Tuesday, January 12, 2016

Presentation Jitters

Giving my first UCLA presentation this afternoon on SSO and MFA.  Besides lack of familiarity with the audience or venue, I am also a little nervous that it has been over 2 years since I delivered my last presentation.  I have written presentations in the last couple of years but they were never delivered beyond my immediate management for various reasons. It is hard to believe that it has been so long though.

While I have delivered over 100 presentations in the last 15 years I found it never really gets old. There is always nervousness, although I tend to lose this quickly once I am speaking and thinking on my feet (sometimes in one order, sometimes the other). There is always the desire to tweak the slides one more time.  And I have to fight my desire to add content on the fly and try to remember the "when in doubt, throw it out" motto.  Presentations are best when they introduce concepts and pique curiosity rather than attempting to educate the audience. With a very limited amount of time and a slidedeck it just isn't possible to really educate to any depth and when diving too deep you always leave the audience gasping for air.

Because this is an internal presentation I will not be able to post it, but some of it may appear in later presentations at Internet2 or EDUCAUSE.


Tuesday, October 20, 2015

UCLA IAM Architect

I'm pleased to have accepted the position of IAM Architect at the University of California Los Angeles. UCLA has a complex and robust IAM deployment based on a mix of the Internet2 community source products such as Shibboleth and Grouper and a number of internally developed applications for provisioning and authorization.

Monday, September 1, 2014

My Travels in Identity Management

My current position is Manager of Governance, Risk, and Compliance for Yum! Brands, Inc. I have been actively working in the Identity Management space since 2000. This page includes the public presentations that I have given in this area.

In 1999 I was hired by the University of Notre Dame to be their Manager of Information Engineering. The focus of this new position was to develop an ongoing program around data warehousing, data modeling, and to encourage best practices in data management. In early 2000 central IT management directed the immediate development of an Enterprise Directory Service using the Lightweight Directory Access Protocol (LDAP) in support of Single-Sign On (SSO) and, in contrast to existing account based systems, establishing a person-based identity registry for students, staff, and faculty of the University. I became responsible for this effort, focusing on directory schema, provisioning scripts, access controls, application integration using LDAP, and the development of web interfaces for directory search and user profile self-service. While the directory and registry could have been developed as separate components of this new IdM infrastructure, instead they were combined into a single directory with person-based entries and account-based attributes. In time the directory schema and provisioning applications were enhanced to include automated groups, allowing features of both roles based access control (RBAC) and discretionary access control (DAC). During this time I was appointed the Internet2 Meta Directory Services Campus Architect, was an active participant in the Middleware Architecture Committee for Education Directories working group ("MACE-Dir") and gave many presentations at Internet2, CUMREC, EDUCAUSE, and other higher-education focused conferences, as well as consulting with several universities included among them George Mason University and the University of Southern California. In January 2005 I left Notre Dame and accepted the position of Identity Management Architect at the University of Southern California.

Publications during this period 2002 to 2004 include:
  • Metadirectory Practices for Enterprise Directories in Higher Education (5/2002)
  • Internet2 Directory Services Diagnostics Scenarios (12/2003)
  • Local Domain Person Object Class Study (5/2004)
  • Pseudonymous Instant Messaging Case Studies (6/2004)

2002 Presentations

4/17/02 Enterprise Directory for Single Sign-On

American Association of Collegiate Registrars and Admissions Officers (AACRAO) Annual Conference

Minneapolis, MN

5/7/02 MACE-Dir: Metadirectories

Internet2 Annual Spring Member Meeting

Washington, D.C.

6/25/02 MACE-Dir: Metadirectories - Practices in Higher Ed

Internet2 Base CAMP (Campus Architectural Middleware Planning) Workshop, June 2002

Boulder, CO 

7/31/02 Directory Service Operational Performance Monitoring at Notre Dame

Internet2 Advanced CAMP (Campus Architectural Middleware Planning) Workshop, July 2002
Boulder, CO 

10/2/02 The University of Notre Dame Enterprise Directory: Engineering Order from Chaos
EDUCAUSE Annual Conference - Core Services and Infrastructure poster session venue

Atlanta, GA 

10/3/02 LDAP-Enabled Privacy at the University of Notre Dame

EDUCAUSE Annual Conference - Core Services and Infrastructure poster session venue

Atlanta, GA 

10/28/02 Tutorial: Middleware Technology - Operational Issues in Directories

Internet2 Annual Fall Member Meeting

Los Angeles, CA 


2003 Presentations

2/5/03 Architecting Your Data and Metadirectory Model

NMI-EDIT Base CAMP (Campus Architectural Middleware Planning) Workshop

Tempe, AZ

2/6/03 Managing Enterprise Directories: Operational Issues - Performance Monitoring (
Co-presented with Dr. Thomas Barton of the University of Memphis)

NMI-EDIT Base CAMP (Campus Architectural Middleware Planning) Workshop

Tempe, AZ 

3/13/03 Middleware At ND (webcast)

