Logout Manage Profile Contact EDUCAUSE Home Page Login Contact EDUCAUSE Home Page
CAMP: Charting Your Authentication Roadmap

Detailed Program Information

Thursday, February 08, 2007

Registration Desk

Session Details

7:00 a.m. - 5:00 p.m.
Palm Ballroom Foyer

Breakfast

Session Details

7:30 a.m. - 8:30 a.m.
Break Station East

The Importance of Establishing Levels of Assurance

Session Details

8:30 a.m. - 10:00 a.m.
Palm A/D

Session Type: General Session

Speaker(s)

  • Andrea Beesing, Assistant Director, IT Security, Cornell University
  • R.L. Morgan, Senior Technology Architect, University of Washington
  • Kevin M. Morooney, Vice Provost for Information Technology, CIO, The Pennsylvania State University

Abstract

Levels of assurance (LoA) describes the degree of certainty that the user has presented an identifier (a credential in this context) that refers to the user presenting it. This session will further explore the LoA concept by discussing key components such as identity proofing and credential issuing processes, identifying relevant risk assessment factors, and reflecting on where and why LoA is important and the impact on the institution.

Available Resources

Break

Session Details

10:00 a.m. - 10:15 a.m.
Break Station East

Technical Issues with Establishing LoA

Session Details

10:15 a.m. - 11:30 a.m.
Palm A/D

Session Type: Technical Track

Speaker(s)

Abstract

To prepare the technology architects and implementers, this session will provide a chance to explore topics such as architecting an authentication system to support a given LoA used by the federal government and deciding on password and logging requirements.

Available Resources

Management Issues with Risk Assessments and Establishing LoA

Session Details

10:15 a.m. - 11:30 a.m.
Palm F

Session Type: Management Track

Speaker(s)

  • Ian Taylor, Manager of Security Middleware, University of Washington

Abstract

To prepare management-savvy attendees for the next part of the journey, this session will explore how to do risk assessments, the available tools to facilitate this, and the LoAs used by the federal government and referred to in the Enterprise Authentication Implementation Roadmap. Topics include associated policies and processes such as identity vetting and registration, records retention, and auditing and compliance.

Available Resources

Lunch

Session Details

11:30 a.m. - 1:00 p.m.
Courtyard East

Using LoA: Technical Issues

Session Details

1:00 p.m. - 2:00 p.m.
Palm A/D

Session Type: Technical Track

Speaker(s)

  • Mark Miller, System Engineer II, The Pennsylvania State University

Abstract

After establishing the desired level(s) of assurance needed by the campus, what are the technology issues to consider? How do you manage password resets/changes? How should you approach adding new applications to the authentication service that have a different LoA requirement? This session will explore the technology issues involved in managing and using credentials with a specific LoA.

Available Resources

Using LoA: Management Issues

Session Details

1:00 p.m. - 2:00 p.m.
Palm F

Session Type: Management Track

Speaker(s)

  • Renee Shuey, Principal Lead of Identity and Access Management Initiative, The Pennsylvania State University

Abstract

After establishing the desired level(s) of assurance needed by the campus, what are the management issues to consider? What change procedures must be in place? What are the issues associated with establishing multifactor authentication? How do you add new user populations to the mix or proof the identity of remote users? What are the issues surrounding the addition of new applications to the authentication service? This session will explore the management issues associated with managing, adding to, and changing the authentication system and related LoA.

Available Resources

Break

Session Details

2:00 p.m. - 2:15 p.m.
Break Station East

Exercise: Risk Assessment, Levels of Assurance, and Gap

Session Details

2:15 p.m. - 4:00 p.m.
To find the location of your exercise group, refer to the handout in your folder.

Session Type: General Session

Abstract

Now that you have an understanding of LoA, this exercise will give you a chance to apply that knowledge to your own applications. Participants will again break into their groups and work together on determining their current and required levels of assurance after doing a lightweight risk assessment.

Break

Session Details

4:00 p.m. - 4:15 p.m.
Break Station East

Bringing it All Together: Charting Your Roadmap

Session Details

4:15 p.m. - 5:30 p.m.
Palm A/D

Session Type: General Session

Speaker(s)

  • Andrea Beesing, Assistant Director, IT Security, Cornell University
  • Paul Caskey, Technology Architect, University of Texas System
  • Session moderator: Barry R. Ribbeck, Director, Systems Architecture & Infrastructure, Rice University

Abstract

From the previous exercise, participants may have determined that there is a gap between their current practice and what's required after doing the risk assessment and LoA determination. How does one figure out what to do next? This discussion and presentation session will provide some guidance and offer case studies on Roadmaps other schools have developed.

Available Resources
 
© Copyright 1999-2009 EDUCAUSE
  Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.