A Secure Identity Management Infrastructure
for the
California State University
A Proposal from
the Middleware Steering Committee of
the Information Technology Advisory Committee (ITAC),
California State University
May 2003
Executive Summary
We propose that the CSU immediately undertake a coordinated system-wide effort to develop a Secure Identity Management Infrastructure (CSU-SIMI). The CSU-SIMI will be a technology and policy infrastructure enabling CSU campuses to manage identity information in order to assure efficient and secure transactions that fully respect individual privacy. The CSU-SIMI will improve the secure integration of information technology services across the CSU, to support and enhance learning and improve administrative efficiency. The CSU-SIMI will be a model both within California and the nation, and will create the foundation that will enable secure transactions amongst key educational, business and government partners, while protecting personal privacy.
While most campuses in the CSU have begun substantial work in this area, it will only be through coordinating this effort across all campuses that we can create a SIMI that will be consistent system-wide, and thus ensure that the CSU meets its legal and ethical obligation to protect the privacy of individuals and their confidential information while taking advantage of electronic information and service delivery.
A considerable amount of preliminary work on a CSU-SIMI has already been completed through the efforts of individuals from several campuses and from the Chancellor’s Office. This work lays the foundation necessary for the CSU to undertake a coordinated system-wide project. A central budget of approximately $3 million over three years will be required to support this project, in addition to the efforts of personnel on each campus.
While fully recognizing the difficulty of identifying resources for a new project at a time of great financial stress, the internal and external factors that drive the need for an SIMI on each campus mean that all campuses will be developing some form of identity management infrastructure whether or not the efforts are coordinated by a central project. If each campus undertakes independently to develop an SIMI, the result will be duplication, inconsistency, and the inability to leverage resources and benefits across the campuses.
Finally, a CSU-SIMI has the potential to move California more rapidly and effectively in the deployment of information technology systems that will support electronic transcripts and other data exchange across the entire K-20 community in the state. Not only will this bring increased security and efficiency to the necessary sharing of confidential information, but it will facilitate easier access to and sharing of course content, library resources and instructional materials among faculty, staff and students throughout the California educational community.
Table of Contents
The Case for a CSU Secure Identity Management Infrastructure 1
The Plan for a CSU Secure Identity Management Infrastructure 5
The Governance of the CSU Secure Identity Management Infrastructure 8
Appendix A: Citizen of the CSU 11
Appendix B: Survey of Current Status 14
Appendix C: Detailed Three-Year Budget 18
Appendix D: Developing a Feasibility Study 19
Appendix E: High-Level Project Tasks 20
Appendix F: Contributors to this Report 22
CSU-SIMI v1.0 ii 7/21/20035/14/2003
1. The Case for a CSU Secure Identity Management Infrastructure
1.1. What is a Secure Identity Management Infrastructure?
A Secure Identity Management Infrastructure (SIMI) is the collection of technology and policy that enables networked computer systems to determine who may access them, and what resources users are allowed to access, while protecting individual privacy and access to confidential information. For the CSU, we propose to develop a SIMI as follows:
The CSU-SIMI will be a technology and policy infrastructure enabling CSU campuses to manage identity information in order to assure efficient and secure transactions that fully respect individual privacy. The CSU-SIMI will improve the secure integration of information technology services across the CSU, to support and enhance learning and improve administrative efficiency. The CSU-SIMI will be a model both within California and the nation, and will create the foundation that will enable secure transactions amongst key educational, business and government partners, while protecting personal privacy.
To aid in understanding the benefits of a CSU-SIMI and to illustrate its practical value, scenarios describing aspects of student, faculty, and administrative life may be found in Appendix A.
