Identity Services
-
CEnet’s Enterprise Identity Lifecycle Management service (ILM) provides a standardised and centralised repository of identities for staff, teachers and students along with a truly unique and persistent identifier. These identities enable access to the enterprise services that CEnet delivers to its membership. The CEnet Identity Vault is populated with identity data sourced from member owned systems of record, such as HR systems and/or student administration/information systems. Identity data is provisioned into the CEnet identity vault using CEnet’s Enterprise Interoperability Platform (EIP).
What is included?
CEnet’s ILM service provides the following Identity Management functions:
A standardised identity vault (based on SCIM)
Identity provisioning workflows and processes
Credential provisioning
A unique and persistent Catholic Education Identifier (CeId’er)
Users of this service
CEnet’s ILM service is utilised by all member dioceses and is underpinned by CEnet’s Enterprise Interoperability Platform. CEnet’s unique and persistent identifier (CeId’er) is leveraged by other CEnet services including, but not limited to, CeSIS, CeFMS, CeD3, and other enterprise applications. CeId’er can also be leveraged by third parties to establish agile federation with the CEnet Access Management service once a privacy impact analysis (PIA) has been undertaken and access is approved.
The costs associated with CEnet’s ILM service are apportioned based on a per student model.
-
CeId'er (Catholic education Identifier - pronounced ‘see-der’) is a custom engine, developed by CEnet that generates unique and persistent identifiers for all Catholic students and staff within CEnet’s Identity vault. The service is interfaced via a contemporary and private web-services API and integrated directly with CEnet’s ILM service.
The provisioning of CeId'ers for all staff and students provides the linking attribute for all identities across all CEnet, diocesan, state and national services. It also enables the writing back of CeId'er into CEnet and local diocesan or school applications for local data analysis, correlation and data sharing activities.
What is included?
CeId’er operates under the following identifier design principles:
Guaranteed Uniqueness - within scope of CEnet identity services.
Unidentifiable Identifier - the identifier itself doesn't contain personally identifiable info.
Persistence - the identifier has a persistent life cycle, spanning student & staff domains.
Current - the identifier retains currency and is always up to date.
Complete - all students and staff are issued one.
Sustainable - low cost & easy to implement, maintain, and can be reused into the future.
De-identifiable - it is possible to decouple an identity from an issued Cel'der.
Abstract - it is abstracted and independent of any application and or system.
Verifiable - the identifier is programmatically verifiable to minimise manual data entry errors.
CeId’er supports and enables state, territory and/or national issued identifiers. CeI’der is owned by the dioceses, and governed by the local Catholic School Authorities.
CEnet is also representing the NCEC on the National Schools USI program, advocating on behalf of the entire catholic sector to ensure it remains aligned to the needs of Catholic schools in Australia.
-
CEnet’s Access Management Service (AM) provides the following components:
Single sign-on (SSO) solution and federation to cloud and local applications.
SCIM-based cloud directory service for storing credentials, groups and entitlements.
Multi-factor authentication capability
Resource access portal for seamless access to applications.
What is included?
Single Sign On (SSO)
Multi-Factor Authentication (for Staff)
Lifecycle Management
Cloud Directory Service (SCIM)
Users of this service
CEnet’s Access Management Service (AMS) is utilised by students, teachers and administrative staff within all of CEnet’s member dioceses
The costs associated with CEnet’s Access Management Service are apportioned based on student numbers