SlideShare a Scribd company logo

ICAM Target Architecture

J
Joel Rader, CISSP

What does a foundation Target Architecture look like for an Identity, Credentialing, and Access Management project? This presentation addresses fundamental concepts that apply to any industry seeking ICAM, but was originally established with a federal agency in mind.

Government & Nonprofit
1 of 10
Download to read offline
Starting Off Phase I - Identity vs. Digital Identity ► Identity  Who you are as an individual  Does not change nor expire ► Digital Identity  Digital representation of your identity  Represented by identifiers, credentials, and attributes  Can expire, depending on context 1
Important Considerations of a Digital Identity ► Context  Must be useful, relevant, trustworthy  Must uniquely identify a subject within a given context  In our case, within a specific Agency ► Consistent  Must be able to be referenced uniformly across applications  Where unique identifiers are not supported, mappings must be established ► High Assurance  Trust that a Digital Identity represents an Identity  Requires Identity Proofing, Vetting, and Adjudication 2
Building a Digital Identity – Step 1 ► Create an Identifier  UUID – Universally Unique Identifier  Unique for all in-scope personnel ► Open Question – 1:1 Mapping?  Should an Identity within the Agency map to one, and only one Digital Identity?  When to assign UUID?  Collisions/Duplications?  Merging/reconciliation process?  Benefits of 1:1 Mapping  Increased security & assurance  Simplified maintenance 3
Building a Digital Identity – Step 2 ► Establish Authoritative Attribute Sources  On-Boarding Systems  Background Investigations  Others? ► Important Considerations:  Should only be one source per attribute  Are policies in place defining which source is “authoritative”? 4
Building a Digital Identity – Step 3 ► Build Credentials  PKI Certificate(s)  PIV Card  FAC – Facility Access Card  FLAC – Facility & Logical Access Card ► Open Question – Include UUID?  Would map back to Digital Identity  Requires modifications of current processes  If done, would help streamline credentialing process ► These credentials would become Authoritative Attributes in a Digital Identity 5
Building a Digital Identity – Step 4 ► Application/System Specific Attributes  Only referenced within a specific context  User ID  Role  Legacy/proprietary application support ► Next: What does an ICAM Target Architecture look like?  Authoritative Identity Service (AIS) 6
ICAM Target Architecture – Putting Digital Identities to Work 7
ICAM Target Architecture – Digital Identity Records 8 Adjudication Results Human Resources Attributes Personal Identity Verification (PIV) Credential Attributes Clearance CriminalBackground Sponsor Name Address Hire Date Position Medical Compensation Dependents Clearance Unique Identifier Human Resources (HR) Information UUID Cardholder Unique Identifier (CHUID) IssueDate FASC-NExpiration Date Active Directory Attributes Display Name Application #1 Application #2 Digital Identity Record Application #2 Attributes User ID Role PKI Attributes IssueDate Expiration Date Certificate Hiring Report Credential Report Accounts and Privileges Title Data Pull Data Pull Data Push DataConnection&Exchange Email Company Department Office City Public Key Infrastructure (PKI) IssuanceSystem GlobalAddress List (GAL) Standardization Report Data Pull Identity Management System (IDMS) Active Directory Authoritative Attribute Sources Systems and Services Auditing and Reporting AttributeDiscovery Unique Identifier Generation System Federal Background Investigation Systems Phase 2 & 3 Attributes Future Application #1 Attribute 1 Attribute 2 Attribute 3 Future Application #2Attribute 1 Attribute 2
Target Architecture Overview – PIV Credential Management 9
Target Architecture Overview – Logical Access Management 10

Recommended

Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupJoel Rader, CISSP
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementSven Wohlgemuth
 
Securing Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDSecuring Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDForgeRock
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Jack Forbes
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
CPA - Introduction to Digital Identity - rev20171102
CPA - Introduction to Digital Identity - rev20171102CPA - Introduction to Digital Identity - rev20171102
CPA - Introduction to Digital Identity - rev20171102Jean-François LOMBARDO
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management Prof. Jacques Folon (Ph.D)
 
Identity Access Management
Identity Access ManagementIdentity Access Management
Identity Access Managementson09remotely
 

Recommended

Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupJoel Rader, CISSP
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementSven Wohlgemuth
 
Securing Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDSecuring Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDForgeRock
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Jack Forbes
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
CPA - Introduction to Digital Identity - rev20171102
CPA - Introduction to Digital Identity - rev20171102CPA - Introduction to Digital Identity - rev20171102
CPA - Introduction to Digital Identity - rev20171102Jean-François LOMBARDO
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management Prof. Jacques Folon (Ph.D)
 
