Accountworks: Users Create Accounts on SQL, Notes, NT, and UNIX
LISA '98 Proceedings of the 12th Conference on Systems Administration
SPM: System for Password Management
LISA '95 Proceedings of the 9th USENIX conference on System administration
Institute White Pages as a System Administration Problem
LISA '96 Proceedings of the 10th USENIX conference on System administration
A Retrospective on Twelve Years of LISA Proceedings
LISA '99 Proceedings of the 13th USENIX conference on System administration
An Improved Approach for Generating Configuration Files from a Database
LISA '00 Proceedings of the 14th USENIX conference on System administration
User-Centric Account Management with Heterogeneous Password Changing
LISA '00 Proceedings of the 14th USENIX conference on System administration
Embracing and Extending Windows 2000
LISA '02 Proceedings of the 16th USENIX conference on System administration
Generating Configuration Files: The Director's Cut
LISA '03 Proceedings of the 17th USENIX conference on System administration
Meta Change Queue: Tracking Changes to People, Places, and Things
LISA '04 Proceedings of the 18th USENIX conference on System administration
| Hi-index | 0.00 |
Despite the title, this is not about managing people, but rather managing the enterprise data about the people, especially in defining the relationship between a person and the organisation and controlling functions based on that relationship, or what some people might refer to as identity management. Single sign-on is an attractive goal for many organisations. When you include parking gates and badge readers on building entrances, the problem gets even more interesting. As we expand our deployment of wireless access points and publically accessible network jacks, the need to require authentication for access to our virtual world grows stronger. With the need for authentication, so grows the demands on the systems that provide authentication and authorisation, especially in the area of managing who gets access and revoking that access at the appropriate time. Concurrently, with the rising interest in physical security of our facilities, the need for authentication and controlling access to our physical world is also growing. This also requires tools and systems to manage the people and their status and privileges. Both of these issues share many common attributes and can be well addressed by merging them into a single system to manage people information, and from that, access to the virtual (network) world as well as the physical world. By combining these projects, we are able to take advantage of the mandate (and administrative support) to identify all of the people on our campus to provide physical access control, and so, manage our virtual world. We will also attempt to define a somewhat generic or standard methodology for doing this with our particular business rules and requirements confined to a few limited and specific areas. While the technical issues are challenging, the more daunting task comes with negotiating the institutional politics and getting adequate "buy in" from the appropriate departments to provide the people and resources willing to operate and use the eventual technical solutions. This paper discusses both the social and technical aspects of those solutions.