Future Guest System (FGS)not FPS

NOTE: the FGS does not represent a real name. I just made it up.

What is FPS?

• An authentication system that allows users outside of Penn State to access Web-based applications inside of Penn State.– Currently FPS has 1.6+ million identities.– Features include:• Web-based account management system (

https://fps.psu.edu/).• Developer APIs.

Today’s Architecture

CACTUS

FPS

KerberosAccess

LDAPAccess

KerberosFPS

LDAPFPS

FPS Benefits

• Mitigates risk in that FPS users cannot use wireless and computer labs.

• Provides an identity instantly as opposed to the standard University process which can take up to 1-3 days.

FPS Problems

• Data Collection• Matching• Migration• Disjoint Name Space

THE FUTURE

The Future

• Penn State is currently developing a new Central Person Registry (CPR) that will consolidate identity information that is currently stored in separate non-integrated sources throughout the University.

CPR Architecture

Systems of Record

Registration Authorities

DatabaseWeb

Services

Service Providers

Data Views

Central Person Registry

Systems of Record

Registration Authorities

Service Provisioners

Data Views

DatabaseWeb

Services

Future Architecture

CPR

FPS

KerberosAccess

LDAPAccess

KerberosGuest

LDAPFPS

Benefits

• New system still mitigates risk as users cannot get on wireless or use lab machines.

• Matching is improved because it is done in the CPR as opposed to FPS, CIDR and CACTUS.

• A uniform name space will exist, the CPR will be responsible for provisioning identities, not the individual systems.

Benefits

• Migration will be a thing of the past.• The user will always have the same identity.