Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart."— Presentation transcript:

1 Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart

2

3 The Problem How do you establish a digital ID? How do you “guarantee” somebody’s ID? How do you prevent unauthorized access? How do you protect confidential ID data? How do you “share” identities? How do you avoid “mistakes”?

4 What is IdM/IAM? The Burton Group defines identity management as follows: – “Identity management is the set of business processes, and a supporting infrastructure for the creation, maintenance, and use of digital identities.”

5 Internet2 HighEd IdM model

6 A more “complete” definition An integrated system of business processes, policies and technologies that enables organizations to facilitate and control user access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users. http://www.comcare.org/Patient_Tracking/IP TI-Glossary.html

7 Identity Management Policy Technology/Infrastructu re Business Processes Enables Defines Uses Confidential Information

8 Why is IdM/IAM important? Social networking Customer/Employee Management Information Security (Data Breach laws) Privacy/Compliance issues Business Productivity Crime prevention

9 Components of IdM/IAM Directory Services Identity Life-Cycle Management Access Management

10 Directory Services Lightweight Directory Access Protocol (LDAP) Stores identity information – Personal Information – Attributes – Credentials – Roles – Groups – Policies

11 Components of a digital identity Biographical Information (Name, Address) Biometric Information (Behavioral, Biological) Business Information (Transactions, Preferences)

12 Access Management Authentication/Single Sign On Entitlements (Organization/Federation) Authorization Auditing Service Provision Identity Propagation/Delegation Security Assertion Markup Language (SAML)

13 Access Management Authentication (AuthN) – Three types of authentication factors Type 1 – Something you know Type 2 – Something you have Type 3 – Something you are Authorization (AuthZ) – Access Control Role-Based Access Control (RBAC) Task-Based Access Control (TBAC) – Single Sign On/Reduced Sign On – Security Policies

14 Levels of Assurance LowHigh Data Classification/Privileges Low High Risk LOA-1 Little or no confidence identity is accurate Impacts individual LOA-2 Confidence exists identity is accurate Impacts individual and organization LOA-3 High confidence identity is accurate Impacts multiple people and organization LOA-4 Very high confidence identity is accurate Impacts indiscriminate populations Buy Tickets Give Donations Join a Group Apply to College Enroll in a Course Take a Test Manage My Calendar View My Grades View My Vacation Manage My Benefits Administer Course Settings Enter Course Grades Manage Student Records Manage Financial Aid Manage Financials Manage Other’s Benefits Access to Biotechnology Lab Manage Research Data

15 Identity Life-Cycle Management User Management Credential Management Entitlement Management Integration (Authoritative Sources of Record) Identity Provisioning/Deprovisioning

16 “Student” Identity Life Cycle Accepted Paid Deposit Registered Leave of Absence Withdrawn Graduated Prospective

17 Federated Identity Management Business Enablement Automatically share identities between administrative boundaries – Identity Providers (IdP) – Service Providers (SP) Easier access for users (use local credentials) Requires trust relationships

18 Shibboleth

19 Internet2 HighEd IdM model

20 Research Areas Public Safety – Identity theft, cybercrime, computer crime, organized crime groups, document fraud, and sexual predator detection National Security – Cybersecurity and cyber defense, human trafficking and illegal immigration, terrorist tracking and financing Commerce – Mortgage fraud and other financial crimes, data breaches, e- commerce fraud, insider threats, and health care fraud Individual Protection – Identity theft and fraud Integration – Biometrics, Policy assessment/development, Confidentiality, Privacy

Download ppt "Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart."

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.
Identity cards and systems Professor M. Angela Sasse University College London Professor Brian Collins RMCS Shrivenham.

Identity cards and systems Professor M. Angela Sasse University College London Professor Brian Collins RMCS Shrivenham.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Security Controls – What Works

Security Controls – What Works
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Understanding Active Directory

Understanding Active Directory
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Similar presentations

Ads by Google