All UW–Madison units that maintain or operate electronic services secured by access controls must configure those applications or systems to:
- Use institutionally managed access control services as suitable services become available; and
- Comply with the appropriate use standards for the institutionally managed credentials.
In August 2006, the NetID Policy Issues Team and the AuthN/Z Coordinating Team, composed of representatives from a variety of UW–Madison units, made policy recommendations for the use of institutionally managed credentials and institutionally managed access control services. The recommendations were reviewed by the chief information officer (CIO) and endorsed by the Identity Management Leadership Group. The recommendations seek to:
- Improve security by:
- Reducing the number of electronic services that handle or store credentials; and
- Establishing more uniformity among services that handle or store credentials.
- Reduce confusion by clearly distinguishing institutionally managed credentials from locally managed credentials.
- Better enable the use of “single sign-on,” reducing the number of credentials needed.
- Facilitate wider access by:
- Increasing the populations supported by the institutional access control services; and
- Improving support for federated access control to or from external applications.
Designated representatives of the CIO and vice provost for information technology will set the current compliance standard and determine whether or not an application or system is in compliance.
The standard for compliance is expected to change over time as suitable access control services become available and barriers to migration are reduced.