SlideShare a Scribd company logo

Roadmap from Static RBAC to Dynamic ABAC @ IDM Europe 2017

Matthijs Kempers MBI
Matthijs Kempers MBI

The Dutch Prison Service (Dienst Justitiële Inrichtingen), part of the Dutch Ministry of Security and Justice, has embarked on the implementation of a future-proof IAM solution for its own staff and those of business partners. The Toegangsplatform DJI (Access Platform) project has developed a 2020 vision in which static RBAC and dynamic ABAC will be realised. By these means, authorisation management will become an inherent part of the regular business processes, and the business itself can be ‘in control’ of its IAM responsibilities. Jean-Pierre Vincent and Matthijs Kempers will share their vision and the status of the project.

1 of 17
Toegangsplatform DJI (IAM platform DJI) Jean-Pierre Vincent (Programme manager) Matthijs Kempers (Project manager business) Datum: 8-3-2017
Agenda 1. About Dienst Justitiële Inrichtingen (part of Ministry of Security and Justice) 2. Project overview Toegangsplatform DJI 3. Vision 2020: Dynamic ABAC 4. Roadmap: from Static RBAC to Dynamic ABAC 2
3 About Ministry of Security and Justice Justitiële uitvoerings- dienst Toetsing Brandweer De rechtbank Inspectie Veiligheid en Justitie Dienst Terugkeer & Vertrek Openbaar Ministerie Politie Dienst Justitiële Inrichtingen Nationaal Coördinator Terrorismebe strijding en Veiligheid Integriteit en Screening IND Ministry of Security and Justice Centraal Justitieel Incasso- bureau
Facts Dienst Justitiële Inrichtingen DJI is: • House of detention • Prison • Juvenile penitentiary • Forensic psychiatric centre • Detention centre • Approx. 55000 inmates • 38 institutions Our focus is on: • approx. 13.500 employees • approx. 260 target systems • Many third-party organisations 4
5 Project Focus Areas Toegangsplatform DJI
User organisation Attribute Provider Attribute Provider Attribute Provider Supplier organisation 6 Service Provider Project overview Toegangsplatform DJI Audit solution IAM solution Active Directory HR store Identity Provider SAML Identities Attributes Target system Target system
Project phases and deliverables Toegangsplatform DJI Selected IAM solution Implemented IAM solution Business pilot: • roles (RBAC) • cleanup • new IAM processes Security officers: • automated reports • new audit processes • get and stay 100% clean Business provided with roles Future-proof federation environment Project completion Q3 2015 2016 2017 Q1 20192018 Project Start Preparation and pilot Business rollout 7 Decharge
Supplier organisation User organisation 8 Service Provider IAM solution Identity Provider 1 4 2 3 8ab 6 7b 5 Vision 2020: Dynamic ABAC HR storeHR Identities & attributes 7a Target system Attribute Provider Attribute Provider Attribute Provider Trusted party Trusted party Attribute Provider 8c 7c
Supplier organisation User organisation 9 Service Provider IAM solution Identity Provider Vision 2020: Dynamic ABAC HR store Target system Attribute Provider Attribute Provider Attribute Provider Trusted party Trusted party Attribute Provider Conve nantAudit solution Target system HR Identities & attributes
10 Roadmap: from Static RBAC to Dynamic ABAC
11 03 04 0501 02 Dynamic ABAC Target situation No authorisation model Start situation Dynamic RBAC Static ABAC / Hybrid ABAC/RBACStatic RBAC Roadmap Authorisation Models
Target system CTarget system BTarget system A 12 Start situation No authorisation model • Numerous points of request • Missing insight 01 Aut Aut Resource Aut Aut Resource Aut Aut Resource Aut Aut Resource Aut Aut Resource Aut Aut Resource Aut Aut Resource Aut Aut Resource
13 Static RBAC • One stop shop • Insight into the reason for authorisation • Fast removal of authorisations Task Func Org Proj • Function roles • Task roles • Project roles • Organisation roles 02 TaskFunc OrgProjTask Proj Org Auth Auth Auth Auth Auth Auth Auth Auth Resour ce Resour ce Resour ce Resour ce Resour ce Resour ce Resour ce Resour ce
14 Dynamic RBAC based on attributes from attribute store x based on HR attributes 03 Task OrgProjFunc Auth Auth Auth Auth Autj Auth AuthAuth Audit solution IAM solution Active Directory Target system HR store Con- nectorAttribute Provider
Supplier organisationUser organisation 15 Static ABAC 1 2 5 User requests access to system A (Service Provider) Send SAML message Request for SAML message 04 Audit solution IAM solution Active Directory Identity Provider 3 4 Authenticate against AD Request attributes Service ProviderConverter from ABAC to RBAC Hybrid ABAC/RBAC Target system A
16 Vision 2020: Dynamic ABAC 05 Supplier organisation User organisation Service Provider IAM solution Identity Provider 1 4 2 3 8ab 6 7b 5 HR storeHR Identities & attributes 7a Target system Attribute Provider Attribute Provider Attribute Provider Trusted party Trusted party Attribute Provider 8c 7c
Thank you for your attention 17

Recommended

Abac and the evolution of access control
Abac and the evolution of access controlAbac and the evolution of access control
Abac and the evolution of access control
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
Happiest Minds Technologies
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
NEC-IBM_Event_093015
NEC-IBM_Event_093015NEC-IBM_Event_093015
NEC-IBM_Event_093015
Alexis Bernardino
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
Black Duck by Synopsys
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
Synopsys Software Integrity Group
 

Recommended

Abac and the evolution of access control
Abac and the evolution of access controlAbac and the evolution of access control
Abac and the evolution of access control
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
Happiest Minds Technologies
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
NEC-IBM_Event_093015
NEC-IBM_Event_093015NEC-IBM_Event_093015
NEC-IBM_Event_093015
Alexis Bernardino
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
Black Duck by Synopsys
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
Synopsys Software Integrity Group
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR Compliance
MarketingArrowECS_CZ
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'Connor
Paul O'Connor
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
Miguel A. Amutio
 
Spice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy UpdateSpice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy Update
Mathew Chacko
 
National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context
Bank Alfalah Limited
 
[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...
[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...
[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...
Rakuten Group, Inc.
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summit
Elsa Prieto
 
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
MalikPinckney86
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
Donald E. Hester
 
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
Miguel A. Amutio
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
CTIN
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
manelmedina
 
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
ATMOSPHERE .
 
Automatski - The Internet of Things - Privacy Standards
Automatski - The Internet of Things - Privacy StandardsAutomatski - The Internet of Things - Privacy Standards
Automatski - The Internet of Things - Privacy Standards
automatskicorporation
 
CRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AI
CRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AICRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AI
CRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AI
IRJET Journal
 
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
DATA SECURITY SOLUTIONS
 
Crime Investigation with Cybernetic Protector
Crime Investigation with Cybernetic ProtectorCrime Investigation with Cybernetic Protector
Crime Investigation with Cybernetic Protector
IRJET Journal
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity Requirements
Kyle Brown
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overview
Elsa Prieto
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
Paul O'Connor
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 

More Related Content

Similar to Roadmap from Static RBAC to Dynamic ABAC @ IDM Europe 2017

Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR Compliance
MarketingArrowECS_CZ
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'Connor
Paul O'Connor
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
Miguel A. Amutio
 
Spice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy UpdateSpice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy Update
Mathew Chacko
 
National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context
Bank Alfalah Limited
 
[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...
[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...
[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...
Rakuten Group, Inc.
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summit
Elsa Prieto
 
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
MalikPinckney86
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
Donald E. Hester
 
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
Miguel A. Amutio
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
CTIN
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
manelmedina
 
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
ATMOSPHERE .
 
Automatski - The Internet of Things - Privacy Standards
Automatski - The Internet of Things - Privacy StandardsAutomatski - The Internet of Things - Privacy Standards
Automatski - The Internet of Things - Privacy Standards
automatskicorporation
 
CRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AI
CRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AICRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AI
CRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AI
IRJET Journal
 
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
DATA SECURITY SOLUTIONS
 
Crime Investigation with Cybernetic Protector
Crime Investigation with Cybernetic ProtectorCrime Investigation with Cybernetic Protector
Crime Investigation with Cybernetic Protector
IRJET Journal
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity Requirements
Kyle Brown
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overview
Elsa Prieto
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
Paul O'Connor
 

Similar to Roadmap from Static RBAC to Dynamic ABAC @ IDM Europe 2017 (20)

Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR Compliance
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'Connor
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
Spice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy UpdateSpice Route Legal Data Protection & Privacy Update
Spice Route Legal Data Protection & Privacy Update
 
National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context
 
[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...
[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...
[RakutenTechConf2013] [E-4] FUSION Forensics - A Critical Information Handlin...
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summit
 
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
 
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
 
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...
 
