Agenda What is IAM IAM Components Why IAM IAM Marketplace IAM Implementation Identity and Access Management By Dave Yip david.yip@arialgroup.com ? Copyright 2005 Arialgroup. All rights reserved. 2 IAM for Single Application What is Identity and Access Management IAM ? Role Management Authorization Biometric? Smart ID Card? Digital Certificate? Administrator Role Store User Management Session Management User Store Password Management User Authentication User Appl Data Application Functions User Directory? 3 Single Sign-On? ? Copyright 2005 Arialgroup. All rights reserved. 4 ? Copyright 2005 Arialgroup. All rights reserved. 1 When # of applications increases IAM Architecture Administrator Administrator 5 ? Copyright 2005 Arialgroup. All rights reserved. 6 Does not have IAM Policy Management Role Store Policy Store User Store User Management Role Management Provisioning Data Synchronization User Authorization RBAC User SSO Authentication Password Services User Application Session Management Role Data User Data Application Role Data User Data .. Application Role Data User Data Password Management ? Copyright 2005 Arialgroup. All rights reserved. Has IAM Identity & Access Management 7 ? Copyright 2005 Arialgroup. All rights reserved. 8 ? Copyright 2005 Arialgroup. All rights reserved. 2 The Goal of IAM Agenda Providing the right people with the right access at the right time. What is IAM IAM Components Why IAM IAM Marketplace IAM Implementation Protect resources by preventing unauthorized accesses. 9 ? Copyright 2005 Arialgroup. All rights reserved. IAM Components IAM Components Role-based Rule-based Attribute-based Remote Authorization User User User User Management Central User Repository Delegated Admin Role Management Provisioning Password Mgmt Self-service Directory Data Synchronization Meta-directory Virtual directory Administrator Administrator Identity Management 11 ? Copyright 2005 Arialgroup. All rights reserved. 12 Policy Management Role Store Policy Store User Store User Management Role Management Provisioning Data Synchronization Single Sign-On Session Management Passwords Authentication Levels Application Session Management Authorization RBAC Authorization SSO Authentication Password Services Access Management Authentication ? Copyright 2005 Arialgroup. All rights reserved. 10 Role Data User Data Application Role Data User Data .. Application Role Data User Data Password Management ? Copyright 2005 Arialgroup. All rights reserved. 3 Other IAM Terms Agenda Identity Management IdM or IM Identity and Access Management I&AM Authentication, Authorization, Accounting and Administration AAA Extranet Access Management EAM Portal and personalization Part of IAM? 13 ? Copyright 2005 Arialgroup. All rights reserved. What is IAM IAM Components Why IAM IAM Marketplace IAM Implementation 14 Drivers behind IAM ? Copyright 2005 Arialgroup. All rights reserved. IAM Benefits Convergence of Information Technologies. Business Benefits Standards based Service Oriented Architecture Agility to respond to changes and opportunities Capability to drive more revenue from existing relationships Streamlined processes Enable user access changes from days to hours Empower business users and user administrators Increase in Identities. Customers, Suppliers, Contractors, Mergers & Acquisitions, Outsourcing, Globalization Increase in Business Delivery Channels. LAN, WAN, Dial-up, Extranet, Internet, Wireless, etc. Security and Audit Benefits Rising costs and complexities of identity management Need to improve information security Consistent, automated policy enforcement Enhanced audit ability Compliance with regulations Reduce security administration efforts Better protected resources Regulatory Compliance (e.g. SOX, BS 7799) More opened network, higher skilled intruders, etc. 15 ? Copyright 2005 Arialgroup. All rights reserved. 16 ? Copyright 2005 Arialgroup. All rights reserved. 4 IAM Benefits Agenda User Benefits Higher usability and satisfaction Self-service for common tasks Faster, better from organization What is IAM IAM Components Why IAM IAM Marketplace IAM Implementation IT Benefits Centralized security architecture Delegated administration Lower support costs Faster application development Agile IT infrastructure Improved correctness of user information ? Copyright 2005 Arialgroup. All rights reserved. 17 18 IAM Marketplace Convergence Trend Internet Security Stages of Adoption Growth BMC acquired Calendra CA acquired Netegrity This Year (2004) Last Year (2003) Growth Netegrity acquired Business Layers Protect Enable Anti -Virus Encryption Firewall VPN Content Filtering Authentication Intrusion Detection Authorization Authentication HP acquired Baltimore s SelectAccess and TrueLogica IBM acquired Access 360 Sun acquired Waveset Anti -Virus Encryption Firewall VPN Content Filtering Intrusion Detection Authorization PKI PKI Pioneering 19 Maturing ? Copyright 2005 Arialgroup. All rights reserved. ? Copyright 2005 Arialgroup. All rights reserved. Pioneering Maturing 20 ? Copyright 2005 Arialgroup. All rights reserved. 5 Access Management User Management Client side vs. Server side Web-based vs. non Web-based (or Legacy) Role-based and Rule-based Agent based vs. Proxy based Session Management approach 21 ? Copyright 2005 Arialgroup. All rights reserved. Agent vs. Agentless Event driven vs. Pulling With or without image of user data Programming language used for customization Provisioning vs. data synchronization 22 Directory and Meta-Directory IAM Standards X.500 vs. LDAPv3 Meta-Directory vs. Virtual Directory Directory Replication Database engine vs. Native 23 ? Copyright 2005 Arialgroup. All rights reserved. ? Copyright 2005 Arialgroup. All rights reserved. Authentication Kerberos, SASL Authorization XACML, RBAC99 Directory Service DSML, LDAPv3, LDUP Provisioning SPML Federated security SAML, Liberty Alliance Supporting standards TCP/IP, HTTP, XML, PKI, SSL, Web Service Security, X509v3, XrML, etc. 24 ? Copyright 2005 Arialgroup. All rights reserved. 6 Agenda What is IAM IAM Components Why IAM IAM Marketplace IAM Implementation 25 ? Copyright 2005 Arialgroup. All rights reserved. High-level IAM Building Blocks Strong Authentication Single Sign-On User Management Role Management Provisioning ? Copyright 2005 Arialgroup. All rights reserved. IAM can be divided into two categories: Identity Management and Access Management. Access Management comprises Authentication, Single Sign-On, Session Management, Password Services, Authorization. User Management comprises user self-service, delegated administration, user/role management, provisioning, data synchronization and password management. IAM has clear benefits in terms of cost savings, services enablement, reduce risks and productivity improvement. Recent trend shows a product convergence in the IAM marketplace. IAM has become practical and doable today, but selecting the right product mix could be challenging Users and Vendors alike are recommended to choose skilled personnel to participate in IAM implementation projects. Many stakeholders requires good communication skills Change of administration approach could be political Data correctness, ownership and privacy Need people with skills from both world of IT infrastructure and system development Never underestimate the time required to do testing Never neglect IT requirements (e.g. operational, deployment, high availability, etc.) Watch out software compatibility Customers not only want a resolution to a problem but also want an answer why the proposed solution is a better one ? Copyright 2005 Arialgroup. All rights reserved. Data Synchronization Summary IAM Implementation 27 Federated Security Windows Single Sign-On Enterprise Directory 26 Role-based Authorization 28 ? Copyright 2005 Arialgroup. All rights reserved. 7
© Copyright 2024