Internet2 releases open source identity management tools

The foundation for security and enterprise management

There are numerous ways in which we can tell that identity management has appeared on the radar of those outside of IT and data security. But one that really drove it home to me was a paragraph, really just a sentence, in a recent USA Today story: "This year for the first time, [campus information technology professionals] named security and identity management their top concern, ahead of funding."

Higher education IT departments are always strapped for cash, even more so than their woefully underfunded corporate brethren, so when they put something else ahead of "funding" in their priority list you know that people who need help finding the "any" button on their computer have started taking an interest in identity management.

Now the article does cover a wide-ranging (some might even say mish-mosh) of identity-related, security-related and only tangentially-related problems (e.g., "Bowling Green State University in Ohio plans to e-mail campuswide 'fraud alerts' this fall when it suspects scams.") that are cropping up on college campuses.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

There are numerous ways in which we can tell that identity management has appeared on the radar of those outside of IT and data security. But one that really drove it home to me was a paragraph, really just a sentence, in a recent USA Today story: "This year for the first time, [campus information technology professionals] named security and identity management their top concern, ahead of funding."

Higher education IT departments are always strapped for cash, even more so than their woefully underfunded corporate brethren, so when they put something else ahead of "funding" in their priority list you know that people who need help finding the "any" button on their computer have started taking an interest in identity management.

Now the article does cover a wide-ranging (some might even say mish-mosh) of identity-related, security-related and only tangentially-related problems (e.g., "Bowling Green State University in Ohio plans to e-mail campuswide 'fraud alerts' this fall when it suspects scams.") that are cropping up on college campuses.

Not mentioned in the article - so I'll tell you about it now - are two new tools released by Internet2's Middleware Initiative. Internet2, you may remember, is the higher education/research facility consortium building a new high-speed Internet more like the old Internet - before Microsoft discovered it. Or, as the group itself so unabashedly puts it: "Led by more than 200 U.S. universities, working with industry and government, Internet2 develops and deploys advanced network applications and technologies for research and higher education, accelerating the creation of tomorrow's Internet."

The two new tools are "Grouper" and "Signet".

The Signet Privilege Management System (as it's called) provides institutions an easy to use framework to manage user access privileges in terms familiar to business managers and provides a consolidated, shared authorization data repository that is independent of any specific institutional system.

The Grouper Group Management Toolkit enables both automated and manual mechanisms for assigning users to groups based on their individual campus affiliations, status, or other relevant roles.

The two new tools can be used separately or in combination to more efficiently - and effectively - manage user privileges without necessarily getting the IT department involved. Here's an example that's provided of how the two tools might be used effectively:

"For instance, a Biology professor can use Grouper to list the students working on a special project and then use Signet to designate that they should be allowed weekend access to his laboratory and to an associated research data set for specified length of time. Signet in turn interacts with the campus provisioning system to automatically adjust all the affected systems [that] secure the laboratory and research database. After the specified time, the system automatically removes the students' access to those resources."

The tools are available for no charge and released as open source products under what's known as the "Apache" license so any of you could use them, modify them to suit your needs and even contribute back to the project. The tools are at least worth a look.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.