The Identity and Access Management (IAM) Council serves as a campus-wide stakeholder group for identity and access management (IAM) services at UW-Madison. A commonly available set of IAM services as is a key element of the UW-Madison IT infrastructure, ensuring effective, efficient and consistent access controls to protect university resources and the privacy of members of the university community, while enabling efficient access to resources in support of the university’s mission.
IAM Council Mission
The IAM Council’s mission is to continuously work towards improving security, reducing risk and improving the quality of and confidence in campus identity, authentication and security systems by engaging stakeholders and providing a roadmap for identity and security services to applications that appropriately balance risk, usability and need. The IAM Council advances a service-centric approach that enables campus to safely and confidently deliver broad and dynamic services to an ever-widening base of customers.
IAM Council Members
|Steve van der Weide||Wisconsin School of Businessfirstname.lastname@example.org|
|John Jameson||Business Servicesemail@example.com|
|Jan Cheetham||CIO Officefirstname.lastname@example.org|
|Jim Drews||College of Engineeringemail@example.com|
|Amanda Reese||Office of Compliancefirstname.lastname@example.org|
|Kevin Breese||Wisconsin Unionemail@example.com|
|Phil Hull||Enrollment Managementfirstname.lastname@example.org|
|Nancy Lynch||Legal Affairsemail@example.com|
|Andy Goldstein||Academic Technologiesfirstname.lastname@example.org|
|Tom Jordan||DoIT – EISemail@example.com|
SMEs / Resources
|Jon Miner||DoIT EISfirstname.lastname@example.org|
|Mike Roszkowski||DoIT EISemail@example.com|
Upcoming IAM Council meetings
No events returned.
IAM Council Charter
Purpose of this Document
This document charters the Identity and Access Management (IAM) Council and defines its shared direction, guiding principles, membership, and roles and responsibilities. The membership and sponsors will review and update this charter biannually.
UW–Madison has not always delivered IT services in a unified or comprehensive manner, and the Identity and Access Management service portfolio is no exception. Identity and Access Management (IAM) is the collection of policies, technologies, and practices that govern and provide identity assurance, and the access to resources based on a verified identity. IAM at UW–Madison has grown organically over time and is often disparate and siloed, lacking a shared, community-driven vision and direction. In addition, new technologies and ideas in the IAM field were becoming widespread, practical, and accepted, which left the campus even further adrift from best practice. The situation was, and is, untenable.
In 2015, campus stakeholders formed the Credential Policy Stakeholders Team to address these issues. In 2016, that group released their final report, which defined a forward-thinking strategy for credential management that focuses on risk, usability, services, and confidence. That report called for a new and permanent guidance or governance group to guide implementations in support of that vision. In 2017, the Infrastructure Technology Advisory Group expanded that vision to include steering and oversight for the comprehensive set of identity and access services needed by the campus community to support the University’s mission.
This new group was charged with the fidelity to and maintenance of the vision put forth for IAM at UW–Madison. This vision supports the University mission by providing technology, process and policy to ensure appropriate and effective access to IT services for our stakeholders. It sees a commonly available set of IAM services as a key element of the University IT infrastructure, to ensure effective, efficient and consistent access controls to protect University resources and the privacy of members of the University community, while enabling efficient access to resources in support of the University’s mission.
In order to meet the vision, the campus must rationalize our IAM service offerings against the campus needs and define a future-focused roadmap for IAM services. Further, the campus must work to align delivery of other IT services with the IAM roadmap, and ensure that access to services encompasses appropriate considerations of risk, usability, service and confidence. This document establishes the group charged with fulfilling these responsibilities.
For additional information regarding the relationship between this group and other governance groups, please see Appendix 1 below.
Authorization to Operate
The following individuals have authorized the IAM Council to operate in the capacity defined within this charter:
Role Name/Title Sponsoring Governance Group Infrastructure Technology Advisory Group (ITAG) Sponsoring Group Representative Melissa Tran, Director, Enterprise Internet Services Sponsoring Group Representative David Towers, Asst. Dean, Wisconsin School of Business
Continuously work towards improving security, reducing risk and improving the quality of and confidence in campus identity, authentication and security systems by engaging stakeholders and providing a roadmap for identity and security services to applications that appropriately balance risk, usability and need. Advance a service-centric approach that enables campus to safely and confidently deliver broad and dynamic services to an ever-widening base of customers.
