The University of Texas System

IDM Home


ETR NMI Grant

UT Federation

Resources

 

The UT System Identity Management Federation

The University of Texas System is a state-funded system of 15 institutions of higher-education.  It consists of 6 health institutions, 9 academic institutions, and 1 system administration.  Legally organized as 16 individual institutions, most IT functions are planned, funded, and managed locally at each institution, with system-wide governance structures in place for oversight and for coordinating strategic endeavors.

Realizing the need for increased collaboration, technology integration, and security among U.T. institutions, in early 2004, the U.T. System Strategic Leadership Council made the decision to begin an Identity Management Initiative, which focused on standardizing identity management policies and practices across the 16 institutions of the U.T. System and on developing a standards-based middleware infrastructure capable of meeting the objectives of the new initiative.  The resulting governance framework and technology infrastructure was designed to enable identity information to flow in a trustworthy and reliable manner not only throughout the U.T. System, but also to any external trusted entity.

Accordingly, in April 2004, an "install-fest" was held for all U.T. institutions and was intended to begin an initial pilot deployment of institutional identity services, based on the open-source Internet2 Shibboleth software, an implementation of the OASIS SAML specification.  At the same time, a shibboleth interface was developed for a very visible, but low-risk application - guest wireless access at the System Administration complex.

The initial thrust began with that single application and 7 working identity providers, but, over the next 2 years grew to 16 fully-functional production-level Shibboleth-based identity providers accessing 12 Shibboleth-protected applications.  Also during those first 2 years, considerable work was done to develop the requisite policies and governance framework needed to make the infrastructure trustworthy and reliable, even for sensitive business transactions.

On September 1st, 2006, the U.T. System identity infrastructure officially entered production status, with production-level technology components and a fully vetted and approved governance structure, including specific legal documents that bind each U.T. institution to the new collaborative infrastructure and specify how that infrastructure is operated.

Today, the U.T. System has production-level identity services available at all 16 institutions, some in their 3rd generation of technology, and over 30 applications using the infrastructure across 4 U.T. institutions and 2 external commercial service providers, some in their 4th generation of technology.  In addition, all 16 institutions now participate in the legal and governance framework developed with this initiative.

The U.T. System is very excited about the tremendous success enjoyed to date, proud that many fine people have stepped up to the plate to make this happen, and is looking forward to the future, tackling new challenges with a growing number of external business partners, higher levels of assurance for identity information, and new technologies to make the infrastructure even better.

For more information, please contact Bill Ewing at 512.499.4575 or idm-support@utsystem.edu.

UT System Federation Core Documents

Federation Foundation Documents
Federation Charter, as of 3/1/2015
Federation Operating Practices, as of 3/1/2015
Member Operating Practices
Federation Attribute Table
Federation Membership Agreement with Exhibits (includes Attribute Table and Fee Schedule)
Participation Agreement for Non-UT Entities    

Previous Versions of Core Documents

Federation Charter, prior to 3/1/2015
Federation Operating Practices, prior to 3/1/2015


Levels of Assurance

Unspecified (LoA0)
Unverified (LoA1)
Verified (LoA2)

Shibboleth Install Fests

Identity Provider Install Fest
Service Provider Install Fest