Introduction to Identity Management - Identity …“Identity management is the set of business...
Transcript of Introduction to Identity Management - Identity …“Identity management is the set of business...
![Page 1: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/1.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
Introduction to Identity ManagementIdentity Management Workshop
Victoriano Giralt
Central Computing FacilityUniversity of Málaga, Spain
Chisinau, Replublic of MoldovaMay, 15th 2007
Victoriano Giralt Introduction to Identity Management
![Page 2: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/2.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
Disclaimer
This presentation is freely based on material borrowed from:Keith HazeltonSr. IT Architect, University of Wisconsin-Madison
as presented at Porto EuroCAMP byKen KlingensteinDirector, Internet2 Middleware and Security
All merits should be attributed to them, and all errors to myself.
Victoriano Giralt Introduction to Identity Management
![Page 3: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/3.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
Overview
1 What is Identity Management (IdM)?
2 The Identity Management Stone Age
3 A better vision for IdM
4 Basic IdM functions
5 Demands on IT and how IdM helps
Victoriano Giralt Introduction to Identity Management
![Page 4: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/4.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
Overview
1 What is Identity Management (IdM)?
2 The Identity Management Stone Age
3 A better vision for IdM
4 Basic IdM functions
5 Demands on IT and how IdM helps
Victoriano Giralt Introduction to Identity Management
![Page 5: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/5.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
Overview
1 What is Identity Management (IdM)?
2 The Identity Management Stone Age
3 A better vision for IdM
4 Basic IdM functions
5 Demands on IT and how IdM helps
Victoriano Giralt Introduction to Identity Management
![Page 6: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/6.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
Overview
1 What is Identity Management (IdM)?
2 The Identity Management Stone Age
3 A better vision for IdM
4 Basic IdM functions
5 Demands on IT and how IdM helps
Victoriano Giralt Introduction to Identity Management
![Page 7: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/7.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
Overview
1 What is Identity Management (IdM)?
2 The Identity Management Stone Age
3 A better vision for IdM
4 Basic IdM functions
5 Demands on IT and how IdM helps
Victoriano Giralt Introduction to Identity Management
![Page 8: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/8.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM definitionWhat is all this about?
We need to know what we will be talking about
What is Identity Management?
“Identity management is the set of businessprocesses, and a supporting infrastructure, for thecreation, maintenance, and use of digitalidentities.”
Identity Management, in this sense, is often called “Identityand Access Management” (IAM)
Victoriano Giralt Introduction to Identity Management
![Page 9: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/9.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM definitionWhat is all this about?
We need to know what we will be talking about
What is Identity Management?
“Identity management is the set of businessprocesses, and a supporting infrastructure, for thecreation, maintenance, and use of digitalidentities.”
Identity Management, in this sense, is often called “Identityand Access Management” (IAM)
Victoriano Giralt Introduction to Identity Management
![Page 10: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/10.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM definitionWhat is all this about?
We need to know what we will be talking about
What is Identity Management?
“Identity management is the set of businessprocesses, and a supporting infrastructure, for thecreation, maintenance, and use of digitalidentities.”
The Burton Group (a research firm specializing in IT infrastructure for the enterprise)
Identity Management, in this sense, is often called “Identityand Access Management” (IAM)
Victoriano Giralt Introduction to Identity Management
![Page 11: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/11.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM definitionWhat is all this about?
We need to know what we will be talking about
What is Identity Management?
“Identity management is the set of businessprocesses, and a supporting infrastructure, for thecreation, maintenance, and use of digitalidentities.”
The Burton Group (a research firm specializing in IT infrastructure for the enterprise)
Identity Management, in this sense, is often called “Identityand Access Management” (IAM)
Victoriano Giralt Introduction to Identity Management
![Page 12: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/12.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM Frequent TermsWhat do this buzz words mean?
We need to understand what others are talking about
Victoriano Giralt Introduction to Identity Management
![Page 13: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/13.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM Frequent TermsWhat do this buzz words mean?
We need to understand what others are talking about
Digital Id Digital Identity
The collection of bits of identity informationabout you in all the relevant IT systemsat your institution.The identity must be unique inside a givendomain.
Victoriano Giralt Introduction to Identity Management
![Page 14: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/14.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM Frequent TermsWhat do this buzz words mean?
We need to understand what others are talking about
AuthN
Digital IdAuthentication
The process that allows to verify the identityof a principal, by any means,be them electronic or physical.This proof of identity is also known ascredentials.
Victoriano Giralt Introduction to Identity Management
![Page 15: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/15.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM Frequent TermsWhat do this buzz words mean?
We need to understand what others are talking about
AuthR
AuthN
Digital Id
AuthorisationThe process that validates the user’s rights ona given resource, and, usually, enforces them.Also seen in the wild as AuthS (British spelling) orAuthZ (American spelling).
Victoriano Giralt Introduction to Identity Management
![Page 16: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/16.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM Frequent TermsWhat do this buzz words mean?
We need to understand what others are talking about
AAI
AuthR
AuthN
Digital Id
Authentication and Authorisation InfrastructureA coordinated set of systems that allows institutionsto collaborate in exchanging identity datato control the access to servicesby their respective members.
Victoriano Giralt Introduction to Identity Management
![Page 17: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/17.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM Frequent TermsWhat do this buzz words mean?
We need to understand what others are talking about
IdP
AAI
AuthR
AuthN
Digital Id
Identity Provider
A.K.A. identity source.The institution that holdsall the necesary information foridentifying a principal,be it a person, a system or a service.
Victoriano Giralt Introduction to Identity Management
![Page 18: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/18.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM Frequent TermsWhat do this buzz words mean?
