11

Governance in Identity Governance in Identity Management Management Federations Federations

Clair Goldsmith, Ph.D.Clair Goldsmith, Ph.D.

The University of Texas System AdministrationThe University of Texas System Administration

22

Governance: A DefinitionGovernance: A Definition

““It is the process through which a It is the process through which a group of people make decisions that group of people make decisions that direct their collective efforts.” direct their collective efforts.”

Institute on GovernanceInstitute on Governance

It is fluid, time-consuming and unpredictable It is fluid, time-consuming and unpredictable Complicated by number and variety of Complicated by number and variety of

stakeholdersstakeholders Focuses on strategic aspects of decision-Focuses on strategic aspects of decision-

makingmaking

33

Why is Governance Why is Governance Needed?Needed? Oversight and Conflict ResolutionOversight and Conflict Resolution

Establish and manage trust agreementsEstablish and manage trust agreements

Determine direction and formulate policyDetermine direction and formulate policy

Ensure services meet business needs Ensure services meet business needs while maintaining the appropriate while maintaining the appropriate security and compliance with legal security and compliance with legal requirementsrequirements

Establish and communicate operational Establish and communicate operational standards and processesstandards and processes

44

What is the Alternative?What is the Alternative?

Collection of one-to-one agreementsCollection of one-to-one agreements

Conflicting agendas and no common Conflicting agendas and no common goalgoal

No technology standards and No technology standards and inconsistency in operating practicesinconsistency in operating practices

No assurance of appropriate security No assurance of appropriate security and compliance with legal and compliance with legal requirementsrequirements

55

Governance ModelsGovernance ModelsHomogeneous Homogeneous

InstitutionsInstitutions Operating Standards and Operating Standards and

Practices may vary from Practices may vary from institution to institution, institution to institution, but… but…

Governance policies Governance policies should be relatively should be relatively consistent, and…consistent, and…

Legal requirements Legal requirements should be similar if not should be similar if not the samethe same

ConsiderationsConsiderations Governance may be Governance may be

more tightly more tightly structuredstructured

Governance through Governance through Executive Committees Executive Committees or Governing Boardsor Governing Boards

Key executives make Key executives make decisionsdecisions

66

Governance Models Governance Models (cont.)(cont.)

Diverse InstitutionsDiverse Institutions Operating Standards Operating Standards

and Practices vary and Practices vary from institution to from institution to institution, and… institution, and…

Governance policies Governance policies are not consistent, are not consistent, and…and…

No formal authority to No formal authority to force a decision, and…force a decision, and…

Legal requirements Legal requirements may not be similar at may not be similar at all.all.

ConsiderationsConsiderations Governance may be Governance may be

more loosely more loosely organizedorganized

Reliance on advisory Reliance on advisory groups to formulate groups to formulate recommendationsrecommendations

Guidance through Guidance through Steering CommitteesSteering Committees

Collegiality as Collegiality as opposed to strong opposed to strong governancegovernance

77

Where Does The University Where Does The University of Texas System Fit?of Texas System Fit?

HomogeneousHomogeneous• Share a common Share a common

MissionMission• Same governance Same governance

body and consistent body and consistent governance policiesgovernance policies

• Same legal Same legal requirementsrequirements

And Also DiverseAnd Also Diverse• Significant Significant

differences in size differences in size and budgetsand budgets

• Significant Significant differences in culturedifferences in culture

• Institutions enjoy Institutions enjoy considerable considerable autonomyautonomy

• 16 “stovepipes”16 “stovepipes”

16 Institutions16 Institutions• 9 General Academic institutions9 General Academic institutions• 6 Health institutions6 Health institutions• 1 System Administration1 System Administration

88

The most common examples are:The most common examples are:

Governance Models in Governance Models in Shibboleth FederationsShibboleth Federations

Diverse Homogeneous

InQueue InCommonUT System EAF

99

UT System IdM FederationUT System IdM Federation Test Identity Management Federation Test Identity Management Federation

ExistsExists

Initially, for UT institutions only: Sixteen UT Initially, for UT institutions only: Sixteen UT member institutionsmember institutions

UT System Identity Management Federation UT System Identity Management Federation Board appointedBoard appointed

Policy Documents createdPolicy Documents created

Will operate under the authority of the UT Will operate under the authority of the UT System Board of RegentsSystem Board of Regents

1010

UT System IdM Federation UT System IdM Federation (cont.)(cont.)

Five Shibboleth Applications in ProductionFive Shibboleth Applications in Production The guest wireless network at System AdministrationThe guest wireless network at System Administration

The Monthly Financial Reporting application (MFR) is used The Monthly Financial Reporting application (MFR) is used by budget coordinators from each UT institution.by budget coordinators from each UT institution.

Shibboleth version of Blackboard at the UT Health Science Shibboleth version of Blackboard at the UT Health Science

Center at Houston to provide courses offered by the Health Center at Houston to provide courses offered by the Health Science Center to students at M.D. Anderson.Science Center to students at M.D. Anderson.

Research Collaborations Inventory application at UT Research Collaborations Inventory application at UT

System Administration Academic Affairs to report on System Administration Academic Affairs to report on collaborative research efforts throughout the UT System.collaborative research efforts throughout the UT System.

Time Sheet application at the Office of Facilities Planning Time Sheet application at the Office of Facilities Planning

and Construction used project managers at several UT and Construction used project managers at several UT institutionsinstitutions

1111

What is Needed?What is Needed?

VisionVision

Business Business DriversDrivers

A PlanA Plan

Executive Buy-Executive Buy-InIn

FundingFunding

It Is It Is

A A

Continual Continual

ProcessProcess

1212

UT System IdM Federation:UT System IdM Federation: GovernanceGovernance

UT System Strategic Leadership Council

UT System Institutions

Rep

rese

nta

tio

n

and

Init

iati

ves

UT System IdM Federation Board

IT M

gm

t Prin

ciples

and

Po

licy

Business Drivers

Statem

ent o

f D

irection

Bo

ard

Mem

bersh

ip

Policy

Ou

trea

ch

1313

Governance: Issues to Governance: Issues to PonderPonder The Technical implementation aspects of

Federation can get way ahead of Policy and Governance

Governance entangled with power / Governance entangled with power / autonomy conflictsautonomy conflicts• Priorities vary by institutionPriorities vary by institution• Conventions may be seen as dictatesConventions may be seen as dictates

Managing trust relationships is complex enough when dealing with institutions within the same system (among “family”.) Complexity increases as diversity of membership increases

1414

Governance: Issues to Governance: Issues to Ponder Ponder (cont.)(cont.)

Indemnification• What happens when something goes

wrong? Who is liable?• How to handle intra-institutional

trust and indemnification

Federation to Federation Trust Agreements

1515

THANK YOUTHANK YOU