XACML and Access Management. A Business Case for Fine-Grained Authorization and Centralized Policy Management
|
|
- Muriel Fowler
- 8 years ago
- Views:
Transcription
1 A Business Case for Fine-Grained Authorization and Centralized Policy Management
2 Dissolving Infrastructures A recent Roundtable with CIOs from a dozen multinational companies concurred that Identity & Access Management (IAM) investment plans remain unaltered in spite of the financial situation which impacts the IT budgets of everyone. Yet, they shared one serious concern. How do you establish an IAM roadmap that remains consistently valid over at least the next six months of which we currently know only one thing for certain: namely that there will be change? Examples of events foreseen based on costly experiences made: Mergers & acquisitions: a new entity with its own full-blown IT infrastructure suddenly needs to be incorporated. While basic business critical systems can run in parallel for some time, at least portions of user populations must be granted access across domains instantly. Existing role modeling to align access with business rules become useless. Cloud computing: A new CRM operated in-house for no more than six months was abandoned by a good portion of the company s sales force in favor of a co-hosted service floating on the clouds of a business partner. Integration points need to be remodeled to resolve related IAM challenges. Web service wrappers: Transactions on mainframes once represented a major authorization headache. RACF or competing technology solutions were a satisfactory answer. Today, however, no user interacts with these systems face to face. Yet, they are still the foundation within many infrastructures, hidden under layers of service oriented architectures. Authorization issues are multiplying with each service added. And new services are being constantly added. Increasingly diverse user populations: One CIO thought her company unique in that internal users represented only a fraction of her total identity life-cycle hassle. A vast majority were external consultants, technology partners, resellers, different categories of customers with varying levels of access to support services, third-party service providers and many more. Her problem was special, indeed, yet it turned out to be far from unique. Dynamically changing user populations seem to pass through some data centers like a herd of buffalos on the run. Figure 1: Service Delivery Evolution Increases Authorization Headaches Centralizing AAAA Control In a not too distant past IAM was often referred to as AAAA. Definitions of the acronym have varied but in essence these essential IAM goals were addressed: Administration services to manage user identities and credentials Authentication services to securely establish user identities Authorization services to determine user permissions Accountability services securing evidence of actions and events
3 As IAM capabilities have evolved in recent years, efficient and centralized control over some of these A domains have been achieved. The figure below illustrates a generic version of an IAM vision commonly promoted by vendors and implementers alike. Figure 2: Common Overall IAM Vision Administration: Modern Identity Management solutions enable a structured process for the creation, alteration or termination of user IDs with approval workflows leaving an audit trail for auditors and system owners alike to review. User Provisioning automates and secures user profile configurations on thus centrally managed systems. Authentication: More often than not applications and systems utilize shared and centrally managed services to verify user identities. Technologies based on Kerberos, PKI, LDAP, SAML or other protocols or authentication mechanisms are widely deployed. Yet, while Accountability within the IAM system itself can be established, securing an audit trail of user access to resources still remains a challenge. And this is especially true for the most sensitive types of access: privileged or superuser access to systems holding business critical data. Finally, Authorization services essentially remain distributed and embedded within the proprietary code of the various target systems themselves. The intranet web portal, the CRM, ERP and HR system may all share the same authentication service to verify that Joe is actually Joe. However, the CRM system will determine which customers Joe can access. The ERP system will resolve which invoice records Joe can edit. The HR system will grant access to employee data based on its own access control configurations applicable to Joe, etc. Thus, authorization remains delegated to each of the provisioned target system. Dynamic Access Control Needs User provisioning, probably the fastest growing branch of IAM technology deployed today, assumes such delegation of authorization techniques to be reliable and sustainable, which in many instances may be the case. However, confronted with the dynamically changing business environment, as anticipated by the Roundtable discussion referred to above, the Common Overall IAM Vision illustrated above often falls short. It assumes a static operating environment and is therefore not flexible enough. With mashups combining data from multiple sources there is no or little comfort even in the assumed fact that authorization within each individual source is sound. Data mining utilities accessing the RDBMS backend behind the application logic of the application server, web services propagating data to user populations beyond the realm of the existing authorization domain, service channels incorporating external contents, user populations as well as data being merged for all of these real-world challenges, the prevailing IAM vision risks
