This presentation will outline a comprehensive reference architecture for meeting the secure access and provisioning demands of outsourcing business and technology processes to “the cloud”. The attendee will walk away with a more solid understanding of what identity and access management challenges face organizations looking to move application and business process support to cloud computing providers as well as offer a reference architecture that outlines how to build standards based solutions for each challenge.
John F. Bauer III has over 20 years of Information Technology and Security delivery experience. John is currently the Enterprise Security Architect for Key Bank and has previous held leadership positions at British Petroleum, Cliffs Natural Resources, MTD Products, and National City/PNC Bank. John has spoken previously on the topic of Information Security at CA World, Oracle Open World, Digital ID World and NACHA conferences. John has both a Computer Science degree and MBA from Case Western Reserve University’s Weatherhead School of Management and is a frequent Adjunct Professor on Network Security at Cuyahoga Community College. John also maintains an active blog: MidwestITSurvival.com.
Developer Data Modeling Mistakes: From Postgres to NoSQL
Identity and Access Management Reference Architecture for Cloud Computing
1. Identity and Access Management Reference Architecture for Cloud Computing John F. Bauer III [email_address]
2.
3. Quote "Computing may someday be organized as a public utility just as the telephone system is a public utility," Professor John McCarthy said at MIT's centennial celebration in 1961 . "Each subscriber needs to pay only for the capacity he actually uses, but he has access to all programming languages characteristic of a very large system ... Certain subscribers might offer service to other subscribers ... The computer utility could become the basis of a new and important industry." Page Cleveland, Ohio, USA Carl B. Stokes Public Utilities Building Completed: 1971
6. Moving to the Cloud Forrester The Software Market in … 2011 http://www.gartner.com/it/page.jsp?id=1438813 http://itredux.com/2009/10/11/defining-cloud-computing-for-business-users/ Source: Ismael Chang Ghalimi http://itredux.com/2009/10/11/defining-cloud-computing-for-business-users/ Page
7. Cloud Econ 101 The lower total operating costs afforded by cloud SaaS offerings resonates with IT and business leaders. Booz Allen Senior Associate Gwen Morton and Associate Ted Alford compared the life cycle cost to run 1,000 servers in a managed environment in-house, through a cloud offering from a commercial provider, from a centralized in-house cloud, and a hybrid of a public and private cloud. Source: Booz Allen, http://www.boozallen.com/insights/insight-detail/42656904 Page
10. Business Architecture - Procurement With just a credit card , any business user can start using SalesForce.com for $15 a month per user without IT involvement . Source: http://www.salesforce.com/crm/editions-pricing.jsp “ What?!?! The sales department signed up for a SaaS CRM service last month?” Page
11.
12.
13.
14.
15.
16.
17.
18. Technology Architecture - Federation Invest in a Federation solution: “ Federated Identity Management amounts to having a common set of policies, practices and protocols in place to manage the identity and trust into IT users and devices across organizations” Source = Wikipedia, http://en.wikipedia.org/wiki/Federated_Identity_Management Page
19. Technology Architecture - Federation Federation approach is driven by your partner relationships Page
21. Technology Architecture - Provisioning Federation needs users provisioned in SaaS platforms: … but consider extending your identity federation exchange Established Standard {heavy weight, complex} Emerging Standard {light weight, unproven} Page
22. … with “Just in Time” provisioning <saml:Attribute Name="Fullname"> <saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> John F. Bauer III </saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="AppRole"> <saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> Manager2 </saml:AttributeValue> During the federation exchange, populate attributes with provisioning details Technology Architecture - Provisioning Page
23. Technology Architecture - Authorization Shift to “externalized authorization thinking” Vendors Established Standard Page