SlideShare a Scribd company logo

Identity_and_Access_Management_Overview.ppt

Download as PPT, PDF
M
mamathajagarlamudi2

Identity_and_Access_Management_Overview.ppt

Engineering
1 of 43
Dobrodošli!
Dobrodošli Peter Novak peter.novak@microsoft.com EPG Manager, Microsoft Slovenija Copyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.
Identity and Access Management in Heterogeneous Environments Rafał Łukawiecki Strategic Consultant, Project Botticelli Ltd rafal@projectbotticelli.co.uk www.projectbotticelli.co.uk Copyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.
5 Special Thanks This seminar was prepared with the help of: Oxford Computer Group Ltd Expertise in Identity and Access Management (Microsoft Partner) IT Service Delivery and Training www.oxfordcomputergroup.com Microsoft, with special thanks to: Daniel Meyer – thanks for many slides Steven Adler, Ronny Bjones, Olga Londer – planning and reviewing Philippe Lemmens, Detlef Eckert – Sponsorship Bas Paumen & NGN - feedback
6 Welcome! Our Objectives: Clarify the complex field of identity and access management Start a discussion about IAM in the community, so that the solutions and products are no longer “Best Kept Secrets” Show you how to better realise value and optimise costs of dealing with identities Outline the future Our Plan: One overview session – concepts and ideas Three specialised sessions - technology
7 Logistics You will receive a paper evaluation form. Please complete it as your feedback is very important to us. You can also contact Matjaz at v-matper@microsoft.com All PowerPoint presentations will be available for download. Please ask questions at any time you wish. Additionally, I will be available to take questions after my last session today.
Identity and Access Management: Overview Rafal Lukawiecki Strategic Consultant, Project Botticelli Ltd rafal@projectbotticelli.co.uk www.projectbotticelli.co.uk Copyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties. This presentation is based on work of many authors from Microsoft, Oxford Computer Group and other companies. Please see the “Introductions” presentation for acknowledgments.
9 Objectives Build a good conceptual background to enable later technical discussions of the subject Overview the problems and opportunities in the field of identity and access management Introduce terminology Highlight a possible future direction
10 Session Agenda Identity Problem of Today Identity Laws and Metasystem Components and Terminology Roadmap
11 Identity Problem of Today
12 Universal Identity? Internet was build so that communications are anonymous In-house networks use multiple, often mutually- incompatible, proprietary identity systems Users are incapable of handling multiple identities Criminals love to exploit this mess
13 Explosion of IDs Pre 1980’s 1980’s 1990’s 2000’s # of Digital IDs Time Mainframe Client Server Internet Business Automation Company (B2E) Partners (B2B) Customers (B2C) Mobility
14 The Disconnected Reality “Identity Chaos” Lots of users and systems required to do business Multiple repositories of identity information; Multiple user IDs, multiple passwords Decentralized management, ad hoc data sharing Enterprise Directory HR System Infra Application Lotus Notes Apps In-House Application COTS Application NOS In-House Application •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authorization •Identity Data •Authentication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data
15 Your COMPANY and your EMPLOYEES Your SUPPLIERS Your PARTNERS Your REMOTE and VIRTUAL EMPLOYEES Your CUSTOMERS Customer satisfaction & customer intimacy Cost competitiveness Reach, personalization Collaboration Outsourcing Faster business cycles; process automation Value chain M&A Mobile/global workforce Flexible/temp workforce Multiple Contexts
16 Trends Impacting Identity Increasing Threat Landscape Identity theft costs banks and credit card issuers $1.2 billion in 1 yr $250 billion lost in 2004 from exposure of confidential info Maintenance Costs Dominate IT Budget On average employees need access to 16 apps and systems Companies spend $20-30 per user per year for PW resets Deeper Line of Business Automation and Integration One half of all enterprises have SOA under development Web services spending growing 45% CAGR Rising Tide of Regulation and Compliance SOX, HIPAA, GLB, Basel II, 21 CFR Part 11, … $15.5 billion spend in 2005 on compliance (analyst estimate) Data Sources: Gartner, AMR Research, IDC, eMarketer, U.S. Department. of Justice
