Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Federated identity, Project Cloud QTR meeting @ Disney/ABC


Published on

A look at Federated Identity: A linked electronic identity and attributes used across distinct access systems. And potential next steps of the ETC security group.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Federated identity, Project Cloud QTR meeting @ Disney/ABC

  1. 1. A linked electronic identity and attributes used across distinct access systems
  2. 2. Authentication – Username / Password Authorization – open or simple permissions Access – direct, local resources
  3. 3. Authentication – shared/replicated credentials Authorization – file permissions, Owner ID, GroupID Access – system accessible resources, SAN
  4. 4. Authentication – LDAP/AD, OTP, RADIUS/TACACS, SSO/RSO, PKI Authorization – LDAP, GPO, NFS, Kerberos, IAM Access – NFS, Kerberos, SMB, NAS
  5. 5. Authentication – by service provider, LDAP/AD export, Public Key Infrastructure (PKI) Authorization – brokered Digital Asset Management, Higgins trust framework, Bandit, Security Assertion Markup Language (SAML), OpenID, PKI Access – via API, HADOOP, SPARK, S3, SOAP, REST, FASP, OpenStack
  6. 6. Issued by regional / delegated authority – state government Recognized by other agencies - governments, businesses Contains embedded security features – hologram, magnetic strip, UV seal, smartchip, barcodes Contains unique attributes – photo, fingerprint, signature, license number, street address Establishes context and limitations – operating class, expiration date, physical restrictions
  7. 7. Issued by regional / delegated authority – Certificate Authority (CA) Recognized by other agencies – validated by other CAs, and filed to use during collaboration Embedded security features – digital fingerprint , encryption key, and RSA hash Contains unique attributes – email address, private key hash, digital signature, project ID, business affiliations, organizational roles, any relevant attribute Establishes context and limitations – issuing authority, expiration times, revocation authority
  8. 8. Identities and attributes are embedded in certificates. Relationships and authorizations can be made using certificates. Certificates are created and validated through Certificate Authority and exchanged between appropriate parties. Storage vendor uses certificates for authentication, authorization, and access to objects.
  9. 9. Any data file, object storage or not, can contain value, so use of encryption is highly desirable. The further away from direct control, the more important encryption becomes. Encryption keys are much more easily exchanged using certificates, especially if based on public/private key pairs, like PGP.