Identity Management: A New Key Strategic Infrastructure


Published on

Introductory presentation by David Harrison (Cardiff University)

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Identity Management: A New Key Strategic Infrastructure

  1. 1. IDENTITY MANAGEMENT A New Key Strategic Infrastructure
  2. 2. THEMES  How we got to where we are today … and where might we want to get to  Where identity providers clash  Architecture for the perfect IdM solution  A look at Entitlement and Risk  IdM is Strategic Infrasructure
  3. 3. THE ISSUES SO FAR  IdM systems are becoming more complex as they become more essential in making connectivity more transparent for the user  Federated access goes along way to solve the problem but it doesn’t cope well with the individual and their own identity  Solutions are based on pushing credentials to systems … just in case they’re needed; so the information has to be there … just in case
  4. 4. SOME NEW ISSUES  Multitude of identity providers from non- traditional sources – Google, Facebook, Salesforce – all extending into the enterprise through cloud computing as well as in-the- cloud IdPs such as Symplified  Emergence of self-assertion – OpenId; users holding their own identities  The future can never be the same
  5. 5. PHEW! THAT’S CHALLENGING!  Yes it is; but it’s the way things are heading because  Increasingly users will put more value on their personally provisioned identities than the ones provided for them by the enterprise  The move to the cloud and SaaS makes the inter- working with other IdPs more certain  A model based upon pushing identity will ultimately fail because of its complexity and administrative challenge  Let’s look at risk to finish off with then …
  6. 6. REFERENCES  The Emerging Architecture of Identity Management (Burton Group, Apr. 2010)  Building an Entitlement Catalog: A critical success factor of Identity Management (Burton Group, Aug. 2010)  So … in conclusion (and addressing the present, not the future)
  7. 7. “WHO OWNS IDENTITY MANAGEMENT?”  Role, context & personalisation: something you can only do in PARTNERSHIP  It’s an institutional issue; can only be resolved (owned) at an institutional level  Identity management is strategic and cannot be aligned to any one application … however important it might be perceived to be!  An entitlement catalogue is as essential for granular identity management as identifying those authorised to access entitlements
  8. 8. THE CASE FOR FEDERATION  Collaborating and co-operating institutions – research, joint projects  Open Educational Resources – but how open do you want it?  Shared Services – enabling distributed services  Mergers – federating directories
  9. 9. SOME FINAL THOUGHTS  Is it time for some joined-up thinking in this space? Content-centric - aggregated data/mashups look to be the future – Access & Identity Management has to be able to enable this  How integrated is our thinking between physical (network) security, identity management and information security?  Governance, Regulation … and Charging – are we ready?
  10. 10. … AND SOME REALLY FINAL THOUGHTS!  Mobile “me”, eduRoam – are we focused on PERSONAL computing?  What is the place of the organisation in an identity space which crosses Federation boundaries?  Federated Identity & Personal Identity – who are the IdP of the future?  My conclusion: We need to bring ID/Access/Information Security Management much closer together