17 Business Owner End User IT Admin Developer Security/ Compliance Too expensive to reach new partners, channels Need for control Too many passwords Long waits for access to apps, resources Too many user stores and account admin requests Unsafe sync scripts Pain Points Redundant code in each app Rework code too often Too many orphaned accounts Limited auditing ability
18 Possible Savings Directory Synchronization “Improved updating of user data: $185 per user/year” “Improved list management: $800 per list” - Giga Information Group Password Management “Password reset costs range from $51 (best case) to $147 (worst case) for labor alone.” – Gartner User Provisioning “Improved IT efficiency: $70,000 per year per 1,000 managed users” “Reduced help desk costs: $75 per user per year” - Giga Information Group
19 Is This Going to Scale? Today, average corporate user spends 16 minutes a day logging on A typical home user maintains 12-18 identities Number of phishing and pharming sites grew over 1600% over the past year Corporate IT Ops manage an average of 73 applications and 46 suppliers, often with individual directories Regulators are becoming stricter about compliance and auditing Orphaned accounts and identities lead to security problems Source: Microsoft’s internal research and Anti-phishing Working Group Feb 2005
20 One or Two Solutions? Better Option: Build a global, universal, federated identity metasystem Will take years… Quicker Option: Build an in-house, federated identity metasystem based on standards Federate it to others, system-by-system But: both solutions could share the same conceptual basis
21 Identity Laws and Metasystem
22 Lessons from Passport Passport designed to solve two problems Identity provider for MSN 250M+ users, 1 billion logons per day Significant success Identity provider for the Internet Unsuccessful: Not trusted “outside context” Not generic enough Meant giving up control over identity management Cannot re-write apps to use a central system Learning: solution must be different than Passport
23 Idea of an Identity Metasystem Not an Identity System Agreement on metadata and protocols, allowing multiple identity providers and brokers Based on open standards Supported by multiple technologies and platforms Adhering to Laws of Identity With full respect of privacy needs
24 Roles Within Identity Metasystem Identity Providers Organisations, governments, even end-users They provide Identity Claims about a Subject Name, vehicles allowed to drive, age, etc. Relying Parties Online services or sites, doors, etc. Subjects Individuals and other bodies that need its identity established
25 Metasystem Players Relying Parties Require identities Subjects Individuals and other entities about whom claims are made Identity Providers Issue identities
26 Identity Metasystem Today Basically, the set of WS-* Security Guidelines as we have it Plus Software that implements the services Microsoft and many others working on it Companies that would use it Still to come, but early adopters exist End-users that would trust it Will take time
27 Identity Laws www.identityblog.com 1. User Control and Consent 2. Minimal Disclosure for a Constrained Use 3. Justifiable Parties 4. Directed Identity 5. Pluralism of Operators and Technologies 6. Human Integration 7. Consistent Experience Across Contexts
28 Enterprise Applicability That proposed metasystem would work well inside a corporation But, it will be 5-7 years at least before the beginning of adoption! Of course, we need a solution before it becomes a reality Following the principles seems a good idea while planning immediate solutions Organic growth likely to lead to an identity metasystem in long term
29 Enterprise Trends Kerberos can no longer easily span disconnected identity forests and technologies We are moving away from Groups and traditional ACLs… Increasingly limited and difficult to manage on large scales …towards a combination of: Role-Based Access Management, and, Rich Claims Authorization PKI is still too restrictive, but it is clearly a component of a possible solution
