Charters and Principles
This charter defines the scope of and justification for the Identity and Access Management (IAM) initiative, what the initiative will deliver, and what resources are needed. The charter also represents a commitment by the CSU Chancellor’s Office (CO) and the 23 campuses to dedicate the necessary time and resources to the IAM initiative to achieve its goals.
Under the sponsorship of the CSU Technology Steering Committee, the Information Technology Advisory Council (ITAC), and the CO's systemwide Information Technology Services (ITS) department, the CSU is creating an Identity and Access Management (IAM) framework to include recommended IAM policies, architectures and provision of services to facilitate the management of electronic identities for individuals and services affiliated with the CSU. Specifically:
The CSU-IAM will be a technology and policy framework enabling CSU campuses to manage identity and access systems in order to assure efficient and secure transactions that protect the confidential information stored in campus systems. The CSU-IAM will improve the secure integration of information technology services across the CSU, to support and enhance learning and to improve administrative efficiency. The CSU-IAM will strive to be a model both within California and the nation, and will create the foundation that will enable efficient and secure transactions amongst key educational, business and government partners, while protecting personal privacy.
The IAM initiative includes efforts at the campuses and across the system to establish the authentication and authorization processes and systems necessary to allow students, faculty, staff and other key CSU constituents to easily access courses, share resources, perform transactions and conduct research across networked information systems.
Goals and Objectives
- To achieve the coordinated development of an IAM infrastructure on each CSU campus
- Develop an IAM Technical Architecture
- Develop and deploy an identity management infrastructure, based on standards
- Deploy an Enterprise Directory and Identity Registry on each CSU campus and at the CO
- Define a common Assurance Level framework that links identity and services
- To develop a common set of goals, tools, information and analysis for campuses to assist in IAM implementations
- Document IAM practices, policies and processes across the CSU and share with other higher education institutions
- Define and implement common definitions, roles, and other aspects of identity and access management
- Define and implement common approaches to compliance and regulatory requirements where possible
- To create a CSU Identity and Access Management Federation that facilitates identity management among the CSU campuses and between the CSU and other appropriate agencies
- Determine requirements for participation in appropriate higher education and government identity federations
- Define requirements for participation in CSU Identity and Access Management Federation
- Define appropriate Levels of Assurance for e-Authentication and authorization and digital signatures
- Develop technical and policy requirements to meet each Level of Assurance
- To facilitate the support and maintenance of CSU IAM implementations and integration with existing and future systems in line with continuing technology and policy developments
- Develop an initial system-wide IAM governance and advisory structure with responsibility for recommending system IAM priorities, and policy and technology adoption.
- Increase understanding and awareness of IAM, its purpose, benefits and deliverables by key decision makers at all campuses and the CO
- Create productive policy and technical connections between IAM and other key CSU enterprise initiatives, such as Common Management Systems (CMS), academic technology, security, etc.
Scope and Principles
Identity and access management is not the same as CMS, security, networks, compliance, privacy or data integrity, but as middleware, it touches and is touched by all of those areas. But since IAM demands tightly coupled technology and policy, maintaining the scope of the initiative is critical.
The IAM goals can be viewed along a spectrum, ranging from those that have the most direct local campus impact to more global goals that impact the relationships among the campuses, across the system and with other education, government and business partners. IAM seeks to achieve the desired outcomes, looking for commonalities that can be leveraged, while allowing flexibility to the campuses in developing individual campus infrastructure, consistent with the need to exchange information across campuses and with the system. Key management principles for the initiative will:
- Be driven by campus needs.
- Strive for a common-based approach with flexibility in local implementations.
- Follow best practices.
- Make every effort to leverage resources across campuses.
- Think and design towards an integrated architecture: "many railroads, one gauge."
- Engage stakeholders outside IT to assure policy, process and priority collaboration.
- Work locally, but keep the larger educational community in mind.
- Design and implement middleware technology no less secure than the applications it supports.
Organization — Policy and Technical Sub-Committees
The ITAC IAM-CIO Steering Committee will act as the advisory body to assist in the implementation of the goals of the IAM Initiative. This group will meet on a regular basis and be kept informed of the activities and approve policies as needed. The IAM initiative will be implemented with the assistance of two subcommittees to deal with policy/process issues and technical issues.
The first, a stakeholder requirements group to address policy and process issues, would include campus practitioners such as information security officers, librarians, registrars, business officers and human resources directors, legal and audit representatives, as well as representatives of faculty, staff, and student interests, IT professionals and ITAC. The second committee, a technical architecture group, will focus on defining and managing the technical components of the IAM infrastructure. It will consist primarily of IT professionals with an ITAC representative, working in close coordination with the policy/process subcommittee.
In many cases, computer systems embody policy and process in complex and unexpected ways, so a complete separation of IT and policy/process issues is impossible. A successful implementation of IAM will require that the work of the two subcommittees be carefully coordinated.
A central CSU-IAM office will work with these committees, to guide the development of the CSU-IAM as a federated architecture for the entire CSU and to support the IAM development efforts of each campus. Any coordinated training, multi-campus software development and operational support would be designed to reduce the required technical effort of each campus, and to assure that the overall outcome delivers benefits to each campus and to the system.
and Access Management:
Background and Planning, 08/2005 (.pdf)
- A Secure Identity
Management Infrastructure for the California
State University: A Proposal from the Middleware Steering
Committee of the Information Technology Advisory
Committee (ITAC), California State University 05/2003, (.doc)