Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity & Access Management

Similar presentations


Presentation on theme: "Identity & Access Management"— Presentation transcript:

1 Identity & Access Management
DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart

2 The above cartoon by Peter Steiner has been reproduced from page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20) only for academic discussion, evaluation, research and complies with the copyright law of the United States as defined and stipulated under Title 17 U. S. Code.

3 The Problem How do you establish a digital ID?
How do you “guarantee” somebody’s ID? How do you prevent unauthorized access? How do you protect confidential ID data? How do you “share” identities? How do you avoid “mistakes”?

4 What is IdM/IAM? The Burton Group defines identity management as follows: “Identity management is the set of business processes, and a supporting infrastructure for the creation, maintenance, and use of digital identities.” Enterprise Identity Management: It's About the Business, Jamie Lewis,The Burton Group Directory and Security Strategies Report, v1 July 2nd 2003

5 Internet2 HighEd IdM model
0704_idm_model.jpg from Grouper doc (

6 A more “complete” definition
An integrated system of business processes, policies and technologies that enables organizations to facilitate and control user access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users.

7 Identity Management Policy Enables Defines Confidential Information
Technology/Infrastructure Business Processes Uses

8 Why is IdM/IAM important?
Social networking Customer/Employee Management Information Security (Data Breach laws) Privacy/Compliance issues Business Productivity Crime prevention

9 Identity Life-Cycle Management
Components of IdM/IAM Identity Life-Cycle Management Access Management Directory Services

10 Directory Services Lightweight Directory Access Protocol (LDAP)
Stores identity information Personal Information Attributes Credentials Roles Groups Policies

11 Components of a digital identity
Biographical Information (Name, Address) Biometric Information (Behavioral, Biological) Business Information (Transactions, Preferences)

12 Access Management Authentication/Single Sign On
Entitlements (Organization/Federation) Authorization Auditing Service Provision Identity Propagation/Delegation Security Assertion Markup Language (SAML)

13 Access Management Authentication (AuthN) Authorization (AuthZ)
Three types of authentication factors Type 1 – Something you know Type 2 – Something you have Type 3 – Something you are Authorization (AuthZ) Access Control Role-Based Access Control (RBAC) Task-Based Access Control (TBAC) Single Sign On/Reduced Sign On Security Policies

14 Levels of Assurance LOA-2 Confidence exists identity is accurate
Impacts individual and organization LOA-3 High confidence identity is accurate Impacts multiple people and organization LOA-4 Very high confidence identity is accurate Impacts indiscriminate populations LOA-1 Little or no confidence identity is accurate Impacts individual High Access to Biotechnology Lab Manage Research Data Risk Manage My Benefits Manage Other’s Benefits View My Vacation Manage Financials The higher the LOA, the more assurance of who is managing/accessing the data and the strength of the credentials that they are using the to access the data. Apply to College View My Grades Manage Financial Aid Join a Group Manage My Calendar Manage Student Records Give Donations Take a Test Enter Course Grades Buy Tickets Enroll in a Course Administer Course Settings Low Data Classification/Privileges Low High

15 Identity Life-Cycle Management
User Management Credential Management Entitlement Management Integration (Authoritative Sources of Record) Identity Provisioning/Deprovisioning

16 “Student” Identity Life Cycle
Accepted Prospective Paid Deposit Leave of Absence Graduated Registered Withdrawn

17 Federated Identity Management
Business Enablement Automatically share identities between administrative boundaries Identity Providers (IdP) Service Providers (SP) Easier access for users (use local credentials) Requires trust relationships

18 Shibboleth

19 Internet2 HighEd IdM model

20 Research Areas Public Safety National Security Commerce
Identity theft, cybercrime, computer crime, organized crime groups, document fraud, and sexual predator detection National Security Cybersecurity and cyber defense, human trafficking and illegal immigration, terrorist tracking and financing Commerce Mortgage fraud and other financial crimes, data breaches, e-commerce fraud, insider threats, and health care fraud Individual Protection Identity theft and fraud Integration Biometrics, Policy assessment/development, Confidentiality, Privacy Center for Applied Identity Management Research -


Download ppt "Identity & Access Management"

Similar presentations


Ads by Google