Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Identity and Access Management Introduction

21 999 vues

Publié le

The Identity management solutions required specific skill to successfully deploy it. This presentation will help you to star build some of them.

Publié dans : Technologie, Business
  • Soyez le premier à commenter

Identity and Access Management Introduction

  1. 1. Allidm.com Discovering Identity and Access Management Solutions Identity and Access Management Introduction http://academy.allidm.com
  2. 2. Stay connected to Allidm Find us on Facebook: http: //www. facebook.com/allidm Follow us on Twitter: http: //twitter.com/aidy_idm Look for us on LinkedIn: http: //www. linkedin.com/allidm Visit our blog: http://www.allidm.com/blog
  3. 3. Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect any official stance of any Identity and Access Management Vendor on any particular technology
  4. 4. Contact Us On this presentation we’ll talk about some useful topics that you can use no matter which identity and access management solution or product you are working on. If you know one that make a big difference please tell us to include it in the future aidy.allidm@gmail.com
  5. 5. What’s Identity? Origin 1560–70; < Late Latin identitās, equivalent to Latin ident ( idem ) repeatedly, again and again, earlier *idem et idem ( idem neuter of īdem the same + et and) + -itās –ity Definition the distinguishing character or personality of an individual : individuality The set of behavioral or personal characteristics by which an individual is recognizable as a member of a group
  6. 6. Identity An identity in an identity management system is used to establish an identity record with attributes An identity is typically defined by a combination of Generic attributes, such as firstname, lastname, address, etc and one or more more specific attributes that are meaningful to the organization maintaining the identity details
  7. 7. What’s Identity Management? According to wikipedia this is the definition Identity management (IdM) describes the management of individual identities, their authentication, authorization, roles, and privileges/permissions within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks. “Identity Management" and "Identity and Access Management " (or IAM) are terms that are used interchangeably under the title of Identity management.
  8. 8. Identity and Access Management The growing number of web-enabled applications and the changing roles of different user communities creates challenges for the modern enterprise. These challenges include controlling access to network resources maintaining the consistency of user identity between different applications making new applications easy to manage.
  9. 9. Why Identity and Access management is Problem? Companies typically develop and implement network applications in individual projects without a common user repository information. Each application is deployed with its own provisioning and identity-management interfaces, and with its own security systems. Identity information and security policies are distributed across many applications, and repositories are controlled by a variety of internal and external groups. Administration redundancies can result in inconsistent identity data across the enterprise, increased operating costs, and an ad hoc security strategy.
  10. 10. Why Identity and Access management is Problem? Environments with disparate sources of identity information have different approaches for organizing user entries, security practices, access control, and other essential aspects of information architecture. Enterprises with affiliate business and consumer relationships potentially have user populations that reach into the tens or hundreds of millions. When new applications are deployed without a common identity infrastructure, security decisions are often made in an ad hoc manner by developers and system administrators. Inconsistent processes for account deactivation
  11. 11. Why Identity and Access management is Problem? Duplication of identity infrastructure functions across multiple applications, and random security contribute to operational inefficiencies across the enterprise. This duplication of effort increases costs, delays time to market, and reduces revenues.
  12. 12. Why Identity Management? The number of identities continues to grow. Identity inside the company Identify with other partners Identity on the cloud Evolution to client/server applications and the Internet has dramatically increased the number of identities we have to remember.
  13. 13. Multiple Identities An Identity Management solution needs to cover one or all of the next identity types for a person Single Identity Multiple Identities In a university, a person might be a staff member and a student at the same time. Service or Batch Identities Identities used to run some nightly process or any other automated process. Cloud Identity
  14. 14. Why an IAM Solution? Improve the user productivity Reduce High support costs Improve Compromised security Find Compliance deficiencies Decrease the Corporate dissatisfaction
  15. 15. IAM Solutions on Enterprise An identity management solutions is typically integrated in the next system, each with its own purpose and access requirements Windows Systems Unix Linux Macintosh Legacy Systems
  16. 16. IAM Solutions on Enterprise Also, on these systems may run different applications Enterprise applications SAP PeopleSoft Databases Oracle DB2 SQL Server Sybase Other Desktop or Web based applications Home-grown applications Custom built by outside developers
  17. 17. IAM Solutions The identity problem is not resolved with only one solution or product, usually when is implemented the enterprise might need to use a combination of them IAM Solutions might include Directory Services To manage the account attributes and organization structure Access Management Single Sign On To manage the Authentication and Authorization for users Identity Life-cycle Management To manage Account Provisioning & De-provisioning Role Management To manage RBAC
  18. 18. IAM Solutions
  19. 19. IAM Holes Password Management remember so many darn passwords. Orphan Accounts From a compliance standpoint, orphan accounts are a major concern since orphan accounts mean that exemployees and former contractors or suppliers still have legitimate credentials and access to internal systems
  20. 20. IAM Challenges Dealing with multiple identities Dealing with orphan accounts Managing a lots of manual tasks Business Processes not well defined Expectation to make the IdM a data synchronization engine for application data Getting all stakeholders to have a common view of area which is likely to come together and discuss the issues Lack of leadership and support from sponsors Deploying too many IdM technologies in a short time period Lack of consistent architectural vision
  21. 21. Industry Standards Some standards used to implement IAM Solutions Are: Security Assertion Markup Language (SAML) Liberty Alliance Identity Web Services Framework (ID-WSF) Service Provisioning Markup Language (SPML) Directory Services Markup Language (DSML) OASIS eXtensible Access Control Markup Language (XACML) Lightweight Directory Access Protocol (LDAP) OAUTH Simple Cloud Identity Management (SCIM)
  22. 22. Industry Standards SAML Defining and maintaining a standard, XML-based framework for creating and exchanging security information between online partners http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=securit y ID-WSF http://projectliberty.org/resources/specifications.php/?f= resources/specifications.php
  23. 23. Industry Standards SPML Providing an XML framework for managing the provisioning and allocation of identity information and system resources within and between organizations http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=provision DSML specification to add support for querying and modifying directories. http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=dsml
  24. 24. Industry Standards OAuth An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications http://oauth.net/ SCIM Designed to make managing user identity in cloud based applications and services easier. The specification suite seeks to build upon experience with existing schemas and deployments, placing specific emphasis on simplicity of development and integration, while applying existing authentication, authorization, and privacy models. http://www.simplecloud.info/
  25. 25. Road map The IAM solutions are implemented on phases and usually is a multi year project.
  26. 26. Reference URL’s http://en.wikipedia.org/wiki/Identity_management http://www.oasis-open.org/
  27. 27. Allidm.com Discovering Identity and Access Management Solutions Allidm Academy http://academy.allidm.com