Identity Access Management
Identity Access ManagementIdentity Access Management
Identity Access Managementson09remotely
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionCA API Management
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 
Hitachi ID Management Suite
Hitachi ID Management SuiteHitachi ID Management Suite
Hitachi ID Management SuiteHitachi ID Systems, Inc.
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
The Road to Identity 2.0
The Road to Identity 2.0The Road to Identity 2.0
The Road to Identity 2.0Adam Lewis
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
Identity Management
Identity ManagementIdentity Management
Identity ManagementVenkatesh Jambulingam
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum
 
IDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things LandscapeIDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things Landscapekantarainitiative
 
Securing Citizen Facing Applications
Securing Citizen Facing ApplicationsSecuring Citizen Facing Applications
Securing Citizen Facing Applicationsedwinlorenzana
 
Can Blockchain Enable Identity Management?
Can Blockchain Enable Identity Management?Can Blockchain Enable Identity Management?
Can Blockchain Enable Identity Management?Priyanka Aash
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public SafetyAdam Lewis
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceEduserv Foundation
 
Computer security
Computer securityComputer security
Computer securityps14016
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
FirstNet ICAM
FirstNet ICAMFirstNet ICAM
FirstNet ICAMAdam Lewis
 
Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeBrian Ahier
 

More Related Content

What's hot

Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionCA API Management
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
The Road to Identity 2.0
The Road to Identity 2.0The Road to Identity 2.0
The Road to Identity 2.0Adam Lewis
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum
 
IDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things LandscapeIDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things Landscapekantarainitiative
 
Securing Citizen Facing Applications
Securing Citizen Facing ApplicationsSecuring Citizen Facing Applications
Securing Citizen Facing Applicationsedwinlorenzana
 
Can Blockchain Enable Identity Management?
Can Blockchain Enable Identity Management?Can Blockchain Enable Identity Management?
Can Blockchain Enable Identity Management?Priyanka Aash
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public SafetyAdam Lewis
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceEduserv Foundation
 
Computer security
Computer securityComputer security
Computer securityps14016
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 

What's hot (20)

Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT Mission
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
 
Hitachi ID Management Suite
Hitachi ID Management SuiteHitachi ID Management Suite
Hitachi ID Management Suite
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare Providers
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
The Road to Identity 2.0
The Road to Identity 2.0The Road to Identity 2.0
The Road to Identity 2.0
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
 
Identity Management
Identity ManagementIdentity Management
Identity Management
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access management
 
IDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things LandscapeIDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things Landscape
 
Securing Citizen Facing Applications
Securing Citizen Facing ApplicationsSecuring Citizen Facing Applications
Securing Citizen Facing Applications
 
Can Blockchain Enable Identity Management?
Can Blockchain Enable Identity Management?Can Blockchain Enable Identity Management?
Can Blockchain Enable Identity Management?
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-Science
 
Computer security
Computer securityComputer security
Computer security
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 

Similar to ICAM Target Architecture

Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeBrian Ahier
 
Monage.io identity presentation 3.22.17 v3
Monage.io identity presentation 3.22.17 v3Monage.io identity presentation 3.22.17 v3
Monage.io identity presentation 3.22.17 v3Michael Queralt
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Andrew Hughes
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsUbisecure
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation servicesTariq Juneja
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methodslapao2014
 
SSI, TBDex Overview
SSI, TBDex Overview SSI, TBDex Overview
SSI, TBDex Overview AlexLewin7
 
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009ClubHack
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identityWAFAA AL SALMAN
 
[WSO2 Integration Summit Johannesburg 2019] Security in a Distributed Computi...
[WSO2 Integration Summit Johannesburg 2019] Security in a Distributed Computi...[WSO2 Integration Summit Johannesburg 2019] Security in a Distributed Computi...
[WSO2 Integration Summit Johannesburg 2019] Security in a Distributed Computi...WSO2
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionBlackbaud
 
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...Jean-François LOMBARDO
 
IRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET Journal
 

Similar to ICAM Target Architecture (20)

FirstNet ICAM
FirstNet ICAMFirstNet ICAM
FirstNet ICAM
 
Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information Exchange
 
Monage.io identity presentation 3.22.17 v3
Monage.io identity presentation 3.22.17 v3Monage.io identity presentation 3.22.17 v3
Monage.io identity presentation 3.22.17 v3
 
Identity Assertions Draftv5
Identity Assertions Draftv5Identity Assertions Draftv5
Identity Assertions Draftv5
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
 
March Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance MeetupMarch Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance Meetup
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for Applications
 
PCI Certification and remediation services
PCI Certification and remediation servicesPCI Certification and remediation services
PCI Certification and remediation services
 
Cybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - CincinnatiCybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - Cincinnati
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methods
 
SSI, TBDex Overview
SSI, TBDex Overview SSI, TBDex Overview
SSI, TBDex Overview
 
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
[WSO2 Integration Summit Johannesburg 2019] Security in a Distributed Computi...
[WSO2 Integration Summit Johannesburg 2019] Security in a Distributed Computi...[WSO2 Integration Summit Johannesburg 2019] Security in a Distributed Computi...
[WSO2 Integration Summit Johannesburg 2019] Security in a Distributed Computi...
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
 
