CANRI Project Plans 2002-2003
Project # 01-Access Management
1 DOCUMENT CONTROL
1.1 Revision History
This document has been distributed to:
This document requires the following approvals:
2 Short name or acronymAccess Management
Most CANRI resources are public access. Some datasets and applications require various levels of registration or access approval. The access management project provides within the CANRI Framework a mechanism for applications and datasets to be appropriately restricted to authenticated users. It also provides a mechanism for a user to have a single UserID and password for access all her authorised CANRI resources.
4 Target audience
Primary audience:State government
Main regional audience:
5 Participating organisations
5.1 Lead agency or organisation
5.2 Other agencies or organisations
Project Steering Committee
7 Project definition
7.1 Project description and objectives
Currently most data and applications provided within the CANRI framework are publicly accessible, with no restriction and few registration requirements. Where registration or user login is required this has been independently implemented in each application.
The current situation presents a number of weaknesses:
The Access Management project will implement infrastructure that provides a central repository for usernames passwords and permissions that can be accessed by applications and datasets within the CANRI framework to ensure that the user making the request is properly authorised to do so. This system can be used by data custodians to build in authentication and authorisation into their applications or data. This has the following benefits:
Simple administration, delegated administration, user self-registration and profile management.
7.2 Inclusions and exclusions
This project includes the establishment of the authentication service within the DLWC computing environment, and the design of a number of models for use by data and application custodians.
One pilot project will be implemented to evaluate the system, the technology, and assess its effectiveness. Assessment of the administration loads placed on DLWC and resource custodian staff is included in the pilot evaluation.
This project does not include the upgrade of data custodian web servers or application as required to implement authentication (other than the pilot project).
The project also includes finalisation of the draft strategy developed in the 2001-2002 Authentication consultancy.
7.3 Related initiatives and interdependencies
This project is dependent on the final outcomes of the 2001-2002 Authentication consultancy.
7.4 Technological environment
CA eTrust Access Control policy store will be located on one of DLWC’s Solaris web servers. It will access an eTrust Directory store.
The Netegrity SiteMinder Policy Server will be located on one of DLWC’s Solaris web servers. It will access an existing directory store (iPlanet – free with Solaris 8; Netware e-Directory – existing).
Web agents will be installed (included in licence fees) on appropriate data custodian web sites.
Delegated management will allow access to the policy server by data custodians for administration.
7.5 Prerequisites and assumptions
A 500 user licence is sufficient for first year of operation.
DLWC infrastructure has the capacity for this implementation and are willing to contribute in-kind.
Agency chosen for Pilot will be willing to participate and contribute in-kind.
Vendors will be able to deliver to the requirements outlined in the 2001-2002 Authentication Consultancy.
8.1 Details of deliverables
Click here to see list of deliverables in pdf format.
8.2 Environmental theme
8.3 Type of deliverables
8.4 Additional information
9 Schedule and costs
9.1 Schedule and cost details
Click here to see project schedule and costs in pdf format.
9.2 Additional information
LPI and OIT have expressed interest in the project. Possible synergies with existing OIT initiatives exist.
10 Project organisation and controls
10.1 Organisation Chart
Click here to see organisation chart in pdf format.
10.3 Quality management
Progress reports will be provided to the CANRI coordination team every two months or otherwise as required.
The Project Manager (or a representative) will attend CANRI Program Implementation Group meetings to discuss progress on the project.
The Senior User (or a representative) will attend CANRI Community Reference Group (CRG) meetings or contact a member of the CRG prior to each meeting to enable discussion on progress of the project and to ensure that users needs are met.
Other quality management measures to be adopted:
11 Other information
12 Executive signoff
The Project and its outcomes are consistent with the business policies and strategies of this organisation as its sponsor. Resources are available to adequately supplement those provided by CANRI funding for the substantial delivery of expected project outcomes and for the realisation of described benefits.
This project plan has been prepared in accordance with the 2001/02 CANRI Project Plan guidelines
The project is consistent with the business policies and strategies of this agency as its sponsor. Resources are available to adequately supplement CANRI funding for the provision of the stated project deliverables and the realisation of stated objectives.