• No results found

Identity Management and eid Integration

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Identity Management and eid Integration"

Copied!
19
0
0

Loading.... (view fulltext now)

Download now ( 19 Page )

Full text

(1)

Luc Wijns

>

Principal Architect

>

Security Ambassador & CISSP

>

Sun Microsystems

Identity Management

and eID Integration

(2)

Agenda

Sun Identity Management

Integration of the eID Card

>

Authentication & Signature

>

Mobility

>

SSO

(3)

Identity Management Enables Security

Key Business Drivers:

>

Regulatory compliance (Sox, HIPPA,

Basle II ....)

>

Enterprise security (e.g. Identity Theft)

>

Employee life-cycle management

>

IT cost-reduction

>

Extranet models (partners, customers)

Drivers:

>

Increase in Extranet business models for

new revenues (B2B & B2C)

>

Availability of key enabling technologies and

standards like Federation

>

Saturation of Enterprise-focused Identity

opportunities

Identity Revenue Shift:

From Enterprise to Extranet Projects

2005 2006 2007 2008 0% 20% 40% 60% 80% 100%

Id

en

tit

y

R

ev

en

ue

Mi

x

2005

2006

2007

0

1

2

3

4

5

6

$

B

ill

io

ns

Market Forecast:

(4)

Sun Identity Management Portfolio

Innovative. Integrated. Integratable.

Identity Manager Access Manager

Directory Server Enterprise Edition

Identity Auditor Identity Manager SPE

Federation Manager OpenSSO

Enterprise

Collaborative Enterprise

Everything required to

manage identities

within the extended

enterprise and across

collaborative networks

—all completely

integratable with

dynamic,

heterogeneous IT

environments.

(5)

Directory Server Enterprise Edition

NEW GRAPHIC

Directory Server Enteprise Edition

Directory Server

Directory Proxy Server

(6)

Access Management Product Line

Policy Management

Single Sign On

Federated Identity Management

(7)

Product Line Landscape

OpenSSO

Developer

>

Authentication

>

Single-domain

SSO

>

Agents

Access Manager

Intranet

>

Policy Management

>

Policy Enforcement

>

Federation (IdP)

>

Identity Web

Services

Federation Manager

Extranet

>

Federation (SP)

>

Identity Web

Services

(8)

Identity Management Product Line

Identity Manager

Identity Auditor

Identity Manager SPE

Automated User provisioning

Secure, automated password management

User self service and delegated administration

(9)

EID Integration

JavaCard

Sun Ray Thin Client

Solaris 10 ,

OpenSC/OpenCT and PC/SC components

Sun Java System Access Manager

(10)

Java Card

Card Serial Number

JVM

eID

Certificates

and Keys

Mobility with Security

Belgian eID Integration

Pkcs#11 / Pkcs#15

cardlet

(11)

Mobility with Security

User Starts

Session on

Home Sun Ray

User Moves

Session to

New Sun Ray

User

M

ovin

g to

Ne

w L

oca

tio

n

Us

er

M

ov

in

g

to

Ne

w

S

un

L

oc

at

io

n

Network Security:

Encrypted Traffic

Ne

tw

or

k

Se

cu

rit

y:

En

cr

yp

te

d

Tr

af

fic

System Security:

Stateless Client

System Security:

Perimeter Security

Hardened OS

Domain Security

Access Management:

Access Management:

Dynamic

Network ID and

Access Control

Java Card

Authentication

(12)

End-to-End Integration Demo

Java Card™

Java 2

Runtime Edition

Web front-end

Application Server

Web Server

Identity back-end

Access Manager

Directory Server

Card client SW

OpenSC

PC/SC

LibUSB

Belpic

Applet

&Certificates

Java Card

Secure

Secure

Token

Token

Fat /Thin

Fat /Thin

Client

Client

Solaris

Java Enterprise

System

Back-End

Back-End

Server

Server

SunRay JDS

National Register

JES

Citizens

Access

Services

(13)

