Version 1.1.0 published March 21, 2018
Strategy Statement: The UW community applies IAM solutions in ways that promote trust, privacy, collaboration, and innovation in research and education.
Vision: Trusted online identities enriched with the attributes of the UW.
Misuse of SSN data puts customers at risk of identity theft and fraud.
Large quantities of SSN data stored in UW Identity Registry (over 1 million customers).
Cost for breach notifications required by law, plus support ($50/person).
Current: Support TIER
Future: Identity Verification Modernization; Disuser Process Modernization; Remove SSNs from Identity Registry
Reduced enterprise risk.
Increased number and kinds of customer relationships – student, employee, applicant, parent, alum, donor, research collaborator, visitor, etc.
"Bring Your Own Identity" – customers with pre-existing digital identities expect to reuse them, link them to their UW affiliations, and self-manage their scholarly identities.
Current: Support TIER; Use of preferred names
Future: Integrate ORCID Researcher Identifiers; SelfSvc5 - User-Centric Profiles & Privacy Controls; Preferred Pronoun
Customers control their own identity data, profiles, and privacy.
IT customers want enterprise solutions for IAM data integration, reporting, and analytics.
"Software defined everything" – increased adoption and use of APIs.
Open and community standards for identity data.
Current: Support TIER; Contain use of LDAP
IT customers use UW-IT IM services for identity data integration, reporting, and analytics.
Password compromises due to phishing, password reuse, malware, etc., resulting in customer identity theft and fraud by cybercriminals.
"Bring Your Own Device" – customers already posses devices like smart phones and U2F devices used for second-factor authentication.
System administrators, privileged accounts, and application identities with access to critical UW systems and sensitive institutional data.
Planned: Password Manager Service (LastPass); Disable Inactive User Accounts
Future: Cybersecurity - Expand MFA; Cybersecurity - Microsoft Infrastructure - PAM & PAWS
Reduced customer identity theft, financial fraud, and distress.
Increased collaboration in research and education nationally and globally, requiring federation and trusted identities.
Widespread adoption of industry and community standards for single sign-on (SSO) and federation.
Internet2 TIER initiative pools community resources to provide identity solutions aligned with R&E community needs.
Operations: Raise awareness of InCommon and eduGAIN; Advise customers on the institutional and community benefits of open interoperable standards for SSO and federation.
Current: Support TIER
Future: SIRTFI Security Incident Response Certification; SelfSvc4 - Groups 3.0
|A sustainable business model for sourcing IAM solutions aligned with R&E community needs.|
Applications across the UW enterprise and beyond need access to UW resources on behalf of individuals and data owners.
Increased frustration in developer community with lack of solutions for application identity and non-person authentication.
"Internet of Things" is on the rise. Increased number and kinds of devices and other non-person applications
Increased industry standardization around OAuth 2.0 framework for API security.
Organization: OAuth Learning
Current: Support TIER; InCommon OpenID Connect and OAuth 2.0 Working Group
Planned: OAuth for API Access
New OAuth 2.0 service enables applications to access UW resources made available through APIs.
Widespread adoption and use of IT services, by individuals, teams, and organizations.
Need to increase the agility and velocity of IT service delivery.
Cost of password resets.
Operations: Enroll customers in self-service password recovery.
Customers can quickly find and enable IT services.
Contributors: Nathan Dors, Michael Brogan, Brian Arkills
SoaP Template Version 2.1