4 introducing yet another legacy hindering rather than supporting smooth adoption to dynamically changing requirements. Moreover, even if the operating environment as such remains fairly stable, evaluation of user permissions still needs to respond dynamically to changing contexts. The NIST Enterprise Dynamic Access Control (EDAC) authorization model illustrates such needs. EDAC, suggested to overcome static binding of permissions in Role Base Access Control (RBAC) models, introduces workflows, changing business rules, varying attributes, environmental changes (red alerts or, less dramatically, end of business hours), filled-in questionnaire obligations etc. and other changing conditions which must be considered in a decision to grant or deny access. What was permitted during phase A should possibly be denied once the state of a workflow changes to phase B. What goes at noon may be forbidden at midnight. What may be in compliance while related data is in a draft state may be a severe breach of integrity once it has reached a finalized and approved state, etc. Attributes altered in the course of data processing in one business critical system may therefore need to impact authorization decisions made in another. In service oriented architectures the frequency with which such contextual changes may need to impact authorization decisions rapidly increases. New IAM architectures must keep these needs in mind in order to improve upon its predecessors. Policy- and Standards-Based Authorization Thus, while administration and authentication services have evolved over the years, modern IAM architectures still often lack key components to allow a standards-based approach to authorization and auditing challenges. With the extendible Access Control Markup Language (XACML), version 2 approved as an OASIS standard in 2005 and by now matured production-ready with 3.0 to be released, a foundation for these components has been provided. XACML provides a generic and flexible language to deal with all aspects of authorization policy management and enforcement. Much like SQL comes with a Data Definition Language for database modeling as well as a query language for data retrieval, XACML can be used to define access control policies as well as to query the policy engine with access requests; the response being a straightforward Permit or Deny. The flexibility and scalability of XACML ensures it can be used to express any existing authorization policy or access request while addressing dynamically changing conditions with a compelling simplicity. Standards are of little interest unless adhered to and accepted by broad majorities. And standards put on banners in bitter struggles between know-it-alls of different convictions often serve counterproductive purposes. Luckily, XACML already enjoys broad acceptance and robust interoperability between vendor implementations has already been proven. Thus, XACML is already a standard that you can reliably base future architectural decisions upon. Basic concepts XACML provides attribute based authorization. A Subject wants to perform an Action on a Resource in a given Enviromental context. Each of these entities may be defined with one simple or multiple sets of complex attributes. Rules define conditions that need to be met if the requested action should be allowed. Bob wants to read the financial report draft via the VPN at midnight. Permit or Deny? Alice wants to print the report on HP Printer 2 on the second floor although she hasn t signed her NDA yet. Permit or Deny? Multiple Rules are combined in Policies and multiple policies can be combined in Policy Sets. One Policy Set in turn can include multiple further policy sets.
5 Basic components A Policy Enforcement Point (PEP) is a component intercepting any kind of access request. The PEP queries a Policy Definition Point (PDP) to determine whether access should be denied or allowed. The PDP may consult a Policy Information Point (PIP) which in turn interacts with other authoritative sources to gather additional data needed for a decision, typically an LDAP repository or databases holding information relevant for authorization decisions. Administrators use the Policy Administration Point (PAP) to maintain policy definitions. The Business Case A CIO confronted with the challenges of a sudden merger would obviously not resolve issues at hand by simply adding some new authorization technology. XACML is no universal cure against rapidly changing user populations, cloud computing, clogged up web services or insufficient compliance reporting tools. Yet, obviously headaches introduced in situations such as these would be easier to endure in a world where standardized and policy-based authorization has been widely adopted. So when is the right time to start? When does XACML-based authorization provide short term benefits while laying the foundation for a more sustainable future? Below some examples of situations in which XACML-based authorization has proven to provide immediate benefits: Service-oriented architectures. The organization is implementing new solutions based on service oriented architectures. By making standardized authorization a corporate policy, developers are able to more efficiently reuse components for authorization which reduces implementation costs and time. At the same time, the organization enables an interface for business and IT to interact, allowing a structured process to ensure alignment of access control policies with overall business objectives and rules. Dynamic and fine-grained access controls required. The organization is unable to meet regulatory requirements or to achieve a satisfactory level of IT governance unless access to data in one or several business critical applications can be made more context aware with fine-grained authorization. Health care where patient data records are shared in a way that needs to meet regulatory requirements and conform to standards such as HL7 is a typical example. But similar challenges arise in other Content- Enabled Vertical Applications (CEVA) which combine content management services with business process management tools to support core business processes. By using robust, fine-grained policybased authorization the organization is able to protect privacy and to secure confidentiality for its vital data stores.