Automatski - The Internet of Things - Privacy Standards
Automatski - The Internet of Things - Privacy StandardsAutomatski - The Internet of Things - Privacy Standards
Automatski - The Internet of Things - Privacy Standards
 
CRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AI
CRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AICRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AI
CRIMINAL RECOGNITION USING IMAGE RECOGNITION AND AI
 
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
 
Crime Investigation with Cybernetic Protector
Crime Investigation with Cybernetic ProtectorCrime Investigation with Cybernetic Protector
Crime Investigation with Cybernetic Protector
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity Requirements
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overview
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
 

Recently uploaded

Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 

Recently uploaded (20)

Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 

Roadmap from Static RBAC to Dynamic ABAC @ IDM Europe 2017

  • 1. Toegangsplatform DJI (IAM platform DJI) Jean-Pierre Vincent (Programme manager) Matthijs Kempers (Project manager business) Datum: 8-3-2017
  • 2. Agenda 1. About Dienst Justitiële Inrichtingen (part of Ministry of Security and Justice) 2. Project overview Toegangsplatform DJI 3. Vision 2020: Dynamic ABAC 4. Roadmap: from Static RBAC to Dynamic ABAC 2
  • 3. 3 About Ministry of Security and Justice Justitiële uitvoerings- dienst Toetsing Brandweer De rechtbank Inspectie Veiligheid en Justitie Dienst Terugkeer & Vertrek Openbaar Ministerie Politie Dienst Justitiële Inrichtingen Nationaal Coördinator Terrorismebe strijding en Veiligheid Integriteit en Screening IND Ministry of Security and Justice Centraal Justitieel Incasso- bureau
  • 4. Facts Dienst Justitiële Inrichtingen DJI is: • House of detention • Prison • Juvenile penitentiary • Forensic psychiatric centre • Detention centre • Approx. 55000 inmates • 38 institutions Our focus is on: • approx. 13.500 employees • approx. 260 target systems • Many third-party organisations 4
  • 6. User organisation Attribute Provider Attribute Provider Attribute Provider Supplier organisation 6 Service Provider Project overview Toegangsplatform DJI Audit solution IAM solution Active Directory HR store Identity Provider SAML Identities Attributes Target system Target system
  • 7. Project phases and deliverables Toegangsplatform DJI Selected IAM solution Implemented IAM solution Business pilot: • roles (RBAC) • cleanup • new IAM processes Security officers: • automated reports • new audit processes • get and stay 100% clean Business provided with roles Future-proof federation environment Project completion Q3 2015 2016 2017 Q1 20192018 Project Start Preparation and pilot Business rollout 7 Decharge
  • 8. Supplier organisation User organisation 8 Service Provider IAM solution Identity Provider 1 4 2 3 8ab 6 7b 5 Vision 2020: Dynamic ABAC HR storeHR Identities & attributes 7a Target system Attribute Provider Attribute Provider Attribute Provider Trusted party Trusted party Attribute Provider 8c 7c
  • 9. Supplier organisation User organisation 9 Service Provider IAM solution Identity Provider Vision 2020: Dynamic ABAC HR store Target system Attribute Provider Attribute Provider Attribute Provider Trusted party Trusted party Attribute Provider Conve nantAudit solution Target system HR Identities & attributes
  • 11. 11 03 04 0501 02 Dynamic ABAC Target situation No authorisation model Start situation Dynamic RBAC Static ABAC / Hybrid ABAC/RBACStatic RBAC Roadmap Authorisation Models
  • 12. Target system CTarget system BTarget system A 12 Start situation No authorisation model • Numerous points of request • Missing insight 01 Aut Aut Resource Aut Aut Resource Aut Aut Resource Aut Aut Resource Aut Aut Resource Aut Aut Resource Aut Aut Resource Aut Aut Resource
  • 13. 13 Static RBAC • One stop shop • Insight into the reason for authorisation • Fast removal of authorisations Task Func Org Proj • Function roles • Task roles • Project roles • Organisation roles 02 TaskFunc OrgProjTask Proj Org Auth Auth Auth Auth Auth Auth Auth Auth Resour ce Resour ce Resour ce Resour ce Resour ce Resour ce Resour ce Resour ce
  • 14. 14 Dynamic RBAC based on attributes from attribute store x based on HR attributes 03 Task OrgProjFunc Auth Auth Auth Auth Autj Auth AuthAuth Audit solution IAM solution Active Directory Target system HR store Con- nectorAttribute Provider
  • 15. Supplier organisationUser organisation 15 Static ABAC 1 2 5 User requests access to system A (Service Provider) Send SAML message Request for SAML message 04 Audit solution IAM solution Active Directory Identity Provider 3 4 Authenticate against AD Request attributes Service ProviderConverter from ABAC to RBAC Hybrid ABAC/RBAC Target system A
  • 16. 16 Vision 2020: Dynamic ABAC 05 Supplier organisation User organisation Service Provider IAM solution Identity Provider 1 4 2 3 8ab 6 7b 5 HR storeHR Identities & attributes 7a Target system Attribute Provider Attribute Provider Attribute Provider Trusted party Trusted party Attribute Provider 8c 7c
  • 17. Thank you for your attention 17