SlideShare una empresa de Scribd logo

Identity and Entitlement Management Concepts

WSO2
WSO2

This document provides an overview of entitlement management and identity management concepts. It discusses different access control models like access control lists, role-based access control, attribute-based access control and policy-based access control using XACML. The presenter Chamath Gunawardana is a technical lead at WSO2 who works on their identity server. WSO2 provides open source identity and access management solutions.

TecnologíaEmpresariales
1 de 38
Descargar para leer sin conexión
Last Updated: Jan. 2014 Tech  Lead   Chamath  Gunawardana   Iden/ty  and  En/tlement   Management  –  Concepts  and   Theories  
2   About  the  Presenter(s)   ๏  Chamath  Gunawardana   Chamath  Gunwardana  is  a  technical  lead  at   WSO2  working  for  the  integra/on  technology   group.  He's  engaged  in  the  developments  of   the  WSO2  Iden/ty  Server  and  also  a   commiKer  of  the  WSO2  Iden/ty  Server.   Chamath  is  also  a  SUN  cer/fied  java   programmer.    
3   About  WSO2   ๏  Global  enterprise,  founded  in  2005   by  acknowledged  leaders  in  XML,   web  services    technologies,   standards    and  open  source   ๏  Provides  only  open  source   plaVorm-­‐as-­‐a-­‐service  for  private,   public  and  hybrid  cloud   deployments   ๏  All  WSO2  products  are  100%  open   source  and  released  under  the   Apache  License  Version  2.0.   ๏  Is  an  Ac/ve  Member  of  OASIS,   Cloud  Security  Alliance,  OSGi   Alliance,  AMQP  Working  Group,   OpenID  Founda/on  and  W3C.   ๏  Driven  by  Innova/on   ๏  Launched  first  open  source  API   Management  solu/on  in  2012   ๏  Launched  App  Factory  in  2Q  2013   ๏  Launched  Enterprise  Store  and   first  open  source  Mobile  solu/on   in  4Q  2013  
4   What  WSO2  delivers  
Agenda   ๏  En/tlement  management   ๏  overview   ๏  Access  control  concepts   ๏  XACML   ๏  En/tlement  architecture  in  iden/ty  server   ๏  Iden/ty  management   ๏  overview   ๏  Features  of  iden/ty  management  systems   ๏  Couple  of  Iden/ty  Management  Capabili/es  in  iden/ty  server   ๏  Demo   5  
What  is  En/tlement  Mng..   ๏  En#tlement  management  is  technology  that  grants,   resolves,  enforces,  revokes  and  administers  fine-­‐ grained  access  en/tlements.   ๏  Also  referred  to  as   authoriza/ons, privileges, access  rights, permissions  and/or   rules        -­‐  Gartner  Glossary   6  
En/tlement  Management   ๏  It s  a  broader  concept   ๏  Types  of  access  control  includes,   ๏  Access  control  lists   ๏  Role  based  access  control   ๏  AKribute  based  access  control   ๏  Policy  based  access  control   7  
Access  control  lists   ๏  Oldest  and  most    basic  form  of  access  control   ๏  Primarily  Opera/ng  systems  adopted   ๏  Maintains  set  of  user  and  opera/ons  can  performed  on   a  resource  as  a  mapping   ๏  Also  easier  to  implement  using  maps   ๏  Not  scalable  for  large  user  bases   ๏  Difficult  to  manage   8  
Role  based  access  control   ๏  System  having  users  that  belongs  to  roles   ๏  Role  defines  which  resources  will  be  allowed   ๏  Reduces  the  management  overhead   ๏  Users  and  roles  can  be  externalized  using  user  stores   ๏  Need  to  manage  the  roles   ๏  User  may  belong  to  mul/ple  roles   9  
AKribute  based  access  control   ๏  Authoriza/on  based  on  aKributes   ๏  Addresses  the  limita/on  of  role  based  approach  to   define  fine  grain  access  control   ๏  AKributes  of  user,  environment  as  well  as  resource  it   self   ๏  More  flexible  than  role  based  approach   ๏  No  need  for  knowing  the  user  prior  to  gran/ng  access   10  
Policy  based  access  control   ๏  Address  the  requirement  to  have  more  uniform  access   control  mechanism   ๏  Helps  to  large  enterprises  to  have  uniform  access   control  amount  org  units   ๏  Helps  for  security  audits  to  be  carried  out   ๏  Complex  than  any  other  access  control  system   ๏  Specify  policies  unambiguously  with  XACML   ๏  Use  of  authorized  aKribute  sources  in  the  enterprise   11  
