Strategy and Tools for Identity Management and its Process Integration in the Munich Scientific Network

For many higher education institutions (HEIs), identity and access management (IAM) has proven to be a key enabling technology which does not only automate the handling of user accounts and their privileges to a large extend, but also allows a very tight integration into the existing business processes and offers comprehensive interfaces to IT service management processes. The Munich Scientific Network (Münchner Wissenschaftsnetz, MWN) spans multiple HEIs, including the Munich universities, and the Leibniz Supercomputing Centre as their common IT service provider. In this article, we discuss the current and medium-term strategy for closely coupling the IAM infrastructure components existing at each institution, as well as the integration of external users from both, Shibboleth federations and European Grid computing projects. For handling over 100,000 users and a few tens of services, adequate tools for delegated administration are necessary. We selectively sketch the dedicated tools, which we are developing for the decentralized management of guest accounts and group management, as well as their underlying concepts and the rationale for not using existing tools; they are intended to be customizable for other HEIs and will be made available.