Skip to Content.
Sympa Menu

inc-student - IdM

Subject: InCommon Federation Discussions About Online Student Services

List archive

IdM


Chronological Thread 
  • From: Joanne Berg <>
  • To: Ann West <>, InC-Student <>, Joanne Berg <>
  • Subject: IdM
  • Date: Fri, 27 Jun 2008 11:21:03 -0500
Ann, et al
I attempted to copy and paste an article that I wrote with some folks here at Wisconsin a few years ago (2006). It was published in the Student Affairs Law and Policy Weekly. it offers some more of the "what next" pieces that are relevant to the piece we'll be talking about on the phone today.
Later,
Joanne
Identity Management (IdM):
A Case Study in Building an IdM Governance Process
by Joanne E. Berg, Associate Vice Chancellor and Registrar
Ron Kraemer, Deputy Chief Information Officer
Carla Raatz, Director of Human Resources
University of Wisconsin - Madison
Introduction:  What is IdM?
Identity management (IdM) allows us to tell if individuals are who they say they are, whether they are affiliated with our University and what entitlements that affiliation allows.  IdM permits data stewards and service providers to control access to information and/or services, according to an individual's identity, roles and responsibilities. New technology is enabling us to build an integrated network of relationships between data stewards and service providers while simultaneously minimizing the redundancies in how we capture and share the information necessary for effective and efficient customer service. Ideally, this integrated and networked infrastructure will further ensure individual privacy rights, support regulatory compliance, and secure essential university services and applications.  New technology will also enable us to provide elective services to students, faculty and staff while also extending select services to a larger campus community  which can include prospects, applicants, alumni, retirees, visitors, consultants and colleagues from other campuses with whom you may be collaborating.

BOX 1:  EXAMPLES IN REAL LIFE ISSUES
You just received a request from a pre-college program director who is asking for access to the library and a few other campus venues for approximately five hundred high school students.  The students, she explained, have paid a program fee and were told that they will have access to campus resources and services as if they were enrolled as a "real" student.  The students were promised a free city bus pass that is only available to individuals holding an official university ID Card.  The students are only on campus for two weeks.  The next day you have a meeting to discuss how to authenticate alumni to your portal so that they can electronically order their university transcript. Later the same day you're told that a faculty member's appointment ended yet they still need access to the portal to complete their grading for the term and to access their payroll and benefit information.  And you're reminded that the campus Bursar is interested in parents being able to access the student's online tuition bill.
Technology, Policy, and Procedure
How are all the requests in Box 1 managed?  Is the technical infrastructure in place?  Does the university business process for identifying these individuals correspond to the available technology?  Do we know who is authorized to make these decisions?  What kind of policies are already in place?  What policies are missing?  How will you know? What is the information we must legally protect?
One of the many challenges we face in higher education is that a significant portion of services are distributed among various schools, colleges, business units and functions  they are not provided centrally.  Universities, especially public universities, are expected to respond enthusiastically to requests for access to campus resources. This is difficult in a decentralized environment.  Many campus service providers want to know who will be using their services.  They will want to know if they can  or should charge a fee for their services.  If campuses set out to meet or exceed these expectations, we will, undoubtedly have to change the way we do our work.  Further, as the expectation for "openness" increases, we are obligated to protect personal information of our faculty, staff and students.  We will need to be transparent about how we are maintaining our security and privacy policies.  We need to decide what new business processes trigger the need for new policies.  We need to decide who decides.

In April 2006, EDUCAUSE reported that among their respondent institutions "security, regulatory compliance, and improved user service and satisfaction are the top factors motivating institutional pursuit of IdM."  They further note that "With exceptions in some areas, preparatory work in support of IdM, such as documentation, policy, and planning activity, has not been completed at most institutions."1 

An IdM Case Study:  University of Wisconsin - Madison

Background
Building a strong, secure and efficient identity management system involves sorting through complex technical possibilities that produce an abundance of policy and procedural issues.  The engagement of key campus leaders and stakeholders in IdM governance is the driving force behind how UW-Madison approaches IdM.  This approach is recognized nationally in the Internet2 community: "By leading a path towards a coherent, enterprise-wide approach to these critical issues (at a time when end-user complexity overload, audit and accountability, policy drivers, etc. are looming), and at an institution where the estimated degree of difficulty is 9.9, UW-Madison is becoming the totem of our times."2
Depending on how a university is structured, players in the IdM governance game vary. At UW-Madison, the key is to have the IdM group be comprised of key business process "owners" and be chaired by primary data stewards. Moreover, it is important to have people at the table who are interested in working together to eliminate complexities and develop efficient and transparent business processes.
At UW-Madison the Identity Management Leadership Group (IMLG) was charged by the Provost and the Vice Chancellor for Administration to take on the following responsibilities:
  • Define identity management process roles and responsibilities for obtaining access to information and services;
  • Establish criteria about how decisions are made;
  • Coordinate and negotiate access to information and services.
The make-up of the Identity Management Leadership Group (IMLG) was and still are as follows:
  • Director of Human Resources (co-chair)
  • Registrar/Associate Vice Chancellor - Enrollment Management (co-chair)
  • Deputy Chief Information Officer (CIO)
  • Director of Recreational Sports
  • Associate Vice Chancellor - Facilities, Planning and Management
  • Associate Vice Chancellor/Chief of Police
  • Director of University Libraries
  • Director of University Unions
  • Dean of Continuing Studies

The key players are campus leaders who can legitimately affect business process change on campus. These also are the individuals who can institute policy decisions and consider them within the context of any business process change. It is imperative that technology solutions are chosen within the context of how and with whom the campus conceives of doing business in the future, and what the projected costs are for doing this business.

How it Works
The governance process at UW-Madison involves creating campus-wide subgroups to articulate, deliberate on, and submit recommendations for policy and procedure to the IMLG. While potentially time-intensive, this process has the advantage of being inclusive, bringing all the relevant players to the table, and ensuring that policies are not made unilaterally or in a vacuum. Members of these subgroups include several IT specialists, security experts, as well as key functional players such as staff from the offices of the registrar, university library system, facilities, academic planning, and human resources.

The IMLG at UW-Madison agreed that it was appropriate to focus on policy yet recognized the need for technologists and functional staff to "feed" the IMLG with appropriate and/or "hot button" policy issues that must be resolved before any technical work can continue.  To accomplish that, the IMLG routinely forms working groups to focus on specific projects to support IMLG activities.  Each subgroup is required to develop a project charter listing project scope, specifications, and mitigations.  In addition, each subgroup must provide a detailed project plan and use standardized written status reports that provide the IMLG with the information necessary to create a "dashboard" of timeline deliverables.  The review and preparation of these reports for distribution along with the development of appropriate diagrams to guide discussion are done by the group's co-chairs with assistance from the CIO office and IT project management experts.  The overarching goal in creating these processes and templates is to reduce the length and frequency of verbal team status reports at the IMLG meetings where we can, instead, focus on actionable issues.

The work of the IMLG and its subgroups is an iterative process  striking the right balance between policy and business process deliberation and technical development and implementation.  IMLG members understand that IdM demands more than technical consideration and recognize the strategic significance of our collaborative governance approach.

How to Get Started

1.  Engaging senior leadership in IdM discussions. Early discussions should include the following:
  • benefits to the university
  • contributions to the national discussion on IdM
  • benefits to how IdM can enable more collaborative activitites outside the university
  • what it means to change key business processes to meet IdM standards
  • service expectations and campus priorities
  • defining the "hot button" issues for campus
  • determining the makeup and the charge to an IdM management group
2.  Benchmarking with other campuses and collaborative organizations such as Internet2, Educause, and InCommon
3.  In-service training for the IdM management group about the technical side of Idm
4.  Preparing project charters to define scope, timeline, deliverables, etc.
5.  Ensuring that you have adequate resources to devote to IdM
6.  Identifying those issues that may require special technical teams that will support and feed the governance group with policy questions and concerns

Identifying those issues that may require special technical teams that will support and feed the governance group with policy questions and concerns.

Conclusion
Identity management touches everything. A strong IdM governance structure can facilitate our ability to open up our campus doors more widely and/or selectively to a variety of new constituents. It also can allow us to offer a wider menu of services, and can enhance the way we do business.

End Notes

[1] Identity Management in Higher Education: A Baseline Study. Ronald Yanosky with Gail Salaway, Fellows EDUCAUSE Center for Applied Research (ECAR)

[2] Communication from Ken Klingenstein, Internet2 Director of Middleware and Security, October 2005
Related Resources
EDUCAUSE

Internet2

InCommon
NOTE: This publication is designed for educational purposes only and is not intended to be a substitute for professional legal advice. The opinions expressed herein are those of the author alone, and do not necessarily reflect the opinions of CLHE, its Board of Directors, advisory boards, or staff.

© 2006 Council on Law in Higher Education CLHE members may reproduce and use this information for personal, campus (internal use only), or educational purposes provided that you (i) do not modify such information; (ii) give credit to the author, and to the Council on Law in Higher Education; and (iii) include this notice in all such copies.

 
begin:vcard
fn:Joanne E. Berg
org:;Division of Enrollment Management
adr;dom:;;Suite 7223, 21 North Park Street;Madison;WI;53711
email;internet:
title:Vice Provost and Registrar
tel;work:608-262-3964
note;quoted-printable:Joanne E. Berg=0D=0A=
	Vice Provost and Registrar=0D=0A=
	Division of Enrollment Management=0D=0A=
	University of Wisconsin-Madison=0D=0A=
	608-262-3964=0D=0A=
	
x-mozilla-html:TRUE
url:http://www.registrar.wisc.edu
version:2.1
end:vcard

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.16.

Top of Page