Advantages   ๏  Reduce  the  development  /me  on  cri/cal  business   func/ons   ๏  Easy  management  of  en/tlements   ๏  Based  on  industry  standard  specifica/ons   ๏  Support  for  future  development  with  minimum  effort   12  
XACML   ๏  XACML  is  a  policy  based  authoriza/on/en/tlement   system   ๏  De-­‐facto  standard  for  authoriza/on   ๏  Evaluated  of  1.0,  2.0  and  3.0  versions   ๏  Externalized   ๏  Policy  based   ๏  Fine  grained   ๏  Standardized   13  
XACML   ๏  Iden/ty  Server  supports  XACML  2.0  and  3.0  versions   ๏  Supports  mul/ple  PIPs   ๏  Policy  distribu/on   ๏  UI  wizards  for  defining  policies   ๏  Try  it  tool   ๏  Decision  /  AKribute  caching   14  
XACML   15  
Create  policy  op/ons   16  
Simple  policy  editor   17  
Basic  policy  editor   18  
Try  it  tool   19  
Try  it  tool  request   20  
Extensions   21  
Iden/ty  Management   ๏  Managing  Iden/ty  of  users  in  a  system   ๏  Control  access  to  resources   ๏  Important  component  in  an  enterprise   ๏  Enterprises  depends  on  the  security  provided  by   iden/ty  management  systems   22  
Why  Iden/ty  Management   ๏  Directly  influences  the  security  and  produc/vity  of  an   organiza/on   ๏  To  enforce  consistency  in  security  policies  across   organiza/on   ๏  To  comply  with  rules  and  regula/ons  enforced  in  some   cri/cal  domains  by  governments   ๏  Provide  access  to  resources  to  outside  par/es  without   compromising  security   23  
Why  Iden/ty  Management  Cont.   ๏  Controlled  resource  access  increases  organiza/onal   security   ๏  Increased  audit-­‐ability  of  the  systems   ๏  Automated  password  reset  capabili/es   24  
Features  of  IDM  System   ๏  User  Stores  /  Directories   ๏  Authen/ca/on   ๏  Authoriza/on   ๏  Single  Sign  On   ๏  Provisioning   ๏  Delega/on   ๏  Password  reset   ๏  Self  registra/on  with  locking  25  
User  stores  /  Directories   ๏  Grouping  of  user  and  roles   ๏  Easy  management  in  authoriza/on  decisions   ๏  Different  types  of  user  stores  support   26  
Authen/ca/on   ๏  Iden/fying  which  en/ty  are  we  communica/ng  with   ๏  En/ty  can  be  users  or  systems   ๏  Most  basic  form  is  user  name  and  password   ๏  Authen/ca/on  against  user  store   ๏  Concept  of  mul/  factor  authen/ca/on   27  
Authoriza/on   ๏  What  an  en/ty  allowed  to  access  in  the  system   ๏  En/tlement  management  aspects   ๏  Discussed   28  
Single  Sign  On   ๏  Having  mul/ple  applica/ons  with  login  requirements   ๏  Once  login  to  the  applica/on  automa/c  login  to  other   applica/ons   ๏  Token  usage   ๏  Iden/ty  Federa/on   ๏  Technologies  used   ๏  OpenID   ๏  SAML   ๏  Kerboros   ๏  WS-­‐Federa/on  passive   29  
Provisioning   ๏  Concept  of  adding  and  removing  iden//es  from  user   store   ๏  Provisioning  to  external  systems   ๏  Technologies   ๏  SPML   ๏  SCIM   30  
Delega/on   ๏  Giving  responsibility  to  another  en/ty  to  carry  out  tasks   on  behalf  of  you   ๏  Creden/al  sharing  systems   ๏  Technologies   ๏  OAuth   31  
Users  and  roles   ๏  Enterprise  user  stores  with  users  and  roles   ๏  Managing  user  stores   ๏  Support  for  mul/ple  user  stores   ๏  Easy  configura/on  of  user  stores  in  UI   ๏  Types  of  user  stores     ๏  LDAP,  Ac/ve  Directory,  JDBC   ๏  Support  for  mul/-­‐tenancy   32  
Password  reset   ๏  Web  apps  needing  end  user  password  reset   func/onality   ๏  Supports,   ๏  Reset  with  no/fica/on   ๏  Reset  with  secret  ques/ons   ๏  Increased  security  with  mul/ple  keys  in  the  reset  flow   ๏  UI  based  email  templates  configura/on   33  
Self  registra/on  with  locking   ๏  Separate  web  service  to  self  registra/on  with  account   lock   ๏  Upon  registra/on  sending  confirma/on  link  to  account   unlock   ๏  Only  users  with  valid  email  address  gain  access  to   system   ๏  Configurable  email  no/fica/on  template   34  
Demo   35  
36   Business  Model  
37   More  Informa/on  !   ๏  The  slides  and  webinar  will  be  available  soon.   ๏  Please  refer  Iden/ty  Server  documenta/on  -­‐  hKps:// docs.wso2.org/display/IS500/WSO2+Iden/ty+Server +Documenta/on  
Contact  us  !  

