What does a foundation Target Architecture look like for an Identity, Credentialing, and Access Management project? This presentation addresses fundamental concepts that apply to any industry seeking ICAM, but was originally established with a federal agency in mind.
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
ICAM Target Architecture
1. Starting Off Phase I - Identity vs. Digital Identity
► Identity
Who you are as an individual
Does not change nor expire
► Digital Identity
Digital representation of your identity
Represented by identifiers, credentials, and
attributes
Can expire, depending on context
1
2. Important Considerations of a Digital Identity
► Context
Must be useful, relevant, trustworthy
Must uniquely identify a subject within a given context
In our case, within a specific Agency
► Consistent
Must be able to be referenced uniformly across applications
Where unique identifiers are not supported, mappings must be established
► High Assurance
Trust that a Digital Identity represents an Identity
Requires Identity Proofing, Vetting, and Adjudication
2
3. Building a Digital Identity – Step 1
► Create an Identifier
UUID – Universally Unique Identifier
Unique for all in-scope personnel
► Open Question – 1:1 Mapping?
Should an Identity within the Agency
map to one, and only one Digital
Identity?
When to assign UUID?
Collisions/Duplications?
Merging/reconciliation process?
Benefits of 1:1 Mapping
Increased security & assurance
Simplified maintenance
3
4. Building a Digital Identity – Step 2
► Establish Authoritative Attribute
Sources
On-Boarding Systems
Background Investigations
Others?
► Important Considerations:
Should only be one source per
attribute
Are policies in place defining which
source is “authoritative”?
4
5. Building a Digital Identity – Step 3
► Build Credentials
PKI Certificate(s)
PIV Card
FAC – Facility Access Card
FLAC – Facility & Logical Access Card
► Open Question – Include UUID?
Would map back to Digital Identity
Requires modifications of current
processes
If done, would help streamline
credentialing process
► These credentials would become
Authoritative Attributes in a Digital
Identity
5
6. Building a Digital Identity – Step 4
► Application/System Specific Attributes
Only referenced within a specific context
User ID
Role
Legacy/proprietary application
support
► Next: What does an ICAM Target
Architecture look like?
Authoritative Identity Service (AIS)
6
8. ICAM Target Architecture – Digital Identity Records
8
Adjudication Results
Human Resources Attributes
Personal Identity Verification (PIV)
Credential Attributes
Clearance
CriminalBackground
Sponsor
Name
Address
Hire Date
Position
Medical Compensation
Dependents
Clearance
Unique Identifier
Human Resources (HR)
Information
UUID
Cardholder Unique
Identifier (CHUID)
IssueDate
FASC-NExpiration Date
Active Directory Attributes
Display Name
Application #1
Application #2
Digital Identity Record
Application #2 Attributes
User ID Role
PKI Attributes
IssueDate
Expiration Date
Certificate
Hiring
Report
Credential
Report
Accounts
and
Privileges
Title
Data Pull
Data Pull
Data Push
DataConnection&Exchange
Email Company Department
Office
City
Public Key Infrastructure
(PKI) IssuanceSystem
GlobalAddress
List (GAL)
Standardization
Report
Data Pull
Identity Management System
(IDMS)
Active Directory
Authoritative
Attribute Sources
Systems and Services
Auditing and Reporting
AttributeDiscovery
Unique Identifier
Generation System
Federal Background
Investigation Systems
Phase 2 & 3 Attributes
Future Application #1
Attribute 1
Attribute 2
Attribute 3
Future Application #2Attribute 1 Attribute 2