Identity Management assembles several streams of activity around identifying members of the university community and provisioning services for those community members. Universities need methods for discovering new members of the community and making sure those members have access to the services that the individual members need. Identity management can be used create a single-authentication environment, moving to a single sign-on environment, and then sharing that authentication among several universities in a federation. When used for service provisioning, access to private or limited resources can be controlled through identity management strategies.
A growing aspect of Identity Management is the creation of access and traffic logs. These logs allow us to differentiate the activities of those authorized community members from activities that are not authorized, particularly those originating from those outside the community. We can trace and answer “what happened.” Compliance requirements (e-evidence or HIPAA, for example) may require retention of logs for extended periods of time.
I like to think that university networks and systems operate within a set of ethical principles. Our networks are open highways where communities are free to travel. There may be limited entrance and exit ramps, particularly to special services (like interstate highways). Cars are licensed to travel wherever the driver chooses, but travel is not monitored or permanently recorded in a log. Some destinations are not easily accessible or have limited access; there are locked gates and perimeter walls.