Guiding Principles and Values:
The IAM Council’s operation, direction and recommendations will be based on the following guiding principles:
- Transparency – We are committed to open and transparent processes that encourage review and input from all campus stakeholders.
- Campus Engagement – We must involve and engage stakeholders who have expertise and are affected by identity and access policies, plans and efforts within our community.
- Stewardship – We must act as good stewards of resources that support the overall mission of the University. The IAM Council will consider the most effective application of resources to meet the needs of campus stakeholders.
- Inclusivity – The best discussions and recommendations come from a warm, welcoming, inclusive and spirited community.
- Service Focus – A service-centric IAM approach enables campus to safely and confidently deliver broad and dynamic capabilities to an ever-widening base of customers.
- Integrated Service Approach – We believe that services must integrated with campus data and security policy and standards, be vetted for risk and compliance, and be governed by an active stakeholder community.
- Future Thinking – We must ensure that short-term directions and recommendations are consistent with a long-term vision for IAM services.
- Provide direction and leadership for the specification, development and implementation of IAM services in support of IT service delivery to UW–Madison constituents (IAM Roadmap Planning).
- Survey the needs of campus stakeholders to ensure that IAM services are well aligned and effectively supporting campus needs.
- Ensure that services are well integrated with campus standards, vetted for risk and compliance and governed by an active stakeholder community (IAM Service Rationalization).
- Provide analysis and recommendation for the IT project intake process for IAM services and advise on IAM impacts and dependencies for other services in the portfolio (IAM Portfolio Management)
- Examine the current security of UW–Madison authentication credentials as compared to best practices and current recommendations, such as those published by NIST, SANS, InCommon, and others. Consider cost and benefits to assure that recommendations of the team are practical to implement (Credential Steering)
Structure, Membership, and Responsibilities
The IAM Council membership consists of a mix of business, technology, legal and compliance representatives addressing the needs of students, faculty and staff from schools, colleges, divisions and administrative units from around campus. These members represent the needs, impacts and issues around identity and access for their units and the campus at large.
Infrastructure Technology Advisory Group (ITAG) sponsors the IAM Council, and also serves as its primary governing body. The IAM Council may provide guidance and recommendations to other campus governance groups on issues relating to identity and access management.
The IAM Council has two chairpersons. Executive Sponsors select one chairperson to a standing appointment. The Council nominates the other chairperson and the executive sponsors confirm the appointment for a one-year term.
The IAM Council provides recommendations and guidance on identity and access services to campus governance and stakeholders. Membership consists of:
- Central IAM Service Representative (Chairperson)
- Campus at-large Representative (Chair)
- Appointee from Office of Cybersecurity
Remaining membership will be solicited by sponsors from the wider stakeholder community with an emphasis on capturing a diverse group representing faculty, staff, student, research, academic and administrative needs. The Council will also solicit both technical and non-technical members, and balance the representation from central and distributed IT communities.
The chairs are responsible for generating and ensuring the distribution of meeting agendas and minutes. Members review the material and are prepared for the meeting and potential discussion. The IAM Council determines its meeting frequency and agenda structure.
The IAM Council makes use of sub-committees, comprised of subject matter experts and key stakeholders, to analyze problems, evaluate projects, recommend solutions, and provide guidance for implementing initiatives. Sub-committee membership is by appointment from the IAM Steering Group members. Sub-committees leverage and engage the larger IT community and frequently include non-IAM Steering Group members.
Subject Matter Experts
The IAM Council also engages subject matter experts as needed to aid in understanding issues and impacts and to develop plans, proposals and options for campus. Subject matter experts may be brought in from a variety of technical, business, legal and compliance area and serve a supporting role in helping the IAM Council to meet its objectives.
Appendix 1 – IAM Council relationships to other IT Governance Groups
Note: Need image