We need to understand what others are talking about
SP
IdP
AAI
AuthR
AuthN
Digital Id
Service ProviderA.K.A. identity consumer.Someone that needs to know the identity ofa principal and, probably,some associated information,in order to grant access to a resource.
Victoriano Giralt Introduction to Identity Management
![Page 19: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/19.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM Frequent TermsWhat do this buzz words mean?
We need to understand what others are talking about
SoR
SP
IdP
AAI
AuthR
AuthN
Digital Id
System of Record
Those systems that collect data about indvidualsi.e., through which individuals enterthe organization.For example: student registration orHuman Resources.
Victoriano Giralt Introduction to Identity Management
![Page 20: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/20.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by examplestudent Lisa
Let’s see Lisa interacting with some University systems
“Hi! I’m Lisa.” (Identity)
“. . . and here’re my NetID / password to prove it.” (AuthN)
“I want to do upload my assignments.”(AuthR: Allowing Lisa to use the services
to which she’s entitled)
“And I want to change my gradein last semester’s Physics course.”
(AuthR: Preventing her from doing thingsshe’s not supposed to do)
Victoriano Giralt Introduction to Identity Management
![Page 21: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/21.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by examplestudent Lisa
Let’s see Lisa interacting with some University systems
“Hi! I’m Lisa.”
(Identity)
“. . . and here’re my NetID / password to prove it.” (AuthN)
“I want to do upload my assignments.”(AuthR: Allowing Lisa to use the services
to which she’s entitled)
“And I want to change my gradein last semester’s Physics course.”
(AuthR: Preventing her from doing thingsshe’s not supposed to do)
Victoriano Giralt Introduction to Identity Management
![Page 22: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/22.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by examplestudent Lisa
Let’s see Lisa interacting with some University systems
“Hi! I’m Lisa.” (Identity)
“. . . and here’re my NetID / password to prove it.” (AuthN)
“I want to do upload my assignments.”(AuthR: Allowing Lisa to use the services
to which she’s entitled)
“And I want to change my gradein last semester’s Physics course.”
(AuthR: Preventing her from doing thingsshe’s not supposed to do)
Victoriano Giralt Introduction to Identity Management
![Page 23: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/23.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by examplestudent Lisa
Let’s see Lisa interacting with some University systems
“Hi! I’m Lisa.” (Identity)
“. . . and here’re my NetID / password to prove it.”
(AuthN)
“I want to do upload my assignments.”(AuthR: Allowing Lisa to use the services
to which she’s entitled)
“And I want to change my gradein last semester’s Physics course.”
(AuthR: Preventing her from doing thingsshe’s not supposed to do)
Victoriano Giralt Introduction to Identity Management
![Page 24: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/24.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by examplestudent Lisa
Let’s see Lisa interacting with some University systems
“Hi! I’m Lisa.” (Identity)
“. . . and here’re my NetID / password to prove it.” (AuthN)
“I want to do upload my assignments.”(AuthR: Allowing Lisa to use the services
to which she’s entitled)
“And I want to change my gradein last semester’s Physics course.”
(AuthR: Preventing her from doing thingsshe’s not supposed to do)
Victoriano Giralt Introduction to Identity Management
![Page 25: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/25.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by examplestudent Lisa
Let’s see Lisa interacting with some University systems
“Hi! I’m Lisa.” (Identity)
“. . . and here’re my NetID / password to prove it.” (AuthN)
“I want to do upload my assignments.”
(AuthR: Allowing Lisa to use the servicesto which she’s entitled)
“And I want to change my gradein last semester’s Physics course.”
(AuthR: Preventing her from doing thingsshe’s not supposed to do)
Victoriano Giralt Introduction to Identity Management
![Page 26: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/26.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by examplestudent Lisa
Let’s see Lisa interacting with some University systems
“Hi! I’m Lisa.” (Identity)
“. . . and here’re my NetID / password to prove it.” (AuthN)
“I want to do upload my assignments.”(AuthR: Allowing Lisa to use the services
to which she’s entitled)
“And I want to change my gradein last semester’s Physics course.”
(AuthR: Preventing her from doing thingsshe’s not supposed to do)
Victoriano Giralt Introduction to Identity Management
![Page 27: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/27.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by examplestudent Lisa
Let’s see Lisa interacting with some University systems
“Hi! I’m Lisa.” (Identity)
“. . . and here’re my NetID / password to prove it.” (AuthN)
“I want to do upload my assignments.”(AuthR: Allowing Lisa to use the services
to which she’s entitled)
“And I want to change my gradein last semester’s Physics course.”
(AuthR: Preventing her from doing thingsshe’s not supposed to do)
Victoriano Giralt Introduction to Identity Management
![Page 28: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/28.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by examplestudent Lisa
Let’s see Lisa interacting with some University systems
“Hi! I’m Lisa.” (Identity)
“. . . and here’re my NetID / password to prove it.” (AuthN)
“I want to do upload my assignments.”(AuthR: Allowing Lisa to use the services
to which she’s entitled)
“And I want to change my gradein last semester’s Physics course.”
(AuthR: Preventing her from doing thingsshe’s not supposed to do)
Victoriano Giralt Introduction to Identity Management
![Page 29: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/29.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by exampleNew hire, Assistant Professor Alice
Some needs for Alice before she is in the payroll.
The Department Head wants her tohave an e-mail account to give her a running start.
How does she get into our system and get set up withthe accounts and services appropriate to faculty?
Victoriano Giralt Introduction to Identity Management
![Page 30: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/30.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by exampleNew hire, Assistant Professor Alice
Some needs for Alice before she is in the payroll.
The Department Head wants her tohave an e-mail account to give her a running start.
How does she get into our system and get set up withthe accounts and services appropriate to faculty?