Recomendados

Entitlement and Access Manegement
Entitlement and Access ManegementEntitlement and Access Manegement
Entitlement and Access Manegement
Axis Technology, LLC
 
Security Modelling in ArchiMate
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMate
PECB
 
Enterprise Architecture for Dummies
Enterprise Architecture for DummiesEnterprise Architecture for Dummies
Enterprise Architecture for Dummies
Sebastien Juras
 
Criteria For EA Tool Selection
Criteria For EA Tool SelectionCriteria For EA Tool Selection
Criteria For EA Tool Selection
Maganathin Veeraragaloo
 
IT4IT BCS
IT4IT BCSIT4IT BCS
IT4IT BCS
Tony Price
 
Review of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability ModelsReview of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability Models
Alan McSweeney
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4IT
David Favelle
 
IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022
Rob Akershoek
 

Recomendados

Entitlement and Access Manegement
Entitlement and Access ManegementEntitlement and Access Manegement
Entitlement and Access Manegement
Axis Technology, LLC
 
Security Modelling in ArchiMate
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMate
PECB
 
Enterprise Architecture for Dummies
Enterprise Architecture for DummiesEnterprise Architecture for Dummies
Enterprise Architecture for Dummies
Sebastien Juras
 
Criteria For EA Tool Selection
Criteria For EA Tool SelectionCriteria For EA Tool Selection
Criteria For EA Tool Selection
Maganathin Veeraragaloo
 
IT4IT BCS
IT4IT BCSIT4IT BCS
IT4IT BCS
Tony Price
 
Review of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability ModelsReview of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability Models
Alan McSweeney
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4IT
David Favelle
 
IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022
Rob Akershoek
 
TOGAF Classroom Series - M1 intro-ea-togaf
TOGAF Classroom Series - M1 intro-ea-togafTOGAF Classroom Series - M1 intro-ea-togaf
TOGAF Classroom Series - M1 intro-ea-togaf
Cuneyt Kaya
 
Request to Fulfill Presentation (IT4IT)
Request to Fulfill Presentation (IT4IT)Request to Fulfill Presentation (IT4IT)
Request to Fulfill Presentation (IT4IT)
Rob Akershoek
 
Togaf 9.2 Introduction
Togaf 9.2 IntroductionTogaf 9.2 Introduction
Togaf 9.2 Introduction
Mohamed Zakarya Abdelgawad
 
TOGAF® & Major IT Frameworks - Architecting the Family
TOGAF® & Major IT Frameworks - Architecting the FamilyTOGAF® & Major IT Frameworks - Architecting the Family
TOGAF® & Major IT Frameworks - Architecting the Family
Danny Greefhorst
 
Architecture Governance in Brief
Architecture Governance in BriefArchitecture Governance in Brief
Architecture Governance in Brief
Anthony Dehnashi
 
Enterprise Architecture Governance: A Framework for Successful Business
Enterprise Architecture Governance: A Framework for Successful BusinessEnterprise Architecture Governance: A Framework for Successful Business
Enterprise Architecture Governance: A Framework for Successful Business
Nathaniel Palmer
 
