CIS14: Case Study: Using a Federated Identity Service for Faster Application Deployment

567 views

Published on

Rowland Nicholson, Caterpillar, Inc.
Case study of how Caterpillar used identity virtualization to aggregate, correlate and remap identities to create virtual views, enabling each application to have the required identity information on demand.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
567
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS14: Case Study: Using a Federated Identity Service for Faster Application Deployment

  1. 1. Caterpillar Non-Confidential Identity Virtualization Cloud Identity Summit – July 22, 2014 Rowland Nicholson - IAM Architect Global Information Systems
  2. 2. Caterpillar Non-Confidential2 Global Information Systems NNew App Enterprise Directory
  3. 3. Caterpillar Non-Confidential3 Global Information Systems UUpgrade Enterprise Directory
  4. 4. Caterpillar Non-Confidential4 Global Information Systems LLegacy Enterprise Directory
  5. 5. Caterpillar Non-Confidential5 Global Information Systems Enterprise Directory AApp
  6. 6. Caterpillar Non-Confidential6 Global Information Systems 1VIRTUAL ATTRIBUTES
  7. 7. Caterpillar Non-Confidential7 Global Information Systems Enterprise Directory XISO Doc’s YTurbines DB Accounts
  8. 8. Caterpillar Non-Confidential8 Global Information Systems Enterprise Directory XISO Doc’s YTurbines DB Accounts Radius Server
  9. 9. Caterpillar Non-Confidential9 Global Information Systems Enterprise Directory XISO Doc’s YTurbines DB Accounts Radius Server Virtual Directory solarid = ‘D’+ badgenumber
  10. 10. Caterpillar Non-Confidential10 Global Information Systems Enterprise Directory F1 “Flexible” F2 “Finicky” Virtual Directory +4 virtual attributes department entryUUID member memberOf
  11. 11. Caterpillar Non-Confidential11 Global Information Systems 1VIRTUAL ATTRIBUTES
  12. 12. Caterpillar Non-Confidential12 Global Information Systems 2 DYNAMIC GROUPS
  13. 13. Caterpillar Non-Confidential13 Global Information Systems F2 “Finicky”Only groups •  affiliations •  organizations •  business units •  rules
  14. 14. Caterpillar Non-Confidential14 Global Information Systems Enterprise Directory F2 “Finicky” Virtual Directory ou=groups ou=groups ou=autogen ou=dynamic ou=groups
  15. 15. Caterpillar Non-Confidential15 Global Information Systems Attribute Values Autogen Group Members with value
  16. 16. Caterpillar Non-Confidential16 Global Information Systems Rule Dynamic Group Members match rule
  17. 17. Caterpillar Non-Confidential17 Global Information Systems Enterprise Directory F2 “Finicky” Virtual Directory ou=groups ou=groups ou=autogen ou=dynamic ou=groups F1 “Flexible”
  18. 18. Caterpillar Non-Confidential18 Global Information Systems 2 DYNAMIC GROUPS
  19. 19. Caterpillar Non-Confidential19 Global Information Systems 3 ”VIRTUALIZED” DIRECTORY
  20. 20. Caterpillar Non-Confidential20 Global Information Systems F2 “Finicky” Supports only Directory “Q”
  21. 21. Caterpillar Non-Confidential21 Global Information Systems F2 “Finicky” Enterprise Directory Virtual Directory •  “Q” DIT •  “Q” Schema
  22. 22. Caterpillar Non-Confidential22 Global Information Systems 3 ”VIRTUALIZED” DIRECTORY
  23. 23. Caterpillar Non-Confidential23 Global Information Systems … one more thing
  24. 24. Caterpillar Non-Confidential24 Global Information Systems Enterprise Directory Virtual Directory PII Data View F2 “Finicky” F1 “Flexible”
  25. 25. Caterpillar Non-Confidential25 Global Information Systems APPLICATIONS: F2 “Finicky” F1 “Flexible” IAM Virtual attributes Dynamic groups Virtual DIT/Schema Federated New Upgrades Legacy LDAP WS SAML WS-Fed OAuth OpenID Connect WAM
  26. 26. Caterpillar Non-Confidential26 Global Information Systems Thank You!

×