Click to edit Master title style HEALTH INFORMATION 1 Identity & Access Management Presenter: Mike Davis (760) 632-0294 January 09, 2007.

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Identity Network Ideals – Heterogeneity & Co-existence
GT 4 Security Goals & Plans Sam Meder
VO Support and directions in OMII-UK Steven Newhouse, Director.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Web Services Security Requirements Stephen T. Whitlock Security Architect Boeing.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Brian Epley, VA PIV Program Manager
Copyright © 2003 Jorgen Thelin / Cape Clear Software Identity, Security and XML Web Services Jorgen Thelin Chief Scientist Cape Clear Software Inc.
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Click to edit Master title style HR-XML Interoperation with OASIS SPML V2 An Integration Use Case Matt Tobiasen (HR-XML) Gary Cole (OASIS)
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Xavier Verhaeghe Vice President Oracle Security Solutions
Lecture 23 Internet Authentication Applications
Authentication & Kerberos
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Using Digital Credentials On The World-Wide Web M. Winslett.
Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Functional Model Workstream 1: Functional Element Development.
APS (Keystone) Security “dial tone” Doron Grinstein Chief Architect October 2012 | Version 0.2 | Confidential.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Shibboleth: An Introduction
Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.
Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,
Web Services Security Patterns Alex Mackman CM Group Ltd
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Access Policy - Federation March 23, 2016
Identity and Access Management
Secure Connected Infrastructure
Identity Management (IdM)
HMA Identity Management Status
Data and Applications Security Developments and Directions
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
ESA Single Sign On (SSO) and Federated Identity Management
Identity Management at the University of Florida
James Cowling Senior Technical Architect
Presentation transcript:

Click to edit Master title style HEALTH INFORMATION 1 Identity & Access Management Presenter: Mike Davis (760) January 09, 2007

Click to edit Master title style HEALTH INFORMATION 2 Definitions IdM: Identity management (IdM) is comprised of the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of digital identities within a legal and policy context. - BurtonGroup 2003 IAM: Identity and access management (IAM) is comprised of the set of services to include authentication, user provisioning (UP), password management, role matrix management, enterprise single sign-on, enterprise access management, federation, virtual and metadirectory services, and auditing. - Gartner

Click to edit Master title style HEALTH INFORMATION 3 More Definitions Provisioning: Provisioning of user access control credentials refers to the creation, maintenance, correlation, synchronization and deactivation of user-objects and user-attributes, as they exist in one or more systems, directories or applications, in response to an automated or interactive business processes. Provisioning software may include one or more of the following processes: change propagation, self service workflow, consolidated user administration, delegated user administration, and federated change control. Provisioning is typically a subsystem or function of an identity management system that is particularly useful within organizations where users may be represented by multiple user objects on multiple systems. - EDE IPT The process of managing attributes and accounts within the scope of a defined business process or interaction. Provisioning an account or service may involve the Creation, modification, deletion, suspension, restoration of a defined set of accounts or attributes. – OASIS SPML

Click to edit Master title style HEALTH INFORMATION 4 Yet More Definitions Single Sign-on: (SSO) Any user authentication system permitting users to access multiple data sources through a single point of entry. Part of an integrated access management framework. At present, there is no universal definition of SSO, no agreement on whether it is really possible and no understanding of what is considered true SSO. - Pistolstar

Click to edit Master title style HEALTH INFORMATION 5 Identity Mgt Attributes (1of 2)

Click to edit Master title style HEALTH INFORMATION 6 More Identity Mgt Attributes (2of 2)

Click to edit Master title style HEALTH INFORMATION 7 Access Mgt Attributes OneVA Identity Management IPT, December 19, 2005 OneVA Enterprise Identity Management White Paper, v1.3, October 12, 2006

Click to edit Master title style HEALTH INFORMATION 8 Authentication Services Centralized authentication services reduces complexity –PIV (HSPD12, NIST FIPS PUB 201) –MS NAS (AD Kerberos) Applications should accept trusted third party credential…applications do not authenticate users directly –Kerberos, X509, SAML –CCOW –Security token services (STS) SSO is intrinsic –SSO is now expected –SSO is now technically feasible

Click to edit Master title style HEALTH INFORMATION 9 WS Trust scenario A client sends a SOAP message (Request) to a SOAP based application Server. The original client request is intercepted at a SOAP gateway and redirected (based on Policy) to the IP/STS. The SOAP gateway and STS will use WS-Trust messages to enable interoperable processing of the more fundamental WS-Security protected SOAP message sent between the client and the service.

Click to edit Master title style HEALTH INFORMATION 10 IDM…Whose Identity is It? VHA Problem Statement: How does Security IdM portion of IAM fit with traditional ownership of IdM controlled by administrative, demographic, payroll and HR functions. Solution: Need standards for IdM and for IAM. Consistent vocabularies. Clear differentiation of role/ ownership Id data used for different purposes. Oracle Identity Governance Framework is setting the initial definitions in this area prior to vetting in standards organization (TBD). Identity Governance Framework

Click to edit Master title style HEALTH INFORMATION 11 IAM Technology Viewpoint Assertions Advice Implications Obstacles IAM (PIV) transforms future SOA security infrastructures Centralization reduces complexity of authn/authz administration Web Services provide the key underlying standards/technology Application security (end-end) replaces castle and moat paradigm SSO is assumed/expected Lack of consistent approach (Different goals, views, vendors) Immature/incomplete industry technology/few solutions Developer experience/confidence/ in solutions…resistance to change Projects will use existing/closed solutions to avoid risk Projects will not be able to adapt to coming centralized infrastructure Project schedules will limit time to innovate in security Security will continue to lag Implement/innovate/adopt: SOA Architecture CCOW, Kerberos SSO/TTP Authn HL7 RBAC/ASIS XACML Implement Web Services Manage globally, enforce locally Pilot a SOA Security Application

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.