Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0"

Transcription

1 sm Open Data Center Alliance Usage: Identity Interoperability Guide rev. 1.0

2 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Audience... 5 Assumptions... 5 General Principles... 6 Overview... 6 Reference Framework... 8 Applicability... 9 Reference Model...11 Usage Models...12 Infrastructure as a Service (IaaS) Privileged User Access...12 Single Sign On...12 Identity Provisioning (add/modify/delete)...12 Access Control Services...13 Identity Federation...13 References...14 Industry Call to Action...14 Summary of Acronyms

3 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Legal Notice This Open Data Center Alliance SM Usage Model: Identity Interoperability Guide is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS WHO ARE NOT OPEN DATA CENTER ALLIANCE PARTICIPANTS: Non-Open Data Center Alliance Participants only have the right to review, and make reference or cite, this document. Any such references or citations to this document must give the Open Data Center Alliance, Inc. full attribution and must acknowledge the Open Data Center Alliance, Inc. s copyright in this document. Such users are not permitted to revise, alter, modify, make any derivatives of, or otherwise amend this document in any way. NOTICE TO USERS WHO ARE OPEN DATA CENTER ALLIANCE PARTICIPANTS: Use of this document by Open Data Center Alliance Participants is subject to the Open Data Center Alliance s bylaws and its other policies and procedures. OPEN CENTER DATA ALLIANCE SM, ODCA SM, and the OPEN DATA CENTER ALLIANCE logo SM are service marks owned by Open Data Center Alliance, Inc. and all rights are reserved therein. Unauthorized use is strictly prohibited. This document and its contents are provided AS IS and are to be used subject to all of the limitation set forth herein. Users of this document should not reference any initial or recommended methodology, metric, requirements, or other criteria that may be contained in this document or in any other document distributed by the Alliance ( Initial Models ) in any way that implies the user and/or its products or services are in compliance with, or have undergone any testing or certification to demonstrate compliance with, any of these Initial Models. Any proposals or recommendations contained in this document including, without limitation, the scope and content of any proposed methodology, metric, requirements, or other criteria does not mean the Alliance will necessarily be required in the future to develop any certification or compliance or testing programs to verify any future implementation or compliance with such proposals or recommendations. This document does not grant any user of this document any rights to use any of the Alliance s trademarks. All other service marks, trademarks and trade names referenced herein are those of their respective owners. Published April,

4 sm Open Data Center Alliance Usage: Identity Interoperability Guide rev. 1.0 Executive Summary Many organizations that are considering purchasing cloud-based services already have fully integrated identity and access management systems. These systems are normally widely connected throughout the internal systems of an organization and allow automated procedures for provisioning, enabling, and disabling user s entitlements, as well as entitlement analysis and reporting. As the resources in the cloud become more prevalent in the enterprise, the user and systems administrators will expect this functionality to be maintained. This Identity Interoperability Guide provides the structure and guidelines that will promote interoperability between identity management and access management systems that will allow users within organizations to utilize resources in the cloud as if they were located within the organization. 4

5 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Purpose The purpose of this guide is as follows: to describe the requirements for a cloud specific runtime which will allow companies adopting the cloud to promote interoperability between providers, to define the interface between the Identity management software and the runtime, to define the interface between the runtime and the application software, to support as much automation in the identity management processes as possible. The cloud provider and identity management software communities will first need to propose sample implementations for review within the ODCA. In addition suitable standards should be proposed that will enable standardized communication between the respective elements of the described model. If suitable standards do not exist, proposals should include the appropriate base standard and how it should be further developed. Audience The targeted audience for the ODCA identity management documents is architects and security practitioners in charge of implementing the herein described principles and requirements as cloud providers and as cloud subscribers. Assumptions The assumption for this work is that a cloud subscriber, having identity management (IdM) in place within its own premises, expects to expand its usage into the cloud. It is assumed that cloud subscribers are striving for as much automation in the cloud as in their own premises. Central management of identities and authorizations, as well as cyclic authorization review processes, will include the cloud. Cloud infrastructure must support the cloud subscriber s security standards and procedures, in order to integrate seamlessly with existing systems and applications on premises. The cloud subscriber expects interfaces provided by the cloud provider to support automated management processes and administration procedures. It is assumed that a cloud subscriber adheres (at least) to the same level of maturity as the one expected by the cloud to which it subscribes. 5

