KEASK-State Enterprise

Authentication System

CITACApril 26, 2002

April 26, 2002 CITAC Briefing 2

Project Management Staff

Harvard TownsendSenior Management Sponsorharv@ksu.edu532-6311

Neil ErdwienSenior Technical Sponsorneil@ksu.edu532-4905

Chuck GouldProject Managerchuck@ksu.edu532-4923

Project Web Site: keas.cns.ksu.edu

April 26, 2002 CITAC Briefing 3

Agenda

• Project scope – Harvard

• Authentication 101 – Neil

• Discussion/Questions

April 26, 2002 CITAC Briefing 4

The Goal

• Build a university-wide directory and authentication service to support authorized access to university information and technology resources.

• Store identity + role information about EVERYONE affiliated with K-State.

• Using state IT Project Management Methodology to guide the process

• Expect to complete phase I in April, 2003

April 26, 2002 CITAC Briefing 5

Why?

• Multiple IDs and passwords– Goal: One (few?) ID and password to remember– Goal: Uniform ID name space

• Complexity for user and for system administrators– Goal: Reduced frustration for users and simplified access to IT

resources– Goal: Reduced management costs– Goal: Replace current CNS ID management system

• Support for distance students– Goal: Same access as resident students– Goal: Instant access

April 26, 2002 CITAC Briefing 6

Why?

• Support new applications– Foundation technology for III, SIS/FRS, digital

library, portal, wireless networking, Peoplesoft 8, etc.

• Improve security– Fewer passwords to keep track of– Password stored in fewer places– Can force choosing “good” passwords– Simplifies shutting off people’s access

April 26, 2002 CITAC Briefing 7

Why?

• Authenticate with other universities– Goal: support EDUCAUSE EduPerson

initiative– Goal: Inter-realm authentication with KU

• Transaction integrity (PKI)– Goal: encrypt e-mail– Goal: validate sender– Goal: guarantee message not altered

April 26, 2002 CITAC Briefing 8

Phase 1

• Uniform ID/name space• Build directory service with ID/password

authentication• Directory-enable central services managed by CNS:

– Central e-mail server (POP/IMAP)

– Central UNIX and Web servers

– Netscape Calendar

– SAMBA server

– Remote access to library electronic journals and databases

April 26, 2002 CITAC Briefing 9

Phase 2 Possibilities• K-State Online• KATS• Telecom dialup modems• PeopleSoft• Wireless network• Novell NDS• Microsoft Active Directory• Departmental servers/applications

April 26, 2002 CITAC Briefing 10

Later Phases

• K-State Web Portal• III• SIS/FRS replacement• Authenticate with other universities• Public Key Infrastructure (PKI) for digital signatures,

secure messaging• Single sign-on where you authenticate once and get

access to all the services you need without re-entering the authentication information

April 26, 2002 CITAC Briefing 11

Authentication 101

Neil Erdwien

April 26, 2002 CITAC Briefing 12

April 26, 2002 CITAC Briefing 13

Authentication vs. Authorization

• Authentication is checking credentials to verify identity

• Authorization is the use of identity to control access to resources

April 26, 2002 CITAC Briefing 14

April 26, 2002 CITAC Briefing 15

April 26, 2002 CITAC Briefing 16

April 26, 2002 CITAC Briefing 17

April 26, 2002 CITAC Briefing 18

Unified Name Space

• Existing systems have separate name spaces• Integration with KEAS will have name conflicts• Possible scenarios (3-8 character IDs)

– Eliminate student license plate IDs?– Personal preference, first come, first serve for all

faculty, staff, and students?– Standard naming convention?

• 1st initial, first 7 characters of last name• 1st initial, 2nd initial, first 6 characters of last name• Conflict resolution, i.e. jsmith05@ksu.edu

• Steering committee will decide in June.

April 26, 2002 CITAC Briefing 19

• Questions?

April 26, 2002 CITAC Briefing 20

April 26, 2002 CITAC Briefing 21

Who Is On The Steering Committee?

• John Streeter, ISO• Mike Crow, Registrar• Patricia Havenstein, Human Resources• Tom Schellhardt, VPAF• Roger Terry, IET• Robert Burgess, Housing• Pat Akard, Faculty Senate• Karen Cole, Hale Library• Rebecca Gould, iTAC• Rob Caffey, DCE• Dave Hillier, DIA• Gail Simmonds, Salina• Andrew Bell, Student Senate

April 26, 2002 CITAC Briefing 22

How Long Will The Project Take?• Project plan approved January 25, 2002.• Requirements defined – January through mid-May 2002.• LDAP solutions tested and selected – January through

February 2002.• Design developed – mid-May through June 2002.• LDAP server implemented – July through October 2002.• Phase 1 applications converted to KEAS – November

through mid-February 2003.– UNIX, UNIX e-mail, Samba server– Hale Library services– K-State web server, central calendar server– E-mail forwarding, White pages

• Documentation finalized, project closeout – mid-April 2003.