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC st...
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmDenver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security Paradigm
 
IRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a Profile
 

Recently uploaded

productionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxproductionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxHenryBriggs2
 
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfyalehistoricalreview
 
Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170Sonam Pathan
 
Start Donating your Old Clothes to Poor People
Start Donating your Old Clothes to Poor PeopleStart Donating your Old Clothes to Poor People
Start Donating your Old Clothes to Poor PeopleSERUDS INDIA
 
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMadurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 
Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Christina Parmionova
 
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual UrgesCall Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urgesnarwatsonia7
 
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…nishakur201
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27JSchaus & Associates
 
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...narwatsonia7
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...ResolutionFoundation
 
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...ankitnayak356677
 
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...Christina Parmionova
 
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...narwatsonia7
 
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolSERUDS INDIA
 
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...narwatsonia7
 
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service BangaloreCall Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalorenarwatsonia7
 

Recently uploaded (20)

productionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxproductionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptx
 
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
 
Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170
 
Start Donating your Old Clothes to Poor People
Start Donating your Old Clothes to Poor PeopleStart Donating your Old Clothes to Poor People
Start Donating your Old Clothes to Poor People
 
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMadurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 
Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...
 
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual UrgesCall Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
 
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27
 
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...
 
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
 
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
 
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
 
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnool
 
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
 
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service BangaloreCall Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
 

ICAM Target Architecture

  • 1. Starting Off Phase I - Identity vs. Digital Identity ► Identity  Who you are as an individual  Does not change nor expire ► Digital Identity  Digital representation of your identity  Represented by identifiers, credentials, and attributes  Can expire, depending on context 1
  • 2. Important Considerations of a Digital Identity ► Context  Must be useful, relevant, trustworthy  Must uniquely identify a subject within a given context  In our case, within a specific Agency ► Consistent  Must be able to be referenced uniformly across applications  Where unique identifiers are not supported, mappings must be established ► High Assurance  Trust that a Digital Identity represents an Identity  Requires Identity Proofing, Vetting, and Adjudication 2
  • 3. Building a Digital Identity – Step 1 ► Create an Identifier  UUID – Universally Unique Identifier  Unique for all in-scope personnel ► Open Question – 1:1 Mapping?  Should an Identity within the Agency map to one, and only one Digital Identity?  When to assign UUID?  Collisions/Duplications?  Merging/reconciliation process?  Benefits of 1:1 Mapping  Increased security & assurance  Simplified maintenance 3
  • 4. Building a Digital Identity – Step 2 ► Establish Authoritative Attribute Sources  On-Boarding Systems  Background Investigations  Others? ► Important Considerations:  Should only be one source per attribute  Are policies in place defining which source is “authoritative”? 4
  • 5. Building a Digital Identity – Step 3 ► Build Credentials  PKI Certificate(s)  PIV Card  FAC – Facility Access Card  FLAC – Facility & Logical Access Card ► Open Question – Include UUID?  Would map back to Digital Identity  Requires modifications of current processes  If done, would help streamline credentialing process ► These credentials would become Authoritative Attributes in a Digital Identity 5
  • 6. Building a Digital Identity – Step 4 ► Application/System Specific Attributes  Only referenced within a specific context  User ID  Role  Legacy/proprietary application support ► Next: What does an ICAM Target Architecture look like?  Authoritative Identity Service (AIS) 6
  • 7. ICAM Target Architecture – Putting Digital Identities to Work 7
  • 8. ICAM Target Architecture – Digital Identity Records 8 Adjudication Results Human Resources Attributes Personal Identity Verification (PIV) Credential Attributes Clearance CriminalBackground Sponsor Name Address Hire Date Position Medical Compensation Dependents Clearance Unique Identifier Human Resources (HR) Information UUID Cardholder Unique Identifier (CHUID) IssueDate FASC-NExpiration Date Active Directory Attributes Display Name Application #1 Application #2 Digital Identity Record Application #2 Attributes User ID Role PKI Attributes IssueDate Expiration Date Certificate Hiring Report Credential Report Accounts and Privileges Title Data Pull Data Pull Data Push DataConnection&Exchange Email Company Department Office City Public Key Infrastructure (PKI) IssuanceSystem GlobalAddress List (GAL) Standardization Report Data Pull Identity Management System (IDMS) Active Directory Authoritative Attribute Sources Systems and Services Auditing and Reporting AttributeDiscovery Unique Identifier Generation System Federal Background Investigation Systems Phase 2 & 3 Attributes Future Application #1 Attribute 1 Attribute 2 Attribute 3 Future Application #2Attribute 1 Attribute 2
  • 9. Target Architecture Overview – PIV Credential Management 9
  • 10. Target Architecture Overview – Logical Access Management 10