Cio fall update for the advisory committee for business and operations identity management 2 0
This presentation is the property of its rightful owner.
Sponsored Links
1 / 15

CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 PowerPoint PPT Presentation


  • 39 Views
  • Uploaded on
  • Presentation posted in: General

CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0. George O. Strawn NSF CIO Fall 2006. Outline. What is Identity Management (IdM)? IdM 1.0 Why not IdM 1.0? Why IdM 2.0? Why not IdM 2.0? What is IdM 2.0? Other matters.

Download Presentation

CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cio fall update for the advisory committee for business and operations identity management 2 0

CIO Fall Update for the Advisory Committee for Business and Operations:Identity Management 2.0

George O. Strawn

NSF CIO

Fall 2006


Outline

Outline

  • What is Identity Management (IdM)?

  • IdM 1.0

  • Why not IdM 1.0?

  • Why IdM 2.0?

  • Why not IdM 2.0?

  • What is IdM 2.0?

  • Other matters


What is identity management

What is Identity Management?

  • Organization: The policies, processes, and tools used to “assure” that IT systems and applications are made available only to appropriate persons

  • Individual: The persons I am working with and the systems I am using really are who they say they are. And no one can impersonate me, or read or change my information


Idm has become important

IdM has become important!

  • Identity Management has greatlyincreased in importance as IT systems and applications are used to perform more and more of the work of society and commerce

  • For this reason, we’ve got to do a better job of IdM (from IdM 1.0 to IdM 2.0)


Idm 1 0

IdM 1.0

  • IdM is nothing new

    • we’ve had “user names and passwords” almost forever (in IT terms)

  • A defining characteristic of IdM 1.0 is that each IT system and application does its own identity management

    • usually by keeping a list of authorized username/password pairs and checking it at login time


Why not idm 1 0

Why not IdM 1.0?

  • Ineffective: IdM 1.0 does a poor job of assuring privacy and security

  • Inefficient: IdM 1.0 is expensive to manage and maintain (many separate IdM systems)

  • Liability: IT and application providers (and their organizations) are now burdened with security and privacy responsibilities

  • User-unfriendly: Users are now burdened with many username/password pairs

    • And these are proliferating!


Why idm 2 0

Why IdM 2.0?

  • Effective: IdM 2.0 can provide a uniformly strong (eg, secure and private) identity management capability for an organization

  • Efficient: IdM 2.0 can provide a single IdM system for an organization

  • User-friendly: IdM 2.0 can greatly reduce the number of username/password pairs that a user must remember


Why not idm 2 0

Why not IdM 2.0? 

  • IdM 2.0 will require changes to policies, processes, and IT systems

    • eg, replacing the IdM 1.0 software with the standardized IdM 2.0 software (middleware)

  • IdM 2.0 is not free

    • The policies, processes, and IT systems must be developed and maintained

  • But the benefits will outweigh the costs!


What is idm 2 0

What is IdM 2.0?

  • A single, standardized solution for an organization to “assure” access to IT systems and applications only to appropriate persons

  • Requires a “bigger/better” list of persons and it divides IdM into two parts:

    • authentication of users: Are you who you say you are?

    • authorization of users: Should you have access to a particular system or application?


A bigger better list of persons

A bigger/better list of persons

  • Often called a directory

  • Will include all persons in your organization

    Q: But what about persons in other organizations who need access to your IT systems and applications? A: See next+2nd slide.

  • Will require as much “care and feeding” as your financial and personnel databases

  • Will include information to enable authentication and authorization


Authentication

Authentication

  • Are you who you say you are?

    • What you know (eg, a private password)

    • What you have (eg, a token that generates time-dependent random numbers)

    • What you are (eg, your fingerprint or retinal scan)

  • These can be done alone (more or less well), or in (1-, or 2-, or 3-factor) combination


Authorization

Authorization

  • Answers the question (for each person): which IT systems and applications are you permitted to use?

  • Can be based on individuality (eg, Jane Jones is authorized to access the financial system)

  • And can be based on role (eg, any staff member is authorized to use the internal web)


Beyond the organization

Beyond the organization

  • Another major benefit of IdM 2.0 will be that organizations can authenticate their members to other organizations (called “federated identity management”). Eg,

    • University X authenticates a student, and

    • College Y authorizes any student at University X to use its library system

  • Higher Ed, USG, and industry are working hard to do this (eg, InCommon in HE)


In the federal world

In the Federal world

  • We are working to create a USG-wide “e-authentication” system

  • We are working (under “HSPD-12”) to create an “intelligent card” for USG-wide physical access and (ultimately) for IT access

  • NSF intends to move FastLane authentication from IdM 1.0 to IdM 2.0

    • Eg, We intend that one could log into FastLane with a university credential if it is an InCommon credential


Creating a trusting e community

Creating a Trusting e-Community

  • Trusted Identity Management is one component of a trusted IT environment (together with secure IT applications and systems, and and digital information that is confidential, integral, and available)

  • We will not enter the digital promised land until we do all these things better!


  • Login