Identity and Access Management Services
|
UW Technology provides IT infrastructure and services that systems and
applications can use to perform key tasks such as authentication,
authorization, and information retrieval. By integrating and relying on
these identity and access management services, systems and applications
can be made more secure, robust, manageable, and policy-compliant. The
information here may interest application developers, system integrators,
and system administrators. Note that not all services are appropriate
for, or available to, all systems.
|
|
Current Identity and Access Management Services
| Service |
Description |
| ASTRA |
ASTRA provides Web-based management of authority for UW administrative applications. ASTRA
removes systems administrators and operations teams from the business of implementing
authorization requests. Instead, using ASTRA, the appropriate decision makers within the
University community can easily distribute authority to the appropriate people. |
| Certificate Authority |
A digital certificate is a digital document, "signed" by a trusted third party, that
establishes a connection between an entity and its public key. Certificates allow central Web
servers to establish secure communications with other servers and services. |
| Enterprise Directory Services |
The UW Enterprise Directory Services (EDS) provide read-only access to key university data
about a variety of objects. The primary data set is about people, provided by the Person
Registry. Using the EDS provides high-availability access to a consistent source of
well-managed data. |
| Groups |
The UW Groups service provides infrastructure for defining, maintaining, and using group data.
|
| Kerberos |
UW's central UW NetID authentication service uses Kerberos technology.
Kerberos authentication can be used by campus applications and clients. |
| Person Registry |
The Person Registry is a service for UW application developers to retrieve information
about a person's UW affiliations, gathered and reconciled from multiple sources. |
| Pubcookie and Weblogin |
The UW NetID "weblogin" service uses the Pubcookie software to provide single
sign-on authentication, based on UW NetID user names, to Web servers across the UW
network. |
| Token Authentication |
The Token Authentication Service provides "two-factor" authentication using Entrust and SecurID
tokens for access to more sensitive UW applications. It is a high-assurance authentication system
based on small physical devices (tokens) carried by users and a verification service for
authenticating user-entered data from the devices. Because the one-time passwords produced by the
tokens are never reused, they can provide additional security (vs regular UW NetID and password) for
UW applications that need it.
|
| Shibboleth |
The Shibboleth® system provides web
authentication services based on industry standards for federated
single sign-on. The UW Shibboleth Identity Provider (IdP) is
complementary to the UW NetID "weblogin" service based on
Pubcookie. |
| UW NetID |
The UW NetID is the standard identifier used to identify users to
centrally-supported UW applications and to systems all across campus.
Over 200,000 people, with a wide range of UW affiliations, have and use UW NetIDs. |
| UW Windows Infrastructure |
UW Technology provides a central Windows domain containing all UW NetIDs. |
| UW Forest |
UW Technology provides a shared Windows forest which is being phased out. Additional
information about Windows services is provided here. |
For general information about identity and access management services
contact help@u.washington.edu.
