Click here to receive your FREE subscription to Campus Technology
Opinion
The Case for Identity Management
8/28/2006
By Doug Gale
What is your school’s identity management (IdM) strategy? Do you really need one? IdM is a cornerstone both for cyber security and for privacy compliance (now a particularly hot issue in health information management as institutions struggle to comply with HIPAA regulations) – so the answer to the latter question should be a big yes. But understanding the elements that comprise IdM – and finding a long-term way to balance IdM’s costs with its benefits – can be a challenge.
Months ago in Campus Technology, I identified four underlying components of IdM: identification, authentication, authorization, and directory services. I then elaborated on the first two. In this article, we focus on the remaining two components – authorization and directory services – as well as how to sell the need for an IdM strategy to your campus.
Authorization is the process that determines what network-based resources a user is allowed to access. For example, a student may be allowed to access his or her own student records, but not those of another student. The information that specifies what individuals are authorized to access may be stored in multiple databases maintained by different administrative units.
While the process is conceptually simple, it is complex to execute. Defining authorization on a case-by-case basis is extraordinarily time-consuming. Other schemas, based upon an individual’s role, organizational structure, or policy, are fraught with exceptions. The need to translate complex policies into automated combinations of more basic attributes is an area that is rapidly evolving, and campuses will benefit from following the activities and guidelines of national organizations.
Authorization information or its location is typically consolidated in a “directory,” normally spanning a single campus or enterprise. Which brings us to the next component of IdM: directory services.
Directory Services
Directory services were once viewed as little more than online enterprise or network “white pages,” containing network user information such as a person’s name, title, location, network ID, e-mail address, and phone number(s). Now, directory services are becoming the central point for creating, storing, and maintaining user identities and privileges, and for management of network and application access. As the number of shared enterprise applications increases, directory services have become the answer to integrating and managing this complex online environment. This solution also reduces dependence on manual or disconnected directory maintenance processes, streamlines access, and minimizes risks to associated resources.
Fortunately, there are mature and well-defined standards, even cookbooks, for directory services. Yet not all of them fully address higher ed’s unique needs.
Recommended Reading
- Getting the Money Right
A clear sign that online and distance learning is maturing is that we are struggling with how to organize and fund these programs on an ongoing basis.
- Technology and Campus Services
Can auxiliary services be mission-critical? You bet they can. With tuition on the rise, Auxiliary Services departments at a variety of colleges and universities are proving that they can innovate and still save their parent institutions cash.
- Ad It Up
Commercials on television tend to enrage me and laugh tracks are guaranteed to give me a headache. Plus, where do people find the time to watch TV?
- What Is the Purpose of an Electronic Portfolio? Is the Answer the Key to Your Successful Implementation?
Among many themes, Margaret Price explores the theme of purpose in her Viewpoint. One purpose of ePortfolio is to reflect on change from a beginning to a later point in time. In a future Viewpoint, Margaret will return to the SpEl.Folio and we’ll see how her thinking and her project have evolved.
- Making Faculty Smarter about Smart Technology
If you’re not also enabling the ‘why’ or ‘what’ behind the tech tools you give your faculty, you’re not enabling effective use of those tools.
- Smashing the Shackles of Intentionally Dysfunctional Technology
Until last week, it hadn’t "clicked" inside my head that the Library of Congress could or would make specific exemptions to copyright laws.
