The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Identity Management Streamlined at University of Texas

Faced with a mandate to encourage collaboration and an equally urgent directive to better safeguard IT systems, the University of Texas (UT) produced a solution based on technology and carefully defined relationships. UT's Identity Management Federation lets participants at the university's 16 institutions use local credentials for secure access to remote resources.

"We have 15 UT institutions plus the UT System Administration that collaborate and exchange information constantly," said Miguel Soldi, information security policy and resourcing analyst with the UT System Administration in Austin. The 15 include nine academic institutions and six health institutions. In the past, a user at one of those locations who wanted to use a Web-based application at another location had to jump through numerous hoops to gain access.

Say, for example, researchers at the UT Southwestern Medical Center at Dallas wanted to access information hosted on the Blackboard learning management system at the UT Health Science Center at Houston. "We would need to give them a guest credential," said Bill Weems, assistant vice president of academic technology at the Houston center, as well as dean of IT and associate professor of integrative biology and pharmacology in the center's medical school.

No matter what credentials the applicants had at their home institutions, they would go through a separate process to gain access to the Houston system. "They would have to go before a notary and get their driver's license notarized and send in the appropriate paperwork before we would give them the credential," Weems said. And there's another inconvenient detail. "They now have another user name and password to remember." Separately UT Houston would have to determine whether the applicant was eligible to access the particular system in question.

"It gets to be a fairly time-consuming process," Weems said. It's no wonder users didn't care to go through it every time they wanted to use a different application at a sister UT institution.

In 2004, using seed money from the National Science Foundation's Middleware Initiative, UT officials laid the foundation for the Identity Management Federation. The technology mechanism they chose was Shibboleth, an open source middleware solution based on Security Assertion Markup Language (SAML). Shibboleth was developed by the networking consortium Internet2.

Read the complete article by Merrill Douglas in Goverment Technology. Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I