Search | Directories | Reference Tools
UW Home > Discover UW > IT Connect 

Identity and Access Management Services

UW Information Technology (UW-IT) provides IT infrastructure and services that systems and applications can use to perform key tasks such as authentication, authorization, and information retrieval.

By integrating and relying on these identity and access management (IAM) services, systems and applications can be made more secure, robust, manageable, and policy-compliant. The information here may interest application developers, system integrators, and system administrators. Note that not all services are appropriate for, or available to, all systems.

Current Identity and Access Management Services

Service Description
ASTRA ASTRA provides Web-based management of authority for UW administrative applications. ASTRA removes systems administrators and operations teams from the business of implementing authorization requests. Instead, using ASTRA, the appropriate decision makers within the University community can easily distribute authority to the appropriate people.
Certificate Services A digital certificate is a digital document, "signed" by a trusted third party, that establishes a connection between an entity and its public key. Certificates allow central Web servers to establish secure communications with other servers and services.
Enterprise Directory Services The UW Enterprise Directory Services (EDS) provide read-only access to key university data about a variety of objects. The primary data set is about people, provided by the Person Registry. Using the EDS provides high-availability access to a consistent source of well-managed data.
Groups The UW Groups service provides infrastructure for defining, maintaining, and using group data.
Kerberos UW's central UW NetID authentication service uses Kerberos technology. Kerberos authentication can be used by campus applications and clients.
Person Registry The Person Registry is a service for UW application developers to retrieve information about a person's UW affiliations, gathered and reconciled from multiple sources.
Pubcookie The UW NetID "weblogin" service uses the Pubcookie software to provide single sign-on web authentication based on UW NetIDs to Web servers across the UW network.
Token Authentication The Token Authentication Service provides "two-factor" authentication using Entrust and SecurID tokens for access to more sensitive UW applications. It is a high-assurance authentication system based on small physical devices (tokens) carried by users and a verification service for authenticating user-entered data from the devices. Because the one-time passwords produced by the tokens are never reused, they can provide additional security (vs regular UW NetID and password) for UW applications that need it.
Shibboleth The Shibboleth® system provides web authentication services based on industry standards for federated single sign-on. The UW Shibboleth Identity Provider (IdP) is complementary to the UW NetID "weblogin" service based on Pubcookie.
UW NetID The UW NetID is the standard identifier used to identify users to centrally-supported UW applications and to systems all across campus. Over 200,000 people, with a wide range of UW affiliations, have and use UW NetIDs.
UW Windows Infrastructure Active Directory forest providing authentication and authorization based on UW NetIDs and UW Group IDs.

For general information about identity and access management services contact