6 IAM related integration efforts. The organization is introducing new tools and capabilities for purposes such as data mining and reporting, content management or ERP data exchange, efforts which require IAM integration to be achieved via provided APIs of tools used. A decision to achieve this integration by means of a PEP querying a PDP rather than using a custom built solution does not necessarily reduce the immediate integration effort, but the end result offers a more flexible and sustainable solution. And for every future integration project, the benefits of a thus achieved integration platform become obvious. Controlling authorization in workflows. IT support for increasingly complex workflows is required as interactions between different user categories are being automated. This is for instance the case in many applications enabling egovernment capabilities. Transfers from one state to the other in a process may depend on complex data validation. Digital signatures may be used for approval workflows. To handle conditional process progress in which user access to data becomes context dependent, a policy based authorization model helps breaking down complex dependencies in simple logical operations. Handling enterprise content management challenges. In recent years, many organizations have made use of new enterprise content management technologies that radically simplify deployment of general purpose data stores. Privacy concerns or data protection needs are typically not the primary focus when these solutions are being implemented. Yet, as vital information is made easily available to a broad audience the need for fine-grained authorization soon becomes obvious. XACML based authorization have proven to be an efficient answer to the problem. Do you recognize any of the above or similar challenges? If so, you would probably be well advised to consider XACML as a basic requirement within your future IT architecture. About Axiomatics Axiomatics, located in Stockholm, Sweden, is the leading provider of fine- grained authorization and entitlement management solutions based on the XACML standard. As an active member of XACML Technical Committee in OASIS, Axiomatics contributes to the development of the standard and has the editorial responsibility of its latest specification. Axiomatics has currently customers in health care, defense, telecommunication and financial markets. Contact information Mailing address: Axiomatics AB Electrum Kista Sweden info@axiomatics.com
White Paper The Identity & Access Management (R)evolution
White Paper The Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 A New Perspective on Identity & Access Management Executive Summary Identity & Access Management
More informationWhite Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution
White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations
More informationEntitlements Access Management for Software Developers
Entitlements Access Management for Software Developers Market Environment The use of fine grained entitlements and obligations control for access to sensitive information and services in software applications
More informationIdentity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics
Identity, Privacy, and Data Protection in the Cloud XACML David Brossard Product Manager, Axiomatics 1 What you will learn The issue with authorization in the cloud Quick background on XACML 3 strategies
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationThe XACML Enabled Gateway The Entrance to a New SOA Ecosystem
The XACML Enabled Gateway The Entrance to a New SOA Ecosystem White Paper Intel SOA Expressway and Axiomatics Policy Server Solution Intel SOA Expressway and Axiomatics Policy Server combined provide a
More informationSPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness
Interoperability Summit 2002 SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness Gavenraj Sodhi Senior Technology Analyst Provisioning
More informationEnterprise Identity Management Reference Architecture
Enterprise Identity Management Reference Architecture Umut Ceyhan Principal Sales Consultant, IDM SEE Agenda Introduction Virtualization Access Management Provisioning Demo Architecture
More informationHow much do you pay for your PKI solution?
Information Paper Understand the total cost of your PKI How much do you pay for your PKI? A closer look into the real costs associated with building and running your own Public Key Infrastructure and 3SKey.
More informationTECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management
TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management Table of Contents Executive Summary 1 SECTION 1: CHALLENGE 2 The Need for
More informationOpen Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0
sm Open Data Center Alliance Usage: Identity Interoperability Guide rev. 1.0 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary...