30 Components and Terminology
31 What is Identity Management? Authorization Web Services Security
32 Identity and Access Management The process of authenticating credentials and controlling access to networked resources based on trust and identity Repositories for storing and managing accounts, identity information, and security credentials The processes used to create and delete accounts, manage account and entitlement changes, and track policy compliance Directory Services Access Management Identity Lifecycle Management A system of procedures, policies and technologies to manage the lifecycle and entitlements of electronic credentials
33 Remember the Chaos? Enterprise Directory HR System Infra Application Lotus Notes Apps In-House Application COTS Application NOS In-House Application •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authorization •Identity Data •Authentication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data
34 Identity Integration HR System Infra Application Lotus Notes Apps In-House Application COTS Application Student Admin In-House Application •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authorization •Identity Data •Authentication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data Identity Integration Server Enterprise Directory
35 IAM Benefits Benefits to take you forward (Strategic) Benefits today (Tactical) Save money and improve operational efficiency Improved time to deliver applications and service Enhance Security Regulatory Compliance and Audit New ways of working Improved time to market Closer Supplier, Customer, Partner and Employee relationships
36 Some Basic Definitions Authentication (AuthN) Verification of a subject’s identity by means of relying on a provided claim Identification is sometimes seen as a preliminary step of authentication Collection of untrusted (as yet) information about a subject, such as an identity claim Authorization (AuthZ) Deciding what actions, rights or privileges can the subject be allowed Trend towards separation of those two Or even of all three, if biometrics are used
37 Components of IAM Administration User Management Password Management Workflow Access Management Authentication Authorization Identity Management Account Provisioning Account Deprovisioning Synchronisation Reliable Identity Data Administration Authorization Authentication
38 IAM Architecture
39 Roadmap
40 Microsoft’s Identity Management PKI / CA Extended Directory Services Active Directory & ADAM Enterprise Single Sign On Authorization Manager Active Directory Federation Services Audit Collection Services BizTalk Identity Integration Server ISA Server SQL Server Reporting Services for Unix / Services for Netware Directory (Store) Services Access Management Identity Lifecycle Management
41 Components of a Microsoft-based IAM Infrastructure Directory Active Directory Application Directory AD/AM (LDAP) Lifecycle Management MIIS Workflow BizTalk, Partner Solutions (Ultimus BPM, SAP) Role-Based Access Control Authorization Manager or Partner Solutions (ex: OCG, RSA) and traditional approaches Directory & Password Synchronization MIIS & Partner solutions SSO (Intranet) Kerberos/NTLM, Vintela/Centrify Enterprise SSO (Intranet) Sharepoint ESSO, BizTalk ESSO, HIS ESSO Strong Authentication SmartCards, CA/PKI, Partner (eg. RSA – SecurID, Alacris, WizeKey) Web SSO ADFS, Partner (eg. RSA – ClearTrust) Integration of UNIX/Novell SFU, SFN, Partner (eg. Vintella/Centrify) Federation ADFS
42 Summary
43 Summary We have reached an “Identity Crisis” both on the intranet and the Internet Identity Metasystem suggests a unifying way forward Meanwhile, Identity and Access Management systems need to be built so enterprises can benefit immediately Microsoft is rapidly becoming a strong provider of IAM technologies and IM vision www.microsoft.com/idm & www.microsoft.com/itsshowtime & www.microsoft.com/technet
44 Special Thanks This seminar was prepared with the help of: Oxford Computer Group Ltd Expertise in Identity and Access Management (Microsoft Partner) IT Service Delivery and Training www.oxfordcomputergroup.com Microsoft, with special thanks to: Daniel Meyer – thanks for many slides Steven Adler, Ronny Bjones, Olga Londer – planning and reviewing Philippe Lemmens, Detlef Eckert – Sponsorship Bas Paumen & NGN - feedback

