SlideShare a Scribd company logo

Global Scale Identity Management

Gaurav Bhatia
Gaurav Bhatia

Its all about managing your Identities on Internet..

Internet
1 of 15
Download to read offline
Global Scale Identity Management To Emphasize The Pervasive Nature Of Identities Krati Dadheech Gaurav Bhatia Centre For Cyber Security Sardar Patel University of Police, Security and Criminal Justice February 18, 2017 Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 1 / 15
What is Global Scale Identity Management Global Scale Identity Management concerns identifying and authen- ticating entities such as people, hardware devices, distributed sensors and actuators and software applications when accessing Critical Infor- mation Technology (IT) Systems from anywhere. It aims specifically at government and commercial organizations with diverse inter-organizational relationships that today are hampered by the lack of trustworthy credentials for accessing shared resources. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 2 / 15
What is Global Scale Identity Management Our concern here is mainly the IT oriented aspects of the broad prob- lems of identity and credential management, including authentication, authorization and accountability. In particular, global scale identity management may require not only advances in technology, but also open standards,social norms, legal frameworks, and policies for the creation, use, maintenance, and audit of identities and privilege information. It must also provide mechanisms for two-way assertions and authen- tication handshakes building mutual trust among mutually suspicious parties. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 3 / 15
Components of Identity Management ”Management of the Identity” is the process of issuing and using digital identities and credentials (such as usernames and passwords) for authentication. ”Management by the Identity” combines the proven identity of the user with their authorisation, in order to grant access to resources. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 4 / 15
Authentication and Authorisation Authentication is the process or action of verifying the identity of a user or process. Authentication techniques make use of one or more of the following factors: 1. Something you know (e.g. Password) 2. Something you have (e.g. A Smart Card) 3. Something you are (e.g. Fingerprint) If two of these factors are needed for successful authentication, it is termed a Two-Factor Authentication. Two-Factor Authentication is generally believed to be more secure, and therefore many high-risk systems such as Internet banking are now implementing schemes like this. Authorisation is a process that determines whether an entity is allowed access to a given asset or resource. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 5 / 15
What are the Potential Threats Identification and Authentication (IA) Systems are being attacked on many fronts by a wide range of potential attackers with diverse motiva- tions, within large scale organizations and across multiple organizations. Insider and outsider misuses are commonplace. Because of the lack of adequate Identity Management, it is often ex- tremely difficult to identify the Misusers. For Example, Phishing attacks have become a pervasive problem for which identifying the sources and the legitimacy of the phishers and rendering them ineffective where possible are obvious needs. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 6 / 15
What are the Potential Threats Identity related threats exist throughout the development cycle and the global supply chain, but the run time threats are generally predominant. Misuse of Identities by people and misuse of flawed authentication by remote sites and compromised computers (e.g. Zombies) are common. The Internet itself is a source of numerous collateral threats, includ- ing coordinated, widespread denial-of-service attacks, such as repeated failed logins that result in disabling access by legitimate users. In particular, threats are frequently aimed at violations of integrity, confidentiality, and system survivability, as well as denial-of-service at- tacks. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 7 / 15
Who are the Potential Beneficiaries Government Agencies, Corporations, Institutions, Individuals, and par- ticularly the Financial Communities would benefit enormously from the existence of pervasive approaches to global identity management, with greater convenience, reduction of administrative costs, and possibilities for better oversight. Users could benefit from the decreased likelihood of impersonation, identity and credential fraud, and untraceable misuse. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 8 / 15
Policies for Enhancing Global Identity Management Risk management across a spectrum of risks. This is tightly coupled with authorization. Game-theoretical analyses might be useful. Trust or confidence in the interactions (untrustworthy third parties; what happens when your credentials get stolen or the third party dis- appears). Understanding the implications of Quantum Computing and Quantum Cryptography, and exploring the possibilities of global identity manage- ment without public-key cryptography or with quantum-resistant public key cryptography. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 9 / 15
Protocols for Enhancing Global Identity Management SAML Security Assertion Markup Language (SAML) is the authentication protocol most often associated with single sign-on solutions for web applications. The open standard has been leveraged widely by web application and web service providers. SAML implementations are defined by an identity provider and a service provider. A service provider is, for example, a web application that a user wants to access. The service provider will request authentication from an identity provider, which can ultimately be backed by a directory service. SAML has made great inroads into the web application sector, but is not leveraged for devices and generally not utilized by internal applications. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 10 / 15
Protocols for Enhancing Global Identity Management OpenID Another authentication mechanism for web applications, OpenID has gained some adoption due to support from significant consumer facing web applications such as Google and Yahoo! OpenID works similar to SAML but is less complex to implement. Using OpenID, a third party web application could allow users to log in to their services via a Google or Yahoo ID. This authentication mechanism has largely been used for consumer facing web applications, although is starting to gain some traction in business scenarios due to the popularity of Google Apps for Work. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 11 / 15
Protocols for Enhancing Global Identity Management OAuth A similar protocol to OpenID, OAuth is leveraged by major consumer Internet sites such as Google, Facebook, and Twitter to federate their identities to third party sites. TACACS Used extensively in the network infrastructure market, TACACS is a relatively simple authentication protocol. TACACS was first developed in 1980 to manage authentication for the U.S. Department of Defense unclassified network. The need behind this protocol was to allow users to jump between machines or network infrastructure without having to relogin. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 12 / 15
Major Research Gaps Existing systems tend to authenticate only would be identities of users, not transactions, applications, systems, communication paths, hard- ware, individual packets, messages, and so on. Containment, detection, and remediation are poorly addressed, partic- ularly following misuse of identities, authentication and authorization. Maintaining consistency of reputations over time across identities is extremely difficult. However, carefully controlled mechanisms to revoke or otherwise ex- press doubts about such reputations are also needed. There is a serious lack of economic models that would underscore the importance of global scale identity management and lead to coherent approaches. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 13 / 15
Benefits of Global Scale Identity Management Apart from improvements in security, a well implemented identity man- agement system brings at least two business benefits to an organisation: 1) Cost Reduction 2) Improved Service Levels With an enterprise wide identity management system in place, an or- ganisation does not need to dedicate human resources to handling user ID related issues for each individual application. As a result, fewer people are needed for ID administration activities, which could in turn reduce IT operation costs. In addition, fewer calls to the help desk regarding user ID problems would contribute to more cost savings. With the help of an automatic identity management system, response times for requests relating to user IDs would be improved, resulting in an improvement to IT service levels and better user ID management activities. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 14 / 15
Conclusion Passwords are still the most common authentication method. To reduce the possibility of passwords being compromised using brute-force at- tacks, consecutive unsuccessful log-in trials should be controlled. This can be accomplished by disabling an account after a limited number of unsuccessful logins. Alternatively, a mechanism of increasing the time delay between each consecutive login attempts could be considered as a way of preventing password guessing activities. Additional authentication methods, such as biometrics or two-factor authentication, could also be considered to strengthen the authentica- tion process. Functions requiring another level of authorisation should be implemented using re-authentication. In addition, idle logged-on sessions should be timed-out after a set period to prevent attackers from stealing idle session information. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 15 / 15

