NextGen Access Control Platform

Slides:

Advertisements

Similar presentations

Mobile phone based real time solution to track completed / in progress work The programme officer initiates the work by capturing the site image, GPS.

Advertisements

Not Built On Sand. IT Has Scaled $$$ Technological capabilities: (1971  2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 

WSO2 Identity Server Road Map

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

A Survey of Risk: Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P )

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Protecting “Personal Clouds” with UMA and OpenID #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

GC Credential Management Evolution for the OASIS/World Bank eGov Workshop 17 th April, 2009For information, please contact:

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

An XML based Security Assertion Markup Language

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Windows CardSpace Martin Parry Developer Evangelist Microsoft

Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October

Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.

Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

London Information Governance Guidance. Consent and for use of secure Within the NHS side, consent is implicit along the carepathway (with some.

F5 APM & Security Assertion Markup Language ‘sam-el’

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.

Identity Management Overview

Access Policy - Federation March 23, 2016

Identity and Access Management

4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Azure Active Directory - Business 2 Consumer

Federation made simple

Data and Applications Security Developments and Directions

SaaS Application Deep Dive

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Christos Kanellopoulos

Forefront Security ISA

Power BI Security Best Practices

EMV® 3-D Secure - High Level Overview

Google 2 Step Verification Backup Codes Google 2 Steps Verification Backup Codes is very important to get access Gmail account. Backup codes is usually.

U.S. Federal e-Authentication Initiative

ESA Single Sign On (SSO) and Federated Identity Management

Office 365 Identity Management

Enhancing Web Application Security with Secure Hardware Tokens

Microsoft Ignite /20/2018 2:21 PM

Central e-Government Products: Current & Planned

Identity Infrastructure Fundamentals and Key Capabilities

Five mistakes to avoid when deploying Enterprise Mobility + Security

X-Road as a Platform to Exchange MyData

Matthew Levy Azure AD B2B vs B2C Matthew Levy

K!M SAA LOGICAL SECURITY Strong Adaptive Authentication

Platform Architecture

Mary Montoya, CIO Bogi Malecki, Project Manager

Giovanni Carnovale – Regional Sales Manager Central & Eastern Europe

Appropriate Access InCommon Identity Assurance Profiles

Intel Active Management Technology

NHS Identity Authentication fit for modern health and social care

National RA WebEx 17 April 2018– 2pm presented by CIS Team.

Operator Based Authentication

Student user guide for getting started with Microsoft

Ignition’s Security Features

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

NextGen Access Control Platform Programme 14 Interoperability presented by Anthony Wilson, Product Manager – Identity & Access Services

Connected Services Applications Connected Devices Digital Identity Interoperability Platform Next Generation Health Identity Platform PKI Authentication Authorisation Federation Registration Management User Self Service Role Management Digital Signing Digital Identity is not just about security it is a mechanism by which to link Devices, Services and their capabilities to individuals (e.g. Location of an individual via a mobile device) and utilise this relationship and the capabilities of the device seamlessly in applications and cloud services. Also preferences, sites visited, contact mechanisms, and when combined with IOT – biological information (heart rate, blood sugar levels etc.) It allows continuous profiling but also provides control to the user by requesting consent (This is built into the security). Analytics Attribute Exchange IOT Consent Dashboard

Based on Standards As part of the ethos of interop we look to provide capabilities for the 2020 Domains with associated industry standards OpenID Connect used and progressed by Microsoft & Google

NHS Identity Logical Services 3 New national services will be built: National Care Worker IDP – Will provide logon services at various levels depending on the organisation scenarios requirements. Initially Smartcard, OTP and Push Notification on service go live followed by FIDO based biometric support. Platform agnostic (e.g. ChromeOS) National Access Gateway – Will protect national API’s and services referencing a granular rules and policies set National Federation Service – Will allow the national signon to be used to access 3rd party national services such as NHSMail, O365 and ESR.

Authentication Alternatives Framework? Phone Phones RFID Card Band 2 Wearable USB Phone Built in Capability Phone Biometric Peripheral Access to PC’s can be accomplished either through a 2nd device or by inbuilt hardware capabilities as long as standards are followed the decision can be local.

What’s Secure Enough? Aligned to Cabinet Office - GPG44 + GPG45 Also taken NIST 800-63 into account NEEDS Ratifying!

Quick Demo

Developer Adoption Benefits ‘Boilerplate’ client code Abstract ‘loose’ coupling of sign on methods Language Agnostic e.g. Java, C#, Python …… Platform Agnostic e.g. OS and Browser choice Logon ‘As a Service’ from anywhere No need for N3 Access to test No lock-in to the NHS Digital Service (It’s just a URL)

What Does The Service Give Me? Identity Verification – acr + amr Identity Information (Scopes + Claims) Standard OIDC ‘openid’,‘profile’, ‘mail’, ‘roles’ etc supported Spine Scopes also supported: accessreason, spineroles, associatedorgs etc. Session Information & Events - OpenID Connect lets the relying party track whether the end user is logged in at the provider, and also initiate end user logout at the provider.

How To Try It and Adopt it? Go look at the Developer Health Network Request a sandpit environment. We are aiming to get this in place post May initial go live. https://developer.nhs.uk/apis/national-authentication/

Q&A

Current to Medium Term Roadmap

Long Term Roadmap Themes Simplifies Process Increases Security Benefits Saves Time Simplifies Process Increases Security Benefits Long Term Roadmap Themes Increases Security Single trusted digital identity signature Saves time Increases Security Saves Money Benefits Benefits Saves time Simplifies Process Increases Security Benefits IOT Management Single trusted digital identity Saves time Simplify Logon Increases Security Enables Mobility Benefits AI Continual Risk Analytics User & Role Management Remote Signature Simple Registration Next Gen Access Control 2017/2018 The overall programme will seek to evolve the national identity service over the next few years. *Subject to cost benefit analysis and business case acceptance Simplifying and remoting the registration and assurance process Possibly linking a digital signature to the identity – providing a eIDAS level electronic signature to transactions and forms Updating and ReImagine the RBAC & ABAC management AI Analytics to proactively seek out suspicious activity Look at the need for IOT support 2019/2020