Recommended

Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Executive Leaders Network
 
Laserfiche regulatory + technology convergence webinar
Laserfiche regulatory + technology convergence webinarLaserfiche regulatory + technology convergence webinar
Laserfiche regulatory + technology convergence webinarLaserfiche
 
Converge Leveraging Identity With Professional Open Source Final
Converge Leveraging Identity With Professional Open Source FinalConverge Leveraging Identity With Professional Open Source Final
Converge Leveraging Identity With Professional Open Source FinalGonow
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management Prof. Jacques Folon (Ph.D)
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
Identity Management In Cloud Computing
Identity Management In Cloud ComputingIdentity Management In Cloud Computing
Identity Management In Cloud ComputingInternational Journal of Modern Research in Engineering and Technology
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityVladimir Jirasek
 
iConnect: Expertise Location at Deloitte
iConnect: Expertise Location at DeloitteiConnect: Expertise Location at Deloitte
iConnect: Expertise Location at DeloitteKM Chicago
 

Recommended

Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Executive Leaders Network
 
Laserfiche regulatory + technology convergence webinar
Laserfiche regulatory + technology convergence webinarLaserfiche regulatory + technology convergence webinar
Laserfiche regulatory + technology convergence webinarLaserfiche
 
Converge Leveraging Identity With Professional Open Source Final
Converge Leveraging Identity With Professional Open Source FinalConverge Leveraging Identity With Professional Open Source Final
Converge Leveraging Identity With Professional Open Source FinalGonow
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management Prof. Jacques Folon (Ph.D)
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
Identity Management In Cloud Computing
Identity Management In Cloud ComputingIdentity Management In Cloud Computing
Identity Management In Cloud ComputingInternational Journal of Modern Research in Engineering and Technology
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityVladimir Jirasek
 
iConnect: Expertise Location at Deloitte
iConnect: Expertise Location at DeloitteiConnect: Expertise Location at Deloitte
iConnect: Expertise Location at DeloitteKM Chicago
 
Collaboration Excellence: Strategies for Enabling a Social Business
Collaboration Excellence: Strategies for Enabling a Social BusinessCollaboration Excellence: Strategies for Enabling a Social Business
Collaboration Excellence: Strategies for Enabling a Social BusinessPerficient, Inc.
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
IAM
IAMIAM
IAMProf. Jacques Folon (Ph.D)
 
Meeting your Compliance objectives with ease and without incurring a high cost
Meeting your Compliance objectives with ease and without incurring a high cost Meeting your Compliance objectives with ease and without incurring a high cost
Meeting your Compliance objectives with ease and without incurring a high cost Mithi Software Technologies Pvt Ltd
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementGluu
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 
Content Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerContent Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerZia Consulting
 
PowerPoint presentation
PowerPoint presentationPowerPoint presentation
PowerPoint presentationwebhostingguy
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
Semantic Applications for Financial Services
Semantic Applications for Financial ServicesSemantic Applications for Financial Services
Semantic Applications for Financial ServicesDavidSNewman
 
AIIM Info 2011 Increasing mobile worker productivity
AIIM Info 2011 Increasing mobile worker productivityAIIM Info 2011 Increasing mobile worker productivity
AIIM Info 2011 Increasing mobile worker productivityZia Consulting
 
The Internet of Things & Open Data: New forms of business?
The Internet of Things & Open Data: New forms of business?The Internet of Things & Open Data: New forms of business?
The Internet of Things & Open Data: New forms of business?Paris Open Source Summit
 
Cloud webinar final
Cloud webinar finalCloud webinar final
Cloud webinar finalNess Technologies
 
Taking the Tech out of SemTech
Taking the Tech out of SemTechTaking the Tech out of SemTech
Taking the Tech out of SemTechLeeFeigenbaum
 
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...AgileNetwork
 
Top tips for successfully migrating from SharePoint and file servers to Micro...
Top tips for successfully migrating from SharePoint and file servers to Micro...Top tips for successfully migrating from SharePoint and file servers to Micro...
Top tips for successfully migrating from SharePoint and file servers to Micro...Alistair Pugin
 
How To Up-Skill in IT
How To Up-Skill in ITHow To Up-Skill in IT
How To Up-Skill in ITKelly Services
 
Mike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif
 
Ms webfourm nettskyen okt2010
Ms webfourm nettskyen okt2010Ms webfourm nettskyen okt2010
Ms webfourm nettskyen okt2010Microsoft Norge AS
 
Real time insights for better products, customer experience and resilient pla...
Real time insights for better products, customer experience and resilient pla...Real time insights for better products, customer experience and resilient pla...
Real time insights for better products, customer experience and resilient pla...Balvinder Hira
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingjaychoudhary37
 

More Related Content

Similar to Identity_and_Access_Management_Overview.ppt

Collaboration Excellence: Strategies for Enabling a Social Business
Collaboration Excellence: Strategies for Enabling a Social BusinessCollaboration Excellence: Strategies for Enabling a Social Business
Collaboration Excellence: Strategies for Enabling a Social BusinessPerficient, Inc.
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
Meeting your Compliance objectives with ease and without incurring a high cost
Meeting your Compliance objectives with ease and without incurring a high cost Meeting your Compliance objectives with ease and without incurring a high cost
Meeting your Compliance objectives with ease and without incurring a high cost Mithi Software Technologies Pvt Ltd
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementGluu
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 
Content Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerContent Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerZia Consulting
 
PowerPoint presentation
PowerPoint presentationPowerPoint presentation
PowerPoint presentationwebhostingguy
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
Semantic Applications for Financial Services
Semantic Applications for Financial ServicesSemantic Applications for Financial Services
Semantic Applications for Financial ServicesDavidSNewman
 
AIIM Info 2011 Increasing mobile worker productivity
AIIM Info 2011 Increasing mobile worker productivityAIIM Info 2011 Increasing mobile worker productivity
AIIM Info 2011 Increasing mobile worker productivityZia Consulting
 
The Internet of Things & Open Data: New forms of business?
The Internet of Things & Open Data: New forms of business?The Internet of Things & Open Data: New forms of business?
The Internet of Things & Open Data: New forms of business?Paris Open Source Summit
 
Taking the Tech out of SemTech
Taking the Tech out of SemTechTaking the Tech out of SemTech
Taking the Tech out of SemTechLeeFeigenbaum
 
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...AgileNetwork
 
Top tips for successfully migrating from SharePoint and file servers to Micro...
Top tips for successfully migrating from SharePoint and file servers to Micro...Top tips for successfully migrating from SharePoint and file servers to Micro...
Top tips for successfully migrating from SharePoint and file servers to Micro...Alistair Pugin
 
Mike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif
 
Real time insights for better products, customer experience and resilient pla...
Real time insights for better products, customer experience and resilient pla...Real time insights for better products, customer experience and resilient pla...
Real time insights for better products, customer experience and resilient pla...Balvinder Hira
 

Similar to Identity_and_Access_Management_Overview.ppt (20)

Collaboration Excellence: Strategies for Enabling a Social Business
Collaboration Excellence: Strategies for Enabling a Social BusinessCollaboration Excellence: Strategies for Enabling a Social Business
Collaboration Excellence: Strategies for Enabling a Social Business
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
IAM
IAMIAM
IAM
 
Meeting your Compliance objectives with ease and without incurring a high cost
Meeting your Compliance objectives with ease and without incurring a high cost Meeting your Compliance objectives with ease and without incurring a high cost
Meeting your Compliance objectives with ease and without incurring a high cost
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access management
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
 
Content Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerContent Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
 
PowerPoint presentation
PowerPoint presentationPowerPoint presentation
PowerPoint presentation
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
 
Semantic Applications for Financial Services
Semantic Applications for Financial ServicesSemantic Applications for Financial Services
Semantic Applications for Financial Services
 
AIIM Info 2011 Increasing mobile worker productivity
AIIM Info 2011 Increasing mobile worker productivityAIIM Info 2011 Increasing mobile worker productivity
AIIM Info 2011 Increasing mobile worker productivity
 
The Internet of Things & Open Data: New forms of business?
The Internet of Things & Open Data: New forms of business?The Internet of Things & Open Data: New forms of business?
The Internet of Things & Open Data: New forms of business?
 
Cloud webinar final
Cloud webinar finalCloud webinar final
Cloud webinar final
 
Taking the Tech out of SemTech
Taking the Tech out of SemTechTaking the Tech out of SemTech
Taking the Tech out of SemTech
 
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
Agile Mumbai 2022 - Balvinder Kaur & Sushant Joshi | Real-Time Insights and A...
 
Top tips for successfully migrating from SharePoint and file servers to Micro...
Top tips for successfully migrating from SharePoint and file servers to Micro...Top tips for successfully migrating from SharePoint and file servers to Micro...
Top tips for successfully migrating from SharePoint and file servers to Micro...
 
