Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity & Access Management

Published byGhislaine Desjardins Modified over 5 years ago

Similar presentations

Presentation on theme: "Identity & Access Management"— Presentation transcript:

1 Identity & Access Management
DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart

2 The above cartoon by Peter Steiner has been reproduced from page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20) only for academic discussion, evaluation, research and complies with the copyright law of the United States as defined and stipulated under Title 17 U. S. Code.

3 The Problem How do you establish a digital ID?
How do you “guarantee” somebody’s ID? How do you prevent unauthorized access? How do you protect confidential ID data? How do you “share” identities? How do you avoid “mistakes”?

4 What is IdM/IAM? The Burton Group defines identity management as follows: “Identity management is the set of business processes, and a supporting infrastructure for the creation, maintenance, and use of digital identities.” Enterprise Identity Management: It's About the Business, Jamie Lewis,The Burton Group Directory and Security Strategies Report, v1 July 2nd 2003

5 Internet2 HighEd IdM model
0704_idm_model.jpg from Grouper doc (

6 A more “complete” definition
An integrated system of business processes, policies and technologies that enables organizations to facilitate and control user access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users.

7 Identity Management Policy Enables Defines Confidential Information
Technology/Infrastructure Business Processes Uses

8 Why is IdM/IAM important?
Social networking Customer/Employee Management Information Security (Data Breach laws) Privacy/Compliance issues Business Productivity Crime prevention

9 Identity Life-Cycle Management
Components of IdM/IAM Identity Life-Cycle Management Access Management Directory Services

10 Directory Services Lightweight Directory Access Protocol (LDAP)
Stores identity information Personal Information Attributes Credentials Roles Groups Policies

11 Components of a digital identity
Biographical Information (Name, Address) Biometric Information (Behavioral, Biological) Business Information (Transactions, Preferences)

12 Access Management Authentication/Single Sign On
Entitlements (Organization/Federation) Authorization Auditing Service Provision Identity Propagation/Delegation Security Assertion Markup Language (SAML)

13 Access Management Authentication (AuthN) Authorization (AuthZ)
Three types of authentication factors Type 1 – Something you know Type 2 – Something you have Type 3 – Something you are Authorization (AuthZ) Access Control Role-Based Access Control (RBAC) Task-Based Access Control (TBAC) Single Sign On/Reduced Sign On Security Policies

14 Levels of Assurance LOA-2 Confidence exists identity is accurate
Impacts individual and organization LOA-3 High confidence identity is accurate Impacts multiple people and organization LOA-4 Very high confidence identity is accurate Impacts indiscriminate populations LOA-1 Little or no confidence identity is accurate Impacts individual High Access to Biotechnology Lab Manage Research Data Risk Manage My Benefits Manage Other’s Benefits View My Vacation Manage Financials The higher the LOA, the more assurance of who is managing/accessing the data and the strength of the credentials that they are using the to access the data. Apply to College View My Grades Manage Financial Aid Join a Group Manage My Calendar Manage Student Records Give Donations Take a Test Enter Course Grades Buy Tickets Enroll in a Course Administer Course Settings Low Data Classification/Privileges Low High

15 Identity Life-Cycle Management
User Management Credential Management Entitlement Management Integration (Authoritative Sources of Record) Identity Provisioning/Deprovisioning

16 “Student” Identity Life Cycle
Accepted Prospective Paid Deposit Leave of Absence Graduated Registered Withdrawn

17 Federated Identity Management
Business Enablement Automatically share identities between administrative boundaries Identity Providers (IdP) Service Providers (SP) Easier access for users (use local credentials) Requires trust relationships

18 Shibboleth

19 Internet2 HighEd IdM model

20 Research Areas Public Safety National Security Commerce
Identity theft, cybercrime, computer crime, organized crime groups, document fraud, and sexual predator detection National Security Cybersecurity and cyber defense, human trafficking and illegal immigration, terrorist tracking and financing Commerce Mortgage fraud and other financial crimes, data breaches, e-commerce fraud, insider threats, and health care fraud Individual Protection Identity theft and fraud Integration Biometrics, Policy assessment/development, Confidentiality, Privacy Center for Applied Identity Management Research -

Download ppt "Identity & Access Management"

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Xavier Verhaeghe Vice President Oracle Security Solutions

Xavier Verhaeghe Vice President Oracle Security Solutions
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Security Controls – What Works

Security Controls – What Works
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Similar presentations

Ads by Google