Identity & Access Management
description
Transcript of Identity & Access Management
![Page 1: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/1.jpg)
Identity & Access Management
DCS 861 Team2Kirk M. Anne
Carolyn Sher-DecaustisKevin Kidder
Joe MassiJohn Stewart
![Page 2: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/2.jpg)
![Page 3: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/3.jpg)
The Problem
• How do you establish a digital ID?• How do you “guarantee” somebody’s ID?• How do you prevent unauthorized access?• How do you protect confidential ID data?• How do you “share” identities?• How do you avoid “mistakes”?
![Page 4: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/4.jpg)
What is IdM/IAM?
• The Burton Group defines identity management as follows:– “Identity management is the set of business
processes, and a supporting infrastructure for the creation, maintenance, and use of digital identities.”
![Page 5: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/5.jpg)
Internet2 HighEd IdM model
![Page 6: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/6.jpg)
A more “complete” definition
• An integrated system of business processes, policies and technologies that enables organizations to facilitate and control user access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users. http://www.comcare.org/Patient_Tracking/IPTI-Glossary.html
![Page 7: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/7.jpg)
Identity Management
Policy
Technology/Infrastructure
BusinessProcesses
Enab
lesDefines
Uses
ConfidentialInformation
![Page 8: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/8.jpg)
Why is IdM/IAM important?
• Social networking• Customer/Employee Management• Information Security (Data Breach laws)• Privacy/Compliance issues• Business Productivity• Crime prevention
![Page 9: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/9.jpg)
Components of IdM/IAM
DirectoryServices
IdentityLife-Cycle
Management
AccessManagement
![Page 10: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/10.jpg)
Directory Services
• Lightweight Directory Access Protocol (LDAP) • Stores identity information– Personal Information– Attributes– Credentials– Roles– Groups– Policies
![Page 11: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/11.jpg)
Components of a digital identity
Biographical Information
(Name, Address)
Biometric Information (Behavioral, Biological)
Business Information(Transactions, Preferences)
![Page 12: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/12.jpg)
Access Management
• Authentication/Single Sign On• Entitlements (Organization/Federation)• Authorization• Auditing• Service Provision• Identity Propagation/Delegation• Security Assertion Markup Language (SAML)
![Page 13: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/13.jpg)
Access Management• Authentication (AuthN)– Three types of authentication factors
• Type 1 – Something you know• Type 2 – Something you have• Type 3 – Something you are
• Authorization (AuthZ)– Access Control
• Role-Based Access Control (RBAC)• Task-Based Access Control (TBAC)
– Single Sign On/Reduced Sign On– Security Policies
![Page 14: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/14.jpg)
Levels of Assurance
Low HighData Classification/Privileges
Low
High
Risk
LOA-1Little or no confidence
identity is accurateImpacts individual
LOA-2Confidence exists identity is accurate
Impacts individualand organization
LOA-3High confidence
identity is accurateImpacts multiple
people and organization
LOA-4Very high confidence
identity is accurateImpacts indiscriminate
populations
Buy Tickets
Give Donations
Join a Group
Apply to College
Enroll in a Course
Take a Test
Manage My Calendar
View My Grades
View My Vacation
Manage My Benefits
Administer Course Settings
Enter Course Grades
Manage Student Records
Manage Financial Aid
Manage Financials
Manage Other’s Benefits
Access to Biotechnology Lab
Manage Research Data
![Page 15: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/15.jpg)
Identity Life-Cycle Management
• User Management• Credential Management• Entitlement Management• Integration (Authoritative Sources of Record)• Identity Provisioning/Deprovisioning
![Page 16: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/16.jpg)
“Student” Identity Life CycleAccepted
PaidDeposit
Registered
Leave ofAbsence
Withdrawn
Graduated
Prospective
![Page 17: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/17.jpg)
Federated Identity Management
• Business Enablement• Automatically share identities between
administrative boundaries– Identity Providers (IdP)– Service Providers (SP)
• Easier access for users (use local credentials)• Requires trust relationships
![Page 18: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/18.jpg)
Shibboleth
![Page 19: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/19.jpg)
Internet2 HighEd IdM model
![Page 20: Identity & Access Management](https://reader036.fdocuments.in/reader036/viewer/2022070503/5681565b550346895dc40638/html5/thumbnails/20.jpg)
Research Areas• Public Safety
– Identity theft, cybercrime, computer crime, organized crime groups, document fraud, and sexual predator detection
• National Security– Cybersecurity and cyber defense, human trafficking and illegal
immigration, terrorist tracking and financing• Commerce
– Mortgage fraud and other financial crimes, data breaches, e-commerce fraud, insider threats, and health care fraud
• Individual Protection– Identity theft and fraud
• Integration– Biometrics, Policy assessment/development, Confidentiality, Privacy