...
Task | Limited Scope ............................................ | Broader Scope ............................................ |
|---|---|---|
Policy Steps |
|
|
1. Define who establishes various policies related to single sign-on (SSO) and authentication |
|
|
2. Have basic identity management policies in place, including data and service stewardship responsibilities and use of the system |
|
|
3. Have policy in place specifying whether NONE/SOME/ALL campus authenticated web sites are REQUIRED to use the central web single sign-on system |
|
|
Business Practice Steps |
|
|
4. Create Help desk support for users encountering problems accessing central web sites protected by SSO |
|
|
5. Reliably issue credentials to on-campus faculty/staff/students |
|
|
6. Create Help desk support for users encountering problems accessing department web sites protected by SSO |
|
|
Technical - Basic Identity and Access ManagementSteps |
|
|
7. Provision/de-provision accounts for and authenticate on-campus faculty, staff, and students |
|
|
8. Provision/de-provision accounts for and authenticate other constituencies (e.g. applicants, alums, affiliates) |
|
|
Technical - Shibboleth software Steps |
|
|
9. Install/operate/manage Shibboleth identity provider software |
|
|
Stage 1: Intra-campus Web Single Sign-on - Central and Department Service Providers
Task | Limited Scope ............................................ | Broader Scope ............................................. |
|---|---|---|
Policy steps |
|
|
10. Define how often service providers should refresh their metadata |
|
|
11. Promulgate policy describing process and constraints when a service provider is compromised |
|
|
12. Define minimum operational and environmental requirements for the remote server/application |
|
|
13. Define policies on log retention at service providers |
|
|
Business practice steps |
|
|
14. Create process to register a new service providers (e.g. site inspection requirements) |
|
|
15. Create problem resolution process for when users cannot access department-supported service provider |
|
|
16. Create process for service providers to report abuse of their site (e.g. such as by anonymous users) |
|
|
Technical - Basic Identity and Access Management Steps |
|
|
17. Provide technical support to department service provider sites, including documentation describing the web SSO service (description, process to participate, etc) |
|
|
Technical - Shibboleth Software Steps |
|
|
18. Manage the metadata describing service providers and provide mechanism for distribution |
|
|
19. Choose approach to PKI trust within the campus federation (rooted, self-signed) |
|
|
20. Provide installation instructions, configuration files and other local files (e.g. error pages, logos ) customized to the campus for the department sysadmins |
|
|
...