Your SlideShare is downloading. ×
0
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Identity and Access Management - Data modeling concepts

235

Published on

www.infosafe.be …

www.infosafe.be
Identity and Access Management
Data modeling concepts
Alain Huet

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
235
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Identity and Access Management Data modeling Alain Huet
  • 2. 2 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  • 3. 3 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  • 4. 4 Global reality Cadastral administration Commercial business Data modeling : back to basics ———————————————————————————————————— ————————————————————————————————————
  • 5. 5 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  • 6. 6 IAM Identity and Access Management Issues  User authentication  Access management IAM data model (1) General objective
  • 7. 7 Identity management  Credential : something that allows an end user to prove his identity  Credentials  identity management authorities  Credential level = trust level • Technology : password ... crypto certificate • Quality of the identity authority : zero-trust ... diplomatic credentials At run time  Credential checked  authentication of the user  Credential level checked  access to resource IAM data model (2) User authentication
  • 8. 8 Improvements  Grouping of technical resources  logical function  Grouping of users  profile (same access rights) #    Stability + ― + IAM data model (3) Access management
  • 9. 9 #    Stability + + + IAM data model (4) Grouping of technical resources
  • 10. 10 #      Stability + ― + –/+ + IAM data model (5) Grouping of users
  • 11. 11 #        Stability + ― + –/+ + + + #    Stability + ― +                                IAM data model (6) Result of improvements
  • 12. 12  The owning department manages the list of user departments entitled to the owned logical function  The user department gets the catalog of logical functions granted by the owning departments IAM data model (7) Ownership of logical functions Catalog management
  • 13. 13  The user department establishes the adequate profiles according to the catalog of granted logical functions IAM data model (8) Profile management
  • 14. 14 IAM data model (9) User management  The user department assigns the needed profile(s) to his users
  • 15. 15 IAM data model (10) Global
  • 16. 16 IAM data model (11) Enhancements  Mandates  Assertion (civil servant, notary, doctor, etc.) management  Etc. Logical
  • 17. 17 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  • 18. 18 IAM management functions  Ownership management  Catalog management  Profile management  Identity / credential management  User management (user  profile)  Technical resources  Logical functions  Profiles  User access rights
  • 19. 19 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  • 20. 20 IAM implementation / service issues  Enforcement of the model (on the long run) Mapping : model  ICT features Cross platform  Consolidated administration tool  Quality of management (ownership, profile, etc.)  Training / motivation of the managers
  • 21. 21 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  • 22. 22 IAM paradigms (1)  Discretionary Access Control (DAC)
  • 23. 23 IAM paradigms (2)  Mandatory Access Control (MAC) e.g. : Bell - LaPadula  High assurance level  Resource  security labels User  clearance levels  User clearance levels ≥ Resource security labels
  • 24. 24 IAM paradigms (3)  Role Based Access Control (RBAC) + Constraints (user/role + session)  separation of duties – Ownership [Wikipedia : art. "Role-based access control"]
  • 25. 25 IAM paradigms (4)  Organization Based Access Control (OrBAC) • Permissions depending on context (time, location, intention, etc.) • Coding of complex rules  conflict risk  validation tool [www.orbac.org]
  • 26. 26 alain_huet@scarlet.be + 32 2 212.96.77

×