1.2. Why does every CSU campus need an SIMI?
Traditionally, individual computer applications, and individual offices on campus, each manage identity in different ways. This identity diversity results in a single student or faculty member having multiple userid’s, pins, identity cards, door access cards, and passwords. Their addresses, telephones, and social security numbers are stored in multiple databases and paper files, and managed by multiple offices using official, unofficial, and often inconsistent, policies. In some instances, identity information may be so carefully protected that it’s hard to use in legitimate ways, while another situation finds identity information openly exposed and subject to improper use.
While identity management issues aren’t new, they have increased in importance as computer systems are connected to each other and to the Internet. First, the lack of an integrated and managed approach to identity information makes it very difficult to share identity information among campus departments and systems; for example, to use a student information system to determine which students should have access to online course materials or library reserves. Second, the sheer number of on-line identities results in unnecessary duplication, inefficiency, and user frustration. Third, networked computers are vulnerable to compromise, both from campus insiders and from outsiders via the Internet. The lack of consistent identity management policies and procedures makes the CSU unnecessarily vulnerable to the compromise of confidential personal information.
Most of the CSU campuses have either begun to address the identity management issue, or at least to consider the need to do so in the near future. One primary driver, and opportunity, is the CMS system; the development of CMS encourages campuses to reconsider and refine business processes, and provides a central point for the collection of human resources data. While a major step forward, CMS can not address all identity management issues by itself. The next step — integrating identity information in CMS with email systems, library systems, and course management systems — is not within the scope of the CMS project. Furthermore, the existence of such a large and comprehensive IT project has heightened the awareness of the risks inherent in managing confidential personal data. Because PeopleSoft Student Administration requires that the campus build an online directory of users – an LDAP directory – several campuses have recently created or refined their directory, or are in the process of developing one. The LDAP directory is an essential part of an integrated identity management system, but it is only a technology part.
Integrated identity data also demands integrated policy. A campus directory of constituents is a campus resource – it should not belong to the IT department or any other department. Once data about students, faculty, and staff is integrated, all campus constituents, including the registrar, human resources, faculty, students, have a stake in the security and reliability of this data. While developing a policy consensus takes work, the payoff comes from getting all relevant issues on the table where they can be addressed, and everyone can see and understand the result. Developing the technology for a secure identity management infrastructure poses some challenges, but it is clear that in many cases meeting the policy challenges will require as much effort or more – success requires attention to both technology and policy.
1.3. Why should the CSU build an integrated SIMI?
Two options exist for creating a SIMI – independently developing 23 separate campus products with an additional one at the Chancellor’s Office or embarking in a coordinated, system-wide effort. While the first option might appear to be the simplest choice, there are two significant advantages to the coordinated option.
First, working in concert will leverage the human and technical resources of the CSU. The Information Technology professionals on most campuses are under considerable pressure to meet current demands, handle the challenges of daily security attacks, and support the development of CMS and the completion of the Telecom Infrastructure Project. Given the current budget situation, this situation will not improve in the near future. Working together to develop common solutions makes more sense. This leverage should extend to the policy arena as well; for example, what rationale supports the existence of individual policies on FERPA directory data for 23 campuses, rather than a single policy for the California State University? While developing common policy across the CSU may not be easy, the payoff is the ability to leverage common software and policy 23 times. In addition, a common approach may help reduce the cost of the software that may need to be purchased in support of the SIMI.
Second, and even more important in the long run, a coordinated approach will make it possible to manage identity information across multiple campuses. We know that many, perhaps most, of our students, faculty, and staff, will have a relationship with more than one campus, often simultaneously. As the availability of online courseware and materials increases, it will be increasingly common for students to be taking courses or using materials at more than one campus. Solving the identity management problem on each campus, in an uncoordinated fashion, will not allow for easy support of multi-campus roles. Attempting to go back and develop interoperability after 23 systems are deployed will be more expensive and complex.
Furthermore, the CSU needs to assure not only that its system can interoperate internally, but also that its campuses and Chancellor’s Office will be able to interoperate with external education, corporate and government entities. Standard approaches have begun to appear, and coordination now could assure that all campuses follow these standard approaches rather than making idiosyncratic choices that may be costly later. In fact, by virtue of its size and influence, the CSU acting in concert provides an opportunity to shape these standards in a way that no individual campus ever could.
