11
Governance in Identity Governance in Identity Management Management Federations Federations
Clair Goldsmith, Ph.D.Clair Goldsmith, Ph.D.
The University of Texas System AdministrationThe University of Texas System Administration
22
Governance: A DefinitionGovernance: A Definition
““It is the process through which a It is the process through which a group of people make decisions that group of people make decisions that direct their collective efforts.” direct their collective efforts.”
Institute on GovernanceInstitute on Governance
It is fluid, time-consuming and unpredictable It is fluid, time-consuming and unpredictable Complicated by number and variety of Complicated by number and variety of
stakeholdersstakeholders Focuses on strategic aspects of decision-Focuses on strategic aspects of decision-
makingmaking
33
Why is Governance Why is Governance Needed?Needed? Oversight and Conflict ResolutionOversight and Conflict Resolution
Establish and manage trust agreementsEstablish and manage trust agreements
Determine direction and formulate policyDetermine direction and formulate policy
Ensure services meet business needs Ensure services meet business needs while maintaining the appropriate while maintaining the appropriate security and compliance with legal security and compliance with legal requirementsrequirements
Establish and communicate operational Establish and communicate operational standards and processesstandards and processes
44
What is the Alternative?What is the Alternative?
Collection of one-to-one agreementsCollection of one-to-one agreements
Conflicting agendas and no common Conflicting agendas and no common goalgoal
No technology standards and No technology standards and inconsistency in operating practicesinconsistency in operating practices
No assurance of appropriate security No assurance of appropriate security and compliance with legal and compliance with legal requirementsrequirements
55
Governance ModelsGovernance ModelsHomogeneous Homogeneous
InstitutionsInstitutions Operating Standards and Operating Standards and
Practices may vary from Practices may vary from institution to institution, institution to institution, but… but…
Governance policies Governance policies should be relatively should be relatively consistent, and…consistent, and…
Legal requirements Legal requirements should be similar if not should be similar if not the samethe same
ConsiderationsConsiderations Governance may be Governance may be
more tightly more tightly structuredstructured
Governance through Governance through Executive Committees Executive Committees or Governing Boardsor Governing Boards
Key executives make Key executives make decisionsdecisions
66
Governance Models Governance Models (cont.)(cont.)
Diverse InstitutionsDiverse Institutions Operating Standards Operating Standards
and Practices vary and Practices vary from institution to from institution to institution, and… institution, and…
Governance policies Governance policies are not consistent, are not consistent, and…and…
No formal authority to No formal authority to force a decision, and…force a decision, and…
Legal requirements Legal requirements may not be similar at may not be similar at all.all.
ConsiderationsConsiderations Governance may be Governance may be
more loosely more loosely organizedorganized
Reliance on advisory Reliance on advisory groups to formulate groups to formulate recommendationsrecommendations
Guidance through Guidance through Steering CommitteesSteering Committees
Collegiality as Collegiality as opposed to strong opposed to strong governancegovernance
77
Where Does The University Where Does The University of Texas System Fit?of Texas System Fit?
HomogeneousHomogeneous• Share a common Share a common
MissionMission• Same governance Same governance
body and consistent body and consistent governance policiesgovernance policies
• Same legal Same legal requirementsrequirements
And Also DiverseAnd Also Diverse• Significant Significant
differences in size differences in size and budgetsand budgets
• Significant Significant differences in culturedifferences in culture
• Institutions enjoy Institutions enjoy considerable considerable autonomyautonomy
• 16 “stovepipes”16 “stovepipes”
16 Institutions16 Institutions• 9 General Academic institutions9 General Academic institutions• 6 Health institutions6 Health institutions• 1 System Administration1 System Administration
88
The most common examples are:The most common examples are:
Governance Models in Governance Models in Shibboleth FederationsShibboleth Federations
Diverse Homogeneous
InQueue InCommonUT System EAF
99
UT System IdM FederationUT System IdM Federation Test Identity Management Federation Test Identity Management Federation
ExistsExists
Initially, for UT institutions only: Sixteen UT Initially, for UT institutions only: Sixteen UT member institutionsmember institutions
UT System Identity Management Federation UT System Identity Management Federation Board appointedBoard appointed
Policy Documents createdPolicy Documents created
Will operate under the authority of the UT Will operate under the authority of the UT System Board of RegentsSystem Board of Regents
1010
UT System IdM Federation UT System IdM Federation (cont.)(cont.)
Five Shibboleth Applications in ProductionFive Shibboleth Applications in Production The guest wireless network at System AdministrationThe guest wireless network at System Administration
The Monthly Financial Reporting application (MFR) is used The Monthly Financial Reporting application (MFR) is used by budget coordinators from each UT institution.by budget coordinators from each UT institution.
Shibboleth version of Blackboard at the UT Health Science Shibboleth version of Blackboard at the UT Health Science
Center at Houston to provide courses offered by the Health Center at Houston to provide courses offered by the Health Science Center to students at M.D. Anderson.Science Center to students at M.D. Anderson.
Research Collaborations Inventory application at UT Research Collaborations Inventory application at UT
System Administration Academic Affairs to report on System Administration Academic Affairs to report on collaborative research efforts throughout the UT System.collaborative research efforts throughout the UT System.
Time Sheet application at the Office of Facilities Planning Time Sheet application at the Office of Facilities Planning
and Construction used project managers at several UT and Construction used project managers at several UT institutionsinstitutions
1111
What is Needed?What is Needed?
VisionVision
Business Business DriversDrivers
A PlanA Plan
Executive Buy-Executive Buy-InIn
FundingFunding
It Is It Is
A A
Continual Continual
ProcessProcess
1212
UT System IdM Federation:UT System IdM Federation: GovernanceGovernance
UT System Strategic Leadership Council
UT System Institutions
Rep
rese
nta
tio
n
and
Init
iati
ves
UT System IdM Federation Board
IT M
gm
t Prin
ciples
and
Po
licy
Business Drivers
Statem
ent o
f D
irection
Bo
ard
Mem
bersh
ip
Policy
Ou
trea
ch
1313
Governance: Issues to Governance: Issues to PonderPonder The Technical implementation aspects of
Federation can get way ahead of Policy and Governance
Governance entangled with power / Governance entangled with power / autonomy conflictsautonomy conflicts• Priorities vary by institutionPriorities vary by institution• Conventions may be seen as dictatesConventions may be seen as dictates
Managing trust relationships is complex enough when dealing with institutions within the same system (among “family”.) Complexity increases as diversity of membership increases
1414
Governance: Issues to Governance: Issues to Ponder Ponder (cont.)(cont.)
Indemnification• What happens when something goes
wrong? Who is liable?• How to handle intra-institutional
trust and indemnification
Federation to Federation Trust Agreements
1515
THANK YOUTHANK YOU