Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
o rd
w
s
s
Pa
ent
m
e
ag
Man
Sign
e
l
g
Sin
On
Fed
erat
ion
Secure Remote
Access
Role
Managem
ent
Web Services
Security
ng &
i
t
i
d
Au
ting
r
o
p
Re
Authorization
Digital
Rights
Management
ng
Stro ntication
e
Auth
PKI
Identity Management
Definitions
Identity Management (IDM): IDM is the process by which various components in an identity management system
manage the account life cycle for network entities in an organization, and most commonly refers to the management
of an organizations application users
Provisioning refers to a technology and process based solution for enforcing and managing the creation, read, update,
and deletion of user accounts based on a defined security policy. Provisioning is also a means of propagating security
policy, for example by setting access rights on management systems based on group memberships and/or role
assignments
Authentication: The process of verifying the identity claimed by an entity based on its credentials
Authorization: Authorization is the process of determining if a user has the right to access a requested resource
Authorization Policies: Declarations that define entitlements of a security principal and any constraints related to that
entitlement
Account Life Cycle : The steps that are taken to provision access for a user to a given system resource
RBAC Role based access: Providing access to a system resource based on programmatic logic based on roles
Authoritative Resource: System of reference for employment status and position description
Target System Resource: System/application where the automated provisioning will occur
LDAP: The Lightweight Directory Access Protocol is an application protocol for querying and modifying directory
services running over TCP/IP
Single Sign On: is a property of access control of multiple, related, but independent software systems. With this
property a user logs in once and gains access to all systems without being prompted to log in again at each of them.
Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software
systems
Active Directory
Other directory services
HR systems
Databases
Custom line-of-business (LOB) applications
Third-party Software as a Service (SaaS) Web
applications
Local system accounts on Windows, Linux or
Unix
Email
Multiple Contexts
Customer satisfaction & customer intimacy
Cost competitiveness
Reach, personalization
Your SUPPLIERS
Your CUSTOMERS
Collaboration
Outsourcing
Faster business cycles;
process automation
Value chain
M&A
Mobile/global
workforce
Flexible/temp
workforce
Your PARTNERS
Enterprise Directory
Authenticati
on
Authorizatio
nIdentity Data
HR
System
Authenticati
on
Authorizatio
nIdentity Data
NOS
Authenticati
on
Authorizatio
nIdentity Data
Lotus
Notes Apps
Authenticati
on
Authorizatio
nIdentity Data
Infra
Application
Authenticati
on
Authorizatio
nIdentity Data
COTS
Application
Authenticati
on
Authorizatio
nIdentity Data
In-House
Application
Authenticati
on
Authorizatio
nIdentity Data
In-House
Application
Identity Chaos
Pain Points
IT Admin
Too many
user
stores and
account
admin
requests
Unsafe
sync
scripts
Developer
Redundant
code in
each app
Rework
code too
often
End User
Too many
passwords
Long waits
for access
to apps,
resources
Security/
Compliance
Too many
orphaned
accounts
Limited
auditing
ability
Business
Owner
Too
expensive
to reach
new
partners,
channels
Need for
control
Enterprise Directory
Identity Integration
Authenticati
on
Authorizatio
nIdentity
Data
Authenticati
on
Authorizatio
nIdentity
Data
Authenticati
on
Authorizatio
nIdentity
Data
Authenticati
on
Authorizatio
nIdentity
Data
Authenticati
on
Authorizatio
nIdentity
Data
Authenticati
on
Authorizatio
nIdentity
Data
Authenticati
on
Authorizatio
nIdentity
Data
HR
System
Student
Admin
Lotus
Notes Apps
Infra
Application
COTS
Application
In-House
Application
In-House
Application
IAM Benefits
Benefits today
(Tactical)
Save money and improve operational
efficiency
Improved time to deliver applications
and service
Benefits to take
you forward
(Strategic)
New ways of working
Enhance Security
What is IDM ?
Identity and Access as a Service
Benefits
End Users
Policy
Managers
Delegated
Administration
Identity
Analytics
Workflow
Trusted and
reliable security
Efficient
regulatory
compliance
Lower
administrative
and dev costs
Enable online
business
networks
Better end-user
experience
Directories
Meta Directories
Meta directories are engines that synchronize data about users between
different systems. Most modern IAG systems include what amounts to a
meta directory, though it may not be labeled as such.
Conclusions
Identity management is a class of technologies
intended to streamline the management of user
identity information both inside and outside an
enterprise. It includes:
Directories, especially those using LDAP.
Password management.
Enteprise single sign-on.
Web access management and web single sign-on.
User provisioning.
Federation.