Академический Документы
Профессиональный Документы
Культура Документы
Confidential
Information
Technology/Infrastructu Business
re Uses Processes
Why is IdM/IAM important?
• Social networking
• Customer/Employee Management
• Information Security (Data Breach laws)
• Privacy/Compliance issues
• Business Productivity
• Crime prevention
Components of IdM/IAM
Identity
Access
Life-Cycle
Management
Management
Directory
Services
Directory Services
• Lightweight Directory Access Protocol (LDAP)
• Stores identity information
– Personal Information
– Attributes
– Credentials
– Roles
– Groups
– Policies
Components of a digital identity
Biographical
Biometric Information
Information
(Behavioral, Biological)
(Name, Address)
Business Information
(Transactions,
Preferences)
Access Management
• Authentication/Single Sign On
• Entitlements (Organization/Federation)
• Authorization
• Auditing
• Service Provision
• Identity Propagation/Delegation
• Security Assertion Markup Language (SAML)
Access Management
• Authentication (AuthN)
– Three types of authentication factors
• Type 1 – Something you know
• Type 2 – Something you have
• Type 3 – Something you are
• Authorization (AuthZ)
– Access Control
• Role-Based Access Control (RBAC)
• Task-Based Access Control (TBAC)
– Single Sign On/Reduced Sign On
– Security Policies
Levels of Assurance
LOA-1 LOA-2 LOA-3 LOA-4
Confidence exists High confidence Very high confidence
High
Little or no confidence
identity is accurate identity is accurate identity is accurate identity is accurate
Impacts individual Impacts individual Impacts multiple Impacts indiscriminate
and organization people and organization populations
Manage Research
Risk
Data
Manage My Manage Other’s
Benefits Benefits
View My Vacation Manage Financials Access to
Biotechnology Lab
Manage Financial
Apply to College View My Grades
Aid
Manage My Manage Student
Join a Group
Calendar Records
Enter Course
Give Donations Take a Test
Grades
Administer Course
Buy Tickets Enroll in a Course
Low
Settings
Prospective Paid
Deposit
Leave of
Absence
Graduated Registered
Withdrawn
Federated Identity Management
• Business Enablement
• Automatically share identities between
administrative boundaries
– Identity Providers (IdP)
– Service Providers (SP)
• Easier access for users (use local credentials)
• Requires trust relationships
Shibboleth
Internet2 HighEd IdM model
Research Areas
• Public Safety
– Identity theft, cybercrime, computer crime, organized crime groups,
document fraud, and sexual predator detection
• National Security
– Cybersecurity and cyber defense, human trafficking and illegal
immigration, terrorist tracking and financing
• Commerce
– Mortgage fraud and other financial crimes, data breaches, e-
commerce fraud, insider threats, and health care fraud
• Individual Protection
– Identity theft and fraud
• Integration
– Biometrics, Policy assessment/development, Confidentiality, Privacy