Non Intrusive Integration Architecture

Java Card™

Java 2

Runtime Edition

Identity back-end

Access Manager

Directory Server

Card client SW

OpenSC

PC/SC

IFD Handle

Windows is also

here

Belpic

Applet

&Certificates

Java Card

Other Cards

other applets

Gov and

Enterprises

Secure

Secure

Token

Token

Fat /Thin

Fat /Thin

Client

Client

Java Enterprise

System

Web/App

Web/App

Server

Server

SunRay

National Register

Citizens/E

mployees

Access/

Edge

Services

& Identity

Authority

Java Enterprise

System

Access

Access

Manager

Manager

Web front-end

Application Server

Web Server

OCSP Call or CRLs for Validation Identification Authentication Authorization Client SSL Authentication PAM using pkcs#11
(14)

Mobility, Authentication and Signature

Solaris 10, and SunRay user authentication

>

User Login using credentials on the eID card (OpenSC PAM

framework)

Certificate based authentication from Solaris 10

>

Mozilla user authenticates on two applications protected by

Access Manager

>

Access Manager to integrate with the Government PKI

System Authentication

Web SSO

E-Mail Signature

>

User connected to his Private e-mail account, sign e-mail with

the card on a SunRay

(15)

SAP on

Mainframe

MS Word on

Windows 2000

MS Excel on

Windows 2003

Mozilla Firefox

on Solaris OS

3270

application

Explorer on

Windows Vista

Sun Secure Global Desktop

(16)

Apps

Access

Clients

Windows 2003 UNIX Mainframe/ AS/400 Sun Secure Global Desktop Sun Ray Server Software Sun Ray Ultrathin Client Sun Ray Ultrathin Client Mobile Windows XP Windows 2000 Windows XP RDP X11 3270/ 5250 RDP ALP AIP Windows 2000
(17)

THANK YOU !

[email protected]

Copyright 2005 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, the Sun logo, Java, StarOffice, Solaris, Sun StorEdge, J2EE, SunSpectrum, N1, iForce, Java Card, and The Network Is The Computer are trademarks or registered trademarks of Sun

Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. AMD, Opteron, the AMD logo, the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices.

(18)

Sun Java System

Identity Manager

NEW GRAPHIC

First converged provisioning

and meta-directory solution

Benefits:

Enhance security

Lower costs

Improve productivity

Features:

Automated user provisioning

Secure, automated password

management

User self service and

delegated administration

Identity data synchronization

Non-invasive, flexible

architecture

Auditing and reporting

Securely managing identity

profiles and permissions

throughout the entire

(19)

19

Sun Java System

Identity Auditor

NEW GRAPHIC

Industry’s first proactive,

virtualized, automated

and sustainable identity

auditing solution

Benefits:

Help achieve ongoing compliance

Help lower costs

Minimize security risks

Features:

Proactive, automated visibility into

identity controls

Repeatable, sustainable compliance

and improved audit performance

Integrate with existing identity

management solutions

Helping achieve effective

compliance, lowered risk, and

improved audit performance

References

Download now ( PDF - 19 Page - 1.67 MB )

Related documents

Andrew Calafato. Technical Report RHUL MA May 2013

The Java Card Connected Edition specifications make it possible for a device to handle multiple concurrent communications, and introduced support for web applications

SAP User and Access Management with Microsoft Identity Integration Server

Native integration between SAP and Microsoft Active Directory using Kerberos-based authentication services is possible. This removes the need for storing passwords in the SAP

Apdu Commands For Smart Cards Example

Unsuccessful attempts to this apdu commands for smart cards example, which is to define the command in java card can be executed.. Runtime environment of apdu commands for example

Open-Xchange Hosted Edition Directory Integration

Obviously a System Administrator requires knowledge of Open-Xchange Hosted Edition, Java and the Linux Operating System as well as of the existing company directory service in

Smart Card-Based Identity and Access Management

The United States Department of Defense (DoD) has, at this time, the largest number of smart card users through its Common Access Card (CAC) program, with over two million

Active Directory Rights Management Service Integration Guide

Microsoft Office 2007/2010 Enterprise Edition will use Microsoft Active Directory Rights Management Services to implement document security utilizing Luna Cryptographic

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

The Security Toolkit for the Java Platform triggers generation of the keys on the card via PKCS11 calls directly to the card, completes a Certificate Management Protocol

INTRODUCTION IDENTITY MANAGEMENT AND THE CLOUD

While many of the basic directory and federation features are available for free in the basic edition, the features that make Azure AD a competitive cloud identity