1 / 20

Identity & Access Management

Identity & Access Management. DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart. The Problem. How do you establish a digital ID? How do you “guarantee” somebody’s ID? How do you prevent unauthorized access? How do you protect confidential ID data?

Download Presentation

Identity & Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Identity & Access Management DCS 861 Team2Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart

  2. The Problem • How do you establish a digital ID? • How do you “guarantee” somebody’s ID? • How do you prevent unauthorized access? • How do you protect confidential ID data? • How do you “share” identities? • How do you avoid “mistakes”?

  3. What is IdM/IAM? • The Burton Group defines identity management as follows: • “Identity management is the set of business processes, and a supporting infrastructure for the creation, maintenance, and use of digital identities.”

  4. Internet2 HighEd IdM model

  5. A more “complete” definition • An integrated system of business processes, policies and technologies that enables organizations to facilitate and control user access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users.http://www.comcare.org/Patient_Tracking/IPTI-Glossary.html

  6. Identity Management Policy Enables Defines ConfidentialInformation Technology/Infrastructure BusinessProcesses Uses

  7. Why is IdM/IAM important? • Social networking • Customer/Employee Management • Information Security (Data Breach laws) • Privacy/Compliance issues • Business Productivity • Crime prevention

  8. Components of IdM/IAM IdentityLife-CycleManagement AccessManagement DirectoryServices

  9. Directory Services • Lightweight Directory Access Protocol (LDAP) • Stores identity information • Personal Information • Attributes • Credentials • Roles • Groups • Policies

  10. Components of a digital identity Biographical Information(Name, Address) Biometric Information (Behavioral, Biological) Business Information(Transactions, Preferences)

  11. Access Management • Authentication/Single Sign On • Entitlements (Organization/Federation) • Authorization • Auditing • Service Provision • Identity Propagation/Delegation • Security Assertion Markup Language (SAML)

  12. Access Management • Authentication (AuthN) • Three types of authentication factors • Type 1 – Something you know • Type 2 – Something you have • Type 3 – Something you are • Authorization (AuthZ) • Access Control • Role-Based Access Control (RBAC) • Task-Based Access Control (TBAC) • Single Sign On/Reduced Sign On • Security Policies

  13. Levels of Assurance LOA-2Confidence exists identity is accurate Impacts individualand organization LOA-3High confidence identity is accurate Impacts multiplepeople and organization LOA-4Very high confidence identity is accurate Impacts indiscriminatepopulations LOA-1Little or no confidenceidentity is accurate Impacts individual High Access to Biotechnology Lab Manage Research Data Risk Manage My Benefits Manage Other’s Benefits View My Vacation Manage Financials Apply to College View My Grades Manage Financial Aid Join a Group Manage My Calendar Manage Student Records Give Donations Take a Test Enter Course Grades Buy Tickets Enroll in a Course Administer Course Settings Low Data Classification/Privileges Low High

  14. Identity Life-Cycle Management • User Management • Credential Management • Entitlement Management • Integration (Authoritative Sources of Record) • Identity Provisioning/Deprovisioning

  15. “Student” Identity Life Cycle Accepted Prospective PaidDeposit Leave ofAbsence Graduated Registered Withdrawn

  16. Federated Identity Management • Business Enablement • Automatically share identities between administrative boundaries • Identity Providers (IdP) • Service Providers (SP) • Easier access for users (use local credentials) • Requires trust relationships

  17. Shibboleth

  18. Internet2 HighEd IdM model

  19. Research Areas • Public Safety • Identity theft, cybercrime, computer crime, organized crime groups, document fraud, and sexual predator detection • National Security • Cybersecurity and cyber defense, human trafficking and illegal immigration, terrorist tracking and financing • Commerce • Mortgage fraud and other financial crimes, data breaches, e-commerce fraud, insider threats, and health care fraud • Individual Protection • Identity theft and fraud • Integration • Biometrics, Policy assessment/development, Confidentiality, Privacy

More Related