Delegated Access Control in AD using Grouper
Time 11/02/10 04:30PM-05:30PM
Duke University is engaged in a multi-quarter effort to enhance and integrate its institutional Active Directory offering with institutional IDM facilities -- economies of scale, coupled with the security and efficiency advantages of an IDM-integrate AD offering make a central AD environment attractive. A prerequisite for many departments' migration into a more centralized AD environment is the ability to provide bounded, granular delegation of administrative controls to departmental IT managers and IT staff while maintaining tight integration with institutional identity management systems. During the MACE-paccman session at the Spring 2010 MM, we outlined a prototype scheme for managing such access control delegation using institutional IDM information and Grouper groups and permissions. That scheme has been implemented and will be in production use within a dozen or more departments by November. This talk will cover the theoretical model being used, the technical implementation we've deployed, and some of the political and governance issues that have arisen during the implementation of the scheme, and will include a live demonstration of the implementation and time for open discussion and Q&A.
Speaker Rob Carter Duke University
Speaker Jeffry Handal Louisiana State University
Speaker Shilen Patel Duke University
Secondary tracks Middleware