Identity & Access Management

Slides:



Advertisements
Similar presentations
Identity Network Ideals – Heterogeneity & Co-existence
Advertisements

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Xavier Verhaeghe Vice President Oracle Security Solutions
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.
Functional component terminology - thoughts C. Tilton.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Security Controls – What Works
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Cloud Computing Cloud Security– an overview Keke Chen.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
30/09/09Copyright - The Earl of Erroll1 Lord Erroll - Merlin Member of the HOUSE of LORDS - an Independent Peer PITCOMParliamentary Information Technology.
Privacy, Confidentiality, Security, and Integrity of Electronic Data
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
FEDERATIONS Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO September 27,
Shibboleth: An Introduction
State of e-Authentication in Higher Education August 20, 2004.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Identity and Access Management
ClearAvenue, LLC Headquartered in Columbia, Maryland
Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli.
Issues and Protections
Identity Management (IdM)
Cloud Security– an overview Keke Chen
University of Texas System
John O’Keefe Director of Academic Technology & Network Services
Tokens & Proofing De-Mystified
Module 8: Securing Network Traffic by Using IPSec and Certificates
8 Building Blocks of National Cyber Strategies
Legal Framework for Civil Registration, Vital Statistics
PASSHE InCommon & Federated Identity Workshop
Module 8: Securing Network Traffic by Using IPSec and Certificates
Appropriate Access InCommon Identity Assurance Profiles
Technical Issues with Establishing Levels of Assurance
Presentation transcript:

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart

The above cartoon by Peter Steiner has been reproduced from page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20) only for academic discussion, evaluation, research and complies with the copyright law of the United States as defined and stipulated under Title 17 U. S. Code.

The Problem How do you establish a digital ID? How do you “guarantee” somebody’s ID? How do you prevent unauthorized access? How do you protect confidential ID data? How do you “share” identities? How do you avoid “mistakes”?

What is IdM/IAM? The Burton Group defines identity management as follows: “Identity management is the set of business processes, and a supporting infrastructure for the creation, maintenance, and use of digital identities.” Enterprise Identity Management: It's About the Business, Jamie Lewis,The Burton Group Directory and Security Strategies Report, v1 July 2nd 2003

Internet2 HighEd IdM model 0704_idm_model.jpg from Grouper doc (https://wiki.internet2.edu/confluence/display/GrouperWG/Home)

A more “complete” definition An integrated system of business processes, policies and technologies that enables organizations to facilitate and control user access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users. http://www.comcare.org/Patient_Tracking/IPTI-Glossary.html

Identity Management Policy Enables Defines Confidential Information Technology/Infrastructure Business Processes Uses

Why is IdM/IAM important? Social networking Customer/Employee Management Information Security (Data Breach laws) Privacy/Compliance issues Business Productivity Crime prevention

Identity Life-Cycle Management Components of IdM/IAM Identity Life-Cycle Management Access Management Directory Services

Directory Services Lightweight Directory Access Protocol (LDAP) Stores identity information Personal Information Attributes Credentials Roles Groups Policies

Components of a digital identity Biographical Information (Name, Address) Biometric Information (Behavioral, Biological) Business Information (Transactions, Preferences)

Access Management Authentication/Single Sign On Entitlements (Organization/Federation) Authorization Auditing Service Provision Identity Propagation/Delegation Security Assertion Markup Language (SAML)

Access Management Authentication (AuthN) Authorization (AuthZ) Three types of authentication factors Type 1 – Something you know Type 2 – Something you have Type 3 – Something you are Authorization (AuthZ) Access Control Role-Based Access Control (RBAC) Task-Based Access Control (TBAC) Single Sign On/Reduced Sign On Security Policies

Levels of Assurance LOA-2 Confidence exists identity is accurate Impacts individual and organization LOA-3 High confidence identity is accurate Impacts multiple people and organization LOA-4 Very high confidence identity is accurate Impacts indiscriminate populations LOA-1 Little or no confidence identity is accurate Impacts individual High Access to Biotechnology Lab Manage Research Data Risk Manage My Benefits Manage Other’s Benefits View My Vacation Manage Financials The higher the LOA, the more assurance of who is managing/accessing the data and the strength of the credentials that they are using the to access the data. Apply to College View My Grades Manage Financial Aid Join a Group Manage My Calendar Manage Student Records Give Donations Take a Test Enter Course Grades Buy Tickets Enroll in a Course Administer Course Settings Low Data Classification/Privileges Low High

Identity Life-Cycle Management User Management Credential Management Entitlement Management Integration (Authoritative Sources of Record) Identity Provisioning/Deprovisioning

“Student” Identity Life Cycle Accepted Prospective Paid Deposit Leave of Absence Graduated Registered Withdrawn

Federated Identity Management Business Enablement Automatically share identities between administrative boundaries Identity Providers (IdP) Service Providers (SP) Easier access for users (use local credentials) Requires trust relationships

Shibboleth http://wiki.unisa.edu.au/download/attachments/1441845/shib_process.jpg

Internet2 HighEd IdM model

Research Areas Public Safety National Security Commerce Identity theft, cybercrime, computer crime, organized crime groups, document fraud, and sexual predator detection National Security Cybersecurity and cyber defense, human trafficking and illegal immigration, terrorist tracking and financing Commerce Mortgage fraud and other financial crimes, data breaches, e-commerce fraud, insider threats, and health care fraud Individual Protection Identity theft and fraud Integration Biometrics, Policy assessment/development, Confidentiality, Privacy Center for Applied Identity Management Research - http://caimr.indiana.edu/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.