Recommended

Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
Business Impact of Identity Management In Information Technology
Business Impact of Identity Management In Information TechnologyBusiness Impact of Identity Management In Information Technology
Business Impact of Identity Management In Information TechnologyInternational Journal of Modern Research in Engineering and Technology
 
Improving Collaboration Through Identity Management
Improving Collaboration Through Identity ManagementImproving Collaboration Through Identity Management
Improving Collaboration Through Identity ManagementGov BizCouncil
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS SlidecastRobertXia
 
Research Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALResearch Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALBenjamin Wyrick
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 

Recommended

Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
Business Impact of Identity Management In Information Technology
Business Impact of Identity Management In Information TechnologyBusiness Impact of Identity Management In Information Technology
Business Impact of Identity Management In Information TechnologyInternational Journal of Modern Research in Engineering and Technology
 
Improving Collaboration Through Identity Management
Improving Collaboration Through Identity ManagementImproving Collaboration Through Identity Management
Improving Collaboration Through Identity ManagementGov BizCouncil
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS SlidecastRobertXia
 
Research Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALResearch Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALBenjamin Wyrick
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...happiestmindstech
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersBroadridge
 
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeria
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in NigeriaCyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeria
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeriaijtsrd
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity ManagementProduct Marketing Services
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4Meg Weber
 
Phishcops multifactor-authentication-website-authentication1096
Phishcops multifactor-authentication-website-authentication1096Phishcops multifactor-authentication-website-authentication1096
Phishcops multifactor-authentication-website-authentication1096Hai Nguyen
 
Ponemon: Managing Complexity in IAM
Ponemon: Managing Complexity in IAMPonemon: Managing Complexity in IAM
Ponemon: Managing Complexity in IAMEMC
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisorsGrant Thornton LLP
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
Aggregation Platforms-White Paper
Aggregation Platforms-White PaperAggregation Platforms-White Paper
Aggregation Platforms-White PaperEnvestnet Yodlee India
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...PortalGuard
 