6 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 General Principles All assumptions made in the usage models follow the following principles: 1. Standards required are minimal requirements; it is left open for a cloud provider to provide other standards additionally, especially when a standard gets widely adopted (e.g. Service Provisioning Markup Language (SPML) for provisioning vs. some other provisioning standard). Important standards which might be supported by the cloud provider are as follows: a. SPML for identity lifecycle management b. Security Assertion Markup Language (SAML) and OpenID for identity and authentication management c. EXtensible Access Control Markup Language (XACML) and OAuth for authorization and permission management d. Open Group s Distributed Auditing System (OpenXDAS) for auditing and monitoring. 2. Both cloud provider and cloud subscriber are responsible to check their common agreements and contracts to be compliant with the laws and regulations of their local jurisdictions and any other applicable jurisdiction. Rationale: Beside contractual agreements and/or policy statements, external factors (like local jurisdiction) might lead to force a cloud provider to perform actions not foreseen in his contract with a cloud subscriber, due to contradictory laws between the countries of the could provider and the cloud subscriber. 3. A cloud subscriber and the cloud provider have to ensure compliance to the minimal security requirements of the cloud level of assurance (i.e. bronze/silver/gold/platinum). This minimal compliance is required in order to avoid impacting other subscribers of the same cloud. 4. Following principle 3, users have to provide a trustable identity by being authenticated according to the security requirements of the cloud. If a high level of trust is required, this is also valid for identities. Strong authentication is then required (typically two-factor authentication) to fulfill this requirement. Weak authentication (i.e. user-id and password) is sufficient where high level of trust is not required (e.g. bronze level cloud). Typically, high privileged users are always required to perform strong authentication, in order to provide a trustable audit trail of their activities in the cloud. Overview The overall identity management system envisaged in this document is split into three primary sections as shown below. Identity Software The first of these is the Software. The function of this block is to provide a user interface, password reset, password ageing, Authorization functionality, etc. The management software will typically be located inside the organizational network. The second element is the runtime, the component of the system that directly handles the requests for authentication from an application. Cloud-based runtimes must be capable of communicating, via the standard management interface, with the management software. Typical runtimes that exist within an organization are Active Directory, RACF (z/os mainframe), LDAP, Tivoli Access Manager (TAM), SiteMinder, etc. 6

7 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 The location of the runtime will depend on the application requirements and will often be decided based on the performance issues and application requirements. The third element is the application. This will hold or will communicate with the runtime component in order to have the access rights of an individual using the application. All identity or entitlement data stored in cloud-based runtimes and communication between system components (between the IdM software and the runtimes) must be encrypted. All communication between system identity and access management components must be encrypted and trusted (i.e., mutual authentication of the components is mandatory). Previously defined standards (such as those developed by the Organization for the Advancement of Structured Information Standards (OASIS) Group) will be utilized throughout the Identity and Access usage models. It is envisaged that a cloud-specific runtime will exist that provides the interface between the identity management software and the cloudbased applications. This runtime component will communicate to the management software and the applications through standard interfaces, thereby ensuring compatibility. This runtime must be capable of running in a fully encrypted mode (which may result in some performance degradation) or unencrypted (faster response times). The instance of the runtime allocated to a single cloud subscriber will only contain information relevant to this cloud subscriber. Identity and access management data must be protected by the cloud provider against any access except from the cloud subscriber. Bronze level: segregation of data through access rights (database privileges) within shared resources (e.g. applications, databases) Silver level: additional segregation through multi-tenancy of resource structures (e.g. own database plan/schema on database server) on a shared virtual machine (VM). Gold level: separate runtime instances and virtual machines (e.g. own Operating System (OS), databases, applications) on shared hardware Platinum level: physically separated instances of hardware, VMs, OS, databases and applications per cloud subscriber. s must accept authentication information from multiple or different runtimes (for example with collaboration projects). Non Cloud Identity Software Cloud Accessible Cloud Encrypted Cloud Accessible Cloud Accessible Component The cloud accessible runtime component is referred to throughout this document and is envisioned to be a standard component that is used for the authorization of all cloud-based resources. It may be stored in the cloud (typically at the same location as the cloud resources) but, in this case must be encrypted. 7

8 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Reference Framework The following diagram shows a framework of the functional areas of identity management. This framework provides a reference model for the usage models described below. Identity and Access Framework Identity and Access Identity Lifecycle Identity and Authentication Authorization and Permission Lifecycle Authorization and Permission Identity Governance Identity Creation/ Validation Identity Federation Entitlement Externalization Access Control Services Confirm Validation Identity Provisioning (add/modify/delete) Directory Services / User Repositories Entitlement Provisioning Policy Enforcement Point (PEP) Auditing and Reporting Mover / Leaver Process Authentication Mover / Leaver Process Policy Decision Point (PDP) Monitoring Strong Authentication Role Mining and Discovery Weak Authentication Reporting for Audit / Compliance Checks Sign On Multiple Sign On Reduced Sign On (web, desktop) Single Sign On Credential Policy Enforcement Point (PEP) Note: The yellow boxes represent functional areas; they are not IdM functions by themselves. The green boxes represent IdM services or service groups. The blue boxes represent IdM services. 8