Victoriano Giralt Introduction to Identity Management
![Page 31: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/31.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
IdM by exampleNew hire, Assistant Professor Alice
Some needs for Alice before she is in the payroll.
The Department Head wants her tohave an e-mail account to give her a running start.
How does she get into our system and get set up withthe accounts and services appropriate to faculty?
Victoriano Giralt Introduction to Identity Management
![Page 32: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/32.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
Some common questionsto several IdM scenarios
In many IdM scenarios, this set of questionsshould be answered.
Are the people using these services who they claim to be?
Are they a member of our campus community?
Have they been given permission?
Is their privacy being protected?
We can feel the smell of policy and process issueslurking nearby.
Victoriano Giralt Introduction to Identity Management
![Page 33: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/33.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
Some common questionsto several IdM scenarios
In many IdM scenarios, this set of questionsshould be answered.
Are the people using these services who they claim to be?
Are they a member of our campus community?
Have they been given permission?
Is their privacy being protected?
We can feel the smell of policy and process issueslurking nearby.
Victoriano Giralt Introduction to Identity Management
![Page 34: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/34.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
Some common questionsto several IdM scenarios
In many IdM scenarios, this set of questionsshould be answered.
Are the people using these services who they claim to be?
Are they a member of our campus community?
Have they been given permission?
Is their privacy being protected?
We can feel the smell of policy and process issueslurking nearby.
Victoriano Giralt Introduction to Identity Management
![Page 35: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/35.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
The basic IdM functionsthose that any system needs
There are three functions a system should provide
AuthN: Verify the identity of principalsseeking access to a service or resource
AuthR: Validate that the principal hasthe rights to accomplish the intended operation
Log: Track access to services / resources
Victoriano Giralt Introduction to Identity Management
![Page 36: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/36.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
The basic IdM functionsthose that any system needs
There are three functions a system should provide
AuthN: Verify the identity of principalsseeking access to a service or resource
AuthR: Validate that the principal hasthe rights to accomplish the intended operation
Log: Track access to services / resources
Victoriano Giralt Introduction to Identity Management
![Page 37: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/37.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
The basic IdM functionsthose that any system needs
There are three functions a system should provide
AuthN: Verify the identity of principalsseeking access to a service or resource
AuthR: Validate that the principal hasthe rights to accomplish the intended operation
Log: Track access to services / resources
Victoriano Giralt Introduction to Identity Management
![Page 38: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/38.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
DefinitionsProcessessFunctions
The basic IdM functionsthose that any system needs
There are three functions a system should provide
AuthN: Verify the identity of principalsseeking access to a service or resource
AuthR: Validate that the principal hasthe rights to accomplish the intended operation
Log: Track access to services / resources
Victoriano Giralt Introduction to Identity Management
![Page 39: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/39.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
In the stone agetribes were issolated
In an organization that has not dawned to IdM
Every application for itself performs the IdM functions
User list, credentials, if you’re on the list, you’re inAuthN IS AuthR
Some identifiers are assigned nationallywith uncertain value locally
Victoriano Giralt Introduction to Identity Management
![Page 40: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/40.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
In the stone agetribes were issolated
In an organization that has not dawned to IdM
Every application for itself performs the IdM functions
User list, credentials, if you’re on the list, you’re inAuthN IS AuthR
Some identifiers are assigned nationallywith uncertain value locally
Victoriano Giralt Introduction to Identity Management
![Page 41: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/41.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
In the stone agetribes were issolated
In an organization that has not dawned to IdM
Every application for itself performs the IdM functions
User list, credentials, if you’re on the list, you’re inAuthN IS AuthR
Some identifiers are assigned nationallywith uncertain value locally
Victoriano Giralt Introduction to Identity Management
![Page 42: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/42.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
In the stone agetribes were issolated
In an organization that has not dawned to IdM
Every application for itself performs the IdM functions
User list, credentials, if you’re on the list, you’re inAuthN IS AuthR
Some identifiers are assigned nationallywith uncertain value locally
Victoriano Giralt Introduction to Identity Management
![Page 43: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/43.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
A better vision of IdMa cure to the yellow stickers syndrome
IAM as a middleware layer at the service ofany number of applications,which needs an expanded function set
Reflect: Track changes to institutional data fromchanges in SoR and other IdM components
Join: Establish & maintain person identity across SoR
Credential: issue digital credentials to peoplein the community
Victoriano Giralt Introduction to Identity Management
![Page 44: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/44.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
A better vision of IdMa cure to the yellow stickers syndrome
IAM as a middleware layer at the service ofany number of applications,which needs an expanded function set
Reflect: Track changes to institutional data fromchanges in SoR and other IdM components
Join: Establish & maintain person identity across SoR
Credential: issue digital credentials to peoplein the community
Victoriano Giralt Introduction to Identity Management
![Page 45: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/45.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
A better vision of IdMa cure to the yellow stickers syndrome
IAM as a middleware layer at the service ofany number of applications,which needs an expanded function set
Reflect: Track changes to institutional data fromchanges in SoR and other IdM components
Join: Establish & maintain person identity across SoR
Credential: issue digital credentials to peoplein the community
Victoriano Giralt Introduction to Identity Management
![Page 46: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/46.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
A better vision of IdMa cure to the yellow stickers syndrome
IAM as a middleware layer at the service ofany number of applications,which needs an expanded function set
Reflect: Track changes to institutional data fromchanges in SoR and other IdM components
Join: Establish & maintain person identity across SoR
Credential: issue digital credentials to peoplein the community
Victoriano Giralt Introduction to Identity Management
![Page 47: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/47.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
Identity fragmentationthe cancer of IdM
There are two important elements for the diagnose of thedisease
For any given person in the community,do we know which entry in each system’s data storecarry bits of their identity?