Choosing the Right Data Security Solution
Choosing the Right Data Security SolutionChoosing the Right Data Security Solution
Choosing the Right Data Security SolutionProtegrity
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocHewlett Packard Enterprise Business Value Exchange
 
Breached! The First 48
Breached! The First 48Breached! The First 48
Breached! The First 48Resilient Systems
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...
PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...
PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...Nick Norman
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeSysfore Technologies
 

More Related Content

What's hot

Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...happiestmindstech
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersBroadridge
 
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeria
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in NigeriaCyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeria
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeriaijtsrd
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4Meg Weber
 
Phishcops multifactor-authentication-website-authentication1096
Phishcops multifactor-authentication-website-authentication1096Phishcops multifactor-authentication-website-authentication1096
Phishcops multifactor-authentication-website-authentication1096Hai Nguyen
 
Ponemon: Managing Complexity in IAM
Ponemon: Managing Complexity in IAMPonemon: Managing Complexity in IAM
Ponemon: Managing Complexity in IAMEMC
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisorsGrant Thornton LLP
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...PortalGuard
 
Choosing the Right Data Security Solution
Choosing the Right Data Security SolutionChoosing the Right Data Security Solution
Choosing the Right Data Security SolutionProtegrity
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 

What's hot (19)

Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker Dealers
 
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeria
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in NigeriaCyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeria
Cyber Security Awareness and Corporate Agility of Deposit Money Banks in Nigeria
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity Management
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
 
Phishcops multifactor-authentication-website-authentication1096
Phishcops multifactor-authentication-website-authentication1096Phishcops multifactor-authentication-website-authentication1096
Phishcops multifactor-authentication-website-authentication1096
 
Ponemon: Managing Complexity in IAM
Ponemon: Managing Complexity in IAMPonemon: Managing Complexity in IAM
Ponemon: Managing Complexity in IAM
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisors
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van Symons
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
Aggregation Platforms-White Paper
Aggregation Platforms-White PaperAggregation Platforms-White Paper
Aggregation Platforms-White Paper
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...
 
Choosing the Right Data Security Solution
Choosing the Right Data Security SolutionChoosing the Right Data Security Solution
Choosing the Right Data Security Solution
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking Havoc
 
Breached! The First 48
Breached! The First 48Breached! The First 48
Breached! The First 48
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015
 

Similar to Global Scale Identity Management

Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...
PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...
PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...Nick Norman
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeSysfore Technologies
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxstirlingvwriters
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data securityKeith Braswell
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial servicesWhite & Case
 
Transformation from Identity Stone Age to Digital Identity
Transformation from Identity Stone Age to Digital IdentityTransformation from Identity Stone Age to Digital Identity
Transformation from Identity Stone Age to Digital IdentityIJNSA Journal
 
Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfChinatu Uzuegbu
 
Atha Corporation[Type text]To All EmployeesCC Exec.docx
Atha Corporation[Type text]To All EmployeesCC Exec.docxAtha Corporation[Type text]To All EmployeesCC Exec.docx
Atha Corporation[Type text]To All EmployeesCC Exec.docxjaggernaoma
 
Identity Security.docx
Identity Security.docxIdentity Security.docx
Identity Security.docxMohsin Abbas
 
Why Identity Management is Crucial in the Modern World_ - Bahaa Abdul Hadi.pdf
Why Identity Management is Crucial in the Modern World_ - Bahaa Abdul Hadi.pdfWhy Identity Management is Crucial in the Modern World_ - Bahaa Abdul Hadi.pdf
Why Identity Management is Crucial in the Modern World_ - Bahaa Abdul Hadi.pdfBahaa Abdulhadi
 
Responses to Questions Posed by Ms. Melissa Hathaway During He.docx
Responses to Questions Posed by Ms. Melissa Hathaway During He.docxResponses to Questions Posed by Ms. Melissa Hathaway During He.docx
Responses to Questions Posed by Ms. Melissa Hathaway During He.docxronak56
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
 
Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Ravinder (Ravi) Singh
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-managementMark Gibson
 
Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Gord Reynolds
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access managementPiyush Jain
 
Future of digital identity initial perspective - final lr
Future of digital identity initial perspective - final lrFuture of digital identity initial perspective - final lr
Future of digital identity initial perspective - final lrFuture Agenda
 

Similar to Global Scale Identity Management (20)

Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...
PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...
PRJ.1578-Omidyar-Network-Digital-Identity-Issue-Analysis-Executive-Summary-v1...
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | Sysfore
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docx
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Three big questions about AI in financial services
Three big questions about AI in financial servicesThree big questions about AI in financial services
Three big questions about AI in financial services
 
Transformation from Identity Stone Age to Digital Identity
Transformation from Identity Stone Age to Digital IdentityTransformation from Identity Stone Age to Digital Identity
Transformation from Identity Stone Age to Digital Identity
 
Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdf
 
Atha Corporation[Type text]To All EmployeesCC Exec.docx
Atha Corporation[Type text]To All EmployeesCC Exec.docxAtha Corporation[Type text]To All EmployeesCC Exec.docx
Atha Corporation[Type text]To All EmployeesCC Exec.docx
 
Identity Security.docx
Identity Security.docxIdentity Security.docx
Identity Security.docx
 
Why Identity Management is Crucial in the Modern World_ - Bahaa Abdul Hadi.pdf
Why Identity Management is Crucial in the Modern World_ - Bahaa Abdul Hadi.pdfWhy Identity Management is Crucial in the Modern World_ - Bahaa Abdul Hadi.pdf
Why Identity Management is Crucial in the Modern World_ - Bahaa Abdul Hadi.pdf
 
Responses to Questions Posed by Ms. Melissa Hathaway During He.docx
Responses to Questions Posed by Ms. Melissa Hathaway During He.docxResponses to Questions Posed by Ms. Melissa Hathaway During He.docx
Responses to Questions Posed by Ms. Melissa Hathaway During He.docx
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
 
Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
 
Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
Future of digital identity initial perspective - final lr
Future of digital identity initial perspective - final lrFuture of digital identity initial perspective - final lr
Future of digital identity initial perspective - final lr
 

Recently uploaded

VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 

Recently uploaded (20)

Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 

Global Scale Identity Management

  • 1. Global Scale Identity Management To Emphasize The Pervasive Nature Of Identities Krati Dadheech Gaurav Bhatia Centre For Cyber Security Sardar Patel University of Police, Security and Criminal Justice February 18, 2017 Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 1 / 15
  • 2. What is Global Scale Identity Management Global Scale Identity Management concerns identifying and authen- ticating entities such as people, hardware devices, distributed sensors and actuators and software applications when accessing Critical Infor- mation Technology (IT) Systems from anywhere. It aims specifically at government and commercial organizations with diverse inter-organizational relationships that today are hampered by the lack of trustworthy credentials for accessing shared resources. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 2 / 15
  • 3. What is Global Scale Identity Management Our concern here is mainly the IT oriented aspects of the broad prob- lems of identity and credential management, including authentication, authorization and accountability. In particular, global scale identity management may require not only advances in technology, but also open standards,social norms, legal frameworks, and policies for the creation, use, maintenance, and audit of identities and privilege information. It must also provide mechanisms for two-way assertions and authen- tication handshakes building mutual trust among mutually suspicious parties. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 3 / 15
  • 4. Components of Identity Management ”Management of the Identity” is the process of issuing and using digital identities and credentials (such as usernames and passwords) for authentication. ”Management by the Identity” combines the proven identity of the user with their authorisation, in order to grant access to resources. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 4 / 15
  • 5. Authentication and Authorisation Authentication is the process or action of verifying the identity of a user or process. Authentication techniques make use of one or more of the following factors: 1. Something you know (e.g. Password) 2. Something you have (e.g. A Smart Card) 3. Something you are (e.g. Fingerprint) If two of these factors are needed for successful authentication, it is termed a Two-Factor Authentication. Two-Factor Authentication is generally believed to be more secure, and therefore many high-risk systems such as Internet banking are now implementing schemes like this. Authorisation is a process that determines whether an entity is allowed access to a given asset or resource. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 5 / 15
  • 6. What are the Potential Threats Identification and Authentication (IA) Systems are being attacked on many fronts by a wide range of potential attackers with diverse motiva- tions, within large scale organizations and across multiple organizations. Insider and outsider misuses are commonplace. Because of the lack of adequate Identity Management, it is often ex- tremely difficult to identify the Misusers. For Example, Phishing attacks have become a pervasive problem for which identifying the sources and the legitimacy of the phishers and rendering them ineffective where possible are obvious needs. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 6 / 15
  • 7. What are the Potential Threats Identity related threats exist throughout the development cycle and the global supply chain, but the run time threats are generally predominant. Misuse of Identities by people and misuse of flawed authentication by remote sites and compromised computers (e.g. Zombies) are common. The Internet itself is a source of numerous collateral threats, includ- ing coordinated, widespread denial-of-service attacks, such as repeated failed logins that result in disabling access by legitimate users. In particular, threats are frequently aimed at violations of integrity, confidentiality, and system survivability, as well as denial-of-service at- tacks. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 7 / 15
  • 8. Who are the Potential Beneficiaries Government Agencies, Corporations, Institutions, Individuals, and par- ticularly the Financial Communities would benefit enormously from the existence of pervasive approaches to global identity management, with greater convenience, reduction of administrative costs, and possibilities for better oversight. Users could benefit from the decreased likelihood of impersonation, identity and credential fraud, and untraceable misuse. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 8 / 15
  • 9. Policies for Enhancing Global Identity Management Risk management across a spectrum of risks. This is tightly coupled with authorization. Game-theoretical analyses might be useful. Trust or confidence in the interactions (untrustworthy third parties; what happens when your credentials get stolen or the third party dis- appears). Understanding the implications of Quantum Computing and Quantum Cryptography, and exploring the possibilities of global identity manage- ment without public-key cryptography or with quantum-resistant public key cryptography. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 9 / 15
  • 10. Protocols for Enhancing Global Identity Management SAML Security Assertion Markup Language (SAML) is the authentication protocol most often associated with single sign-on solutions for web applications. The open standard has been leveraged widely by web application and web service providers. SAML implementations are defined by an identity provider and a service provider. A service provider is, for example, a web application that a user wants to access. The service provider will request authentication from an identity provider, which can ultimately be backed by a directory service. SAML has made great inroads into the web application sector, but is not leveraged for devices and generally not utilized by internal applications. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 10 / 15
  • 11. Protocols for Enhancing Global Identity Management OpenID Another authentication mechanism for web applications, OpenID has gained some adoption due to support from significant consumer facing web applications such as Google and Yahoo! OpenID works similar to SAML but is less complex to implement. Using OpenID, a third party web application could allow users to log in to their services via a Google or Yahoo ID. This authentication mechanism has largely been used for consumer facing web applications, although is starting to gain some traction in business scenarios due to the popularity of Google Apps for Work. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 11 / 15
  • 12. Protocols for Enhancing Global Identity Management OAuth A similar protocol to OpenID, OAuth is leveraged by major consumer Internet sites such as Google, Facebook, and Twitter to federate their identities to third party sites. TACACS Used extensively in the network infrastructure market, TACACS is a relatively simple authentication protocol. TACACS was first developed in 1980 to manage authentication for the U.S. Department of Defense unclassified network. The need behind this protocol was to allow users to jump between machines or network infrastructure without having to relogin. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 12 / 15
  • 13. Major Research Gaps Existing systems tend to authenticate only would be identities of users, not transactions, applications, systems, communication paths, hard- ware, individual packets, messages, and so on. Containment, detection, and remediation are poorly addressed, partic- ularly following misuse of identities, authentication and authorization. Maintaining consistency of reputations over time across identities is extremely difficult. However, carefully controlled mechanisms to revoke or otherwise ex- press doubts about such reputations are also needed. There is a serious lack of economic models that would underscore the importance of global scale identity management and lead to coherent approaches. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 13 / 15
  • 14. Benefits of Global Scale Identity Management Apart from improvements in security, a well implemented identity man- agement system brings at least two business benefits to an organisation: 1) Cost Reduction 2) Improved Service Levels With an enterprise wide identity management system in place, an or- ganisation does not need to dedicate human resources to handling user ID related issues for each individual application. As a result, fewer people are needed for ID administration activities, which could in turn reduce IT operation costs. In addition, fewer calls to the help desk regarding user ID problems would contribute to more cost savings. With the help of an automatic identity management system, response times for requests relating to user IDs would be improved, resulting in an improvement to IT service levels and better user ID management activities. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 14 / 15
  • 15. Conclusion Passwords are still the most common authentication method. To reduce the possibility of passwords being compromised using brute-force at- tacks, consecutive unsuccessful log-in trials should be controlled. This can be accomplished by disabling an account after a limited number of unsuccessful logins. Alternatively, a mechanism of increasing the time delay between each consecutive login attempts could be considered as a way of preventing password guessing activities. Additional authentication methods, such as biometrics or two-factor authentication, could also be considered to strengthen the authentica- tion process. Functions requiring another level of authorisation should be implemented using re-authentication. In addition, idle logged-on sessions should be timed-out after a set period to prevent attackers from stealing idle session information. Krati Dadheech, Gaurav Bhatia (Universities of Somewhere and Elsewhere)Global Scale Identity Management February 18, 2017 15 / 15