The Enterprise Authentication Implementation Roadmap

Overview
The Roadmap Contents
Acknowledgements

Several new business needs are pushing campuses to rethink their authentication and related identity management infrastructures to enable appropriate interoperability with sister institutions, the Federal Government, industry, and other partners. The Enterprise Authentication Implementation Roadmap describes a recommended approach that campuses can use in building enterprise authentication services in this new environment. It attempts to help campuses develop appropriate processes and architectures, whether you are implementing a small project with an authentication component or retooling your environment in preparation for joining a federation such as InCommon®. This Roadmap also discusses identity management and the relationship between associated concepts as well as specific technology, policy and management issues related to enterprise authentication.

Overview

Authentication (and Identity Management) require close collaboration of the business units, IT, service providers, and users. The security of a particular service or system is only as strong as its weakest link.

Setting overall priorities for the service, prioritizing where the dollars are to be spent, setting appropriate expectations and plans, and effective training and communication are all critical.

The Roadmap Contents

The Authentication Implementation Roadmap has been gleaned from the work and experiences of many campuses and offers the following aids to IT management:

The Roadmap does not:

You may review this roadmap with specific questions relating to password reset practices, technologies, and the like; or you may have a small or large scope for your authentication-related project. Whatever your interest, you are strongly encouraged to read through The Need for Change and Develop your Plan for Change sections and begin aligning your practices and infrastructure, even in a small way, to accommodate this new model

Acknowledgments

The bulk of this work is derived from the MACE (Middleware Architecture Committee for Education), Internet2 and EDUCAUSE working groups and is the second in a series of Roadmaps providing guidance to higher education about implementing identity management. (See the Enterprise Directory Implementation Roadmap for information on deploying enterprise directories.) For a history of this Roadmap, see the Change Log.

This web site is a compendium of many individuals' experiences and knowledge. Many thanks are offered to Daniel Arrasjid, Tom Barton, Kathleen Barzee, Andrea Beesing, Jessica Bibbee, Mark Bruhn, Gary Chapman, Jacqueline Craig, Jim Dillon, Renee Frost, Scott Fullerton, Andrea Gregg, Keith Hazelton, Karl Heins, Paul Hill, Kevin McGowan, Margaret O'Donnell, Steve Olshansky, Barry Ribbeck, Jack Suess, David Walker, Steve Worona, and the Case Study authors, as well as Mike Stockwell from Cranking Graphics. All errors, misrepresentations, and confusions are solely owned by the persons responsible for the compilation and editing.

NSF Middleware Initiative
draft-internet2-mace-authentication-
implementation-roadmap-200608.html
August 2006
Editors:
Steven Carmody, Brown University
Ann West, EDUCAUSE/Internet2/
Michigan Technological University