Post on 13-Dec-2015
By: Nikhil Bendre
Gauri Jape
What is Identity?
Digital Identity
Attributes Role Relationship
Authentication◦ Who wants to access the system?
Authorization◦ Defining the rights to access
IDAM
Streamlines the access to resources
Reduces the wastage of time
Efficient Provisioning
Reduces Administrative Cost
Single Password
Ensures greater user productivity
Software Engineering
Architecture
Scalability
Need to standardize IDAM
Composed of◦ Subjects◦ Objects◦ Access rights
Types◦ ACL◦ RBAC◦ ABAC◦ CWAC
Access Control List
Consists of list of subjects & objects with the access rights
Example◦ acl(file 1) = { (process 1, {read, write, own}),
(process 2 {append}) } ◦ acl(process 1) = { (process 1, {read, write,
execute, own}), (process 2, {read}) }
Role Based Access Control
Consists of◦ Group of users based on roles◦ Permissions to roles
Supports revocation of access
High level specification possible
Attributes Based Access Control
◦ Grants access to the entities based on attributes
Context Aware Access Control
◦ Access based on surrounding context of subjects or objects
Both Support High Level Specification
Property of access control
Single Login In
Total Access to System
Examples◦ One Time Password◦ Smart Cards
New token structure
Conference key mechanism◦Secure way between service provider & identity provider
Service token mechanism for IDAM
IDAM
Access Control Models
Single Sign On
Sourceld Liberty