The University of Queensland is looking to engage consultants to assess the state of identity management (IdM) at the university.
UQ has multiple systems where user identity profiles are created. Staff and student profiles are created in systems called Aurion and SI-Net while visitor profiles are developed in a bespoke IT system dubbed PRISM.
“Data from all these systems are collated and entered into the LDAP directory service where it is used for both authentication and directory information,” state documents inviting the submission of quotes for consultative services.
"The UQ LDAP service is viewed as the primary repository of user data in the university but is authoritative for only a few attributes per identity profile."
- NSW gov appoints IT consortium to improve password security
- Healthdirect Australia sees value in open source for security solution
- The rise of security-as-a-service in Australia
According to UQ, the current IdM system performs authentication well and allows IT staff to remove user access from most systems by a centralised process.
“Whilst this is useful when a person is `off-boarded’ from the university, it is a far too simplistic approach for most operational scenarios. The current solution fails to address the authorisation and monitoring of activity in the dependent systems and does not provide granulate admin control,” the documents said.
At present, a user ID needs to be kept in a central system for authentication and a host system for authorisation. Monitoring of user activity is addressed in an ad-hoc manner or not at all, said UQ.
According to UQ there a number of issues with provisioning identity profiles. For example, academic staff members often hold a faculty position and are a member of an institute. These roles require different access levels in various systems.
In addition, some university students are employed as casual staff but have no consistent way of linking their accounts. UQ also has many collaboration projects where external users require access to systems.
UQ is looking for an external agency to evaluate its IdM situation. After evaluation, a report will be created which looks at identity governance, management issues and operational limitations of the current system, including recommendations for an improved IdM and a roadmap to achieve this.
The deadline for responses is 19 September.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia