CAA: Our Mission, Vision & Offerings

ISC's Technology Services' Identity and Access Management team is responsible for the core infrastructure on campus related to authentication and authorization.

Our Mission and Vision

Our service team provides the identity and access management services which establish a foundation for trust within the global university community. We strive to offer a frictionless and secure identity and access management experience for the university community, all with a goal of incorporating the qualities of confidentiality, integrity, availability, innovation, and integration into all of our service offerings.

  • Authentication (AuthN) is the verification of the validity of a persons identity. This person is who they say they are.
  • Authorization (AuthZ) is the verification of access rights to a service/resource. This person has privileges to access this data/service.

Our Core Service Offerings

  • WebLogin (Single Sign-On)
    • Shibboleth - AuthN and AuthZ functions for web single sign-on.
    • Two-Step Authentication - the integration-ware that enables two-factor authentication.
    • Ancillary PennKey Functions - there are a few pennkey functions deployed on our SSO infrastructure which include: pennkey registration, and bulk upload.
  • RADIUS
    • Network Electronics - AuthN and AuthZ for network electronics. (EAP-TTLS)
    • Wireless Network - authentication mechanism for joining the AirPennNet wireless network. (EAP-TTLS)
    • IoT - the internet of things and related underlying services. (EAP-TLS). This service includes the management and interface of our own non-public CA.
    • eduRoam - world-wide roaming access service developed for the international research and education community.
  • Kerberos / PennKey - The credential for unlocking Penn's electronic resources. Supports almost all of the other services listed here and is an integral part of on-boarding community members.
  • Directory LDAP - directory access protocol for user directory information (name, phone number, email, department, title).
  • PennGroups LDAP - directory access protocol for roles/group membership. A major authorization service based off of the PennGroups (Grouper) project.
  • Attribution - network activity attribution service. Primary consumer is Information Security.
  • Public Key Infrastructure - through our InCommon relationship we have a Comodo license for: SSL certificates, Client certificates, and Code Signing certificates. We are the final level of support and all of ISC depends on us and our relationship for SSL certificates. The University (outside ISC) depends on site licensing for this need, we are the final stop if site-licensing has a problem or needs any help. Support issues include DRAO support, SSL best practices, code signing certificates, and client certificates (main use case is VPN).

Back to the Central Authentication and Authorization service page.