9 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Applicability The following diagram details the applicability of each of the usage models to the relevant hosting scenarios available in the cloud model. Frontend (PaaS / SaaS) Backend (PaaS / SaaS) Hosted Infrastructure (IaaS) Identity Lifecycle Identity Creation / Validation ü ü ü Identity Provisioning (Add / Modify / Delete) ü ü ü Identity Governance (Audit / Confirm Validation) ü ü ü Mover / Leaver Process ü ü ü Identity and Authentication Identity Federation ü ü ð Directory Services / User Repositories Authentication ü ü ü Strong Authentication Weak Authentication Sign On ü ü ü Multiple Sign On Reduced Sign On (web / desktop) Single Sign On Credential ü ü ü Policy Enforcement Point (PEP) Authorization and Permission Lifecycle Entitlement Externalization ü ü ð Entitlement Provisioning ü ü ð Mover / Leaver Process Role Mining and Discovery ü ü ð Authorization and Permission Access Control Services ü ü ð Policy Enforcement Point (PEP) Policy Decision Point (PDP) Legend: ü= mandatory, = optional, ð= not applicable, Ï= not available Optional means optional for the cloud subscriber, but mandatory for the cloud provider to provide! 9

10 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 The following diagram details the applicability of each of the usage models to the cloud provider. Assurance levels bronze, silver, gold, and platinum are defined in the ODCA Provider Assurance Usage Model 1. Bronze Silver Gold Platinum Identity Lifecycle Identity and Authentication Authorization and Permission Lifecycle Authorization and Permission Identity Creation / Validation ü ü ü ü Identity Provisioning (Add / Modify / Delete) Identity Governance (Audit / Confirm Validation) ü ü ü ü ü ü ü Mover / Leaver Process ü ü Identity Federation ü ü Directory Services / User Repositories ü ü ü Authentication Strong Authentication ü ü ü Weak Authentication ü ü Ï Ï Sign On Multiple Sign On ü Ï Ï Reduced Sign On (web / desktop) ü Single Sign On ü ü ü Credential Policy Enforcement Point (PEP) ü ü ü Entitlement Externalization ü ü Entitlement Provisioning ü ü ü ü Mover / Leaver Process ü ü Role Mining and Discovery ü ü Access Control Services Policy Enforcement Point (PEP) ü ü ü ü Policy Decision Point (PDP) ü Legend: ü= mandatory, = optional, ð= not applicable, Ï= not available Optional means optional for the cloud subscriber, but mandatory for the cloud provider to provide!

11 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Reference Model The following picture illustrates the relation between the services of identity and access management. This picture should be used for indicative purposes only and is not intended to be definitive. Data Sources Extract / Synchronize Identity Mng Systems Resources Identity Information HR Processes / System Data is fed into system / HR processes trigger event Provision (RBAC + Request) Compliance / Reporting Identity Creation / Validation Data Sync / Password Sync / Auto Provision s Infrastructure References Data Workflow Identity Provisioning New Starter Transfer Terminations Provisioning Request Identity Data Distribution Self Service Password Sync Identity Governance Entitlement Provisioning Role Mining and Discovery Provides Access to User Directory / Store Entitlement Store Policy Decision Point Entitlement Internalization Access Control Services Directory Services / User Repositories Federation System Token Generation Identity Federation Authentication System Policy Enforcement Point References to make authentication and authorization decisions Service Facilitation Authentication Requirements Authentication Identity Mapping Trust Level Sign On Session Policy Session Policy Credential Resides on enterprise network Resides in cloud May reside onsite or in cloud 11

12 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Usage MOdels The following usage models have been created in order to clarify the requirements of the ODCA in the area of identity management. For further details refer to the specific documents concerned. Usage Model 1: ODCA IaaS Privileged User Access 2 This usage model details the requirements for privileged users accessing IaaS. Typically privileged users will have the ability to undertake high level administrative tasks when managing the IaaS services from the cloud provider. In this respect it will be necessary to promote a higher level of security during the authentication process. Usage Model 2: ODCA Single Sign On 3 This usage model details a standard mechanism for ensuring Single Sign On (SSO) capability across cloud services. Typically major organizations will have in place a single sign on capability for services provided inside the organization. When services are extended to the cloud, particularly in the area of Software as a Service (SaaS) the user will expect this to be maintained. This usage model will detail a mechanism that may be used by cloud subscribers to promote that common SSO capabilities are provided by different cloud providers. Usage Model 3: ODCA Identity Provisioning (add/modify/delete) 4 When a cloud service has been purchased from a provider it becomes necessary to provision the users of this service. This usage model covers the process of transferring user information from the subscriber to the provider to support both usage and billing requirements and other agreed requirements. It does not cover the situation where a user is identified by the provider and then access granted based on the trust relationship between the provider and subscriber (i.e., identity federation). Cloud Subscriber Site Cloud Provider Site Identity System Identity Provisioning Identities PEP Reverse Proxy Identities and Entitlements Authentication Service (PDP) PEP Web PEP Enterprise Access Control Engine (PDP) PEP Database SingleSign_Rev1.0_final.pdf

