Identity and Access Management

Misuse of SSN data puts customers at risk of identity theft and fraud.

Large quantities of SSN data stored in UW Identity Registry (over 1 million customers).

Cost for breach notifications required by law, plus support ($50/person).

Current: Support TIER

Future: Identity Verification Modernization; Disuser Process Modernization; Remove SSNs from Identity Registry

Reduced enterprise risk.
SSN data removed from Identity Registry.

Increased number and kinds of customer relationships – student, employee, applicant, parent, alum, donor, research collaborator, visitor, etc.

"Bring Your Own Identity" – customers with pre-existing digital identities expect to reuse them, link them to their UW affiliations, and self-manage their scholarly identities.

Current: Support TIER; Use of preferred names

Future: Integrate ORCID Researcher Identifiers; SelfSvc5 - User-Centric Profiles & Privacy Controls; Preferred Pronoun

Customers control their own identity data, profiles, and privacy.
Customers can use trusted identities to access UW resources.
UW attributes are added to customer identities.
Agile business processes for identity registration and self-service account linking.

IT customers want enterprise solutions for IAM data integration, reporting, and analytics.

"Software defined everything" – increased adoption and use of APIs.

Open and community standards for identity data.

Current: Support TIER; Contain use of LDAP

IT customers use UW-IT IM services for identity data integration, reporting, and analytics.
Increased use of UW canonical data model.
Increased use of TIER APIs, and community and Internet standards for storage and exchange of identity data.

Password compromises due to phishing, password reuse, malware, etc., resulting in customer identity theft and fraud by cybercriminals.

"Bring Your Own Device" – customers already posses devices like smart phones and U2F devices used for second-factor authentication.

System administrators, privileged accounts, and application identities with access to critical UW systems and sensitive institutional data.

Current: Support TIER; Pubcookie Retirement

Planned: Password Manager Service (LastPass); Disable Inactive User Accounts

Future: Cybersecurity - Expand MFA; Cybersecurity - Microsoft Infrastructure - PAM & PAWS

Reduced customer identity theft, financial fraud, and distress.
Reduced risk of breach of UW systems.
Reduced risk of unauthorized access to institutional data.

Increased collaboration in research and education nationally and globally, requiring federation and trusted identities.

Widespread adoption of industry and community standards for single sign-on (SSO) and federation.

Internet2 TIER initiative pools community resources to provide identity solutions aligned with R&E community needs.

Operations: Raise awareness of InCommon and eduGAIN; Advise customers on the institutional and community benefits of open interoperable standards for SSO and federation.

Current: Support TIER

Future: SIRTFI Security Incident Response Certification; SelfSvc4 - Groups 3.0

Applications across the UW enterprise and beyond need access to UW resources on behalf of individuals and data owners.

Increased frustration in developer community with lack of solutions for application identity and non-person authentication.

"Internet of Things" is on the rise. Increased number and kinds of devices and other non-person applications

Increased industry standardization around OAuth 2.0 framework for API security.

Organization: OAuth Learning

Current: Support TIER; InCommon OpenID Connect and OAuth 2.0 Working Group

Planned: OAuth for API Access

Future: Improve Accountability for System Access to Data

New OAuth 2.0 service enables applications to access UW resources made available through APIs.
Ownership and lifecycle of applications is defined and managed.
Reduced enterprise risk.
Reduce "friction"; increase developer agility.

Widespread adoption and use of IT services, by individuals, teams, and organizations.

Need to increase the agility and velocity of IT service delivery.

Cost of password resets.

Operations: Enroll customers in self-service password recovery.

Current: UW NetID Sign-Up Project; Support TIER

Future: SelfSvc4 - Groups 3.0; SelfSvc3 - Access Portal 2.0; SelfSvc5 - User-Centric Profiles & Privacy Controls

Customers can quickly find and enable IT services.
Reduce "friction"; more self-service.
Reduce support costs.
Streamlined access and team collaboration; improved audibility.