Computerworld - Until recently, NASA used a different badge system in each of its 16 locations. “We didn’t have an agency repository of identity information,” says Portia Dischinger, data center manager at the Marshall Space Flight Center. It also lacked a consistent badging process or any way to ensure that an employee who was terminated would be locked out of all facilities immediately.
Today, the National Aeronautics and Space Administration has implemented new, consistent badging systems in most locations and configured each to work through a single identity management entity to provide more tightly controlled, coordinated building access.
NASA started by creating a universal uniform personal identification code (UUPIC) for every user. “We went through each badging system to pull in identities, assign those UUPICs and provide that back to the IT systems and badging systems as an anchor attribute for identity,” says Sharon Ing, integrated services environment project manager.
Identities are now created for some 20,000 staffers and 100,000 contractors and affiliates through human resources or through the badging system. Those changes are propagated through Sun Identity Manager, which handles workflows for badge-approval processes, and a back-end SQL Server database, which acts as the identity repository. Identity data also gets pushed to the enterprise directory and asset directory, although the system is currently used only for provisioning and deprovisioning of badges. “We don’t have all of our applications integrated into our account management system yet,” Dischinger says.
Previously, a user who was terminated in one location might still have access to other facilities. Now, says Ing, “if somebody leaves, our checkout process disables the identity and starts a workflow identifying accounts [to disable].” Once a badge is turned in, that triggers an automated deprovisioning proc¿ess that affects access in all locations.
The biggest technical hurdle was cleaning up identity data between applications and matching identities with old employee codes, says Dischinger. But implementation was the easy part. The bigger task, she says, is “understanding your current business processes and articulating that well.”
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