Togaf 9.1 ADM summary
Togaf 9.1 ADM summaryTogaf 9.1 ADM summary
Togaf 9.1 ADM summary
Marco Bakker
 
Jira as a Tool for Test Management
Jira as a Tool for Test ManagementJira as a Tool for Test Management
Jira as a Tool for Test Management
Maija Laksa
 
Change management - ITIL Series
Change management - ITIL SeriesChange management - ITIL Series
Change management - ITIL Series
Yudi FlasheR
 
Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1
iasaglobal
 
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementIntroduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service management
Christian F. Nissen
 
SaaS Architecture Past and Present
SaaS Architecture Past and PresentSaaS Architecture Past and Present
SaaS Architecture Past and Present
Techcello
 
Cloud architecture with the ArchiMate Language
Cloud architecture with the ArchiMate LanguageCloud architecture with the ArchiMate Language
Cloud architecture with the ArchiMate Language
Iver Band
 
Practice EA in three tiers
Practice EA in three tiersPractice EA in three tiers
Practice EA in three tiers
John Wu
 
Business Architecture Foundations
Business Architecture FoundationsBusiness Architecture Foundations
Business Architecture Foundations
Mohamed Zakarya Abdelgawad
 
Value stream management is essential for dev ops v4
Value stream management is essential for dev ops v4Value stream management is essential for dev ops v4
Value stream management is essential for dev ops v4
DevOps.com
 
ArchiMate introduction
ArchiMate introductionArchiMate introduction
ArchiMate introduction
Ashraf Fouad
 
Modeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMateModeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMate
Iver Band
 
A tailored enterprise architecture maturity model
A tailored enterprise architecture maturity modelA tailored enterprise architecture maturity model
A tailored enterprise architecture maturity model
Paul Sullivan
 
Togaf 9 overview
Togaf 9 overviewTogaf 9 overview
Togaf 9 overview
EnterpriseArchitects
 
Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware Platform
WSO2
 
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.Workshop on Identity & Access Management.
Workshop on Identity & Access Management.
cisoplatform
 

Más contenido relacionado

La actualidad más candente

Enterprise Architecture Governance: A Framework for Successful Business
Enterprise Architecture Governance: A Framework for Successful BusinessEnterprise Architecture Governance: A Framework for Successful Business
Enterprise Architecture Governance: A Framework for Successful Business
Nathaniel Palmer
 
Cloud architecture with the ArchiMate Language
Cloud architecture with the ArchiMate LanguageCloud architecture with the ArchiMate Language
Cloud architecture with the ArchiMate Language
Iver Band
 
Value stream management is essential for dev ops v4
Value stream management is essential for dev ops v4Value stream management is essential for dev ops v4
Value stream management is essential for dev ops v4
DevOps.com
 
Modeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMateModeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMate
Iver Band
 

La actualidad más candente (20)

TOGAF Classroom Series - M1 intro-ea-togaf
TOGAF Classroom Series - M1 intro-ea-togafTOGAF Classroom Series - M1 intro-ea-togaf
TOGAF Classroom Series - M1 intro-ea-togaf
 
Request to Fulfill Presentation (IT4IT)
Request to Fulfill Presentation (IT4IT)Request to Fulfill Presentation (IT4IT)
Request to Fulfill Presentation (IT4IT)
 
Togaf 9.2 Introduction
Togaf 9.2 IntroductionTogaf 9.2 Introduction
Togaf 9.2 Introduction
 
TOGAF® & Major IT Frameworks - Architecting the Family
TOGAF® & Major IT Frameworks - Architecting the FamilyTOGAF® & Major IT Frameworks - Architecting the Family
TOGAF® & Major IT Frameworks - Architecting the Family
 
Architecture Governance in Brief
Architecture Governance in BriefArchitecture Governance in Brief
Architecture Governance in Brief
 
Enterprise Architecture Governance: A Framework for Successful Business
Enterprise Architecture Governance: A Framework for Successful BusinessEnterprise Architecture Governance: A Framework for Successful Business
Enterprise Architecture Governance: A Framework for Successful Business
 
Togaf 9.1 ADM summary
Togaf 9.1 ADM summaryTogaf 9.1 ADM summary
Togaf 9.1 ADM summary
 
