CIS14: Case Study: Using a Federated Identity Service for Faster Application Deployment
-
Upload
cloudidsummit -
Category
Technology
-
view
274 -
download
2
description
Transcript of CIS14: Case Study: Using a Federated Identity Service for Faster Application Deployment
Caterpillar Non-Confidential
Identity Virtualization
Cloud Identity Summit – July 22, 2014 Rowland Nicholson - IAM Architect
Global Information Systems
Caterpillar Non-Confidential 2 Global Information Systems
N New App
Enterprise Directory
Caterpillar Non-Confidential 3 Global Information Systems
U Upgrade
Enterprise Directory
Caterpillar Non-Confidential 4 Global Information Systems
L Legacy
Enterprise Directory
Caterpillar Non-Confidential 5 Global Information Systems
Enterprise Directory
A App
Caterpillar Non-Confidential 6 Global Information Systems
1 VIRTUAL ATTRIBUTES
Caterpillar Non-Confidential 7 Global Information Systems
Enterprise Directory
X ISO Doc’s
Y Turbines
DB Accounts
Caterpillar Non-Confidential 8 Global Information Systems
Enterprise Directory
X ISO Doc’s
Y Turbines
DB Accounts
Radius Server
Caterpillar Non-Confidential 9 Global Information Systems
Enterprise Directory
X ISO Doc’s
Y Turbines
DB Accounts
Radius Server
Virtual Directory
solarid = ‘D’+ badgenumber
Caterpillar Non-Confidential 10 Global Information Systems
Enterprise Directory
F1 “Flexible”
F2 “Finicky”
Virtual Directory +4 virtual attributes
department entryUUID member memberOf
Caterpillar Non-Confidential 11 Global Information Systems
1 VIRTUAL ATTRIBUTES
Caterpillar Non-Confidential 12 Global Information Systems
2 DYNAMIC GROUPS
Caterpillar Non-Confidential 13 Global Information Systems
F2 “Finicky” Only groups
• affiliations • organizations • business units • rules
Caterpillar Non-Confidential 14 Global Information Systems
Enterprise Directory
F2 “Finicky”
Virtual Directory
ou=groups ou=groups ou=autogen ou=dynamic ou=groups
Caterpillar Non-Confidential 15 Global Information Systems
AttributeValues
Autogen Group
Members with value
Caterpillar Non-Confidential 16 Global Information Systems
Rule
Dynamic Group
Members match rule
Caterpillar Non-Confidential 17 Global Information Systems
Enterprise Directory
F2 “Finicky”
Virtual Directory
ou=groups ou=groups ou=autogen ou=dynamic ou=groups
F1 “Flexible”
Caterpillar Non-Confidential 18 Global Information Systems
2 DYNAMIC GROUPS
Caterpillar Non-Confidential 19 Global Information Systems
3 ”VIRTUALIZED” DIRECTORY
Caterpillar Non-Confidential 20 Global Information Systems
F2 “Finicky”
Supports only Directory “Q”
Caterpillar Non-Confidential 21 Global Information Systems
F2 “Finicky”
Enterprise Directory Virtual Directory
• “Q” DIT • “Q” Schema
Caterpillar Non-Confidential 22 Global Information Systems
3 ”VIRTUALIZED” DIRECTORY
Caterpillar Non-Confidential 23 Global Information Systems
… one more thing
Caterpillar Non-Confidential 24 Global Information Systems
Enterprise Directory Virtual Directory
PII Data View
F2 “Finicky”
F1 “Flexible”
Caterpillar Non-Confidential 25 Global Information Systems
APPLICATIONS:
F2 “Finicky”
F1 “Flexible” IAM
Virtual attributes Dynamic groups
Virtual DIT/Schema Federated
New Upgrades Legacy
LDAP
WS SAML WS-Fed OAuth
OpenID Connect WAM
Caterpillar Non-Confidential 26 Global Information Systems
Thank You!