Lightweight Authentication Project Overview

11/14/2016 - The procurement process completed during the Summer 2016. The project will be on hold for the remainder of FY2016-2017 due to deferred funding. The project team will reassess the project, available funding, early adopter confirmation, and next steps in late Spring 2017.

The Lightweight Authentication Project will provide an alternate method of authentication for external users who need to access online university resources. The recommended solution is to make external identities consumable by campus applications using a centrally provided gateway.

Project Goals

One goal of the IAM Strategy Roadmap is to develop authentication tools that create a better balance between usability and security. The University benefits from online collaboration with a variety of external users, from prospective students, alumni, and job applicants to international visitors and research collaborators. While the UT EID was designed for members of the UT community, it is also widely used by external users. However, the process of creating a UT EID and remembering a UT EID and password can be problematic for users who only have an occasional need to access campus resources. Requiring UT EID authentication for these users delivers a poor user experience and also leads to calls to the Help Desk for password resets. Many of these external users already have accounts with other identity providers such as Google and LinkedIn.

Scope

The Lightweight Authentication Project will be completed in four phases and will address the following:

Phase 1 - Requirements, Solution Assessment, and Guest EID Roadmap

  • Gather requirements for authentication gateway, identity providers, discovery service, invitation service, integration with local identity management systems, and account linking.
  • Identify identity providers to be included in the implementation.
  • Identify a lightweight authentication solution for users who are not comfortable using a social account (e.g., Facebook, LinkedIn) to access UT resources. This could be a third party identity provider that is not linked to a social account provider.
  • Complete a solution assessment.
  • Develop roadmap for currently existing guest-class UT EIDs.

Phase 2 - Solution Procurement and Basic Implementation with Early Adopters

  • Complete solution selection.
  • Complete high level design of overall lightweight authentication solution.
  • Develop guidelines for applications that grant access to external identities. Determine where external identities fit in the identity assurance framework.
  • Identify and incorporate early adopter applications.
  • Implement a lightweight authentication solution that allows a user to authenticate using a social account (e.g., Facebook, LinkedIn), a local account (an account managed by the solution itself, or a UT EID.
  • Implement a solution for business processes that depend on the EID/UIN.
  • Complete adoption planning.
  • Complete Guest EID transition planning

Phase 3 - Service Enhancement

  • Implement the ability to assign entitlements to a lightweight identity.
  • Design and implement an account - linking process to connect an external identity to a UT EID.

Phase 4 - Transition, Adoption, and Guest EID Retirement

  • Complete transition and adoption of Guest EID consumers.
  • Retire Guest EIDs.