More informationNetworkingPS Federated Identity Solution Solutions Overview
NetworkingPS Federated Identity Solution Solutions Overview OVERVIEW As the global marketplace continues to expand, new and innovating ways of conducting business are becoming a necessity in order for
More informationA Model for Access Control Management in Distributed Networks
A Model for Access Control Management in Distributed Networks Master of Science Thesis Azadeh Bararsani Supervisor/Examiner: Dr. Johan Montelius Royal Institute of Technology (KTH), Stockholm, Sweden,
More informationSOA REFERENCE ARCHITECTURE: WEB TIER
SOA REFERENCE ARCHITECTURE: WEB TIER SOA Blueprint A structured blog by Yogish Pai Web Application Tier The primary requirement for this tier is that all the business systems and solutions be accessible
More informationWhite Paper Delivering Web Services Security: The Entrust Secure Transaction Platform
White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationPrivacy Management Standards: What They Are and Why They Are Needed Now
ITU-T Q10/17 Identity Summit Geneva December 10, 2010 Privacy Management Standards: What They Are and Why They Are Needed Now John Sabo Director Global Government Relations Chair, OASIS IDtrust Member
More informationHow can Identity and Access Management help me to improve compliance and drive business performance?
SOLUTION BRIEF: IDENTITY AND ACCESS MANAGEMENT (IAM) How can Identity and Access Management help me to improve compliance and drive business performance? CA Identity and Access Management automates the
More informationOracle Access Manager. An Oracle White Paper
Oracle Access Manager An Oracle White Paper NOTE: The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any
More information> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional
Web Access Management May 2008 CA Canada Seminar > Please fill your survey to be eligible for a prize draw Only contact info is required for prize draw Survey portion is optional > How to Transform Tactical
More informationBest Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, 2004 9:00 AM
Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance RSA Security and Accenture February 26, 2004 9:00 AM Agenda Laura Robinson, Industry Analyst, RSA Security Definition of
More informationOpen Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0
sm Open Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Reference Framework... 5 Context... 6 Applicability...
More informationProf. Dr. Lutz Heuser SAP Research
Enterprise Services Architecture & Semantic Web Services Prof. Dr. Lutz Heuser SAP Research Enterprise Services Architecture Architecture for Change Semantic Web Services Time for Change: IT is Entering
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationIDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach
IDENTITY MANAGEMENT AND WEB SECURITY A Customer s Pragmatic Approach AGENDA What is Identity Management (IDM) or Identity and Access Management (IAM)? Benefits of IDM IDM Best Practices Challenges to Implement
More informationFederated Identity and Single Sign-On using CA API Gateway
WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationEnterprise Management Solutions Protection Profiles
Enterprise Management Solutions Protection Profiles Eric Winterton, Booz Allen Hamilton Joshua Brickman, CA Inc. September 2008 Copyright 2008 CA, Inc. and Booz Allen Hamilton. All rights reserved. All
More informationProduct overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities
PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to
More informationBUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT
Solution in Detail NetWeaver BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING NetWeaver IDENTITY MANAGEMENT Identity management today presents organizations with a host of challenges. System landscapes
More informationArchitecture Guidelines Application Security
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
More informationOpen Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0
sm Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Related Usage Models... 5 Reference Framework...
