Identity and Access Management - Data modeling concepts

3,069 views

Published on

www.infosafe.be
Identity and Access Management
Data modeling concepts
Alain Huet

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,069
On SlideShare
0
From Embeds
0
Number of Embeds
35
Actions
Shares
0
Downloads
92
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Identity and Access Management - Data modeling concepts

  1. 1. Identity and Access Management Data modeling Alain Huet
  2. 2. 2 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  3. 3. 3 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  4. 4. 4 Global reality Cadastral administration Commercial business Data modeling : back to basics ———————————————————————————————————— ————————————————————————————————————
  5. 5. 5 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  6. 6. 6 IAM Identity and Access Management Issues  User authentication  Access management IAM data model (1) General objective
  7. 7. 7 Identity management  Credential : something that allows an end user to prove his identity  Credentials  identity management authorities  Credential level = trust level • Technology : password ... crypto certificate • Quality of the identity authority : zero-trust ... diplomatic credentials At run time  Credential checked  authentication of the user  Credential level checked  access to resource IAM data model (2) User authentication
  8. 8. 8 Improvements  Grouping of technical resources  logical function  Grouping of users  profile (same access rights) #    Stability + ― + IAM data model (3) Access management
  9. 9. 9 #    Stability + + + IAM data model (4) Grouping of technical resources
  10. 10. 10 #      Stability + ― + –/+ + IAM data model (5) Grouping of users
  11. 11. 11 #        Stability + ― + –/+ + + + #    Stability + ― +                                IAM data model (6) Result of improvements
  12. 12. 12  The owning department manages the list of user departments entitled to the owned logical function  The user department gets the catalog of logical functions granted by the owning departments IAM data model (7) Ownership of logical functions Catalog management
  13. 13. 13  The user department establishes the adequate profiles according to the catalog of granted logical functions IAM data model (8) Profile management
  14. 14. 14 IAM data model (9) User management  The user department assigns the needed profile(s) to his users
  15. 15. 15 IAM data model (10) Global
  16. 16. 16 IAM data model (11) Enhancements  Mandates  Assertion (civil servant, notary, doctor, etc.) management  Etc. Logical
  17. 17. 17 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  18. 18. 18 IAM management functions  Ownership management  Catalog management  Profile management  Identity / credential management  User management (user  profile)  Technical resources  Logical functions  Profiles  User access rights
  19. 19. 19 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  20. 20. 20 IAM implementation / service issues  Enforcement of the model (on the long run) Mapping : model  ICT features Cross platform  Consolidated administration tool  Quality of management (ownership, profile, etc.)  Training / motivation of the managers
  21. 21. 21 Summary  Data modeling : back to basics  IAM data model  IAM management functions  IAM implementation / service issues  IAM paradigms
  22. 22. 22 IAM paradigms (1)  Discretionary Access Control (DAC)
  23. 23. 23 IAM paradigms (2)  Mandatory Access Control (MAC) e.g. : Bell - LaPadula  High assurance level  Resource  security labels User  clearance levels  User clearance levels ≥ Resource security labels
  24. 24. 24 IAM paradigms (3)  Role Based Access Control (RBAC) + Constraints (user/role + session)  separation of duties – Ownership [Wikipedia : art. "Role-based access control"]
  25. 25. 25 IAM paradigms (4)  Organization Based Access Control (OrBAC) • Permissions depending on context (time, location, intention, etc.) • Coding of complex rules  conflict risk  validation tool [www.orbac.org]
  26. 26. 26 alain_huet@scarlet.be + 32 2 212.96.77

×