordinary passwords over encrypted links to two factor or biometric credentials.

    Implications
    There is sensitive information within the University, but much of the information is not of a sensitive nature. Stronger authentication methods will be employed in a subset of users and applications where the risk and costs justify them. The initial user identification and authorization must be just as rigorous as the subsequent strong authentication processes.

    Pros
    • The cost and interoperability issues of strong identification, authentication, and assurance services are only incurred when deemed necessary
    • There is greater ease of use and convenience for users.

    Cons
    • New applications must address the limitations of enterprise security. Programs have lower surety about the users they are dealing with and mitigate risks in the application.
    • Strong identification, authentication, and high assurance when employed coma at a relatively high cost; budgets must address the credentials, credentials management, administration, and support.
    • Some desired applications may not work with the high-assurance infrastructure, or may require additional integration.
    • Users may find strong credentials inconvenient when employed, and the authorization may slow down registration and provisioning processes.
    • Additional servers and services are required for establishing, issuing, and validating credentials. These new services will make the infrastructure more complex, and risk aggregation issues must be resolved.

  2. IS&T must approve all new identity management applications and uses of identity management services.

    Implications
    This protects the identity management systems from applications, devices, or networked computers that are not “good network citizens,” such as those that make inefficient use of IDMS services or do not properly protect the identity information they access. An application approval process would be defined wherein new applications would be tested and examined to ensure that proper care and use is made of identity information.

    Pros
    • IdMS crashes or slowdowns due to unexpected service demand are reduced.
    • Critical applications get resources when needed.
    • Applications can be catalogued for risk assessment and management.
    • Costs are lowered as nonessential applications become restricted in their use of expensive resources.

    Cons
    • Testing and approval increases time to implement for new applications
    • This principle may be difficult to enforce.
    • Innovation may be reduced because experimentation is discouraged.

Identity Management Technical Standards (10)

  1. CampusIDs represent either individuals or non-person entities such as organizational units, devices or administrative roles.

    Position:     Identity management encompasses identities of not just individuals, but of other entities that require account provisioning and management. Examples of such entities may include administrative roles, organizational units, printers, servers and other network devices.
  2. An individual may have one and only one CampusID.

    Position:     Individuals must be uniquely identified by their Campus ID. A one to one relationship between individuals and their personal Campus ID is necessary to provide for the consistent and correct provisioning and deletion of accounts. Multiple individual Campus IDs would create confusion and incorrect assignment of authentication and authorization credentials. Individuals may sponsor or have sponsored for them non-person CampusIDs to perform roles assigned to them.

  3. A CampusID for an individual person is formed by default from the first letter of the first name plus the last name plus as many numeric digits as necessary to ensure uniqueness.

    Position:     A predictable, consistent and easily understandable naming scheme is a desirable feature for Identity management. Such account names are meaningful to customers and allow for easy identification of account holders.

  4. A CampusID will not be reused for a minimum of two years after it no longer has accounts provisioned to it.

    Position:     While it is desirable to reuse CampusIDs in order to preserve name space and minimize the use of appending digits for uniqueness, a period of retirement after use will minimize potential errors in authorization and access for a reused CampusIDs.

  5. The authoritative source of identity information for the Creator Identity Management system is the Person Registry.

    Position:     The Person Registry obtains and consolidates identity information from multiple authoritative source systems. As a relational database application it has the data manipulation and connectivity facilities to correctly correlate and consolidate multiple sources of identity information to a single entity.

  6. The Person Registry obtains identity information from the authoritative source system that originates that information.

    Position: The authoritative source system for faculty and staff information is the PeopleSoft Human Resource Management System used by the University. The authoritative source system for student information is the GoSOLAR Student Information System. The authoritative source of affiliate information is the Profile Manager.

  7. Affiliates must be sponsored by a current faculty or staff member.

    Position: Affiliates must be sponsored by a current faculty and staff member that attests to the relationship for the affiliation. Sponsors are responsible for the affiliate accounts actions.

  8. Affiliates will expire and must be renewed on a periodic basis.

    Position: Affiliations are not permanent and must be reaffirmed by the sponsor on a periodic basis. The length of affiliation will vary by the type of affiliation. If the sponsor does not reaffirm the affiliation, accounts provisioned to the affiliate will be revoked.

  9. The preferred application authentication method is the CampusID LDAP directory via secure version 3 LDAP API.

    Position:  LDAP authentication is a broadly implemented and open standard and is the preferred authentication method. Other authentication methods may be made available and utilized when LDAP is not supported. In some cases the sensitivity of the application data may preclude the use of the CampusID LDAP directory and sharing the password with other less sensitive and secure applications. In that case, LDAP authentication against a separate LDAP directory is the preferred technology.

  10. Passwords must be transported across the network either in an encrypted form or via an encrypted channel.

    Position: Passwords may not traverse the network in the clear. Connection to the authentication source must be performed with either an encrypted transport or with encrypted passwords. The connection between the application client and the application must transport the password in a secure manner.

Help:

If you have questions please contact the Help Center for assistance help@gsu.edu or (404) 413-HELP (4357).
 

Back to