More informationCurrent Environment Assessment Specification. Single Sign On Customer Relation Management Workstation Support
Current Environment Assessment Specification Single Sign On Customer Relation Management Workstation Support Georgia State University By: Team #2 Members: Igor Wolbers Tony Yuan Saeed Nadjariun Team2 Version
More informationSingle Sign On In A CORBA-Based
Single Sign On In A CORBA-Based Based Distributed System Igor Balabine IONA Security Architect Outline A standards-based framework approach to the Enterprise application security Security framework example:
More informationWhite paper. Business-Driven Identity and Access Management: Why This New Approach Matters
White paper Business-Driven Identity and Access Management: Why This New Approach Matters Executive Summary For years, security and business managers have known that identity and access management (IAM)
More informationIdentity Management Roadmap and Maturity Levels. Martin Kuppinger Kuppinger Cole + Partner mk@kuppingercole.de
Identity Roadmap and Maturity Levels Martin Kuppinger Kuppinger Cole + Partner mk@kuppingercole.de Major Trends in Identity Guidelines for an IAM roadmap Service-orientation: Identity has to provide defined
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationIdentity Management for Interoperable Health Information Exchanges
Identity Management for Interoperable Health Information Exchanges Presented to the NASMD Medicaid Transformation Grants HIE Workgroup - March 26, 2008 Presented by: John (Mike) Davis, Department of Veterans
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationIBM Security & Privacy Services
Enter Click Here The challenge of identity management Today organizations are facing paradoxical demands for greater information access and more stringent information security. You must deliver more data
More informationG Cloud 6 CDG Service Definition for Forgerock Software Services
G Cloud 6 CDG Service Definition for Forgerock Software Services Author: CDG Date: October 2015 Table of Contents Table of Contents 2 1.0 Service Definition 3 1.0 Service Definition Forgerock as a Platform
More informationSecuring Enterprise: Employability and HR
1 Securing Enterprise: Employability and HR Federation and XACML as Security and Access Control Layer Open Standards Forum 2 Employability and HR Vertical Multiple Players - Excellent case for federation
More informationIBM Customer Experience Suite and Electronic Forms
Introduction It s more important than ever to have a set of capabilities that allow you to create dynamic, self service options for your customers that leverage existing processes and infrastructure. Your
More informationOracle Role Manager. An Oracle White Paper Updated June 2009
Oracle Role Manager An Oracle White Paper Updated June 2009 Oracle Role Manager Introduction... 3 Key Benefits... 3 Features... 5 Enterprise Role Lifecycle Management... 5 Organization and Relationship
More informationnexus Hybrid Access Gateway
Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries
More informationFederal Identity, Credentialing, and Access Management. Identity Scheme Adoption Process
Federal Identity, Credentialing, and Access Management Identity Scheme Adoption Process Version 1.0.0 Release Candidate July 8, 2009 ii Document History Status Release Date Comment Audience Draft 0.0.1
More informationRedpaper Axel Buecker Craig Forster Sridhar Muppidi Borna Safabakhsh
Redpaper Axel Buecker Craig Forster Sridhar Muppidi Borna Safabakhsh IBM Tivoli Security Policy Manager Introduction In a growing number of enterprises, policies are the key mechanism by which the capabilities
More informationThis research note is restricted to the personal use of christine_tolman@byu.edu
Burton IT1 Research G00234483 Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance
More informationBringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com
Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services
More informationIBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services. Combine resources for one complete online business security solution.
IBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services Combine resources for one complete online business security solution. Big e-business opportunities demand security to match
More informationOracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007
Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...
More informationCloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102
Cloud Standards Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 2011 IBM Corporation Agenda Overview on Cloud Standards Identity and Access Management Discussion 2 Overview on Cloud
More informationLDAP Authentication Configuration Appendix
1 Overview LDAP Authentication Configuration Appendix Blackboard s authentication technology is considered a focal point in the company s ability to provide true enterprise software. Natively, the Blackboard
More informationHow to Implement Enterprise SAML SSO
How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and
More informationOracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010
Oracle Platform Security Services & Authorization Policy Manager Vinay Shukla July 2010 The following is intended to outline our general product direction. It is intended for information purposes only,
More informationSHAREPOINT SERVICE DEFINITION. G-CLOUD Commercial-in-Confidence. civil.lockheedmartin.co.uk