Jira as a Tool for Test Management
Jira as a Tool for Test ManagementJira as a Tool for Test Management
Jira as a Tool for Test Management
 
Change management - ITIL Series
Change management - ITIL SeriesChange management - ITIL Series
Change management - ITIL Series
 
Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1
 
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementIntroduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service management
 
SaaS Architecture Past and Present
SaaS Architecture Past and PresentSaaS Architecture Past and Present
SaaS Architecture Past and Present
 
Cloud architecture with the ArchiMate Language
Cloud architecture with the ArchiMate LanguageCloud architecture with the ArchiMate Language
Cloud architecture with the ArchiMate Language
 
Practice EA in three tiers
Practice EA in three tiersPractice EA in three tiers
Practice EA in three tiers
 
Business Architecture Foundations
Business Architecture FoundationsBusiness Architecture Foundations
Business Architecture Foundations
 
Value stream management is essential for dev ops v4
Value stream management is essential for dev ops v4Value stream management is essential for dev ops v4
Value stream management is essential for dev ops v4
 
ArchiMate introduction
ArchiMate introductionArchiMate introduction
ArchiMate introduction
 
Modeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMateModeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMate
 
A tailored enterprise architecture maturity model
A tailored enterprise architecture maturity modelA tailored enterprise architecture maturity model
A tailored enterprise architecture maturity model
 
Togaf 9 overview
Togaf 9 overviewTogaf 9 overview
Togaf 9 overview
 

Destacado

Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware Platform
WSO2
 
Landscape of Web Identity Management
Landscape of Web Identity ManagementLandscape of Web Identity Management
Landscape of Web Identity Management
Fraunhofer AISEC
 
WSO2 Product Release Webinar: WSO2 Application Server 5.3
WSO2 Product Release Webinar: WSO2 Application Server 5.3WSO2 Product Release Webinar: WSO2 Application Server 5.3
WSO2 Product Release Webinar: WSO2 Application Server 5.3
WSO2
 
The Private API Economy
The Private API EconomyThe Private API Economy
The Private API Economy
WSO2
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
WSO2
 
Uk french national id card presentation
Uk french national id card presentationUk french national id card presentation
Uk french national id card presentation
Saiful Chowdhury
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare Providers
Andrew Ames
 

Destacado (20)

Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware Platform
 
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.Workshop on Identity & Access Management.
Workshop on Identity & Access Management.
 
Landscape of Web Identity Management
Landscape of Web Identity ManagementLandscape of Web Identity Management
Landscape of Web Identity Management
 
Git beyond basics
Git beyond basicsGit beyond basics
Git beyond basics
 
WSO2 Product Release Webinar: WSO2 Application Server 5.3
WSO2 Product Release Webinar: WSO2 Application Server 5.3WSO2 Product Release Webinar: WSO2 Application Server 5.3
WSO2 Product Release Webinar: WSO2 Application Server 5.3
 
A Practitioner´s Recommendations for successful IAM Programs
A Practitioner´s Recommendations for successful IAM ProgramsA Practitioner´s Recommendations for successful IAM Programs
A Practitioner´s Recommendations for successful IAM Programs
 
The Private API Economy
The Private API EconomyThe Private API Economy
The Private API Economy
 
CIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk PostureCIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
 
Alchemy of the API Economy
Alchemy of the API EconomyAlchemy of the API Economy
Alchemy of the API Economy
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
 
Uk french national id card presentation
Uk french national id card presentationUk french national id card presentation
Uk french national id card presentation
 
Informal Leadership: Case Study IAM live 2015
Informal Leadership: Case Study IAM live 2015Informal Leadership: Case Study IAM live 2015
Informal Leadership: Case Study IAM live 2015
 
The Use of Formal Methods on the iFACTS Air Traffic Control Project
The Use of Formal Methods on the iFACTS Air Traffic Control ProjectThe Use of Formal Methods on the iFACTS Air Traffic Control Project
The Use of Formal Methods on the iFACTS Air Traffic Control Project
 
Anton's Log Management 'Worst Practices'
Anton's Log Management 'Worst Practices'Anton's Log Management 'Worst Practices'
Anton's Log Management 'Worst Practices'
 