Internet2 Day

Notre Dame, IN

3/25/03 LDAP-Enabled Privacy at the University of Notre Dame

EDUCAUSE Midwest Regional Conference 
Chicago, IL 

5/13/03 The University of Notre Dame Enterprise Directory: Engineering Order from Chaos

CUMREC Annual Conference

Lake Buena Vista, FL 

5/13/03 Self-service Privacy Using LDAP at the University of Notre Dame

CUMREC Annual Conference

Lake Buena Vista, FL 

6/4/03 Leveraging Applications and Network Services Using Authentication - panel session

Moderated by Michael Gettes, Sr. Technical Architect & Strategist, Duke University

NMI-EDIT Campus Architectural Middleware Planning (CAMP) Meeting

Boulder, CO 

6/6/03 Ask the Experts - panel session

Moderated by Ken Klingenstein, Project Director, Internet2 Middleware Initiative & Chief Technologist

NMI-EDIT Campus Architectural Middleware Planning (CAMP) Meeting

Boulder, CO 

11/6/03 Directory-Enabling Applications: Techniques from the Trenches

EDUCAUSE Annual Conference

Anaheim, CA 


2004 Presentations

4/20/04 Directories: Recent Schema Work

Internet2 2004 Spring Member Meeting

Arlington, VA

4/21/04 Enterprise Directories: An Implementation Roadmap

EDUCAUSE Midwest Regional Annual 
Pre-conference seminar
(Co-presented with Joel Cooper, Carleton College Director of IT
)
Chicago, IL 

4/22/04 Getting to Win-Win: Leveraging Active Directory With Campus Enterprise Services
EDUCAUSE Midwest Regional Annual Conference
Chicago, IL 

5/17/04 Directory-Enabling Applications: Techniques From The Trenches

CUMREC Annual Conference

Austin, TX 

5/18/04 Canning the Spam: Winning the War at Notre Dame

CUMREC Annual Conference

Austin, TX 

7/2/04 Connectors & Provisioning - panel session

Moderated by Keith Hazelton, Senior Technical Architect, University of Wisconsin-Madison

NMI-EDIT Advanced Campus Architectural Middleware Planning (CAMP) Meeting

Boulder, CO 

10/20/04 Directory-Enabling Applications: Techniques From The Trenches

EDUCAUSE Annual Conference

Denver, CO 


From 2005 to 2014 I developed and managed the Identity Management services at USC. As I had previously at Notre Dame, I designed and maintained the schema, access controls, and provisioning scripts for the Enterprise Global Directory Service and supervised the team of technologists with responsibility for the Shibboleth Identity Provider for web-based SSO, the Person Registry database, the Affiliate Identity System ("iVIP"), the Groups Management self-service application ("MyGroups"), the self-service password management application, and the self-service federated guest registration application. I worked closely with other offices at the University in the development of a governance program for Identity Management and served as the technical expert for that program. During this time I chaired the MACE-Dir working group, co-chaired the NISO Institutional Identifiers (I2) E-Learning working group (12/1/08 - 3/2009), and spoke regularly at a large number of higher-education focused conferences. In April 2014 I left USC and accepted the position of Senior Global Architect for Identity and Access Management at Yum Brands, Inc.

Publications during the period 2004 to 3/2014 include:

2005 Presentations

3/22/05 Middleware Authorization Using Groups

EDUCAUSE Midwest Regional Annual Conference

Chicago, IL

5/2/05 Metadirectories & Resource Provisioning BoF: Feeding the USC Person Repository

Internet2 Annual Spring Member Meeting

Arlington, VA 

5/17/05 Enterprise Directory Design – Facing the Initial Challenges

CUMREC Annual Conference
Keystone, CO 

6/27/05 Identity Management: Reflect and Join

NMI-EDIT CAMP Identity and Access Management Integration Workshop

Denver, CO 

6/29/05 Identity Management: Forming the Game Plan and Next Steps – expert panel

NMI-EDIT CAMP Identity and Access Management Integration Workshop

Denver, CO 

9/19/05 Metadirectories / Provisiong BoF

Internet2 Annual Fall Member Meeting

Philadelphia, PA 

9/21/05 Recent Advancements in Metadirectory Development in Higher Education

Internet2 Fall Member Meeting

Philadelphia, PA 

10/21/05 Leveraging Data Warehousing Assets in Enterprise Directory Design

EDUCAUSE Annual Conference

Orlando, FL 


2006 Presentations

3/21/06 eduPermissionGroup draft

NMI Signet and Grouper Early Adopters Deployment Workshop

Los Angeles, CA

3/21/06 IdM and AuthX @ USC

NMI Signet and Grouper Early Adopters Deployment Workshop

Los Angeles, CA

4/24/06 Enterprise Directory Design – Facing the Initial Challenges

EDUCAUSE Western Regional Annual Conference

San Francisco, CA

6/27/06 Using Shibboleth as Your WebSSO Authentication System

CAMP Shibboleth: Enabling Campus and Federated Single Sign On

Burlington, VA

10/9/06 Deploying Shibboleth: Technical Requirements, Policy Issues, and Case Studies

