4. Administration
Identity synchronization
Data flow
Ownership
Premission management
Access
Rights
5. Challenges
Ownership of data elements
Processes
Data flow
6. Authentication
Trusted 3rd party
Claims based identity
Open standards
WS-*
SAML
7. Claims based identity
A Claim is a statement that is true or false
A Security token consists of one or many claims
Examples of claim types
Name
Email
Gender
Group membership
Role
8. Claims based identity
architecture
Security tokens issued by a trusted 3rd party
Consumed by a relying party
Penetrates trust and technology boundaries
9. Claims based identity
architecture
Claims
Provider
(STS like ADFS)
4. Provide
security token
3. Request
Security token
5. Submit security token
Client Relying party
(Browser, 2. Demand Security token
(ASP.NET,
mobile app, WCF service
1. Request
application) access ++)
11. Authorization
Determine what the user is allowed to do
An application responsibility
Device classification
What
Where
When
12. Auditing
Which applications does the users have access to?
How do we track a user across systems and modules
Single view of user activity
Automated actions on breaches of protocol