Presentation gdpr ahti
Presentation gdpr ahtiPresentation gdpr ahti
Presentation gdpr ahti
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare Providers
 
Identity Management: Tools, processes & services
Identity Management: Tools, processes & servicesIdentity Management: Tools, processes & services
Identity Management: Tools, processes & services
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in Action
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
 

Similar a Identity and Entitlement Management Concepts

ESB Evaluation Framework
ESB Evaluation Framework ESB Evaluation Framework
ESB Evaluation Framework
WSO2
 
Reshape Integration - Think Beyond the ESB
Reshape Integration - Think Beyond the ESBReshape Integration - Think Beyond the ESB
Reshape Integration - Think Beyond the ESB
WSO2
 
Introduction to Enterprise Mobility Manager
Introduction to Enterprise Mobility Manager Introduction to Enterprise Mobility Manager
Introduction to Enterprise Mobility Manager
WSO2
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
David Linthicum
 

Similar a Identity and Entitlement Management Concepts (20)

ESB Evaluation Framework
ESB Evaluation Framework ESB Evaluation Framework
ESB Evaluation Framework
 
[Final] best practices for access management (mule soft meetups riyadh) - j...
[Final] best practices for access management (mule soft meetups riyadh) - j...[Final] best practices for access management (mule soft meetups riyadh) - j...
[Final] best practices for access management (mule soft meetups riyadh) - j...
 
CyberArk
CyberArkCyberArk
CyberArk
 
Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824
 
Reshape Integration - Think Beyond the ESB
Reshape Integration - Think Beyond the ESBReshape Integration - Think Beyond the ESB
Reshape Integration - Think Beyond the ESB
 
Automating Security Management in PBCS!
Automating Security Management in PBCS!Automating Security Management in PBCS!
Automating Security Management in PBCS!
 
Identity Management Buyer’s Guide for the SME
Identity Management Buyer’s Guide for the SMEIdentity Management Buyer’s Guide for the SME
Identity Management Buyer’s Guide for the SME
 
Identity Management Buyer’s Guide for the SME
Identity Management Buyer’s Guide for the SMEIdentity Management Buyer’s Guide for the SME
Identity Management Buyer’s Guide for the SME
 
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps Era
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3
 
Con8813 securing privileged accounts with an integrated idm solution - final
Con8813 securing privileged accounts with an integrated idm solution - finalCon8813 securing privileged accounts with an integrated idm solution - final
Con8813 securing privileged accounts with an integrated idm solution - final
 
Access Control Pitfalls v2
Access Control Pitfalls v2Access Control Pitfalls v2
Access Control Pitfalls v2
 
Introduction to Enterprise Mobility Manager
Introduction to Enterprise Mobility Manager Introduction to Enterprise Mobility Manager
Introduction to Enterprise Mobility Manager
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
 
MuleSoft Singapore Meetup - Number 6 - September 24, 2020
MuleSoft Singapore Meetup - Number 6 - September 24, 2020MuleSoft Singapore Meetup - Number 6 - September 24, 2020
MuleSoft Singapore Meetup - Number 6 - September 24, 2020
 
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
 
Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...
Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...
Madrid Alfresco Day 2015 - John Pomeroy - Why Alfresco in today’s Digital Ent...
 
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
 

Más de WSO2

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 

Más de WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Identity and Entitlement Management Concepts

