Identity Management and eid Integration Luc Wijns > Principal Architect > Security Ambassador & CISSP > Sun Microsystems
Agenda Sun Identity Management Integration of the eid Card > Authentication & Signature > Mobility > SSO Sun Secure Global Desktop
Identity Management Enables Security Market Forecast: Identity Revenue Shift: Identity & Access Management (IDC) From Enterprise to Extranet Projects $ Billions 4 3 2 1 0 2005 2006 2007 Identity Revenue Mix 100% 6 5 80% 60% 40% 20% 0% 2005 Key Business Drivers: > Regulatory compliance (Sox, HIPPA, > > > > Basle II...) Enterprise security (e.g. Identity Theft) Employee life-cycle management IT cost-reduction Extranet models (partners, customers) 2006 2007 2008 Drivers: > Increase in Extranet business models for new revenues (B2B & B2C) > Availability of key enabling technologies and standards like Federation > Saturation of Enterprise-focused Identity opportunities
Sun Identity Management Portfolio Innovative. Integrated. Integratable. Collaborative Enterprise Federation Manager Directory Server Identity Manager SPE Access Manager Identity Auditor Enterprise Edition Enterprise Everything required to manage identities within the extended enterprise and across collaborative networks all completely integratable with dynamic, heterogeneous IT environments. OpenSSO Identity Manager
Directory Server Enterprise Edition Directory Server Enteprise Edition NEW GRAPHIC Directory Server Directory Proxy Server Password Synchronisation for Windows
Access Management Product Line Access Manager Federation Manager Policy Management Single Sign On Federated Identity Management OpenSSO
Product Line Landscape OpenSSO Access Manager Federation Manager Developer Intranet Extranet > Authentication > Single-domain SSO > Agents > > > > Policy Management Policy Enforcement Federation (IdP) Identity Web Services > Federation (SP) > Identity Web Services
Identity Management Product Line Identity Manager Identity Auditor Identity Manager SPE Automated User provisioning Secure, automated password management User self service and delegated administration Auditing and reporting for compliance
EID Integration SNAP: Secure Network Access Platform JavaCard Sun Ray Thin Client Solaris 10, OpenSC/OpenCT and PC/SC components Sun Java System Access Manager
Mobility with Security Belgian eid Integration JVM Java Card eid Certificates and Keys Card Serial Number Pkcs#11 / Pkcs#15 cardlet
Mobility with Security SNAP: Secure Network Access Platform System Security: Perimeter Security Hardened OS Domain Security U Ne ser w Mo Lo vin ca g tio to n User Moves Session to New Sun Ray System Security: Stateless Client Access Management: Dynamic Network ID and Access Control Java Card Authentication Ne Use w rm Su o v n L in oc g to ati on User Starts Session on Home Sun Ray Ne Enc twork S rypt ecu ed T rity: raffi c Network Security: Encrypted Traffic
End-to-End Integration Demo Citizens Java Card Secure Token Belpic Applet &Certificates Java Card Access Services & Identity Fat /Thin Client Java Enterprise System Back-End Server SunRay JDS Solaris JES Java 2 Runtime Edition Card client SW OpenSC PC/SC LibUSB Web front-end Application Server Web Server Identity back-end Access Manager Directory Server Authority National Register
Non Intrusive Integration Architecture Citizens/E mployees Services & Identity Access/ Edge Web front-end Application Server Web Server PAM using pkcs#11 Java Card Secure Token Authority Java 2 Runtime Edition Fat /Thin Client National Register Java Enterprise System Web/App Server SunRay OCSP Call or CRLs Client SSL for Validation Authentication Belpic Applet &Certificates Java Card Other Cards other applets Gov and Enterprises Card client SW OpenSC PC/SC IFD Handle Windows is also here Java Enterprise System Identification Access Authentication Manager Authorization Identity back-end Access Manager Directory Server
Mobility, Authentication and Signature System Authentication Solaris 10, and SunRay user authentication > User Login using credentials on the eid card (OpenSC PAM framework) Web SSO Certificate based authentication from Solaris 10 > Mozilla user authenticates on two applications protected by Access Manager > Access Manager to integrate with the Government PKI E-Mail Signature > User connected to his Private e-mail account, sign e-mail with the card on a SunRay > User validates the signature on the Enterprise e-mail account
Sun Secure Global Desktop Delivering the Same Applications to a Sun Ray Client MS Excel on Windows 2003 Mozilla Firefox on Solaris OS Explorer on Windows Vista SAP on Mainframe MS Word on Windows 2000 3270 application
Secure Remote Access Windows 2000 Windows XP RDP Sun Secure Global Desktop Windows 2003 Windows 2000 AIP RDP Windows XP Mobile UNIX Mainframe/ AS/400 Apps X11 Sun Ray Server Software Sun Ray Ultrathin Client ALP 3270/ 5250 Sun Ray Ultrathin Client Access Clients
Copyright 2005 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, the Sun logo, Java, StarOffice, Solaris, Sun StorEdge, J2EE, SunSpectrum, N1, iforce, Java Card, and The Network Is The Computer are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. AMD, Opteron, the AMD logo, the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. THANK YOU! Luc.wijns@sun.com
Sun Java System Identity Manager First converged provisioning and meta-directory solution Benefits: Enhance security Lower costs Improve productivity Features: NEW GRAPHIC Securely managing identity profiles and permissions throughout the entire identity lifecycle Automated user provisioning Secure, automated password management User self service and delegated administration Identity data synchronization Non-invasive, flexible architecture Auditing and reporting
Sun Java System Identity Auditor Industry s first proactive, virtualized, automated and sustainable identity auditing solution Benefits: NEW GRAPHIC Helping achieve effective compliance, lowered risk, and improved audit performance Help achieve ongoing compliance Help lower costs Minimize security risks Features: Proactive, automated visibility into identity controls Repeatable, sustainable compliance and improved audit performance Integrate with existing identity management solutions 19