13 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Access Control Services The basic behaviour of (any) access control is illustrated in the following picture: Interaction Tier Business Logic Tier Data Tier C-FAC 1 F-FAC 2 C-DAC 3 DB 1. C-FAC = Coarse grained Functional Access Control (granularity = web application) 2. F-FAC = Fine grained Functional Access Control (granularity = business function/service) 3. C-DAC = Coarse grained Data Access Control (granularity = database table/column) 4. F-DAC = Fine grained Data Access Control (granularity = database row /tupel) Following the request path, access control decisions will become more and more granular: each additional decision reduces the visibility to data on only the data set the user is authorized to access. Simple applications may skip the finest levels of access control, but still follow this approach. The places in the request path of enforcement of an access control decision are called Policy Enforcement Points (PEP). The access control evaluation and decision is made by the Policy Decision Point (PDP); this might be located at the same place as the PEP (typical programmatic access control) or externalized to a dedicated access control runtime. Whichever the approach, the distinction between PEP and PDP allows for a large variety of implementations without being contradictory (e.g., the access control runtime of the interaction tier may look completely different from the access control of the business logic tier or of the data tier). Nevertheless, there is always a well-defined place where an access control decision is enforced and there is always a dedicated piece of code evaluating the access control decision. Identity Federation Identity federation is the technique of passing a user s identity in a trustable form to further connected systems, as external partner s application. Identity federation allows an organization to keep the user s credentials within the premises of the enterprise the user belongs to, rather than to publish its credentials to external partners. Identity federation is basically a simple thing; think of you being introduced to someone by a common friend. The person you were introduced to trusts the person who introduced you, and therefore does not ask for your own credentials to believe who you are. That s identity federation it s just not technical. In IT terms, identity federation is a mechanism which allows the promoting of a user identity in a trustable way. This is typically done by transporting a commonly accepted data container (a.k.a. token) and signing it in order to protect it against tampering. The signer of the token must be known (and accepted) by the peer receiving the token. The combination of these steps provides the expected level of trust to make the federated identity similarly trustable to an identity verified within one s own premises. F-DAC 4 13

14 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 References OASIS Service Provisioning Markup Language (SPML) Version 2 5 OASIS Security Assertion Markup Language (SAML) Version 2 6 Any use or other implementation of the above cited OASIS markup language specifications / protocols ( OASIS Language ) are subject to any and all intellectual property rights and other rights held by, and any other limitations or restrictions which may be asserted by, OASIS and/or its members as the owner or owners of said OASIS Language ( Proprietary Rights ). ODCA takes no position regarding the validity or scope of any such Proprietary Rights that might be claimed or asserted by OASIS and/ or its members which may pertain to the use or other implementation of said OASIS Language or the extent to which any license of any such Proprietary Rights might or might not be available; nor does it represent that it has made any independent effort to identify any such Proprietary Rights. Each user and implementer of the OASIS Language is solely responsible for obtaining any and all licenses which may be needed in order to use or otherwise implement said OASIS Language. Requests for information regarding the Proprietary Rights and any applicable licenses should only be directed to OASIS and should not be made to the ODCA. Copies of any Proprietary Rights disclosures that may have been made, or potential licenses to be made available, or the result of an attempt made to obtain a license or other permission for the use or implementation of such Proprietary Rights by any implementer or user of the OASIS Language should only be directed to OASIS. This reference to, or citation of, the OASIS Language is provided on an AS IS basis and THE OPEN DATA CENTER ALLIANCE AND ITS PARTICIPANTS AND MEMBERS HEREBY DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, ANY WARRANTY THAT THE USE OR OTHER IMPLEMENTATON OF THE OASIS LANGUAGE (AS DEFINED ABOVE) WILL NOT INFRINGE ANY PROPRIETARY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Industry Call to Action The following further actions are required: Reconciliation/cooperation between ODCA and Cloud Security Alliance (CSA), OASIS, and National Institute of Standards and Technology (NIST) on Identity Usage Models. Usage Model should be presented to NIST and CSA to explain customer view. Usage Model should be forwarded to OASIS to determine if any further development of SAML v2.0 and SPML v2.0 is required

15 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Summary of Acronyms ACL Access Control List CSA Cloud Security Alliance DAC Data Access Control FAC Functional (function based) Access Control IaaS Infrastructure as a Service IdM Identity IdMaaS Identity as a Service NIST National Institute of Standards and Technology OASIS Organization for the Advancement of Structured Information Standards ODCA OpenXDAS PaaS PEP* PDP* RBAC SaaS SAML SPML UM XACML Open Data Center Alliance Open Group's Distributed Auditing System Platform as a Service Policy Enforcement Point (where the process flow is interrupter to perform authentication or access control) Policy Deccision Point (where an authentication or an access control is evaluated) Role based Access Control Software as a Service Security Assertion Markup Language (v2.0 current during writing of this document) Service Provisioning Markup Language (v2.0 current during writing of this document) Usage Model exensible Access Control Markup Language * PEP and PDP can collapse to one single piece of logic; nevertheless, they will often be separated and will therefore have to be defined and documented as distinct architectural entities. 15

Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0

Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0 sm Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Reference Framework... 5 Applicability... 6 Related Usage Models...