How many systems can create a “person record”?more than one => identity fragmentation
Victoriano Giralt Introduction to Identity Management
![Page 48: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/48.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
Identity fragmentationthe cancer of IdM
There are two important elements for the diagnose of thedisease
For any given person in the community,do we know which entry in each system’s data storecarry bits of their identity?
How many systems can create a “person record”?more than one => identity fragmentation
Victoriano Giralt Introduction to Identity Management
![Page 49: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/49.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
Identity fragmentationthe cancer of IdM
There are two important elements for the diagnose of thedisease
For any given person in the community,do we know which entry in each system’s data storecarry bits of their identity?
How many systems can create a “person record”?more than one => identity fragmentation
Victoriano Giralt Introduction to Identity Management
![Page 50: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/50.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
The Joinwe have a cure for cancer (in IdM)
The number one cure for identity fragmentation is
: The JoinFor it, we have to use bussiness logic to
Establish which records correspond to the same person
Maintain that identity join in the face ofchanges to data in collected systems
Victoriano Giralt Introduction to Identity Management
![Page 51: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/51.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
The Joinwe have a cure for cancer (in IdM)
The number one cure for identity fragmentation is: The Join
For it, we have to use bussiness logic to
Establish which records correspond to the same person
Maintain that identity join in the face ofchanges to data in collected systems
Victoriano Giralt Introduction to Identity Management
![Page 52: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/52.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
The Joinwe have a cure for cancer (in IdM)
The number one cure for identity fragmentation is: The JoinFor it, we have to use bussiness logic to
Establish which records correspond to the same person
Maintain that identity join in the face ofchanges to data in collected systems
Victoriano Giralt Introduction to Identity Management
![Page 53: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/53.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
The Joinwe have a cure for cancer (in IdM)
The number one cure for identity fragmentation is: The JoinFor it, we have to use bussiness logic to
Establish which records correspond to the same person
Maintain that identity join in the face ofchanges to data in collected systems
Victoriano Giralt Introduction to Identity Management
![Page 54: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/54.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
Identity Information AccessImplementig The Join
In order to implement The Join,we need to access indentity information
Some direct from the Enterprise Directoryvia reflection from SoR
Some other bits, reached through identifier crosswalksRegistry ID Sys A ID Sys B ID Sys C ID Sys D ID3a104e59 fsmith32 86443 freds 8641648c2f916d abecker1 45209 amyb 752731
Victoriano Giralt Introduction to Identity Management
![Page 55: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/55.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
Identity Information AccessImplementig The Join
In order to implement The Join,we need to access indentity information
Some direct from the Enterprise Directoryvia reflection from SoR
Some other bits, reached through identifier crosswalksRegistry ID Sys A ID Sys B ID Sys C ID Sys D ID3a104e59 fsmith32 86443 freds 8641648c2f916d abecker1 45209 amyb 752731
Victoriano Giralt Introduction to Identity Management
![Page 56: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/56.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
Identity Information AccessImplementig The Join
In order to implement The Join,we need to access indentity information
Some direct from the Enterprise Directoryvia reflection from SoR
Some other bits, reached through identifier crosswalksRegistry ID Sys A ID Sys B ID Sys C ID Sys D ID3a104e59 fsmith32 86443 freds 8641648c2f916d abecker1 45209 amyb 752731
Victoriano Giralt Introduction to Identity Management
![Page 57: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/57.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
If you can’t integrate, federateanother way to cure identity fragmentation
The second best cure for identity fragmentation is
: FederationFederated IdM
Rely on the Identity Management infrastructure ofone or more institutions or units
To authenticate and pass authorization-related informationto service providers or resource hosts
Via institution-to-provider agreements
Facilitated by common membership in a federation
Victoriano Giralt Introduction to Identity Management
![Page 58: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/58.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
If you can’t integrate, federateanother way to cure identity fragmentation
The second best cure for identity fragmentation is: Federation
Federated IdM
Rely on the Identity Management infrastructure ofone or more institutions or units
To authenticate and pass authorization-related informationto service providers or resource hosts
Via institution-to-provider agreements
Facilitated by common membership in a federation
Victoriano Giralt Introduction to Identity Management
![Page 59: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/59.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
If you can’t integrate, federateanother way to cure identity fragmentation
The second best cure for identity fragmentation is: FederationFederated IdM
Rely on the Identity Management infrastructure ofone or more institutions or units
To authenticate and pass authorization-related informationto service providers or resource hosts
Via institution-to-provider agreements
Facilitated by common membership in a federation
Victoriano Giralt Introduction to Identity Management
![Page 60: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/60.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
If you can’t integrate, federateanother way to cure identity fragmentation
The second best cure for identity fragmentation is: FederationFederated IdM
Rely on the Identity Management infrastructure ofone or more institutions or units
To authenticate and pass authorization-related informationto service providers or resource hosts
Via institution-to-provider agreements
Facilitated by common membership in a federation
Victoriano Giralt Introduction to Identity Management
![Page 61: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/61.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
If you can’t integrate, federateanother way to cure identity fragmentation
The second best cure for identity fragmentation is: FederationFederated IdM
Rely on the Identity Management infrastructure ofone or more institutions or units
To authenticate and pass authorization-related informationto service providers or resource hosts
Via institution-to-provider agreements
Facilitated by common membership in a federation
Victoriano Giralt Introduction to Identity Management
![Page 62: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/62.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
If you can’t integrate, federateanother way to cure identity fragmentation
The second best cure for identity fragmentation is: FederationFederated IdM
Rely on the Identity Management infrastructure ofone or more institutions or units
To authenticate and pass authorization-related informationto service providers or resource hosts
Via institution-to-provider agreements
Facilitated by common membership in a federation
Victoriano Giralt Introduction to Identity Management
![Page 63: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/63.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
ConceptDiseaseCure
If you can’t integrate, federateanother way to cure identity fragmentation
The second best cure for identity fragmentation is: FederationFederated IdM
Rely on the Identity Management infrastructure ofone or more institutions or units
To authenticate and pass authorization-related informationto service providers or resource hosts
Via institution-to-provider agreements
Facilitated by common membership in a federation
Victoriano Giralt Introduction to Identity Management
![Page 64: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/64.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Expand the basic functions setnew views require new ways of doing things
This new approach to doing IdM require some new functions
Mng. Affil.: Manage affiliation and group information
Mng. Priv.: Manage privileges and permissionsat system and resource level
Provision: Push IAM info out tosystems and services as required
