identity & access management jonas syrstad
TRANSCRIPT
Identity & access management THE KEY TO THE FLEXIBLE WORKSPACE
Jonas Syrstad, [email protected]
Disclaimer
Avoiding any specific implementation
No deep dive into the protocols
Focus on Enterprises
Key elements; the 4 A’s
Administration
Authentication
Authorization
Auditing
Administration
Identity synchronization Data flow
Ownership
Premission management Access
Rights
Challenges
Ownership of data elements
Processes
Data flow
Authentication
Trusted 3rd party
Claims based identity
Open standards WS-*
SAML
Claims based identity
A Claim is a statement that is true or false
A Security token consists of one or many claims
Examples of claim types Name
Gender
Group membership
Role
Claims based identity architecture
Security tokens issued by a trusted 3rd party
Consumed by a relying party
Penetrates trust and technology boundaries
Claims based identity architecture
Client(Browser,
mobile app, application)
Claims Provider(STS like ADFS)
Relying party(ASP.NET,
WCF service ++)
Trust relationship
1. Request access
2. Demand Security token
3. Request Security token
4. Provide security token
5. Submit security token
Technologies
WS-*
SAML 2.0
OAuth
OpenId
Enterprise
Consumer
Hybrid
Authorization
Determine what the user is allowed to do
An application responsibility
Device classification What
Where
When
Auditing
Which applications does the users have access to?
How do we track a user across systems and modules Single view of user activity
Automated actions on breaches of protocol