1.4. What is the relationship of the SIMI to the Integrated Technology Strategy?
The overall Master Plan Goals for the CSU Integrated Technology Strategy (ITS) are: “to provide the best possible environment for the education of CSU students through an integrated electronic environment that enables all CSU students, faculty and staff to communicate with one another and to interact with information resources from anyplace, to anyplace at anytime to advance the CSU’s mission.”
The ITS is the umbrella plan for the CSU system, consisting of three major components: academic goals and initiatives, administrative goals and initiatives, and the technology infrastructure itself that permits implementation of those initiatives and achievement of their goals. The technology infrastructure is the enabling mechanism; the academic and administrative initiatives constitute the outcomes of the overall ITS; and the outcome categories include excellence in learning and teaching, quality of the student experience, administrative productivity and quality, and personal productivity.
The proposed SIMI fits perfectly into the ITS framework; in fact, the SIMI is in effect the “missing link” between the underlying technology infrastructure (systems, networks, and software) and the high-level outcomes (student experience & productivity). The relationship of the SIMI to the ITS is summarized in Figure 1 below.
Figure 1: The ITS and the SIMI
1.5. Why should we do it now?
We acknowledge that this is a very difficult time to be undertaking a new initiative in the CSU. However, several reasons make it a good time to do it. First, a recent survey indicates that most CSU campuses either have begun to develop or at least are planning to develop some of the aspects of an SIMI. Postponing the decision to coordinate these efforts will make accomplishing that coordination much more difficult. Second, national efforts spearheaded by Internet2 and NSF are providing much of the middleware software and guidelines that make it relatively easy to get started immediately. Third, financial pressures should encourage campuses to work together to develop cost effective solutions, even if they might prefer to develop their own approaches individually.
We also acknowledge that policy and resource challenges must be overcome if the CSU and its campuses are to succeed in developing a robust secure identity management infrastructure at this time. However, we would argue that the overall effort and expense of a coordinated initiative will at least be no higher in the short run, and should result in significant long-term savings.
2. The Plan for a CSU Secure Identity Management Infrastructure
2.1. What has already been accomplished?
Research, discussion and planning for a SIMI began in April 2001 at a meeting of the ITAC held at the Pomona campus. Following that meeting, a multi-campus collaborative, known as the Directories Working Group, began to work on a prototype implementation of a CSU-wide directory. Led by staff from Hayward and San Luis Obispo, the group included active participation from Pomona, Northridge, and other CSU campuses, as well as support from ITS in the Chancellor’s Office.
The outcomes from the Directories Working Group were in two primary areas. First, the campuses developed a prototype multi-campus directory system that allowed searching for identity information across four campuses. This effort, as a proof-of concept for a multi-campus approach, yielded increased technical knowledge, and provided key insights into how a CSU-wide directory should – and should not – be developed.
Second, the group analyzed the EduPerson specification, an emerging national standard for defining precisely the particular fields required to store and exchange information about individuals associated with institutions of higher education. The EduPerson specification has been supported by the NSF and Internet2 and has been already adopted by technology leaders in the higher education community. The Directories Working Group developed a definition for CalStateEduPerson, consistent with the EduPerson standard but tailored for the needs of the CSU.
In addition to the technical work already completed, several meetings have been held to inform CSU technical and functional staff about SIMI plans and progress. A special session held in conjunction with the Fall 2002 Internet2 Member’s Meeting, brought together 50 participants from 18 campuses plus the Chancellor’s Office. Formal and informal discussions regarding the proposed project have been held with representatives of the CMS staff and CMS Project Directors and members of COLD, and extensive conversation and debate has taken place in the ITAC. At the February 2003 meeting, the ITAC adopted a statement supporting the principles of this proposal.