Identity & access management THE KEY TO THE FLEXIBLE WORKSPACE

Jonas Syrstad, jsy@pragma.no

Disclaimer

Avoiding any specific implementation

No deep dive into the protocols

Focus on Enterprises

Key elements; the 4 A’s

Administration

Authentication

Authorization

Auditing

Administration

Identity synchronization Data flow

Ownership

Premission management Access

Rights

Challenges

Ownership of data elements

Processes

Data flow

Authentication

Trusted 3rd party

Claims based identity

Open standards WS-*

SAML

Claims based identity

A Claim is a statement that is true or false

A Security token consists of one or many claims

Examples of claim types Name

Email

Gender

Group membership

Role

Claims based identity architecture

Security tokens issued by a trusted 3rd party

Consumed by a relying party

Penetrates trust and technology boundaries

Claims based identity architecture

Client(Browser,

mobile app, application)

Claims Provider(STS like ADFS)

Relying party(ASP.NET,

WCF service ++)

Trust relationship

1. Request access

2. Demand Security token

3. Request Security token

4. Provide security token

5. Submit security token

Technologies

WS-*

SAML 2.0

OAuth

OpenId

Enterprise

Consumer

Hybrid

Authorization

Determine what the user is allowed to do

An application responsibility

Device classification What

Where

When

Auditing

Which applications does the users have access to?

How do we track a user across systems and modules Single view of user activity

Automated actions on breaches of protocol