How To Up-Skill in IT
How To Up-Skill in ITHow To Up-Skill in IT
How To Up-Skill in IT
 
Mike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif - Executive Biography
Mike Schleif - Executive Biography
 
Ms webfourm nettskyen okt2010
Ms webfourm nettskyen okt2010Ms webfourm nettskyen okt2010
Ms webfourm nettskyen okt2010
 
Real time insights for better products, customer experience and resilient pla...
Real time insights for better products, customer experience and resilient pla...Real time insights for better products, customer experience and resilient pla...
Real time insights for better products, customer experience and resilient pla...
 

Recently uploaded

Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingjaychoudhary37
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxvipinkmenon1
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2RajaP95
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 

Recently uploaded (20)

Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacing
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 

Identity_and_Access_Management_Overview.ppt

  • 2. Dobrodošli Peter Novak peter.novak@microsoft.com EPG Manager, Microsoft Slovenija Copyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.
  • 3. Identity and Access Management in Heterogeneous Environments Rafał Łukawiecki Strategic Consultant, Project Botticelli Ltd rafal@projectbotticelli.co.uk www.projectbotticelli.co.uk Copyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.
  • 4. 5 Special Thanks This seminar was prepared with the help of: Oxford Computer Group Ltd Expertise in Identity and Access Management (Microsoft Partner) IT Service Delivery and Training www.oxfordcomputergroup.com Microsoft, with special thanks to: Daniel Meyer – thanks for many slides Steven Adler, Ronny Bjones, Olga Londer – planning and reviewing Philippe Lemmens, Detlef Eckert – Sponsorship Bas Paumen & NGN - feedback
  • 5. 6 Welcome! Our Objectives: Clarify the complex field of identity and access management Start a discussion about IAM in the community, so that the solutions and products are no longer “Best Kept Secrets” Show you how to better realise value and optimise costs of dealing with identities Outline the future Our Plan: One overview session – concepts and ideas Three specialised sessions - technology
  • 6. 7 Logistics You will receive a paper evaluation form. Please complete it as your feedback is very important to us. You can also contact Matjaz at v-matper@microsoft.com All PowerPoint presentations will be available for download. Please ask questions at any time you wish. Additionally, I will be available to take questions after my last session today.
  • 7. Identity and Access Management: Overview Rafal Lukawiecki Strategic Consultant, Project Botticelli Ltd rafal@projectbotticelli.co.uk www.projectbotticelli.co.uk Copyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties. This presentation is based on work of many authors from Microsoft, Oxford Computer Group and other companies. Please see the “Introductions” presentation for acknowledgments.
  • 8. 9 Objectives Build a good conceptual background to enable later technical discussions of the subject Overview the problems and opportunities in the field of identity and access management Introduce terminology Highlight a possible future direction
  • 9. 10 Session Agenda Identity Problem of Today Identity Laws and Metasystem Components and Terminology Roadmap
  • 11. 12 Universal Identity? Internet was build so that communications are anonymous In-house networks use multiple, often mutually- incompatible, proprietary identity systems Users are incapable of handling multiple identities Criminals love to exploit this mess
  • 12. 13 Explosion of IDs Pre 1980’s 1980’s 1990’s 2000’s # of Digital IDs Time Mainframe Client Server Internet Business Automation Company (B2E) Partners (B2B) Customers (B2C) Mobility
  • 13. 14 The Disconnected Reality “Identity Chaos” Lots of users and systems required to do business Multiple repositories of identity information; Multiple user IDs, multiple passwords Decentralized management, ad hoc data sharing Enterprise Directory HR System Infra Application Lotus Notes Apps In-House Application COTS Application NOS In-House Application •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authorization •Identity Data •Authentication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data
  • 14. 15 Your COMPANY and your EMPLOYEES Your SUPPLIERS Your PARTNERS Your REMOTE and VIRTUAL EMPLOYEES Your CUSTOMERS Customer satisfaction & customer intimacy Cost competitiveness Reach, personalization Collaboration Outsourcing Faster business cycles; process automation Value chain M&A Mobile/global workforce Flexible/temp workforce Multiple Contexts
  • 15. 16 Trends Impacting Identity Increasing Threat Landscape Identity theft costs banks and credit card issuers $1.2 billion in 1 yr $250 billion lost in 2004 from exposure of confidential info Maintenance Costs Dominate IT Budget On average employees need access to 16 apps and systems Companies spend $20-30 per user per year for PW resets Deeper Line of Business Automation and Integration One half of all enterprises have SOA under development Web services spending growing 45% CAGR Rising Tide of Regulation and Compliance SOX, HIPAA, GLB, Basel II, 21 CFR Part 11, … $15.5 billion spend in 2005 on compliance (analyst estimate) Data Sources: Gartner, AMR Research, IDC, eMarketer, U.S. Department. of Justice
  • 16. 17 Business Owner End User IT Admin Developer Security/ Compliance Too expensive to reach new partners, channels Need for control Too many passwords Long waits for access to apps, resources Too many user stores and account admin requests Unsafe sync scripts Pain Points Redundant code in each app Rework code too often Too many orphaned accounts Limited auditing ability
  • 17. 18 Possible Savings Directory Synchronization “Improved updating of user data: $185 per user/year” “Improved list management: $800 per list” - Giga Information Group Password Management “Password reset costs range from $51 (best case) to $147 (worst case) for labor alone.” – Gartner User Provisioning “Improved IT efficiency: $70,000 per year per 1,000 managed users” “Reduced help desk costs: $75 per user per year” - Giga Information Group
  • 18. 19 Is This Going to Scale? Today, average corporate user spends 16 minutes a day logging on A typical home user maintains 12-18 identities Number of phishing and pharming sites grew over 1600% over the past year Corporate IT Ops manage an average of 73 applications and 46 suppliers, often with individual directories Regulators are becoming stricter about compliance and auditing Orphaned accounts and identities lead to security problems Source: Microsoft’s internal research and Anti-phishing Working Group Feb 2005
  • 19. 20 One or Two Solutions? Better Option: Build a global, universal, federated identity metasystem Will take years… Quicker Option: Build an in-house, federated identity metasystem based on standards Federate it to others, system-by-system But: both solutions could share the same conceptual basis
  • 21. 22 Lessons from Passport Passport designed to solve two problems Identity provider for MSN 250M+ users, 1 billion logons per day Significant success Identity provider for the Internet Unsuccessful: Not trusted “outside context” Not generic enough Meant giving up control over identity management Cannot re-write apps to use a central system Learning: solution must be different than Passport
  • 22. 23 Idea of an Identity Metasystem Not an Identity System Agreement on metadata and protocols, allowing multiple identity providers and brokers Based on open standards Supported by multiple technologies and platforms Adhering to Laws of Identity With full respect of privacy needs
  • 23. 24 Roles Within Identity Metasystem Identity Providers Organisations, governments, even end-users They provide Identity Claims about a Subject Name, vehicles allowed to drive, age, etc. Relying Parties Online services or sites, doors, etc. Subjects Individuals and other bodies that need its identity established
  • 24. 25 Metasystem Players Relying Parties Require identities Subjects Individuals and other entities about whom claims are made Identity Providers Issue identities
  • 25. 26 Identity Metasystem Today Basically, the set of WS-* Security Guidelines as we have it Plus Software that implements the services Microsoft and many others working on it Companies that would use it Still to come, but early adopters exist End-users that would trust it Will take time
  • 26. 27 Identity Laws www.identityblog.com 1. User Control and Consent 2. Minimal Disclosure for a Constrained Use 3. Justifiable Parties 4. Directed Identity 5. Pluralism of Operators and Technologies 6. Human Integration 7. Consistent Experience Across Contexts
  • 27. 28 Enterprise Applicability That proposed metasystem would work well inside a corporation But, it will be 5-7 years at least before the beginning of adoption! Of course, we need a solution before it becomes a reality Following the principles seems a good idea while planning immediate solutions Organic growth likely to lead to an identity metasystem in long term
