The University of North Carolina is comprised of sixteen universities, one high school, the center for public television, and one system office. Each of these constituents maintain separate technology infrastructure including servers, networking devices, and enterprise resource and planning (ERP) systems. Therefore, each constituent has internally issued computer accounts and credentials designed to access systems specific to each member. Credentials issued by one member are not valid for any other member within the system.
Due to various economic pressures, inter-institutional communication and resource sharing is rapidly increasing as a means of providing cost effective solutions for both individual entities as well as the aggregate system as a whole. As such, students, staff, and faculty are increasingly consuming electronic services provided by other members of the community. However, the lack of a centralized credential provisioning service makes these scenarios difficult to create and administer since service providers cannot securely authenticate and authorize users.
In particular, the need to increase course availability to existing UNC students by allowing inter-institutional registration for online courses has provided an immediate need to enable this type of credential sharing between the UNC constituents. However, establishing a centralized credential provisioning, authentication, and authorization service is not feasible given the current state of IT resources, personnel resources, economic resources, and organizational preparedness. Given these shortcomings and the imminent need to provide these distributed services, the organization must pursue a federated approach.
This federated approach enables each independently operating entity to maintain its credential provisioning autonomy while still participating in system-wide efforts. In other words, the federated approach enables each entity to offer services directly to other entities while providing its own faculty, staff, and students access to services offered by other cooperating members.
The UNC Identity Federation provides the metadata definition and operational infrastructure needed to enable federated service delivery among the constituent members of the University of North Carolina. The scope of this federation is not intended to be the long-term solution for UNC; that strategic direction has not been fully vetted and determined. While this is a tactical deployment designed to meet specific objectives, this UNC Identity Federation is designed to appropriately scale into the strategic solution if that outcome is desired by all the parties involved. This tactical deployment will provide UNC a large amount of information and experience in the world of identity management and position it to optimize the strategic vision.