Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart
Identity & Access Management
Mar 20, 2016
Identity & Access Management. DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart. The Problem. How do you establish a digital ID? How do you “guarantee” somebody’s ID? How do you prevent unauthorized access? How do you protect confidential ID data? - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Identity & Access Management
DCS 861 Team2Kirk M. Anne
Carolyn Sher-DecaustisKevin Kidder
Joe MassiJohn Stewart
The Problem
• How do you establish a digital ID?• How do you “guarantee” somebody’s ID?• How do you prevent unauthorized access?• How do you protect confidential ID data?• How do you “share” identities?• How do you avoid “mistakes”?
What is IdM/IAM?
• The Burton Group defines identity management as follows:– “Identity management is the set of business
processes, and a supporting infrastructure for the creation, maintenance, and use of digital identities.”
Internet2 HighEd IdM model
A more “complete” definition
• An integrated system of business processes, policies and technologies that enables organizations to facilitate and control user access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users. http://www.comcare.org/Patient_Tracking/IPTI-Glossary.html
Identity Management
Policy
Technology/Infrastructure
BusinessProcesses
Enab
lesDefines
Uses
ConfidentialInformation
Why is IdM/IAM important?
• Social networking• Customer/Employee Management• Information Security (Data Breach laws)• Privacy/Compliance issues• Business Productivity• Crime prevention
Components of IdM/IAM
DirectoryServices
IdentityLife-Cycle
Management
AccessManagement
Directory Services
• Lightweight Directory Access Protocol (LDAP) • Stores identity information– Personal Information– Attributes– Credentials– Roles– Groups– Policies
Components of a digital identity
Biographical Information
(Name, Address)
Biometric Information (Behavioral, Biological)
Business Information(Transactions, Preferences)
Access Management
• Authentication/Single Sign On• Entitlements (Organization/Federation)• Authorization• Auditing• Service Provision• Identity Propagation/Delegation• Security Assertion Markup Language (SAML)
Access Management• Authentication (AuthN)– Three types of authentication factors
• Type 1 – Something you know• Type 2 – Something you have• Type 3 – Something you are
• Authorization (AuthZ)– Access Control
• Role-Based Access Control (RBAC)• Task-Based Access Control (TBAC)
– Single Sign On/Reduced Sign On– Security Policies
Levels of Assurance
Low HighData Classification/Privileges
Low
High
Risk
LOA-1Little or no confidence
identity is accurateImpacts individual
LOA-2Confidence exists identity is accurate
Impacts individualand organization
LOA-3High confidence
identity is accurateImpacts multiple
people and organization
LOA-4Very high confidence
identity is accurateImpacts indiscriminate
populations
Buy Tickets
Give Donations
Join a Group
Apply to College
Enroll in a Course
Take a Test
Manage My Calendar
View My Grades
View My Vacation
Manage My Benefits
Administer Course Settings
Enter Course Grades
Manage Student Records
Manage Financial Aid
Manage Financials
Manage Other’s Benefits
Access to Biotechnology Lab
Manage Research Data
Identity Life-Cycle Management
• User Management• Credential Management• Entitlement Management• Integration (Authoritative Sources of Record)• Identity Provisioning/Deprovisioning
“Student” Identity Life CycleAccepted
PaidDeposit
Registered
Leave ofAbsence
Withdrawn
Graduated
Prospective
Federated Identity Management
• Business Enablement• Automatically share identities between
administrative boundaries– Identity Providers (IdP)– Service Providers (SP)
• Easier access for users (use local credentials)• Requires trust relationships
Shibboleth
Internet2 HighEd IdM model
Research Areas• Public Safety
– Identity theft, cybercrime, computer crime, organized crime groups, document fraud, and sexual predator detection
• National Security– Cybersecurity and cyber defense, human trafficking and illegal
immigration, terrorist tracking and financing• Commerce
– Mortgage fraud and other financial crimes, data breaches, e-commerce fraud, insider threats, and health care fraud
• Individual Protection– Identity theft and fraud
• Integration– Biometrics, Policy assessment/development, Confidentiality, Privacy
Related Documents
