• No results found

Unifying framework for Identity management

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Unifying framework for Identity management"

Copied!
33
0
0

Loading.... (view fulltext now)

Download now ( 33 Page )

Full text

(1)

Unifying framework for Identity management

Breakfast seminar Security-Assessment.com

(2)

Disclaimer

+ This is a slide pack that supports a narrative and needs to be accompanied by the presentation.

+ This slide pack is NOT self-explanatory.

+ If you were NOT present at this presentation, please do NOT use any of this presentation, because it is unlikely you will use it appropriately.

(3)

Overview

+ Identity management

PurposeContext

+ Unifying Model for Identity Management

Explanation

Usage and applicability

(4)

Identity management – Concepts – Confusion

Access control Single Sign-On

Accountability CRM PKI Auditability Verification Validation Compliance Enrolment User management Certificates Authorisations Provisioning Permissions Tokens Trust Identification Directories Password Workflow Registration Privacy Anonymity Biometrics Credentials Smart cards

(5)

Identity management – definition

From AGIMO’s Glossary:

(6)

Identity management – access management

Why – Purpose:

+ Access management – before the act

Who has access to what?

Ensure authorised people have access

and unauthorised people do not have access

+ Accountability – after the act

Who has done what?

(7)
(8)
(9)

Identity management – model

Model for Identity management Model for Identity management Object Subject Access Control

Any type of access Assets (valuable) Anyone/anything

(10)
(11)
(12)

Model – three layers

(13)

Model – identity & access subsystem

Outside

subsystem

(14)

Model – three columns

Subject

Claim/

(15)

Identity management model – access request

Access

request Authorisation

(16)

Identity management model – permissions

Permissions Access request

Subject

(17)
(18)

Identity management model – access decision

Permissions Access decision

Access rights

Decision to be made Claim/

Decision

Authorisation

(19)
(20)
(21)
(22)

Authentication

(Session credentials)

Identity management model – verification of credentials

(23)

Identity management model – credentials verified

Access decision Identification decision Subject’s credentials Authentication decision Reference credentials

Decision has been made

Authentication

(24)
(25)
(26)
(27)
(28)
(29)
(30)

Analysis – features of model

+ Holistic approach to identity management + Responsibilities, segregation of duties

+ Insourcing, outsourcing, sourcing + Architecture – SOA

+ Single customer-view + Single sign-on

+ Federation of identities

(31)

Benefits of identity management model

+ Descriptive and prescriptive

+ Applicable to logical world and physical world + Modularity

Vendor independence / subsystem independenceBasis for outsourcing decisions

+ Clear distinction authorisation – identification – authentication

Improve auditability

Limitations to identity management model

+ Does not (explicitly) cover lifecycles

(32)
(33)

References

Download now ( PDF - 33 Page - 0.94 MB )

Related documents

Defining the Employee Lifecycle for Password Management

The most useful password managers fit seamlessly with companies' existing Identity and Access Management strategies, as well as their existing Identity Providers.. Identity and

International Engagement in Sudan after the CPA : Report on the piloting of OECD/DAC's 'Principles for Good International Engagement in Fragile States' for the Case of Sudan

Even under difficult conditions – an emergent and consequently weak state in the South, and a national gov- ernment whose real commitment to the CPA has been questioned by many –

Methylation of tumour suppressor genes APAF-1 and DAPK-1 and in vitro effects of demethylating agents in bladder and kidney cancer

To examine the significance of the methylation level of the p53 target and tumour suppressor genes apoptotic protease activating factor-1 (APAF-1) and death-associated protein

corrigé du sujet bac SVT 2015

 Les taux d’œstrogènes et de progestérone sont très faibles Hypothèse : une seule hypothèse est exigée. o Les follicules ovariens sont insensibles à l’action des

Too much of a good thing? On the relationship between CSR and employee work addiction

As the study’s results reveal, the indirect effect of organiza- tional CSR engagement on work addiction via organizational identification and work meaningfulness is stronger at higher

Academics & Athletics - A Clash of Cultures: Division I Football Programs

Upon admission, a summer and full school year without sport focusing on academics, may improve the graduation rate among college football players. High School programs must stop

Multi-damage detection in composite structure

7(a) is the experimental sensor data scattered from the two damages actuated by PZT 5 at [0, 0] mm. A corresponding reflection field could be interpolated by this time section.

Multi-century variability in the Pacific North American circulation pattern reconstructed from tree rings

Abstract We here present a reconstruction (1725–1999) of the winter Pacific North American (PNA) pattern based on three winter climate sensitive tree ring records from the western