The SLAC IAM Modernization initiative strategy consists of:
Alignment with Stanford University in key areas of authentication, federated identity and policy
In order to streamline the number of user identities and variations of user authentication experiences for staff, SLAC will move away from the SLAC ID username and align with Stanford University around the SUNetID username. This will also allow SLAC to leverage the well developed and maintained WebSingle-Sign-On infrastructure of the University as well as its robust support of federated authentication to external applications.
Deploying modern tools and with extensible functionality
While user authentication experience will be aligned with Stanford University, SLAC will deploy new IAM infrastrucure of its own to supplement capabilities particular to a DOE National Lab. In this way, the IAM effort will first deploy centralized Group Service that will provide SLAC specific information which will form access control and compliance decisions. Examples: affliation with a directorate research effort, satisfied safety training, sufficient spending authority, entitlement to curate a dataset.
Going forward at SLAC, Identity Management will be about more than just user identity. The same infrastructure SLAC will deploy for person identity management will be leveraged for computer identity as well. In this way, people and their devices can be trusted to a higher degree when accessing SLAC resources.
Coordinating the migration of existing applications to new, deprecating legacy ones
As new SLAC web applications come online or existing applications are refactored, these applications will begin to leverage the SUNetID of SLAC staff (and some other long-term contractors) for Single-Sign-On. User authentication for individuals not strongly affliated with Stanford will register their home institutional identity, which in many cases will already be federated with Stanford/SLAC through the InCommon Federation (or eduGAIN which is an international federation of federations).