Connect to the Purdue Home Page

Purdue University

Identity and Access Management

Infrastructure for Identification, Authentication and Authorization (I2A2)

NOTICE!

Purpose

The information in this web page and its related pages has been designed to assist system developers who want to use I2A2. Consequently there is no overview or general description of I2A2 in the normal flow of the information presented.

However, here are two articles that give some general descriptions:

Introduction

I2A2 is a support system that helps Purdue data systems control resources. It enables them to identify who is asking for resources, prove the declared identity, and determine what access rights the identity has.

The PUID: The identity key used by I2A2 is a ten digit number called the Purdue University IDentifier (PUID). A permanent PUID is assigned to each person having a relationship with Purdue. The PUID contains ten characters, has a Luhn check digit, and is displayed as 12345-67890.

The Alias: Some PUIDs may have an alias as an alternate way to identify them, aliases are currently borrowed for PUIDs from Coordinated Purdue Career Account Logins, assigned to all West Lafayette staff and students. An alias is usually more mnemonic and thus easier to remember than a ten digit number.

Infrastructure

The I2A2 infrastructure has an Oracle database for creating and storing PUID information, and Internet access to three fast database managers (DBMs) with text-based, LDAP, RADIUS, and secure (SSL) network interfaces. One DBM serves identification requests; a second, authentication challenges; a third, authorization queries.

Apache web server modules, libraries, and code samples are offered to help developers enable I2A2 access from their systems

Restrictions Effective November 1, 2005, access to I2A2 services will become regulated through firewall restrictions. Departments within Purdue wishing to use I2A2 services should contact ITaP's Identity and Access Management (IAM) office to execute a Service Level Agreement (SLA) or Memorandum Of Understanding (MOU) regarding their access to I2A2 services.

Purdue departments who are already using I2A2 services will continue to have access to I2A2 services after this change. However, at some future time those departments may be contacted by the IAM office and asked to execute an SLA.

There are several reasons for restricting access:

  • Knowing who is using the I2A2 services allows the IAM office to use ITaP's change management notification system to notify our customers of impending outages or service interruptions.
  • The execution of an SLA between the IAM office and the client allows both parties to understand the requirements -- including security -- and expectations for the delivery of the I2A2 services.
  • Best security practices require restricting access to potentially sensitive data or services to the smallest possible set of clients.

You may contact the IAM office to request access to I2A2 services by sending electronic mail to i2a2-admin@purdue.edu.

Ethical Use

Web servers and applications which receive authentication credentials for forwarding in I2A2 authentication requests should handle the credentials carefully and responsibly.

Those servers and applications should provide a secure channel over which the credentials are entered -- e.g., web servers should use SSL|TLS. (I2A2 requires that the credentials be forwarded to it over a channel secured by SSL|TLS.)

Operational monitoring of I2A2 operations includes accumulation of statistics about authentication requests and patterns in their use. When the I2A2 administrative staff detects an unusual pattern it will investigate.

More Information

Credits
I2A2 was developed by the Purdue Academic Computing Environment (PACE) group with help from the Management Information Department and the Purdue University Computing Center (PUCC) These people contributed to the documentaton.

Feedback | Contact Purdue | Style Standards
Maintained by: IAMO Team

Purdue University, West Lafayette, IN 47907, (765) 494-4600
© 2010 - 2013 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact the CSC at itap@purdue.edu or (765) 494-4000.