Executive Summary

Develop your Plan for Change
Implement Change
Migrate to Production
Have a Nice Trip

Several new business needs are pushing campuses to rethink their authentication and related identity management infrastructures. These include: increasing legislation addressing identity protection and accompanying negative publicity associated with an identity “spill” or breach; the need to provide login credentials to non-traditional groups of users, such as student applicants, alumni, contractors, and friends of the library, and related concerns about how the recipients are managing these credentials and/or when to revoke them; and the work being done by the Federal government to streamline access to their applications that will require participating institutions to meet minimum operational, process, and policy requirements.

Taken together, accommodating these drivers requires:

  1. Changing existing common practice to accommodate these trends and migrate toward a model that is more consistent with an evolving federated world.
  2. Adopting an IT governance approach that centralizes policy and management responsibilities for authentication and other identity services that underlie campus-wide and high-security services.
  3. Understanding of the need for broad ownership of authentication-related business processes.

This approach does not preclude organizational units from managing independent services for specific portions of the community.

Develop Your Plan for Change

The first step to develop a high-level plan to help you move forward by identifying functions, process, policies, and technologies you need to implement to address your specific institution's drivers. Having this plan in hand allows you to address the identified gaps as the opportunity arises, such as coupling a new Web Single Sign-on service with an upgraded portal or establishing a higher level of assurance for higher-risk applications when implementing a new finance system.

To develop the plan:

  1. Define your challenge for change, including drivers to help determine where you need to go.
  2. Understand your organizations service requirements and accompanying framework to manage authentication on your campus.
  3. Develop a set of guiding principles that can be used to guide decision making.
  4. Inventory how your campus operates today.
  5. Analyze your target online services, who is using them, and what the risk issues are, and develop a list of technical architecture, business process, and policy gaps that need to be addressed to achieve 1 and 2 above.

Implement Change

This section provides a process you can use when working with the constituencies across campus to ensure your policy, business process, and technologies are all in sync with each other. It is important to work on these concurrently to achieve the right balance, since they are so interdependent.

Migrate to Production

To migrate the new infrastructure to production, pick a staging strategy, which might include selecting relatively low-impact or low-risk services for initial integration in order to prove the functionality and, gradually, the scalability of the new system. Also consider integrating one or two on-campus systems with business owners who are strong partners with whom you can work through political and technical issues early on.

Lastly, the campus authentication requirements will very likely evolve as new end-user groups are identified, and new technologies and services become available. As a result, decide how best to migrate the project governance team to an on-going function. The creation of a new or enhancement of an existing forum where these new issues can be brought to the attention of stakeholders for the ongoing maintenance of the authentication system is critical to the integrity of the integrated service and preserving the risk tolerance level of the institution.

Have a Nice Trip
As with many journeys, the road traveled becomes almost as important as arriving at the destination. The authentication landscape is a dynamic environment. It's time to review and adjust your institution's Roadmap again to determine next steps in your authentication service. Over time there will be new emerging needs and technologies to consider, and you may have to make adjustments with your governance team on the order or priority of items in your Roadmap as you progress.

Click [next] below for a look at some common concepts and terms referred to throughout the Roadmap.