SHAREPOINT SERVICE DEFINITION G-CLOUD Commercial-in-Confidence civil.lockheedmartin.co.uk SECTION 1 LOCKHEED MARTIN S SHAREPOINT CAPABILITY Lockheed Martin offers a full end to end service, delivering
More informationIdentity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities
Identity and Access Management Integration with PowerBroker Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 4 BeyondTrust
More informationEmpowering Patients and Enabling Providers
Empowering Patients and Enabling Providers WITH HEALTH INFORMATION PRIVACY Terry Callahan - Managing Director Agenda About HIPAAT Provider of consent management and auditing for personal/protected health
More information10 Things IT Should be Doing (But Isn t)
Contents Overview...1 Top Ten Things IT Should be Doing...2 Audit Data Access... 2 Inventory Permissions and Directory Services Group Objects... 2 Prioritize Which Data Should Be Addressed... 2 Remove
More informationIdentity and Access Management
Cut costs. Increase security. Support compliance. www.siemens.com/iam Scenarios for greater efficiency and enhanced security Cost pressure is combining with increased security needs compliance requirements
More informationTake Control of Identities & Data Loss. Vipul Kumra
Take Control of Identities & Data Loss Vipul Kumra Security Risks - Results Whom you should fear the most when it comes to securing your environment? 4. 3. 2. 1. Hackers / script kiddies Insiders Ex-employees
More informationIntegrating Enterprise Reporting Seamlessly Using Actuate Web Services API
Any User. Any Data. Any Deployment. Technical White Paper Integrating Enterprise Reporting Seamlessly Using Actuate Web Services API How Web Services Can Be Used to Perform Fast, Efficient, Future-Proof
More informationWebsense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration
Websense Data Security Suite and Cyber-Ark Inter-Business Vault The Power of Integration Websense Data Security Suite Websense Data Security Suite is a leading solution to prevent information leaks; be
More informationHP Identity Management for manufacturing companies
HP Identity Management for manufacturing companies Be faster to market through secure access HP making identity management work HP s broad platform support and superior, standards-based architecture enabled
More informationThe Emerging Infrastructure for Identity and Access Management
The Emerging Infrastructure for Identity and Access Management Copyright 2001 The Burton Group. All rights reserved. Open Group In3 Conference January 23, 2002 Jamie Lewis, CEO and Research Chair, jlewis@burtongroup.com
More informationFederated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationRole Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration
Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration Horst Bliedung Director International Sales CEE Siemens IT Solutions and Services
More informationStandards and Guidelines for. Information Technology. Infrastructure, Architecture, and Ongoing Operations
Standards and Guidelines for Information Technology Infrastructure, Architecture, and Ongoing Operations This document describes applicable standards and guidelines for the university's policy on Information
More informationsecure user IDs and business processes Identity and Access Management solutions Your business technologists. Powering progress
secure Identity and Access Management solutions user IDs and business processes Your business technologists. Powering progress 2 Protected identity through access management Cutting costs, increasing security
More informationExtend and Enhance AD FS
Extend and Enhance AD FS December 2013 Sponsored By Contents Extend and Enhance AD FS By Sean Deuby Introduction...2 Web Service SSO Architecture...3 AD FS Overview...5 Ping Identity Solutions...7 Synergy
More informationBOF2337 Open Source Identity and Access Management Expert Panel, Part II. 23 September 2013 5:30p Hilton - Golden Gate 6/7/8 San Francisco CA
Open Source Identity and Access Management Expert Panel, Part II 23 September 2013 5:30p Hilton - Golden Gate 6/7/8 San Francisco CA slide 2 Expert Panel Emmanuel Lécharny, Apache Software Foundation Howard
More informationTechnical Layer (Technical Interoperability) Information Layer (Information Interoperability. Business Layer (Business Process Interoperability)
Layers of Interoperability Technical Layer (Technical Interoperability) Information Layer (Information Interoperability Business Layer (Business Process Interoperability) Information Interoperability Identify
More informationStephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15
Program Name Identity and Access Management (IAM) Implementation IAM Executive Sponsors Jim Livingston Stephen Hess 1 P age Project Scope Project Description The goal of this project is to implement an
More informationLaserfiche for Federal Government MEET YOUR AGENCY S MISSION
Laserfiche for Federal Government MEET YOUR AGENCY S MISSION HOW ENTERPRISE CONTENT MANAGEMENT Serves Civilian and Defense Agencies Whether a federal agency supports farmers in the field, soldiers overseas
More informationIdentity Access Management: Beyond Convenience
Identity Access Management: Beyond Convenience June 1st, 2014 Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are looking
More informationCHAPTER - 3 WEB APPLICATION AND SECURITY
CHAPTER - 3 WEB APPLICATION AND SECURITY 3.1 Introduction Web application or Wepapp is the general term that is normally used to refer to all distributed web-based applications. According to the more technical
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.