  • 1. Last Updated: Jan. 2014 Tech  Lead   Chamath  Gunawardana   Iden/ty  and  En/tlement   Management  –  Concepts  and   Theories  
  • 2. 2   About  the  Presenter(s)   ๏  Chamath  Gunawardana   Chamath  Gunwardana  is  a  technical  lead  at   WSO2  working  for  the  integra/on  technology   group.  He's  engaged  in  the  developments  of   the  WSO2  Iden/ty  Server  and  also  a   commiKer  of  the  WSO2  Iden/ty  Server.   Chamath  is  also  a  SUN  cer/fied  java   programmer.    
  • 3. 3   About  WSO2   ๏  Global  enterprise,  founded  in  2005   by  acknowledged  leaders  in  XML,   web  services    technologies,   standards    and  open  source   ๏  Provides  only  open  source   plaVorm-­‐as-­‐a-­‐service  for  private,   public  and  hybrid  cloud   deployments   ๏  All  WSO2  products  are  100%  open   source  and  released  under  the   Apache  License  Version  2.0.   ๏  Is  an  Ac/ve  Member  of  OASIS,   Cloud  Security  Alliance,  OSGi   Alliance,  AMQP  Working  Group,   OpenID  Founda/on  and  W3C.   ๏  Driven  by  Innova/on   ๏  Launched  first  open  source  API   Management  solu/on  in  2012   ๏  Launched  App  Factory  in  2Q  2013   ๏  Launched  Enterprise  Store  and   first  open  source  Mobile  solu/on   in  4Q  2013  
  • 4. 4   What  WSO2  delivers  
  • 5. Agenda   ๏  En/tlement  management   ๏  overview   ๏  Access  control  concepts   ๏  XACML   ๏  En/tlement  architecture  in  iden/ty  server   ๏  Iden/ty  management   ๏  overview   ๏  Features  of  iden/ty  management  systems   ๏  Couple  of  Iden/ty  Management  Capabili/es  in  iden/ty  server   ๏  Demo   5  
  • 6. What  is  En/tlement  Mng..   ๏  En#tlement  management  is  technology  that  grants,   resolves,  enforces,  revokes  and  administers  fine-­‐ grained  access  en/tlements.   ๏  Also  referred  to  as   authoriza/ons, privileges, access  rights, permissions  and/or   rules        -­‐  Gartner  Glossary   6  
  • 7. En/tlement  Management   ๏  It s  a  broader  concept   ๏  Types  of  access  control  includes,   ๏  Access  control  lists   ๏  Role  based  access  control   ๏  AKribute  based  access  control   ๏  Policy  based  access  control   7  
  • 8. Access  control  lists   ๏  Oldest  and  most    basic  form  of  access  control   ๏  Primarily  Opera/ng  systems  adopted   ๏  Maintains  set  of  user  and  opera/ons  can  performed  on   a  resource  as  a  mapping   ๏  Also  easier  to  implement  using  maps   ๏  Not  scalable  for  large  user  bases   ๏  Difficult  to  manage   8  
  • 9. Role  based  access  control   ๏  System  having  users  that  belongs  to  roles   ๏  Role  defines  which  resources  will  be  allowed   ๏  Reduces  the  management  overhead   ๏  Users  and  roles  can  be  externalized  using  user  stores   ๏  Need  to  manage  the  roles   ๏  User  may  belong  to  mul/ple  roles   9  
  • 10. AKribute  based  access  control   ๏  Authoriza/on  based  on  aKributes   ๏  Addresses  the  limita/on  of  role  based  approach  to   define  fine  grain  access  control   ๏  AKributes  of  user,  environment  as  well  as  resource  it   self   ๏  More  flexible  than  role  based  approach   ๏  No  need  for  knowing  the  user  prior  to  gran/ng  access   10  
  • 11. Policy  based  access  control   ๏  Address  the  requirement  to  have  more  uniform  access   control  mechanism   ๏  Helps  to  large  enterprises  to  have  uniform  access   control  amount  org  units   ๏  Helps  for  security  audits  to  be  carried  out   ๏  Complex  than  any  other  access  control  system   ๏  Specify  policies  unambiguously  with  XACML   ๏  Use  of  authorized  aKribute  sources  in  the  enterprise   11  
  • 12. Advantages   ๏  Reduce  the  development  /me  on  cri/cal  business   func/ons   ๏  Easy  management  of  en/tlements   ๏  Based  on  industry  standard  specifica/ons   ๏  Support  for  future  development  with  minimum  effort   12  
