Technology to Provide Research and Education Institutions Enhanced Privilege Management Capabilities

ANN ARBOR, Mich. - August 7, 2006 - Internet2's Middleware Initiative today introduced its Signet Privilege Management System and the Grouper Group Management Toolkit. Signet and Grouper make it easier to manage access to protected online resources by providing research and academic institutions
the critical software and tools needed to support enhanced institution-wide role- and permission-based authorization for appropriate access to resources.

"Today, universities and other institutions of higher learning face significant challenges in managing student and faculty access privileges to online content and campus resources like library and course materials or even wireless Internet service," said Ken Klingenstein, Internet2's director of middleware and security, "The Signet System and Grouper Toolkit enable organizations, both institutional and virtual, to better manage and control individuals' access to these protected resources. This is accomplished by providing a framework for the consistent application of authorization rules across all of their IT systems."

The Signet Privilege Management System provides institutions an easy to use framework to manage user access privileges in terms familiar to business managers and provides a consolidated, shared authorization data repository that is independent of any specific institutional systems. The Grouper Group
Management Toolkit enables both automated and manual mechanisms for assigning users to groups based on their individual campus affiliations,
status, or other relevant roles. Both Grouper and Signet can be used together or stand alone and enable a distributed model for control, so that those responsible for assigning or delegating user access privileges can directly manage them to meet their needs across all the necessary campus systems.

For instance, a Biology professor can use Grouper to list the students working on a special project and then use Signet to designate that they should be allowed weekend access to his laboratory and to an associated research data set for specified length of time. Signet in turn interacts with the campus provisioning system to automatically adjust all the affected systems which secure the laboratory and research database. After the specified time, the system automatically removes the students' access to those resources.

Today at Cornell University, Signet and Grouper are being implemented to vastly simplify how its community members and visiting students gain appropriate access to campus services.

"Better support for visiting students is one of the first goals Signet and Grouper will help us achieve. The software will provide sponsoring units with an efficient means of assigning and disabling temporary privileges to students who come here for special classes and seminars throughout the year." said Andrea Beesing, assistant director for identity management, Cornell University, "To date, providing temporary access to services has been very manual and inefficient. This created obvious challenges for quick scalability and campus security. Today, we're deploying Signet and Grouper to promote a seamless experience for the students, our faculty and our IT team."

In addition to the benefit of having a common management service for distributed control of user access across a variety of systems, Grouper and Signet facilitate greater accountability and policy compliance, by providing a consistent application of authority rules and synchronization of authority
data across systems. Business heads and auditors alike benefit from a transparent and comprehensive view of activity across IT systems.

Klingenstein added, "Since so many people are often involved in accessing their institution's IT systems, accountability is absolutely key. Using
Signet and Grouper, organizations will have a clear view into system activity to ensure appropriate usage at all times."

As more and more companies and organizations make information and resources accessible online, the need for secure access solutions has become critical. In the future, Signet and Grouper will be able to support the management of virtual organizations and aid the grid computing community by giving project teams spread around the world the ability to manage access to resources that are geographically dispersed. The software and tools also have broad
implications for scientists looking for a way to manage access to their research resources with the same tools they use to manage their other academic responsibilities.

"Recognizing the importance of security and identity management in building and using high-performance networks and technology for the future, the Internet2 community began the Middleware Initiative to address critical issues in authentication and authorization in order to create practical and secure inter-institutional services," said Klingenstein. "The Signet Privilege Management System and the Grouper Group Management Toolkit represent another major milestone in this critical ongoing effort."

Development of Signet and Grouper was supported with funding from Stanford University and from the University of Chicago and the University of Bristol
respectively. Both were developed with additional support from Internet2, the NSF Middleware Initiative (NMI) and the Joint Information Systems
Committee (JISC).

For more information visit: http://signet.internet2.edu and http://grouper.internet2.edu

About Internet2
Led by more than 200 U.S. universities working with industry and government, Internet2 develops and deploys advanced network applications and technologies for research and higher education, accelerating the creation of tomorrow's Internet. Internet2 recreates the partnerships among academia,
industry, and government that helped foster today's Internet in its infancy.
For more information, visit: www.internet2.edu.

Contact:
Lauren Rotman
Lauren@internet2.edu
202.331.5345