Relay: Make access control / authorization informationavailable to services and resources at run time
AuthR: Make the allow deny decisionindependent of AuthN
Victoriano Giralt Introduction to Identity Management
![Page 65: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/65.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Expand the basic functions setnew views require new ways of doing things
This new approach to doing IdM require some new functions
Mng. Affil.: Manage affiliation and group information
Mng. Priv.: Manage privileges and permissionsat system and resource level
Provision: Push IAM info out tosystems and services as required
Relay: Make access control / authorization informationavailable to services and resources at run time
AuthR: Make the allow deny decisionindependent of AuthN
Victoriano Giralt Introduction to Identity Management
![Page 66: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/66.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Expand the basic functions setnew views require new ways of doing things
This new approach to doing IdM require some new functions
Mng. Affil.: Manage affiliation and group information
Mng. Priv.: Manage privileges and permissionsat system and resource level
Provision: Push IAM info out tosystems and services as required
Relay: Make access control / authorization informationavailable to services and resources at run time
AuthR: Make the allow deny decisionindependent of AuthN
Victoriano Giralt Introduction to Identity Management
![Page 67: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/67.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Expand the basic functions setnew views require new ways of doing things
This new approach to doing IdM require some new functions
Mng. Affil.: Manage affiliation and group information
Mng. Priv.: Manage privileges and permissionsat system and resource level
Provision: Push IAM info out tosystems and services as required
Relay: Make access control / authorization informationavailable to services and resources at run time
AuthR: Make the allow deny decisionindependent of AuthN
Victoriano Giralt Introduction to Identity Management
![Page 68: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/68.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Expand the basic functions setnew views require new ways of doing things
This new approach to doing IdM require some new functions
Mng. Affil.: Manage affiliation and group information
Mng. Priv.: Manage privileges and permissionsat system and resource level
Provision: Push IAM info out tosystems and services as required
Relay: Make access control / authorization informationavailable to services and resources at run time
AuthR: Make the allow deny decisionindependent of AuthN
Victoriano Giralt Introduction to Identity Management
![Page 69: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/69.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Expand the basic functions setnew views require new ways of doing things
This new approach to doing IdM require some new functions
Mng. Affil.: Manage affiliation and group information
Mng. Priv.: Manage privileges and permissionsat system and resource level
Provision: Push IAM info out tosystems and services as required
Relay: Make access control / authorization informationavailable to services and resources at run time
AuthR: Make the allow deny decisionindependent of AuthN
Victoriano Giralt Introduction to Identity Management
![Page 70: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/70.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Managing privileges and rolesWho does what
Role-Based Access Control (RBAC) model
Users are placed into groups
Privileges are assigned to groups
Groups can be arranged into hierarchiesto effectively bestow privileges
Victoriano Giralt Introduction to Identity Management
![Page 71: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/71.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Managing privileges and rolesWho does what
Role-Based Access Control (RBAC) model
Users are placed into groups
Privileges are assigned to groups
Groups can be arranged into hierarchiesto effectively bestow privileges
Victoriano Giralt Introduction to Identity Management
![Page 72: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/72.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Managing privileges and rolesA nice example
Victoriano Giralt Introduction to Identity Management
![Page 73: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/73.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
ProvisioningGetting identity information where it needs to be
This is a process designed for getting identity intoapplications with an attitude by
Exporting reformatted information to themin a form they understand
Using either app-provided APIs
Or tricks to write to their internal store
Change happens, so this is an ongoing process
Victoriano Giralt Introduction to Identity Management
![Page 74: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/74.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
ProvisioningGetting identity information where it needs to be
This is a process designed for getting identity intoapplications with an attitude by
Exporting reformatted information to themin a form they understand
Using either app-provided APIs
Or tricks to write to their internal store
Change happens, so this is an ongoing process
Victoriano Giralt Introduction to Identity Management
![Page 75: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/75.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
ProvisioningGetting identity information where it needs to be
This is a process designed for getting identity intoapplications with an attitude by
Exporting reformatted information to themin a form they understand
Using either app-provided APIs
Or tricks to write to their internal store
Change happens, so this is an ongoing process
Victoriano Giralt Introduction to Identity Management
![Page 76: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/76.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
ProvisioningGetting identity information where it needs to be
This is a process designed for getting identity intoapplications with an attitude by
Exporting reformatted information to themin a form they understand
Using either app-provided APIs
Or tricks to write to their internal store
Change happens, so this is an ongoing process
Victoriano Giralt Introduction to Identity Management
![Page 77: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/77.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
ProvisioningGetting identity information where it needs to be
This is a process designed for getting identity intoapplications with an attitude by
Exporting reformatted information to themin a form they understand
Using either app-provided APIs
Or tricks to write to their internal store
Change happens, so this is an ongoing process
Victoriano Giralt Introduction to Identity Management
![Page 78: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/78.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
ProvisioningGetting identity information where it needs to be
This is a process designed for getting identity intoapplications with an attitude by
Exporting reformatted information to themin a form they understand
Using either app-provided APIs
Or tricks to write to their internal store
Change happens, so this is an ongoing process
Victoriano Giralt Introduction to Identity Management
![Page 79: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/79.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Application/IdM integrationbringing applications to the future
There are two modes for integrating IdM and applications
For domesticated applications:Provide them with the full set of IdM functions
For applications with attitude included:Meet them more than halfway by provisioning
Victoriano Giralt Introduction to Identity Management
![Page 80: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/80.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Application/IdM integrationbringing applications to the future
There are two modes for integrating IdM and applications
For domesticated applications:Provide them with the full set of IdM functions
For applications with attitude included:Meet them more than halfway by provisioning
Victoriano Giralt Introduction to Identity Management
![Page 81: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/81.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
OverviewManage PrivilegesProvisioningGetting IdM into apps
Application/IdM integrationbringing applications to the future
There are two modes for integrating IdM and applications
For domesticated applications:Provide them with the full set of IdM functions
For applications with attitude included:Meet them more than halfway by provisioning
Victoriano Giralt Introduction to Identity Management
![Page 82: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/82.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
We have a single SoRshould we use it as the Entreprise Directory?
