Identity and Access Management Services
UW Information Technology (UW-IT)
provides IT infrastructure and services that systems and applications can use to
perform key tasks such as authentication, authorization, and information retrieval.
By integrating and relying on these identity and access management (IAM) services,
systems and applications can be made more secure, robust, manageable, and
policy-compliant. The information here may interest application developers, system
integrators, and system administrators. Note that not all services are appropriate
for, or available to, all systems.
Current Identity and Access Management Services
||ASTRA provides Web-based management of authority for UW administrative applications. ASTRA
removes systems administrators and operations teams from the business of implementing
authorization requests. Instead, using ASTRA, the appropriate decision makers within the
University community can easily distribute authority to the appropriate people.
||A digital certificate is a digital document, "signed" by a trusted third party, that
establishes a connection between an entity and its public key. Certificates allow central Web
servers to establish secure communications with other servers and services.
|Enterprise Directory Services
||The UW Enterprise Directory Services (EDS) provide read-only access to key university data
about a variety of objects. The primary data set is about people, provided by the Person
Registry. Using the EDS provides high-availability access to a consistent source of
|| The UW Groups service provides infrastructure for defining, maintaining, and using group data.
||UW's central UW NetID authentication service uses Kerberos technology.
Kerberos authentication can be used by campus applications and clients.
||The Person Registry is a service for UW application developers to retrieve information
about a person's UW affiliations, gathered and reconciled from multiple sources.
||The UW NetID "weblogin" service uses the Pubcookie software to provide single
sign-on web authentication based on UW NetIDs to Web servers across the UW
||The Token Authentication Service provides "two-factor" authentication using Entrust and SecurID
tokens for access to more sensitive UW applications. It is a high-assurance authentication system
based on small physical devices (tokens) carried by users and a verification service for
authenticating user-entered data from the devices. Because the one-time passwords produced by the
tokens are never reused, they can provide additional security (vs regular UW NetID and password) for
UW applications that need it.
||The Shibboleth® system provides web
authentication services based on industry standards for federated
single sign-on. The UW Shibboleth Identity Provider (IdP) is
complementary to the UW NetID "weblogin" service based on
||The UW NetID is the standard identifier used to identify users to
centrally-supported UW applications and to systems all across campus.
Over 200,000 people, with a wide range of UW affiliations, have and use UW NetIDs.
|UW Windows Infrastructure
|| Active Directory forest providing authentication and authorization based on UW NetIDs and UW Group IDs.
For general information about identity and access management services contact firstname.lastname@example.org.