SSL certificates for web servers, services, and clients.
Certificate Services allow to you to obtain X.509 certificates that may be installed on servers or clients to provide authentication and encryption. SSL certificates installed on servers allow clients to verify the identity of the server and for the server and client to establish a secure communication channel using SSL/TLS. Client certificates enable computers and processes to connect to Web services, directories, and other services that require client certificate authentication.
Certificate Services options include:
InCommon Certificate Authority (InCommon CA) - Provides commercial-grade SSL server certificates trusted by all modern browsers. Certificates are available for all subdomains of *.washington.edu and *.uw.edu. Other DNS domains owned by UW departments may be added to the service upon request.
UW Services Certificate Authority (UW CA) - Provides SSL server certificates and client certificates. SSL server certificates issued by the UW CA are not trusted by default in any browsers. Client certificates issued by the UW CA are required for authentication to many UW Web services and directories.
Verify the identity of a person, computer, or application
Authentication allows you to establish the identity and authenticity of a person, computer, or application. Authentication often involves verifying something the user knows (e.g., a UW NetID and password) or something the user has (e.g., a security token or private key).
UW Information Technology supports several enterprise authentication services to help you enable secure access to Web sites, online information, desktop computers, walk-in labs, and other resources, while adhering to UW information security policies.
Authentication service options include:
Kerberos - Provides UW NetID authentication using the Kerberos network authentication system; also known as the "u.washington.edu" Kerberos realm.
Web Authentication Services- Provides UW NetID authentication and single sign-on (SSO) to participating Web sites; provides a trusted Web site (weblogin.washington.edu) for entering and verification of user credentials; supports "federation" via InCommon and SAML protocols; software options include Pubcookie and Shibboleth (preferred) for Apache and Microsoft IIS Web servers.
Token Authentication Service- Provides multi-factor authentication using Entrust tokens as a 2nd authentication factor for access to more sensitive UW applications.
UW Windows Infrastructure - Provides an Active Directory forest for Kerberos and NTLM authentication for all UW NetIDs; also known as the "netid.washington.edu" Kerberos realm.
Active Directory forest providing authentication and authorization based on UW NetIDs
UW Windows Infrastructure (UWWI) is a single-domain Active Directory forest. UWWI provides authentication and authorization based on UW NetIDs, as well as other capabilities including directory services, netbios name resolution services, Windows domain services, and Microsoft product activation services.
UW Windows Infrastructure options include:
Windows Domain Services
Provides UW NetID based authentication for clients leveraging Windows domain membership through delegated organizational units (OUs) and one-way trusts from other domains.
Name Resolution Services
Provides NetBIOS name resolution services via Windows Internet Name Service (WINS).
Provides authentication services for all active UW NetIDs.
Provides authorization services for all active UW NetIDs.
Provides directory services for all active UW NetIDs.
Microsoft Activation Services
Provides Microsoft product activation services via Microsoft Key Management Server.
<p>2/25/13: Removed <font color="#000000">UW Windows Forest option from Service Options section as it </font><font color="#000000">being removed as an available option for customers.</font> See RT 1781829 for full details.</p>
Access well-managed identity information based on UW NetIDs
Enterprise Directory Services (EDS) offer high-availability, read-only access to well-managed identity information based on UW NetIDs. These services provide user profile information, via standard protocols, including basic identification, group memberships, and affiliation data compiled from UW systems of record (e.g., HEPPS, SDB, Advance, Person Registry).
Enterprise Directory Services options include:
UWWI Active Directory - Provides LDAP directory services including user accounts for all UW NetIDs and group data from the UW Groups service; part of UW Windows Infrastructure (UWWI), this service is particularly relevant to customers seeking integration with the Windows platform.
Person Directory Service - Provides LDAP access to common UW identifiers and affiliation data for all UW members and affiliates; additional contact data is available for employees, students, and alumni; data is searchable by official UW identifiers (e.g. UW NetID, UW Registry ID, Student ID, Employee ID).
Groups Directory Service - Provides LDAP access to group data managed in the UW Groups service.
Manage groups, authorizations, and access to resources and applications
Access management allows you to manage, control, and audit access to online data, resources, and applications. It involves managing privileges, group memberships, and service subscriptions. Access management allows you to manage risk and to comply with governing policies. In some cases you can also delegate management authority to others.
UW Information Technology supports enterprise access management through:
ASTRA (Access to Systems Tools Resources and Applications)
UW Groups service
UW Subscriptions (Uniform Access) service
Access management service options include:
ASTRA - Provides enterprise authority management and privilege management services; UW 'delegators' and 'authorizers' use the ASTRA Web site to manage the authority and assign authorizations; consuming applications use the ASTRA Web service to obtain the authorizations assigned to a specific user (UW NetID) or application.
UW Groups service - Provides enterprise group management for access control, collaboration, and messaging; it supports groups usage throughout the UW by making it easier to identify, define, and reuse groups in many systems and applications; group memberships comprise UW NetIDs, federated IDs, DNS names, as well as other UW Group IDs.
UW Subscriptions (Uniform Access) service - Provides access to many central UW computing services such as UW Email, Web Publishing, Odegaard Learning Commons, UW Libraries off-campus proxy; enables provisioning and de-provisioning of access based on UW NetIDs and university affiliations (e.g., student, employee, alumni); supports UW NetID service activation and deactivation of services.