- Tech>ology: Getting Smart About Data
- Tech>ology: Get Satisfaction For Our Students?
- Tech>ology: ID Security For Systemwide Apps
- Tech>ology: Federated Identity–Part II
- Tech>ology: Federated Identity – Part I
- Tech>ology: CCCNext Generation For Systemwide Applications
- Tech>ology: Want To Get That Project Done? Burn It Down
- Tech>ology: A Good Plan Today Is Better Than A Perfect Plan Tomorrow
Latest in Tech>ology
About Tim Calhoon
Tim Calhoon is the Director of the California Community Colleges Technology Center at Butte College, which helps facilitate and coordinate the work of California Community Colleges (CCC) systemwide technology projects in coordination with the CCC Chancellor's Office Telecommunications & Technology Unit. Prior to this, Tim accrued more than 10 years experience in managing educational technology organizations for PLATO Learning (Nasdaq:TUTR) and CyberEd, Inc. This work, in conjunction with a talented development team, lead to more than 17 educational technology awards and a Software & Information Industry Association (SIIA) CODIE nomination. Tim lives in Northern California near Chico with his wife, son and daughter. His children are both currently attending college.
TechEDge eNews Update
Tech>ology: ID Security For Systemwide Apps
Last Updated on Thursday, 04 November 2010 Written by Tim Calhoon Tuesday, 19 October 2010
Our team at the Technology Center has been working lately on how to protect the identity of our students and still benefit from the use of an Elastic Cloud Infrastructure.
In Donald Hester’s two-part blog “Tech>Protect: Risks In Clouds,” he rightly points out many of the pitfalls in walking into the cloud with sensitive data without taking precautions. Control over where data is stored, maintaining high availability, having an exit strategy, audit trail and security event notification are just a few among the issues that must be hammered out in the terms of service with a hosting vendor.
http://en.wikipedia.org/wiki/File:Cloud_computing_types.svg
Our concept is based around a hybrid cloud model where Personally Identifiable Information (PII) will be stored in a private data center (Identity Center), and non critical application data will be stored with the application services in an Elastic Cloud Infrastructure. The emergence of elastic cloud platforms, where the computing power behind deployed applications is monitored to scale up or down to service demand loads, has made it possible to efficiently handle the annual cyclic student demand on student services applications without having to build a large data center to handle peak loads.
One job of the Identity Center will be to protect student account profiles, submitted applications to college and any other data that may contain PII. In addition, the Identity Center will maintain account integrity by resolving duplicate account issues using the data at hand contained within the student account profiles and submitted applications to college.
Another task will be to Authenticate and Authorize users to access systemwide services. Interactions with the Identity Center will either involve Shibboleth based on Security Assertion Markup Language (SAML) for secure access to federated services or the PESC Data Transport Specification to ensure secure transport of data.
To ensure High Availability and Hot Standby for failover purposes we will maintain second duplicate Identity Center at a secure data center directly connected to the CENIC Network. The same duplicate can be used as a reporting and download center so those activities do not bog down transactions at the Primary Identity Center. An additional benefit of a direct CENIC connection will be that large reporting and download activity involving large amounts of student data will occur over the CENIC network directly to colleges. That traffic will not pass over the public Internet thus making a “man-in-the-middle” attack far more difficult.
The CCCID
The main linking mechanism between user accounts in the Identity Center and applications and services running in the cloud is the CCCID, a seven character ID composed of three alphabetic characters (A-Z, excluding O and I) and 4 numbers (0-9). This results in an account identifier with more than 130 million combinations that is easy for a person to remember if it was ever necessary. Example: SWD3986
When users are authenticated to use a systemwide service or application in the cloud, the CCCID will be passed to the service to identify the unique individual. In this way services and applications in the cloud can maintain personal accounts for the user anonymously.
The elastic cloud infrastructure holds the promise of tremendous cost savings over building a large data center to handle systemwide student services. The challenge is to use it effectively and minimize security risks. <>