More information

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0 sm Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Related Usage Models... 5 Reference Framework...

More information

Open Data Center Alliance Usage: Cloud Based Identity Provisioning Rev. 1.0

Open Data Center Alliance Usage: Cloud Based Identity Provisioning Rev. 1.0 sm Open Data Center Alliance Usage: Cloud Based Identity Provisioning Rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Reference Framework... 5 Applicability... 6 Related

More information

Open Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0

Open Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0 sm Open Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Reference Framework... 5 Context... 6 Applicability...

More information

OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds

OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds sm OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds SM Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Overview... 5 Interoperability... 6 Service

More information

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 sm Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 Legal Notice This Open Data Center Alliance SM Usage:Provider Assurance is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS

More information

CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service

CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service Open Data Center Alliance, Inc. 3855 SW 153 rd Dr. Beaverton, OR 97003 USA Phone +1 503-619-2368 Fax: +1 503-644-6708 Email:

More information

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1 sm Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1 Open Data Center Alliance Usage: Virtual Machine (VM) Interoperability in a Hybrid Cloud

More information

OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0

OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0 sm OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0 SM Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Assumptions... 5 SaaS Interoperability

More information

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY sm Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY 1 Legal Notice This Open Data Center Alliance SM Usage: VM Interoperability is proprietary to the Open Data Center Alliance, Inc.

More information

OPEN DATA CENTER ALLIANCE SM USAGE MODEL: E-DISCOVERY AND FORENSICS

OPEN DATA CENTER ALLIANCE SM USAGE MODEL: E-DISCOVERY AND FORENSICS OPEN DATA CENTER ALLIANCE SM USAGE MODEL: E-DISCOVERY AND FORENSICS Version Date Editor Description of Change 1.0 27 Aug 2014 Security WG Initial release Contributors Christophe Gévaudan UBS Tino Hirschmann

More information

OPEN DATA CENTER ALLIANCE USAGE: Data Security Rev. 1.0

OPEN DATA CENTER ALLIANCE USAGE: Data Security Rev. 1.0 OPEN DATA CENTER ALLIANCE USAGE: Data Security Rev. 1.0 Table of Contents Legal Notice...3 Executive Summary...4 Purpose...5 Reference Framework...5 Taxonomy...5 Usage Scenarios...6 Usage Scenario Transfer

More information

OPEN DATA CENTER ALLIANCE SM CLOUD ADOPTION SURVEY

OPEN DATA CENTER ALLIANCE SM CLOUD ADOPTION SURVEY OPEN DATA CENTER ALLIANCE SM CLOUD ADOPTION SURVEY 2014 TABLE OF CONTENTS 3 Legal Notice 5 Executive Summary 5 ODCA Members Respond to Survey on Data Center Practices and Plans 6 Methodology 6 Growth in

More information

Cloud Tech Solution at T-Systems International Cloud Integration Center

Cloud Tech Solution at T-Systems International Cloud Integration Center Cloud Tech Solution at T-Systems International Cloud Integration Center Executive Overview In 2009 T-Systems identified that in order for the organizational processes/products/services incorporating use

More information

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control agility made possible Enterprises Are Leveraging Both On-premise and Off-premise

More information

OPEN DATA CENTER ALLIANCE USAGE MODEL: Provider Assurance Rev. 2.0

OPEN DATA CENTER ALLIANCE USAGE MODEL: Provider Assurance Rev. 2.0 OPEN DATA CENTER ALLIANCE USAGE MODEL: Provider Assurance Rev. 2.0 Table of Contents Legal Notice...3 Executive Summary...4 Purpose...5 Taxonomy...6 Usage Model Diagram...6 Usage Model Details...6 Usage

More information

Identity Management Basics. OWASP May 9, 2007. The OWASP Foundation. Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com. http://www.owasp.

Identity Management Basics. OWASP May 9, 2007. The OWASP Foundation. Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com. http://www.owasp. Identity Management Basics Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com May 9, 2007 Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms

More information

Identity in the Cloud Use Cases Version 1.0

Identity in the Cloud Use Cases Version 1.0 Identity in the Cloud Use Cases Version 1.0 Committee Note 01 08 May 2012 Specification URIs This version: http://docs.oasis-open.org/id-cloud/idcloud-usecases/v1.0/cn01/idcloudusecases-v1.0-cn01.pdf (Authoritative)

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

OPENIAM ACCESS MANAGER. Web Access Management made Easy

OPENIAM ACCESS MANAGER. Web Access Management made Easy OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access

More information

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly

More information

Guideline on Implementing Cloud Identity and Access Management

Guideline on Implementing Cloud Identity and Access Management CMSGu2013-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Implementing Cloud Identity and Access Management National

