Home > Projects > Identity And Access Management (IAM)
Java Vulnerability Alert - May 19, 2013
Recently, security bulletins have been issued on the internet about risks arising from potentially infected websites that exploit a security hole in all web browsers. Click to expand/collapse.

Infected websites can take advantage of vulnerabilities in the widely used web browser plug-in for the Java platform and pose risks for Internet users. To protect against attack from websites of unverified origin, we advise using two separate web browsers for different purposes.

  1. A designated browser with Java enabled, to access enterprise UBC systems and other trusted websites and
  2. Another browser set as the default browser with the Java plugin disabled for all other web sites e.g. Blogs, internet news, gaming sites, etc.

Instructions for disabling the Java plugin can be found here. If assistance is needed in disabling the plugin for either of these browsers, help can be obtained either from your designated IT support group, or the IT Service Centre staff can help either by phone, or via the Walk-In Support Centre in the UBC Bookstore.

More information is available at our FAQ page.

Identity and Access Management (IAM) Program

UBC has recognised the need for an overall strategy to address the University's security and legal obligations for managing identity information. Identity and Access Management (IAM) is the set of business policies, processes, and a supporting infrastructure for managing the creation, maintenance and use of digital identities. The IAM program is a multi-year initiative to develop an Identity and Access management system that allows UBC to consolidate identification and authorization operations.

Purpose

Students, faculty and staff are faced with an increasing plethora of systems, accounts, usernames, passwords and access rules as part of an ongoing challenge to balance access and security needs. Without an institution-wide approach, these challenges are met on a system-by-system basis with duplicate identity information distributed across campus. As a result, the user experience is increasingly complicated, faculty and staff efficiency diminishes, identity-related administrative complexity and costs rise, and security becomes weaker.

At a high level, a successful IAM system can:

  • Lower overall administration effort
  • Enable business success
  • Improve operational efficiency
  • Boost compliance
  • Heighten security

Goals

The IAM program’s goal is to build policies, processes and technologies that allow UBC to consolidate identification and authorization operations so that the right people have access to the right services at the right time in their user lifecycle.

The IAM system aims to:

  • Quickly and easily identify and enable a person's function at the university
  • Simplify the process for accessing information services, systems, physical facilities, and other resources 
  • Allow people to establish an identity during their first contact with the University 
  • Enable departmental systems to make use of a common identity facility 
  • Provide inter-departmental, institution-wide automated identity workflow 
  • Have the capability to support finely targeted broadcast communications 
  • Allow personal information to be managed through an easy-to-use online service
  • Support easy inter-university access to resources
  • Maintain identity security and auditing standards consistent with university policies
  • Provide local control of local identity resources

For example, this can be achieved by:

  • Reducing the number of separate sign-ons
  • Ensuring that the same username / password is used on most systems
  • Managing digital identity data in a way that is person-centric, not system-centric
  • Using local administration and control for local resources

Timeline

Scope and Timeline (PDF, 121KB)

Contact

Lois Cumming (lois.cumming@ubc.ca)

Support: 

(There is currently no additional support information.)

Project Documents: 

Program Overview

Impacts to UBC Departments

IAM and You - Milestone 1 End User's Guide

Project Details: 

What Is Identity and Access Management?

Frequently Asked Questions

Glossary

a place of mind, The University of British Columbia

UBC Information Technology
6356 Agricultural Rd.
Vancouver, BC V6T 1Z2,

Emergency Procedures | Accessibility | Contact UBC | © Copyright The University of British Columbia

We Want Your Feedback!