More informationEnterprise Digital Identity Architecture Roadmap
Enterprise Digital Identity Architecture Roadmap Technical White Paper Author: Radovan Semančík Date: April 2005 (updated September 2005) Version: 1.2 Abstract: This document describes the available digital
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationHow To Secure A Database From A Leaky, Unsecured, And Unpatched Server
InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions
More informationEXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski March 2015 is a comprehensive Privileged Identity Management solution for physical and virtual environments with a very broad range of supported
More informationData Center Solutions
Data Center Solutions New Data Center Challenges Require New Solutions Data Center Architecture. Inside and Out. Data centers are mission-critical facilities. A silo-based approach to designing, deploying
More informationIdentity & Access Management new complex so don t start?
IT Advisory Identity & Access Management new complex so don t start? Ing. John A.M. Hermans RE Associate Partner March 2009 ADVISORY Agenda 1 KPMG s view on IAM 2 KPMG s IAM Survey 2008 3 Best approach
More informationVendor Questionnaire
Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining
More informationIdentity Management Basics. OWASP May 9, 2007. The OWASP Foundation. Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com. http://www.owasp.
Identity Management Basics Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com May 9, 2007 Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More informationWhite paper. The Big Data Security Gap: Protecting the Hadoop Cluster
The Big Data Security Gap: Protecting the Hadoop Cluster Introduction While the open source framework has enabled the footprint of Hadoop to logically expand, enterprise organizations face deployment and
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationINTELLIGENCE DRIVEN IDENTITY AND ACCESS MANAGEMENT
INTELLIGENCE DRIVEN IDENTITY AND ACCESS MANAGEMENT OVERVIEW The way organizations manage access to their critical applications and data is quickly becoming unwieldy and overly complicated. That s because
More informationService Oriented Architecture (SOA) An Introduction
Oriented Architecture (SOA) An Introduction Application Evolution Time Oriented Applications Monolithic Applications Mainframe Client / Server Distributed Applications DCE/RPC CORBA DCOM EJB s Messages
More informationUnited States Citizenship and Immigration Services (USCIS) Enterprise Service Bus (ESB)
for the United States Citizenship and Immigration Services (USCIS) June 22, 2007 Contact Point Harry Hopkins Office of Information Technology (OIT) (202) 272-8953 Reviewing Official Hugo Teufel III Chief
More informationWHITE PAPER. Improving Efficiency in IT Administration via Automated Policy Workflows in UNIX/Linux
WHITE PAPER Improving Efficiency in IT Administration via Automated Policy Workflows in UNIX/Linux Table of Contents Executive Summary 3 Efficiency is the Driving Catalyst 3 Key Advantages in Automating
More informationThe Unique Alternative to the Big Four. Identity and Access Management
The Unique Alternative to the Big Four Identity and Access Management Agenda Introductions Identity and Access Management (I&AM) Overview Benefits of I&AM I&AM Best Practices I&AM Market Place Closing
More informationIT@Intel. Improving Security and Productivity through Federation and Single Sign-on
White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing
More informationWhite Paper. What is an Identity Provider, and Why Should My Organization Become One?
White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationAn Enterprise Architect s Guide to API Integration for ESB and SOA
An Enterprise Architect s Guide to API Integration for ESB and SOA The New Digital Imperative While some are still adjusting to the idea, you re well aware that we re living in an application economy.
More informationSOA Myth or Reality??
IBM TRAINING S04 SOA Myth or Reality Jaqui Lynch IBM Corporation 2007 SOA Myth or Reality?? Jaqui Lynch Mainline Information Systems Email jaqui.lynch@mainline.com Session S04 http://www.circle4.com/papers/s04soa.pdf
More informationResource Management. Resource Management
Resource Management ibpms Business Process Applications (BPAs) are the innovative, new class of Service Oriented Business Applications (SOBAs) that help businesses automate and simplify the management
More information