More information

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,

More information

Secure Identity in Cloud Computing

Secure Identity in Cloud Computing Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective

More information

Open Data Center Alliance Usage: SERVICE CATALOG

Open Data Center Alliance Usage: SERVICE CATALOG sm Open Data Center Alliance Usage: SERVICE CATALOG Legal Notice This Open Data Center Alliance SM Usage: Service Catalog is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS WHO ARE NOT

More information

Software and Cloud Security

Software and Cloud Security 1 Lecture 12: Software and Cloud Security 2 Lecture 12 : Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and

More information

Interoperate in Cloud with Federation

Interoperate in Cloud with Federation Interoperate in Cloud with Federation - Leveraging federation standards can accelerate Cloud computing adoption by resolving vendor lock-in issues and facilitate On Demand business requirements Neha Mehrotra

More information

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September 2007. Trianz 2008 White Paper Page 1

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September 2007. Trianz 2008 White Paper Page 1 White Paper Authentication and Access Control - The Cornerstone of Information Security Vinay Purohit September 2007 Trianz 2008 White Paper Page 1 Table of Contents 1 Scope and Objective --------------------------------------------------------------------------------------------------------

More information

SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness

SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness Interoperability Summit 2002 SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness Gavenraj Sodhi Senior Technology Analyst Provisioning

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Entitlements Access Management for Software Developers

Entitlements Access Management for Software Developers Entitlements Access Management for Software Developers Market Environment The use of fine grained entitlements and obligations control for access to sensitive information and services in software applications

More information

A Model for Access Control Management in Distributed Networks

A Model for Access Control Management in Distributed Networks A Model for Access Control Management in Distributed Networks Master of Science Thesis Azadeh Bararsani Supervisor/Examiner: Dr. Johan Montelius Royal Institute of Technology (KTH), Stockholm, Sweden,

More information

journey to a hybrid cloud

journey to a hybrid cloud journey to a hybrid cloud Virtualization and Automation VI015SN journey to a hybrid cloud Jim Sweeney, CTO GTSI about the speaker Jim Sweeney GTSI, Chief Technology Officer 35 years of engineering experience

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Identity and Access Management for the Cloud

Identity and Access Management for the Cloud Identity and Access Management for the Cloud What you need to know about managing access to your clouds Organizations need to control who has access to which systems and technology within the enterprise.

More information

OpenHRE Security Architecture. (DRAFT v0.5)

OpenHRE Security Architecture. (DRAFT v0.5) OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2

More information

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management Table of Contents Executive Summary 1 SECTION 1: CHALLENGE 2 The Need for

More information

XACML and Access Management. A Business Case for Fine-Grained Authorization and Centralized Policy Management

XACML and Access Management. A Business Case for Fine-Grained Authorization and Centralized Policy Management A Business Case for Fine-Grained Authorization and Centralized Policy Management Dissolving Infrastructures A recent Roundtable with CIOs from a dozen multinational companies concurred that Identity &

More information

RSA Authentication Agents Security Best Practices Guide. Version 3

RSA Authentication Agents Security Best Practices Guide. Version 3 RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,

More information

Domain 12: Guidance for Identity & Access Management V2.1

Domain 12: Guidance for Identity & Access Management V2.1 Domain 12: Guidance for Identity & Access Management V2.1 Prepared by the Cloud Security Alliance April 2010 Introduction The permanent and official location for this Cloud Security Alliance Domain 12

More information

Security whitepaper. CloudAnywhere. http://www.cloudiway.com

Security whitepaper. CloudAnywhere. http://www.cloudiway.com Security whitepaper CloudAnywhere http://www.cloudiway.com @Copyright 2011 CLOUDIWAY. All right reserved. Use of any CLOUDIWAY solution is governed by the license agreement included in your original contract.

More information

Business-Driven, Compliant Identity Management

Business-Driven, Compliant Identity Management Solution in Detail NetWeaver NetWeaver Identity Business-Driven, Compliant Identity Using NetWeaver Identity Managing users in heterogeneous IT landscapes presents many challenges for organizations. System

More information

Architecting Software as a Service for the Enterprise

Architecting Software as a Service for the Enterprise Intel Information Technology Cloud Computing October 2009 Architecting Software as a for the Enterprise Executive Overview The reference architecture provides a proven template solution that Intel SaaS

More information

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach IDENTITY MANAGEMENT AND WEB SECURITY A Customer s Pragmatic Approach AGENDA What is Identity Management (IDM) or Identity and Access Management (IAM)? Benefits of IDM IDM Best Practices Challenges to Implement

More information

CA SiteMinder SSO Agents for ERP Systems

CA SiteMinder SSO Agents for ERP Systems PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security

More information

SafeNet Authentication Service

SafeNet Authentication Service SafeNet Authentication Service Integration Guide Using SafeNet Authentication Service as an Identity Provider for Google Apps All information herein is either public information or is the property of and