EDUCAUSE Annual Conference

Half-day seminar co-presented with Michael Gettes, IT Architect, Duke University

Dallas, TX

10/9/06 Care and Feeding of the Institutional Directory Service – Advanced Issues, Problems, and Solutions

EDUCAUSE Annual Conference

Half-day seminar co-presented with Robert Banz, Director of Computing Infrastructure, University of Maryland, Baltimore County

Dallas, TX

10/10/06 Enterprise Directory Design – Facing the Initial Challenges

EDUCAUSE Annual Conference
Dallas, TX


2007 Presentations

5/9/07 Extending the Reach of eServices – Policy and Practice at USC

EDUCAUSE Western Regional Annual Conference
San Francisco, CA

10/23/07 Architecting the Institutional Directory Service – Advanced Issues, Problems, and Solutions
EDUCAUSE Annual Conference
Seattle, WA

10/25/07 Collaborators at the Gates of Troy – Extending eServices at USC

EDUCAUSE Annual Conference

Full day seminar co-presented with Robert Banz, Director of Computing Infrastructure, University of Maryland, Baltimore County

Seattle, WA


2008 Presentations

4/1/08 Applying Data Governance in Identity Management: To Serve and Protect

EDUCAUSE Western Regional Annual Conference

San Francisco, CA

4/21/08 MACE Directories Working Group

Internet2 Annual Spring Member Meeting
Arlington, VA

7/10/08 Identity Management at USC: Collaboration, Governance, Access

AACRAO Identity Management Workshop
Baltimore, MD

8/8/08 EDUCAUSE Live! Spotlight on Identity Management at USC

Web seminar <http://net.educause.edu/SPTIDM088>

10/13/08 MACE Directories Working Group

Internet2 Annual Fall Member Meeting

New Orleans, LA

10/14/08 Kerberos role in Unified Identity and Access Management

Internet2 Annual Fall Member Meeting

New Orleans, LA

10/15/08 The Launch of Google Apps For Education at USC: Determinants, Decisions, and Deterrents

Internet2 Fall Member Meeting

New Orleans, LA

10/29/08 Applying Data Governance in Identity Management: To Serve and Protect

EDUCAUSE Annual Conference

Orlando, FL

10/30/08 The Launch of Google Apps For Education at USC: Determinants, Decisions, and Deterrents

EDUCAUSE Annual Conference

Orlando, FL

11/5/08 Examples of IdMs

TERENA EuroCAMP 2008 Conference

Athens, Greece

11/6/08 Google Apps

TERENA EuroCAMP 2008 Conference

Athens, Greece


2009 Presentations

2/4/09 Student Identity Life Cycle - Stage 1: Establishing a Relationship

Internet2/EDUCAUSE CAMP

Tempe, AZ

2/5/09 Student Identity Life Cycle - Stage 2: Managing Digital Identity

Internet2/EDUCAUSE CAMP

Tempe, AZ

2/11/09 Google@School: Apps, Tools, & Tips for Your College

Web seminar hosted by Higher Ed Hero

4/27/09 MACE Directories Working Group

Internet2 Annual Spring Member Meeting

Arlington, VA

10/5/09 MACE Directories Working Group
Internet2 Annual Fall Member Meeting

San Antonio, TX

10/7/09 InCommon Collaboration Activities – National Student Clearinghouse

Internet2 Annual Fall Member Meeting
San Antonio, TX


2010 Presentations

4/14/10 Federated Identity Management: Addressing the Risky Business

EDUCAUSE 2010 Security Professionals Conference

Atlanta, GA

4/14/10 Identity Management for Security Professionals: Leveraging Federations

EDUCAUSE 2010 Security Professionals Conference - seminar

Tempe, AZ

4/24/10 Using Shibboleth to Connect: Applications for the Clearinghouse and other Federated Applications

AACRAO Annual Conference

New Orleans, LA

6/9/10 “USC Identity Management, Shibboleth, and SAML”
Open Web Application Security Project (OWASP) Los Angeles chapter

Culver City, CA

6/10/10 IAMOnline: Hot Topics and Current Issues in Identity Management – Handling Affiliate Populations

Web seminar 
<http://www.incommon.org/iamonline>


2011 Presentations


2012 Presentations

4/25/12 USC Shibboleth Support Model
Internet2 Annual Member Meeting
Arlington, VA

4/25/12 Supporting a Widely Deployed Campus Shibboleth Implementation
Internet2 Annual Member Meeting
Arlington, VA


2013 Presentations

5/15/13 USC's OAuth Recipe: OAuth + Enriched Identity Data + Central Authorization
Common Solutions Group 2013 Spring Meeting
Brown University, Providence, RI

5/21/13 Overview of IdM: Where Has It Been and Where It Is Going
EduSoCal '13 Annual Conference
California State University, Channel Islands, CA

9/29/13 Multi-Factor Authentication in Higher Education
EDUCAUSE Annual Conference
Orlando, FL

11/11/13 USC: Managing Your Service Provider Interactions
InCommon Identity Week Annual Conference
San Francisco, CA