  • 13. XACML   ๏  XACML  is  a  policy  based  authoriza/on/en/tlement   system   ๏  De-­‐facto  standard  for  authoriza/on   ๏  Evaluated  of  1.0,  2.0  and  3.0  versions   ๏  Externalized   ๏  Policy  based   ๏  Fine  grained   ๏  Standardized   13  
  • 14. XACML   ๏  Iden/ty  Server  supports  XACML  2.0  and  3.0  versions   ๏  Supports  mul/ple  PIPs   ๏  Policy  distribu/on   ๏  UI  wizards  for  defining  policies   ๏  Try  it  tool   ๏  Decision  /  AKribute  caching   14  
  • 19. Try  it  tool   19  
  • 20. Try  it  tool  request   20  
  • 22. Iden/ty  Management   ๏  Managing  Iden/ty  of  users  in  a  system   ๏  Control  access  to  resources   ๏  Important  component  in  an  enterprise   ๏  Enterprises  depends  on  the  security  provided  by   iden/ty  management  systems   22  
  • 23. Why  Iden/ty  Management   ๏  Directly  influences  the  security  and  produc/vity  of  an   organiza/on   ๏  To  enforce  consistency  in  security  policies  across   organiza/on   ๏  To  comply  with  rules  and  regula/ons  enforced  in  some   cri/cal  domains  by  governments   ๏  Provide  access  to  resources  to  outside  par/es  without   compromising  security   23  
  • 24. Why  Iden/ty  Management  Cont.   ๏  Controlled  resource  access  increases  organiza/onal   security   ๏  Increased  audit-­‐ability  of  the  systems   ๏  Automated  password  reset  capabili/es   24  
  • 25. Features  of  IDM  System   ๏  User  Stores  /  Directories   ๏  Authen/ca/on   ๏  Authoriza/on   ๏  Single  Sign  On   ๏  Provisioning   ๏  Delega/on   ๏  Password  reset   ๏  Self  registra/on  with  locking  25  
  • 26. User  stores  /  Directories   ๏  Grouping  of  user  and  roles   ๏  Easy  management  in  authoriza/on  decisions   ๏  Different  types  of  user  stores  support   26  
  • 27. Authen/ca/on   ๏  Iden/fying  which  en/ty  are  we  communica/ng  with   ๏  En/ty  can  be  users  or  systems   ๏  Most  basic  form  is  user  name  and  password   ๏  Authen/ca/on  against  user  store   ๏  Concept  of  mul/  factor  authen/ca/on   27  
  • 28. Authoriza/on   ๏  What  an  en/ty  allowed  to  access  in  the  system   ๏  En/tlement  management  aspects   ๏  Discussed   28  
  • 29. Single  Sign  On   ๏  Having  mul/ple  applica/ons  with  login  requirements   ๏  Once  login  to  the  applica/on  automa/c  login  to  other   applica/ons   ๏  Token  usage   ๏  Iden/ty  Federa/on   ๏  Technologies  used   ๏  OpenID   ๏  SAML   ๏  Kerboros   ๏  WS-­‐Federa/on  passive   29  
  • 30. Provisioning   ๏  Concept  of  adding  and  removing  iden//es  from  user   store   ๏  Provisioning  to  external  systems   ๏  Technologies   ๏  SPML   ๏  SCIM   30  
  • 31. Delega/on   ๏  Giving  responsibility  to  another  en/ty  to  carry  out  tasks   on  behalf  of  you   ๏  Creden/al  sharing  systems   ๏  Technologies   ๏  OAuth   31  
  • 32. Users  and  roles   ๏  Enterprise  user  stores  with  users  and  roles   ๏  Managing  user  stores   ๏  Support  for  mul/ple  user  stores   ๏  Easy  configura/on  of  user  stores  in  UI   ๏  Types  of  user  stores     ๏  LDAP,  Ac/ve  Directory,  JDBC   ๏  Support  for  mul/-­‐tenancy   32  
  • 33. Password  reset   ๏  Web  apps  needing  end  user  password  reset   func/onality   ๏  Supports,   ๏  Reset  with  no/fica/on   ๏  Reset  with  secret  ques/ons   ๏  Increased  security  with  mul/ple  keys  in  the  reset  flow   ๏  UI  based  email  templates  configura/on   33  
  • 34. Self  registra/on  with  locking   ๏  Separate  web  service  to  self  registra/on  with  account   lock   ๏  Upon  registra/on  sending  confirma/on  link  to  account   unlock   ๏  Only  users  with  valid  email  address  gain  access  to   system   ๏  Configurable  email  no/fica/on  template   34  
  • 37. 37   More  Informa/on  !   ๏  The  slides  and  webinar  will  be  available  soon.   ๏  Please  refer  Iden/ty  Server  documenta/on  -­‐  hKps:// docs.wso2.org/display/IS500/WSO2+Iden/ty+Server +Documenta/on