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

CA Spectrum and CA Embedded Entitlements Manager

CA Spectrum and CA Embedded Entitlements Manager CA Spectrum and CA Embedded Entitlements Manager Integration Guide CA Spectrum Release 9.4 - CA Embedded Entitlements Manager This Documentation, which includes embedded help systems and electronically

More information

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 Cloud Standards Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 2011 IBM Corporation Agenda Overview on Cloud Standards Identity and Access Management Discussion 2 Overview on Cloud

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

Understanding Enterprise Cloud Governance

Understanding Enterprise Cloud Governance Understanding Enterprise Cloud Governance Maintaining control while delivering the agility of cloud computing Most large enterprises have a hybrid or multi-cloud environment comprised of a combination

More information

HP Software as a Service

HP Software as a Service HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty

More information

How Intel Cloud SSO Works

How Intel Cloud SSO Works TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities

More information

CliQr CloudCenter. Multi-Tenancy

CliQr CloudCenter. Multi-Tenancy CliQr CloudCenter Multi-Tenancy CliQr CloudCenter Multi-Tenancy and Multi-User Model Page 2 Table of Contents 1 Executive Summary...2 2 Introduction...3 3 Use Case: Application Onboarding...4 4 Use Case:

More information

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing

More information

Service Schedule for CLOUD SERVICES

Service Schedule for CLOUD SERVICES Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this

More information

APIs The Next Hacker Target Or a Business and Security Opportunity?

APIs The Next Hacker Target Or a Business and Security Opportunity? APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps

Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps May 2015 This guide includes: What is OAuth v2.0? What is OpenID Connect? Example: Providing OpenID Connect SSO to a Salesforce.com

More information

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as

More information

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture Introduction... 3 Identity management... 3 What is Identity

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

SafeNet Authentication Service

SafeNet Authentication Service SafeNet Authentication Service Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep

More information

Entrust Authority Administration Services 7.2 Overview

Entrust Authority Administration Services 7.2 Overview Overview November, 2006 Copyright 2006 Entrust. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. All other Entrust product names and service names are

More information

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this

More information

Identity Governance Evolution

Identity Governance Evolution Identity Governance Evolution Paola Marino Principal Sales Consultant Agenda Oracle Identity Governance Innovation Cloud Scenarios enabled by Oracle Identity Platform Agenda Oracle

More information

Compute Infrastructure as a Service: Recommendations from the Open Data Center Alliance SM and TM Forum A joint perspective on the requirements of

Compute Infrastructure as a Service: Recommendations from the Open Data Center Alliance SM and TM Forum A joint perspective on the requirements of Compute Infrastructure as a Service: Recommendations from the Open Data Center Alliance SM and TM Forum A joint perspective on the requirements of the enterprise consumer Legal Notice This CIaaS: Recommendations

More information

Service-Oriented Cloud Automation. White Paper

Service-Oriented Cloud Automation. White Paper Service-Oriented Cloud Automation Executive Summary A service-oriented experience starts with an intuitive selfservice IT storefront that enforces process standards while delivering ease and empowerment

More information

The ODCA, Helix Nebula and Federated Identity Management. Mick Symonds Principal Solutions Architect Atos Managed Services NL

The ODCA, Helix Nebula and Federated Identity Management. Mick Symonds Principal Solutions Architect Atos Managed Services NL The ODCA, Helix Nebula and Federated Identity Management Principal Solutions Architect Atos Managed Services NL Agenda The Open Data Center Alliance Helix Nebula Federated Identity Management as a service

More information

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

CA ARCserve Backup for Windows

CA ARCserve Backup for Windows CA ARCserve Backup for Windows Agent for Microsoft SharePoint Server Guide r15 This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for

More information

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...

More information

GoodData Corporation Security White Paper

GoodData Corporation Security White Paper GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share

More information

OPEN DATA CENTER ALLIANCE Sm Master Usage Model: Commercial framework REV 1.0

OPEN DATA CENTER ALLIANCE Sm Master Usage Model: Commercial framework REV 1.0 OPEN DATA CENTER ALLIANCE Sm Master Usage Model: Commercial framework REV 1.0 Table of Contents Proprietary Notice And Other Notifications... 5 Legal Notice... 6 Acknowledgments... 6 Terminology And Provenance...

