IdM & OpenID Present by Fangli cai Prantap Bedi

The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes of corporate user administration are no longer able to cope with the demands of increased scale and scope expected from them

IdM Identity management is a solution to mange and secure access to the information and resource of an organization by a combination of processes and technologies..

Identity and Management Authentication Authorization (Access Control) Auditing and Accounting Policy Management

The Structure AuthenticationAuthorization Accounting Auditing Policies

Authentication Web-based Authentication MAC-based Authentication SSO Authentication

Authorization (Access Control) RBAC --access control models UserUser GroupsRolesResource

Example Example of identity management: “Hi! I’m Frank.” (Identity) “… and here‘s my Username and Password to the system” (Authentication) “I want to access my MySJSU account” (Authorization: Allowing Frank to use services for his authorized) “And I want to change my grade in last semester’s course” (Authorization: preventing frank from things his not supposed to do)

Auditing and Accounting Reporting and audit controls are an important part of Identity Management. It is performed to ascertain the validity and reliability of information, and also provide an assessment of a system’s internal control. Audit trails and logs are important for both detecting security violations and re-creating security incidents.

Policy Management Policy Management allows administrators to define rules for moving from one state to another. There rules take the form “if condition, then action,”

IDM Account lifecycle Profile Management Workflow Provisioning Delegated Administration Password Management

Profile Management Profile management provides a way to manage identities and distribute that managed information to external databases, directories, and applications throughout the enterprise, and potentially beyond. This process facilities the self- management of user profile information and the automated replication of accurate profile data to key enterprise systems.[4]

Password management EPV is stand for Enterprise Password Vault. it can provide a help though Check in and Check out passwords, EPV makes sure that only one person is using the account at any given time. and is able to track who and when logged into account

Open ID

What is OpenID Decentralized Single Sign On Mechanism In Simple terms is a URL Made possible by OpedID providers

How Does Open ID Work?

Implementation Light-Weight Identity Yadis Sxip DIX protocol XRI/i-names

User Advantages Eliminates the need to manage multiple accounts with different websites. Is a lightweight application and thus does not put any load on the users computer resources. Logging in is as simple as entering a URL. Eliminates the overhead of entering long forms to signup for a new websit e

Website Advantages Provides simple standardized signup process Takes care of User Account Management Pre-Existing Large Userbase

Disadvantages It is akin to putting all eggs in one basket. OpenID is vulnerable to phishing attacks. It is equivalent to outsourcing the security of you website to a 3 rd party provider.

Future Work and Industry Adoption VeriSign and SUN Microsystems have signed a patent covenant regarding OpenID. AOL has developed OpenID's for all of their users available at The government of Estonia has tied the national identity issued to each citizen with an OpenID located at

Questions?