Before deciding on the use of a single SoR as the Directory,some questions should be answered
Who “owns“ the system?
Do the owners perceive they run a shared infrastruture?
Will any “external” populations ever become “internal“?
How does the system score when confronted tothe basic IdM functions?
Victoriano Giralt Introduction to Identity Management
![Page 83: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/83.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
We have a single SoRshould we use it as the Entreprise Directory?
Before deciding on the use of a single SoR as the Directory,some questions should be answered
Who “owns“ the system?
Do the owners perceive they run a shared infrastruture?
Will any “external” populations ever become “internal“?
How does the system score when confronted tothe basic IdM functions?
Victoriano Giralt Introduction to Identity Management
![Page 84: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/84.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
We have a single SoRshould we use it as the Entreprise Directory?
Before deciding on the use of a single SoR as the Directory,some questions should be answered
Who “owns“ the system?
Do the owners perceive they run a shared infrastruture?
Will any “external” populations ever become “internal“?
How does the system score when confronted tothe basic IdM functions?
Victoriano Giralt Introduction to Identity Management
![Page 85: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/85.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
We have a single SoRshould we use it as the Entreprise Directory?
Before deciding on the use of a single SoR as the Directory,some questions should be answered
Who “owns“ the system?
Do the owners perceive they run a shared infrastruture?
Will any “external” populations ever become “internal“?
How does the system score when confronted tothe basic IdM functions?
Victoriano Giralt Introduction to Identity Management
![Page 86: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/86.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
We have a single SoRshould we use it as the Entreprise Directory?
Before deciding on the use of a single SoR as the Directory,some questions should be answered
Who “owns“ the system?
Do the owners perceive they run a shared infrastruture?
Will any “external” populations ever become “internal“?
How does the system score when confronted tothe basic IdM functions?
Victoriano Giralt Introduction to Identity Management
![Page 87: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/87.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Some policy issuesthe ”recredential“ function: NetID
On the life cycle of digital identities
When to assign / activate?As early as possible
Who gets them?
“Guest” NetIDs (temporary, identity-less)
When to reassign?Never, except . . .
Who can handle them?
Victoriano Giralt Introduction to Identity Management
![Page 88: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/88.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Some policy issuesthe ”recredential“ function: NetID
On the life cycle of digital identities
When to assign / activate?
As early as possible
Who gets them?
“Guest” NetIDs (temporary, identity-less)
When to reassign?Never, except . . .
Who can handle them?
Victoriano Giralt Introduction to Identity Management
![Page 89: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/89.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Some policy issuesthe ”recredential“ function: NetID
On the life cycle of digital identities
When to assign / activate?As early as possible
Who gets them?
“Guest” NetIDs (temporary, identity-less)
When to reassign?Never, except . . .
Who can handle them?
Victoriano Giralt Introduction to Identity Management
![Page 90: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/90.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Some policy issuesthe ”recredential“ function: NetID
On the life cycle of digital identities
When to assign / activate?As early as possible
Who gets them?
“Guest” NetIDs (temporary, identity-less)
When to reassign?Never, except . . .
Who can handle them?
Victoriano Giralt Introduction to Identity Management
![Page 91: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/91.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Some policy issuesthe ”recredential“ function: NetID
On the life cycle of digital identities
When to assign / activate?As early as possible
Who gets them?
“Guest” NetIDs (temporary, identity-less)
When to reassign?Never, except . . .
Who can handle them?
Victoriano Giralt Introduction to Identity Management
![Page 92: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/92.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Some policy issuesthe ”recredential“ function: NetID
On the life cycle of digital identities
When to assign / activate?As early as possible
Who gets them?
“Guest” NetIDs (temporary, identity-less)
When to reassign?
Never, except . . .
Who can handle them?
Victoriano Giralt Introduction to Identity Management
![Page 93: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/93.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Some policy issuesthe ”recredential“ function: NetID
On the life cycle of digital identities
When to assign / activate?As early as possible
Who gets them?
“Guest” NetIDs (temporary, identity-less)
When to reassign?Never
, except . . .
Who can handle them?
Victoriano Giralt Introduction to Identity Management
![Page 94: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/94.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Some policy issuesthe ”recredential“ function: NetID
On the life cycle of digital identities
When to assign / activate?As early as possible
Who gets them?
“Guest” NetIDs (temporary, identity-less)
When to reassign?Never, except . . .
Who can handle them?
Victoriano Giralt Introduction to Identity Management
![Page 95: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/95.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Some policy issuesthe ”recredential“ function: NetID
On the life cycle of digital identities
When to assign / activate?As early as possible
Who gets them?