More information

Enterprise Identity Management Reference Architecture

Enterprise Identity Management Reference Architecture Enterprise Identity Management Reference Architecture Umut Ceyhan Principal Sales Consultant, IDM SEE Agenda Introduction Virtualization Access Management Provisioning Demo Architecture

More information

Business-Driven, Compliant Identity Management

Business-Driven, Compliant Identity Management SAP Solution in Detail SAP NetWeaver SAP Identity Management Business-Driven, Compliant Identity Management Table of Contents 3 Quick Facts 4 Business Challenges: Managing Costs, Process Change, and Compliance

More information

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to

More information

This research note is restricted to the personal use of christine_tolman@byu.edu

This research note is restricted to the personal use of christine_tolman@byu.edu Burton IT1 Research G00234483 Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance

More information

Identity & Access Management Gliding Flight. Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL

Identity & Access Management Gliding Flight. Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL Identity & Access Management Gliding Flight Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL Agenda 1 General Concepts 2 Logical Components 3 Implementation Structure 4 5 Governance Web App Firewall

More information

Single Sign-on to Salesforce.com with CA Federation Manager

Single Sign-on to Salesforce.com with CA Federation Manager TECHNOLOGY BRIEF: SINGLE SIGN-ON TO SALESFORCE.COM WITH CA FEDERATION MANAGER Single Sign-on to Salesforce.com with CA Federation Manager TOMMY CHENG, PRINCIPAL ENGINEERING SERVICES ARCHITECT, CA PETER

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Introduction to Virtual Datacenter

Introduction to Virtual Datacenter Oracle Enterprise Manager Ops Center Configuring a Virtual Datacenter 12c Release 1 (12.1.1.0.0) E27347-01 June 2012 This guide provides an end-to-end example for how to use Oracle Enterprise Manager Ops

More information

Delivery date: 18 October 2014

Delivery date: 18 October 2014 Genomic and Clinical Data Sharing Policy Questions with Technology and Security Implications: Consensus s from the Data Safe Havens Task Team Delivery date: 18 October 2014 When the Security Working Group

More information

Remote Access Platform. Architecture and Security Overview

Remote Access Platform. Architecture and Security Overview Remote Access Platform Architecture and Security Overview NOTICE This document contains information about one or more ABB products and may include a description of or a reference to one or more standards

More information

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.

More information

SAML SSO Configuration

SAML SSO Configuration SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting

More information

Identity Management Overview. Bill Nelson bill.nelson@gca.net Vice President of Professional Services

Identity Management Overview. Bill Nelson bill.nelson@gca.net Vice President of Professional Services Identity Management Overview Bill Nelson bill.nelson@gca.net Vice President of Professional Services 1 Agenda Common Identity-related Requests Business Drivers for Identity Management Account (Identity)

More information

Secure Credential Federation for Hybrid Cloud Environment with SAML Enabled Multifactor Authentication using Biometrics

Secure Credential Federation for Hybrid Cloud Environment with SAML Enabled Multifactor Authentication using Biometrics Secure Credential Federation for Hybrid Cloud Environment with SAML Enabled Multifactor Authentication using Biometrics B.Prasanalakshmi Assistant Professor Department of CSE Thirumalai Engineering College

More information

Securely Outsourcing to the Cloud: Five Key Questions to Ask

Securely Outsourcing to the Cloud: Five Key Questions to Ask WHITE PAPER JULY 2014 Securely Outsourcing to the Cloud: Five Key Questions to Ask Russell Miller Tyson Whitten CA Technologies, Security Management 2 WHITE PAPER: SECURELY OUTSOURCING TO THE CLOUD: FIVE

More information

Evaluating IaaS security risks

Evaluating IaaS security risks E-Guide This expert tip examines the risks organizations need to be aware of when evaluating IaaS solutions, and highlights the key architectural and process components of access management services that

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

Data Model s Role in DaaS...3. The SQL Azure Use Case...4. Best Practices and Guidelines...5

Data Model s Role in DaaS...3. The SQL Azure Use Case...4. Best Practices and Guidelines...5 Introduction..... 3 Data Model s Role in DaaS....3 The SQL Azure Use Case.......4 Best Practices and Guidelines.......5 Conclusion...... 9 Glossary.....9 References.....10 About the Author.....10 PAGE

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

Identity Management for Interoperable Health Information Exchanges

Identity Management for Interoperable Health Information Exchanges Identity Management for Interoperable Health Information Exchanges Presented to the NASMD Medicaid Transformation Grants HIE Workgroup - March 26, 2008 Presented by: John (Mike) Davis, Department of Veterans

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

Different Patterns of Identity Management Implemented in Cloud Computing

Different Patterns of Identity Management Implemented in Cloud Computing 2011 International Conference on Advancements in Information Technology With workshop of ICBMG 2011 IPCSIT vol.20 (2011) (2011) IACSIT Press, Singapore Different Patterns of Identity Management Implemented

More information

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

Security solutions Executive brief. Understand the varieties and business value of single sign-on. Security solutions Executive brief Understand the varieties and business value of single sign-on. August 2005 2 Contents 2 Executive overview 2 SSO delivers multiple business benefits 3 IBM helps companies

More information

CA Automation Suite for Data Centers

CA Automation Suite for Data Centers PRODUCT SHEET CA Automation Suite for Data Centers agility made possible Technology has outpaced the ability to manage it manually in every large enterprise and many smaller ones. Failure to build and

More information