IAMS at IRD Identity Management of Internal Users at IRD GOVIS May 2005
Agenda <ul><li>History & Background </li></ul><ul><li>Key Infrastructure </li></ul><ul><li>IAMS Basics </li></ul><ul><li>I...
ETA & IAMS History <ul><li>ETA History  </li></ul><ul><ul><li>ETA project Dec 2002 </li></ul></ul><ul><ul><li>key infrastr...
More History - Architecture Principles <ul><li>Business Continuity  </li></ul><ul><li>Grow Capability  </li></ul><ul><li>C...
ETA Core Objective – Re-Use Common Corporate Components e.g. ĒAI and Security Unique  Business Unit Infrastructure Unique ...
Key Infrastructure <ul><li>RSA and THOR selected in February 2004 </li></ul><ul><ul><li>Combined RFP for EAI and IMS issue...
I dentity &  A ccess  M anagement  System <ul><li>‘ Centralised’ management of: </li></ul><ul><li>Identity  (persona; befo...
Internal Drivers for IAMS <ul><li>Increasing deployment of packages </li></ul><ul><ul><li>SAP, Call Recording, Workforce M...
IAMS Vision <ul><li>Single Account </li></ul><ul><ul><li>Reduced Logon: few usercodes & passwords </li></ul></ul><ul><ul><...
Internal IAMS Today <ul><li>OLACS </li></ul><ul><ul><li>Still controls access to main tax system </li></ul></ul><ul><li>Nu...
IAMS Support <ul><li>Various user administration groups </li></ul><ul><li>IAMS Competency Centre formed in July 2004 </li>...
Policy Manager <ul><li>Responsible for IRD specific rules that do not fit well within an off-the-shelf access control prod...
Policy Manager
Realities <ul><li>Provisioning, Xellerate, the current focus </li></ul><ul><ul><li>purchasing packages with their own repo...
Lessons Learnt <ul><li>Dedicated Effort </li></ul><ul><li>Communication and Consultation </li></ul><ul><li>Readiness versu...
Questions
Upcoming SlideShare
Loading in...5
×

Identity Management

466

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
466
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Identity Management

  1. 1. IAMS at IRD Identity Management of Internal Users at IRD GOVIS May 2005
  2. 2. Agenda <ul><li>History & Background </li></ul><ul><li>Key Infrastructure </li></ul><ul><li>IAMS Basics </li></ul><ul><li>IAMS Drivers & Vision </li></ul><ul><li>IAMS at IRD today </li></ul><ul><li>Policy Manager </li></ul><ul><li>Realities & Lessons </li></ul>
  3. 3. ETA & IAMS History <ul><li>ETA History </li></ul><ul><ul><li>ETA project Dec 2002 </li></ul></ul><ul><ul><li>key infrastructure acquisition May 2003 through Feb 2004 </li></ul></ul><ul><ul><li>ETA Group set-up late July 2004 </li></ul></ul><ul><li>ETA Vision is to establish a technology environment which strives to: </li></ul><ul><ul><li>be responsive to the business. </li></ul></ul><ul><ul><li>maximise the use of information technology components. </li></ul></ul><ul><ul><li>ensure informed and consistent technology decision making. </li></ul></ul><ul><li>TOGAF </li></ul><ul><li>IAMS identified as key infrastructure component </li></ul>
  4. 4. More History - Architecture Principles <ul><li>Business Continuity </li></ul><ul><li>Grow Capability </li></ul><ul><li>Component Re-use </li></ul><ul><li>Re-use vs Acquire vs Build </li></ul><ul><li>Technical Standardisation </li></ul><ul><li>Architecture Compliance </li></ul><ul><li>SOE Compliance </li></ul><ul><li>Open Standards </li></ul><ul><li>Linkage to Business </li></ul><ul><li>Reference Architecture </li></ul>
  5. 5. ETA Core Objective – Re-Use Common Corporate Components e.g. ĒAI and Security Unique Business Unit Infrastructure Unique Business Unit Infrastructure Unique Business Unit Infrastructure Shared Components Governance ETA Focus Future Architected Approach Current Point-to-Point Approach Unique Business Unit Infrastructure Unique Business Unit Infrastructure Unique Business Unit Infrastructure
  6. 6. Key Infrastructure <ul><li>RSA and THOR selected in February 2004 </li></ul><ul><ul><li>Combined RFP for EAI and IMS issued November 2003 </li></ul></ul><ul><ul><li>Proof-of-Concept (December 2003 to February 2004) </li></ul></ul><ul><li>Acquisition May 2003 through Feb 2004 </li></ul><ul><ul><li>RFI May 2003 </li></ul></ul><ul><ul><li>RFP (inc. PoC) Nov 2003 thru Feb 2004 </li></ul></ul><ul><ul><li>Acquire / deploy April 2004 onwards </li></ul></ul><ul><li>Enterprise Identity Store </li></ul><ul><ul><li>Directory vs Database: Directory picked in July 2004 </li></ul></ul><ul><ul><li>Novell’s eDirectory August 2005, (re-use) </li></ul></ul><ul><li>Policy Manager </li></ul><ul><ul><li>Need identified November 2004 </li></ul></ul>
  7. 7. I dentity & A ccess M anagement System <ul><li>‘ Centralised’ management of: </li></ul><ul><li>Identity (persona; before the event) : </li></ul><ul><ul><li>Who are they – personal attributes </li></ul></ul><ul><ul><li>What can they do - entitlements </li></ul></ul><ul><li>Access (run time) : </li></ul><ul><ul><li>Authentication – who they claim they are </li></ul></ul><ul><ul><li>Authorisation – do what they ask for </li></ul></ul><ul><li>Accessed (after the event) : </li></ul><ul><ul><li>Logging </li></ul></ul><ul><ul><li>Audit </li></ul></ul>
  8. 8. Internal Drivers for IAMS <ul><li>Increasing deployment of packages </li></ul><ul><ul><li>SAP, Call Recording, Workforce Mgmt, Case Mgmt </li></ul></ul><ul><ul><li>Increase in the number of user accounts </li></ul></ul><ul><ul><ul><li>Typically 4 accounts: LAN, FIRST, Timesheet, Payroll </li></ul></ul></ul><ul><ul><li>Where are the business rules ? </li></ul></ul><ul><li>Increasing re-usable Business Objects (BOBs) </li></ul><ul><ul><li>Consistent enforcement of business rules </li></ul></ul><ul><ul><li>Re-use of existing rules; another ETA Architecture Goal </li></ul></ul><ul><ul><li>Give rapid effect to ‘new’ rules </li></ul></ul><ul><li>New Technology </li></ul><ul><ul><li>Telecommunications Review Project : new network </li></ul></ul><ul><ul><li>Increasing numbers of remote and mobile users </li></ul></ul><ul><ul><li>PDA’s </li></ul></ul><ul><ul><li>Wireless networks </li></ul></ul><ul><ul><li>OLACS legacy IAMS for ‘green screen’ environment </li></ul></ul>
  9. 9. IAMS Vision <ul><li>Single Account </li></ul><ul><ul><li>Reduced Logon: few usercodes & passwords </li></ul></ul><ul><ul><li>Single Logon: the same usercode & password everywhere </li></ul></ul><ul><ul><li>Single Sign-on: log on once (mainly for web) </li></ul></ul><ul><li>One central system determines what a user may do </li></ul><ul><li>Devolved management: e.g. users & team leaders </li></ul><ul><ul><li>Reset password </li></ul></ul><ul><ul><li>Apply for and/or grant additional access </li></ul></ul><ul><li>All applications will either: </li></ul><ul><ul><li>Access IAMS for authentication & authorisation, by: </li></ul></ul><ul><ul><ul><li>Interfacing with IAMS at runtime, or </li></ul></ul></ul><ul><ul><ul><li>Accessing the data repository where IAMS stores its information </li></ul></ul></ul><ul><ul><li>Have its user management module managed by IAMS </li></ul></ul><ul><ul><ul><li>Users will be ‘provisioned’ from IAMS </li></ul></ul></ul><ul><li>Only valid authorised transactions get to applications. </li></ul><ul><li>Centralised Auditing </li></ul>
  10. 10. Internal IAMS Today <ul><li>OLACS </li></ul><ul><ul><li>Still controls access to main tax system </li></ul></ul><ul><li>Numerous silo applications with their own user repositories </li></ul><ul><li>Novell/eDirectory </li></ul><ul><ul><li>Enterprise Identity repository </li></ul></ul><ul><ul><li>Directory over Database – July 2004 </li></ul></ul><ul><li>RSA/ClearTrust </li></ul><ul><ul><li>Runtime authentication, and </li></ul></ul><ul><ul><li>‘ Simple’ runtime authorisation </li></ul></ul><ul><li>THOR/Xellerate </li></ul><ul><ul><li>Provisioning tool </li></ul></ul><ul><li>Policy Manager </li></ul><ul><ul><li>IRD specific runtime authorisation </li></ul></ul><ul><ul><li>Detail design complete; partially deployed </li></ul></ul><ul><li>Logging Vault via EAI ‘Service’ </li></ul>
  11. 11. IAMS Support <ul><li>Various user administration groups </li></ul><ul><li>IAMS Competency Centre formed in July 2004 </li></ul><ul><ul><li>Detailed design </li></ul></ul><ul><ul><li>Implement & deploy IAMS capability </li></ul></ul><ul><ul><li>PSS support </li></ul></ul><ul><li>ETA group formed late July 2004 </li></ul><ul><ul><li>High level design </li></ul></ul>
  12. 12. Policy Manager <ul><li>Responsible for IRD specific rules that do not fit well within an off-the-shelf access control product like RSA/ClearTrust </li></ul><ul><li>Separates application logic from access rules </li></ul><ul><li>Decoupling allows rules and logic to change without impacting each other </li></ul><ul><li>Decouples IRD specific rules from RSA/ClearTrust </li></ul><ul><li>Supports JAAS interface </li></ul><ul><li>Decoupled enterprise architecture </li></ul>
  13. 13. Policy Manager
  14. 14. Realities <ul><li>Provisioning, Xellerate, the current focus </li></ul><ul><ul><li>purchasing packages with their own repositories </li></ul></ul><ul><li>No ClearTrust for access control </li></ul><ul><ul><li>no significant in-house development </li></ul></ul><ul><ul><li>OLACS replacement will see ClearTrust deployed </li></ul></ul><ul><li>Data cleansing required in existing applications </li></ul><ul><ul><li>As their user repositories come under IAMS provisioning </li></ul></ul><ul><li>Reconciling differing identity management policies, and establishing an Enterprise policy </li></ul><ul><ul><li>Usercode formats </li></ul></ul><ul><ul><li>Password policies </li></ul></ul><ul><ul><li>Management processes </li></ul></ul><ul><ul><ul><li>E.g. suspend verses deleting accounts </li></ul></ul></ul>
  15. 15. Lessons Learnt <ul><li>Dedicated Effort </li></ul><ul><li>Communication and Consultation </li></ul><ul><li>Readiness versus Capability Gap </li></ul><ul><li>A is Authentication and Authorisation </li></ul><ul><li>Internal vs External IAMS have different drivers </li></ul>
  16. 16. Questions
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×