“Guest” NetIDs (temporary, identity-less)
When to reassign?Never, except . . .
Who can handle them?
Victoriano Giralt Introduction to Identity Management
![Page 96: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/96.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
What IT is being asked to do
Automatic creation and deletion of computer accounts
Personnel records access for legal compliance
One stop for university services
Comply with a growing list of policy mandates
Increase the level of security protectionsin the face of a steady stream of new threats
Serve new populations (alumni, applicants, Bologna, . . . )
More requests for new services andnew combinations of services
Increased interest in eBusiness
Victoriano Giralt Introduction to Identity Management
![Page 97: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/97.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
What IT is being asked to do
Automatic creation and deletion of computer accounts
Personnel records access for legal compliance
One stop for university services
Comply with a growing list of policy mandates
Increase the level of security protectionsin the face of a steady stream of new threats
Serve new populations (alumni, applicants, Bologna, . . . )
More requests for new services andnew combinations of services
Increased interest in eBusiness
Victoriano Giralt Introduction to Identity Management
![Page 98: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/98.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
What IT is being asked to do
Automatic creation and deletion of computer accounts
Personnel records access for legal compliance
One stop for university services
Comply with a growing list of policy mandates
Increase the level of security protectionsin the face of a steady stream of new threats
Serve new populations (alumni, applicants, Bologna, . . . )
More requests for new services andnew combinations of services
Increased interest in eBusiness
Victoriano Giralt Introduction to Identity Management
![Page 99: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/99.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
What IT is being asked to do
Automatic creation and deletion of computer accounts
Personnel records access for legal compliance
One stop for university services
Comply with a growing list of policy mandates
Increase the level of security protectionsin the face of a steady stream of new threats
Serve new populations (alumni, applicants, Bologna, . . . )
More requests for new services andnew combinations of services
Increased interest in eBusiness
Victoriano Giralt Introduction to Identity Management
![Page 100: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/100.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
What IT is being asked to do
Automatic creation and deletion of computer accounts
Personnel records access for legal compliance
One stop for university services
Comply with a growing list of policy mandates
Increase the level of security protectionsin the face of a steady stream of new threats
Serve new populations (alumni, applicants, Bologna, . . . )
More requests for new services andnew combinations of services
Increased interest in eBusiness
Victoriano Giralt Introduction to Identity Management
![Page 101: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/101.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
What IT is being asked to do
Automatic creation and deletion of computer accounts
Personnel records access for legal compliance
One stop for university services
Comply with a growing list of policy mandates
Increase the level of security protectionsin the face of a steady stream of new threats
Serve new populations (alumni, applicants, Bologna, . . . )
More requests for new services andnew combinations of services
Increased interest in eBusiness
Victoriano Giralt Introduction to Identity Management
![Page 102: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/102.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
What IT is being asked to do
Automatic creation and deletion of computer accounts
Personnel records access for legal compliance
One stop for university services
Comply with a growing list of policy mandates
Increase the level of security protectionsin the face of a steady stream of new threats
Serve new populations (alumni, applicants, Bologna, . . . )
More requests for new services andnew combinations of services
Increased interest in eBusiness
Victoriano Giralt Introduction to Identity Management
![Page 103: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/103.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
What IT is being asked to do
Automatic creation and deletion of computer accounts
Personnel records access for legal compliance
One stop for university services
Comply with a growing list of policy mandates
Increase the level of security protectionsin the face of a steady stream of new threats
Serve new populations (alumni, applicants, Bologna, . . . )
More requests for new services andnew combinations of services
Increased interest in eBusiness
Victoriano Giralt Introduction to Identity Management
![Page 104: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/104.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
What IT is being asked to do
Automatic creation and deletion of computer accounts
Personnel records access for legal compliance
One stop for university services
Comply with a growing list of policy mandates
Increase the level of security protectionsin the face of a steady stream of new threats
Serve new populations (alumni, applicants, Bologna, . . . )
More requests for new services andnew combinations of services
Increased interest in eBusinessVictoriano Giralt Introduction to Identity Management
![Page 105: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/105.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
Looks overwhelming
It IS
And there is an Identity Management aspect toeach and every one of these items
Victoriano Giralt Introduction to Identity Management
![Page 106: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/106.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
Looks overwhelming
It IS
And there is an Identity Management aspect toeach and every one of these items
Victoriano Giralt Introduction to Identity Management
![Page 107: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/107.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
Requirementsold and new, and then some
Looks overwhelming
It IS
And there is an Identity Management aspect toeach and every one of these items
Victoriano Giralt Introduction to Identity Management
![Page 108: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/108.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
IdM as a helping aidIdM rescues haired IT profesionals
How full IdM layer helps
Improves scalability: IdM process automation
Reduces complexity of IT ecosystemcomplexity seen as friction => wasted resources
Improved user experience
Functional specializationApplication developers can concentrate onapplication-specific functionality
Victoriano Giralt Introduction to Identity Management
![Page 109: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/109.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
IdM as a helping aidIdM rescues haired IT profesionals
How full IdM layer helps
Improves scalability: IdM process automation
Reduces complexity of IT ecosystemcomplexity seen as friction => wasted resources
Improved user experience
Functional specializationApplication developers can concentrate onapplication-specific functionality
Victoriano Giralt Introduction to Identity Management
![Page 110: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/110.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
IdM as a helping aidIdM rescues haired IT profesionals
How full IdM layer helps
Improves scalability: IdM process automation
Reduces complexity of IT ecosystem
complexity seen as friction => wasted resources
Improved user experience
Functional specializationApplication developers can concentrate onapplication-specific functionality
Victoriano Giralt Introduction to Identity Management
![Page 111: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/111.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
IdM as a helping aidIdM rescues haired IT profesionals
How full IdM layer helps
Improves scalability: IdM process automation
Reduces complexity of IT ecosystemcomplexity seen as friction => wasted resources
Improved user experience
Functional specializationApplication developers can concentrate onapplication-specific functionality
Victoriano Giralt Introduction to Identity Management
![Page 112: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/112.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
IdM as a helping aidIdM rescues haired IT profesionals
How full IdM layer helps
Improves scalability: IdM process automation
Reduces complexity of IT ecosystemcomplexity seen as friction => wasted resources
Improved user experience
Functional specializationApplication developers can concentrate onapplication-specific functionality
Victoriano Giralt Introduction to Identity Management
![Page 113: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/113.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
IdM as a helping aidIdM rescues haired IT profesionals
How full IdM layer helps
Improves scalability: IdM process automation
Reduces complexity of IT ecosystemcomplexity seen as friction => wasted resources
Improved user experience
Functional specialization
Application developers can concentrate onapplication-specific functionality
Victoriano Giralt Introduction to Identity Management
![Page 114: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/114.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
IssuesDemandsSolutions
IdM as a helping aidIdM rescues haired IT profesionals
How full IdM layer helps
Improves scalability: IdM process automation
Reduces complexity of IT ecosystemcomplexity seen as friction => wasted resources
Improved user experience
Functional specializationApplication developers can concentrate onapplication-specific functionality
Victoriano Giralt Introduction to Identity Management
![Page 115: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/115.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Evolution of IdMfrom construction to integration
The way of doing things is changing
ConstructionRaw materials into systemsIntegration
Subsystems into whole systemsMultiple systems into ecosystems
We are all moving from construction to integration
Victoriano Giralt Introduction to Identity Management
![Page 116: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/116.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Evolution of IdMfrom construction to integration
The way of doing things is changing
Construction
Raw materials into systems
Integration
Subsystems into whole systemsMultiple systems into ecosystems
We are all moving from construction to integration
Victoriano Giralt Introduction to Identity Management
![Page 117: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/117.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Evolution of IdMfrom construction to integration
The way of doing things is changing
ConstructionRaw materials into systems
Integration
Subsystems into whole systemsMultiple systems into ecosystems
We are all moving from construction to integration
Victoriano Giralt Introduction to Identity Management
![Page 118: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/118.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Evolution of IdMfrom construction to integration
The way of doing things is changing
ConstructionRaw materials into systemsIntegration
Subsystems into whole systemsMultiple systems into ecosystems
We are all moving from construction to integration
Victoriano Giralt Introduction to Identity Management
![Page 119: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/119.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Evolution of IdMfrom construction to integration
The way of doing things is changing
ConstructionRaw materials into systemsIntegration
Subsystems into whole systems
Multiple systems into ecosystems
We are all moving from construction to integration
Victoriano Giralt Introduction to Identity Management
![Page 120: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/120.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Evolution of IdMfrom construction to integration
The way of doing things is changing
ConstructionRaw materials into systemsIntegration
Subsystems into whole systemsMultiple systems into ecosystems
We are all moving from construction to integration
Victoriano Giralt Introduction to Identity Management
![Page 121: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/121.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Evolution of IdMfrom construction to integration
The way of doing things is changing
ConstructionRaw materials into systemsIntegration
Subsystems into whole systemsMultiple systems into ecosystems
We are all moving from construction to integration
Victoriano Giralt Introduction to Identity Management
![Page 122: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/122.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
IdM Functionsthe extended set
Reflect data of interestJoin identity across SoRCredential NetID, otherManage Affil/Groups AuthR infoManage Privileges more AuthR infoProvision Get AuthNR info into app spaceRelay AuthR info to app on requestAuthenticate identity claimAuthorise access decision (allow / deny)Log for audit, accounting, diagnose, . . .
Victoriano Giralt Introduction to Identity Management
![Page 123: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/123.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Same functionsdifferent packaging
And finally . . .
Your IdM infrastructure (existing or planned)may be different from mine
But somewhere, somehowthe set of IdM functions is getting done
We can compare our solutions by looking atthe various packagings of the IdM functions
Victoriano Giralt Introduction to Identity Management
![Page 124: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/124.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Same functionsdifferent packaging
And finally . . .
Your IdM infrastructure (existing or planned)may be different from mine
But somewhere, somehowthe set of IdM functions is getting done
We can compare our solutions by looking atthe various packagings of the IdM functions
Victoriano Giralt Introduction to Identity Management
![Page 125: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/125.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Same functionsdifferent packaging
And finally . . .
Your IdM infrastructure (existing or planned)may be different from mine
But somewhere, somehowthe set of IdM functions is getting done
We can compare our solutions by looking atthe various packagings of the IdM functions
Victoriano Giralt Introduction to Identity Management
![Page 126: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/126.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Same functionsdifferent packaging
And finally . . .
Your IdM infrastructure (existing or planned)may be different from mine
But somewhere, somehowthe set of IdM functions is getting done
We can compare our solutions by looking atthe various packagings of the IdM functions
Victoriano Giralt Introduction to Identity Management
![Page 127: Introduction to Identity Management - Identity …“Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of](https://reader034.fdocuments.net/reader034/viewer/2022043003/5f82ede0a3c93513b0643e04/html5/thumbnails/127.jpg)
What’s IdMIdM Stone Age
IdM better visionBasic IdM functions
IdM helps ITWrap up
EvolutionThe Functions
Same functionsdifferent packaging
And finally . . .
Your IdM infrastructure (existing or planned)may be different from mine
But somewhere, somehowthe set of IdM functions is getting done
We can compare our solutions by looking atthe various packagings of the IdM functions
Victoriano Giralt Introduction to Identity Management