Defining the Simplified Sign-On Project

Purpose:

The Simplified Sign-On project should establish the foundation for a modern identity and access management framework for the CTC system. This framework should enable streamlined maintenance of secured internet resources currently in use by the CTC members and allow for enhanced opportunities to cooperate with Higher Education, K-12, and third party solution vendors.

Vision:

A student or college employee may have many different credentials to access various systems that are useful to them throughout their day. This project would aim to reduce the set of credentials to one primary credential for all commonly accessed online resources. In the likely case that an ideal of a single universal credential cannot be achieved the system would aim to reduce the set to one primary credential and a minimal set of other credentials when highly desirable systems are unable to integrate with the Simplified Sign-On system.

This one credential would be managed by the student’s home college or a central credential issuing authority available to all CTC institutions. The central management of the credential would make it much easier to handle the maintenance of the credential such as changing passwords and recovering usernames and other credential lifecycle issues.

In addition the system would reduce the number of times that a user is challenged for their primary credential by establishing Single Sign-On mechanisms between applications where possible and effective. This would result in the experience for the user that once they had authenticated they may move between participating applications without having their identity challenged each time.

Goals:

• Reduce the total cost of ownership (TCO) of secured internet resources by streamlining costs involved with credential management and time lost to the credential challenge process.
• Increase the use and adoption of secured internet resources by reducing user frustration.
• Increased security by focusing quality management on one set of credentials.
• Specify a system architecture that enables adoption by small colleges in the CTC system through centrally managed deployment or a set of standards and protocols that colleges must deploy to interoperate with the system if they need locally customized solutions.
• Propose and implement a phased solution.

Objectives:

• Identify and prioritize the applications currently in production for inclusion in the project scope. The following applications represents the minimal set of applications under consideration by may be expanded or revised as required.
• CIS Web Transaction Server Secured Applications
• Web registration + schedule planner.
• Web credit card tuition payment.
• Unofficial transcript.
• Employee Earnings history.
• Instructor’s Briefcase.
• Other applications secured with the CIS SID/PIN credential.
• CTC chartered third-party applications.
• ePortfolio
• WAOL
• Locally developed college applications.
• Identify the most suitable industry standard approach to Identity and Access Management to use as the Simplified Sign-On solution framework.
• Identify and document processes to retrofit existing applications to participate in the Simplified Sign-On system. 
• Identify the minimum required set of supported credential issuing platforms. (For example: MS Active Directory, Novell eDirectory, and other products of interest.)
• Identify and document coherent usage patterns characteristic of the following groups which must be supported.
• College staff, faculty, and student usage.
• Prospective students.
• K-12 and Higher Education institutions.
• Third-party vendors.

Succinct Definition: