Implementation Roadmap

Extending the Reach

Future Events

Internet 2

Educause

SURA

Context and Background

NMI-EDIT has concluded, as it was tied to a specific NSF program that is no longer active. For updates and current information about identity and access management tools and practices developed by the Internet2 Middleware Initiative (I2MI), InCommon, and the EDUCAUSE Identity and Access Management Working Group.
This website is maintained for archival purposes only...

What is Identity and Access Management?

A key component of security plans is well-managed access to services that protect online resources and user privacy while enabling ease of use. Identity management is the policy-driven process of consolidating identity information of interest and providing to appropriate access-related services (such as authentication and authorization) and applications for their use. Working together, these systems answer questions like

Technology Components

An identity and access management infrastructure comprises five interrelated and overlapping services; the links below point to more detailed discussions of each area as linked from the Internet2 Middleware Initiative web site.

Directories enable users and applications to find information ("attributes") about people and things ("entities"). Directories are the operational hub of middleware. For help in implementing one, refer to the Enterprise Directory Implementation Roadmap

Identifiers are labels for entities. Interoperable, consistently administered sets of identifiers are necessary to deal with the enormous numbers of entities of many different kinds found on the Internet. Giving users control over their identifiers is at the heart of the problem of ensuring privacy.

Authentication is the process of verifying that the use of an identifier is valid. Typically authentication is done by a user presenting a password, smartcard, or electronic credential.

Authorization is the process of deciding what an authenticated entity is allowed to do. For example, being a member of a campus community might permit a user to access a digital library; being a departmental staff person might permit a user to commit resources and hire people; being a member of a scientific workgroup might permit a user to control a remote scientific instrument.

Public Key Infrastructure Public Key Infrastructure (PKI) is based on the exchange of electronic credentials called certificates.

More Information

For futher background, refer to the following articles:

Identity and Access Management and Security in Higher Education (PDF) provides an overview of the subject, the issues involved with implementing these important infrastructures, and next steps for campuses.

Middleware: Addressing the Top IT Issues on Campus (PDF) provides background and rationale for middleware deployments as critical new infrastructures.

Beyond Bandwidth... (PDF) provides perspective on the next challenges of our growing reliance on global networked computing.