Policy, Process, and Organizational Models

Session Details

Speaker(s)

• Andrea Beesing, Assistant Director, IT Security, Cornell University
• Wendy Jones, Director, Middleware and Integration Services, Stanford University
• Renee Shuey, Principal Lead of Identity and Access Management Initiative, The Pennsylvania State University
• Ian Taylor, Manager of Security Middleware, University of Washington
• Session moderator: Keith D. Hazelton, Senior IT Architect, University of Wisconsin-Madison

Abstract

One element of designing robust groups and privilege policies is the design of the data itself. What is the language of authority, how is it expressed as metadata, and how might it affect the kinds of controls you have? How does the layout of groups and control structures like hierarchies and naming stems lead to a successful implementation? There is always a tension between policy design and system design, and here it is spiced with issues of ownership and control. We'll examine this interaction between policy and implementation and how they inform and balance each other. We'll also look at how designs can translate into infrastructure, using specific projects as examples.

• View Session Resources