  • 28. 29 Enterprise Trends Kerberos can no longer easily span disconnected identity forests and technologies We are moving away from Groups and traditional ACLs… Increasingly limited and difficult to manage on large scales …towards a combination of: Role-Based Access Management, and, Rich Claims Authorization PKI is still too restrictive, but it is clearly a component of a possible solution
  • 30. 31 What is Identity Management? Authorization Web Services Security
  • 31. 32 Identity and Access Management The process of authenticating credentials and controlling access to networked resources based on trust and identity Repositories for storing and managing accounts, identity information, and security credentials The processes used to create and delete accounts, manage account and entitlement changes, and track policy compliance Directory Services Access Management Identity Lifecycle Management A system of procedures, policies and technologies to manage the lifecycle and entitlements of electronic credentials
  • 32. 33 Remember the Chaos? Enterprise Directory HR System Infra Application Lotus Notes Apps In-House Application COTS Application NOS In-House Application •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authorization •Identity Data •Authentication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data
  • 33. 34 Identity Integration HR System Infra Application Lotus Notes Apps In-House Application COTS Application Student Admin In-House Application •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data •Authorization •Identity Data •Authentication •Authentication •Authorization •Identity Data •Authentication •Authorization •Identity Data Identity Integration Server Enterprise Directory
  • 34. 35 IAM Benefits Benefits to take you forward (Strategic) Benefits today (Tactical) Save money and improve operational efficiency Improved time to deliver applications and service Enhance Security Regulatory Compliance and Audit New ways of working Improved time to market Closer Supplier, Customer, Partner and Employee relationships
  • 35. 36 Some Basic Definitions Authentication (AuthN) Verification of a subject’s identity by means of relying on a provided claim Identification is sometimes seen as a preliminary step of authentication Collection of untrusted (as yet) information about a subject, such as an identity claim Authorization (AuthZ) Deciding what actions, rights or privileges can the subject be allowed Trend towards separation of those two Or even of all three, if biometrics are used
  • 36. 37 Components of IAM Administration User Management Password Management Workflow Access Management Authentication Authorization Identity Management Account Provisioning Account Deprovisioning Synchronisation Reliable Identity Data Administration Authorization Authentication
  • 39. 40 Microsoft’s Identity Management PKI / CA Extended Directory Services Active Directory & ADAM Enterprise Single Sign On Authorization Manager Active Directory Federation Services Audit Collection Services BizTalk Identity Integration Server ISA Server SQL Server Reporting Services for Unix / Services for Netware Directory (Store) Services Access Management Identity Lifecycle Management
  • 40. 41 Components of a Microsoft-based IAM Infrastructure Directory Active Directory Application Directory AD/AM (LDAP) Lifecycle Management MIIS Workflow BizTalk, Partner Solutions (Ultimus BPM, SAP) Role-Based Access Control Authorization Manager or Partner Solutions (ex: OCG, RSA) and traditional approaches Directory & Password Synchronization MIIS & Partner solutions SSO (Intranet) Kerberos/NTLM, Vintela/Centrify Enterprise SSO (Intranet) Sharepoint ESSO, BizTalk ESSO, HIS ESSO Strong Authentication SmartCards, CA/PKI, Partner (eg. RSA – SecurID, Alacris, WizeKey) Web SSO ADFS, Partner (eg. RSA – ClearTrust) Integration of UNIX/Novell SFU, SFN, Partner (eg. Vintella/Centrify) Federation ADFS
  • 42. 43 Summary We have reached an “Identity Crisis” both on the intranet and the Internet Identity Metasystem suggests a unifying way forward Meanwhile, Identity and Access Management systems need to be built so enterprises can benefit immediately Microsoft is rapidly becoming a strong provider of IAM technologies and IM vision www.microsoft.com/idm & www.microsoft.com/itsshowtime & www.microsoft.com/technet
  • 43. 44 Special Thanks This seminar was prepared with the help of: Oxford Computer Group Ltd Expertise in Identity and Access Management (Microsoft Partner) IT Service Delivery and Training www.oxfordcomputergroup.com Microsoft, with special thanks to: Daniel Meyer – thanks for many slides Steven Adler, Ronny Bjones, Olga Londer – planning and reviewing Philippe Lemmens, Detlef Eckert – Sponsorship Bas Paumen & NGN - feedback