IdM

1
IdM OpenID

• Present by
• Fangli cai
• Prantap Bedi

2
The need for IdM OpenID

• As the world of e-business gains global
  acceptance, the traditional processes of
• corporate user administration are no longer able
  to cope with the demands of
• increased scale and scope expected from them

3
IdM

• Identity management is a solution to mange and
  secure access to the information and resource of
  an organization by a combination of processes and
  technologies..

4
Identity and Management

• Authentication
• Authorization (Access Control)
• Auditing and Accounting
• Policy Management

5
The Structure
6
Authentication

• Web-based Authentication
• MAC-based Authentication
• SSO Authentication

7
Authorization (Access Control)

• RBAC --access control models

8
Example

• Example of identity management
• Hi! Im Frank.
• (Identity)
• and heres my Username and Password to the
  system
• (Authentication)
• I want to access my MySJSU account
• (Authorization Allowing Frank to use services
  for his authorized)
• And I want to change my grade in last semesters
  course
• (Authorization preventing frank from things his
  not supposed to do)

9
Auditing and Accounting

• Reporting and audit controls are an important
  part of Identity Management. It is performed to
  ascertain the validity and reliability of
  information, and also provide an assessment of a
  systems internal control. Audit trails and logs
  are important for both detecting security
  violations and re-creating security incidents.

10
Policy Management

• Policy Management allows administrators to define
  rules for moving from one state to another. There
  rules take the form if condition, then action,

11
IDM Account lifecycle

• Profile Management
• Workflow
• Provisioning
• Delegated Administration
• Password Management

12
Profile Management

• Profile management provides a way to manage
  identities and distribute that managed
  information to external databases, directories,
  and applications throughout the enterprise, and
  potentially beyond. This process facilities the
  self-management of user profile information and
  the automated replication of accurate profile
  data to key enterprise systems.4

13
Password management

• EPV is stand for Enterprise Password Vault. it
  can provide a help though Check in and Check out
  passwords, EPV makes sure that only one person is
  using the account at any given time. and is able
  to track who and when logged into account

14
Open ID
15
What is OpenID

• Decentralized Single Sign On Mechanism
• In Simple terms is a URL
• Made possible by OpedID providers

16
How Does Open ID Work?
17
How Does Open ID Work?
18
How Does Open ID Work?
19
How Does Open ID Work?
20
How Does Open ID Work?
21
Implementation

• Light-Weight Identity
• Yadis
• Sxip DIX protocol
• XRI/i-names

22
User Advantages

• Eliminates the need to manage multiple accounts
  with different websites.
• Is a lightweight application and thus does not
  put any load on the users computer resources.
• Logging in is as simple as entering a URL.
• Eliminates the overhead of entering long forms to
  signup for a new website

23
Website Advantages

• Provides simple standardized signup process
• Takes care of User Account Management
• Pre-Existing Large Userbase

24
Disadvantages

• It is akin to putting all eggs in one basket.
• OpenID is vulnerable to phishing attacks.
• It is equivalent to outsourcing the security of
  you website to a 3rd party provider.

25
Future Work and Industry Adoption

• VeriSign and SUN Microsystems have signed a
  patent covenant regarding OpenID.
• AOL has developed OpenID's for all of their users
  available at http//openid.aol.com/screenname
• The government of Estonia has tied the national
  identity issued to each citizen with an OpenID
  located at https//open.id.ee/NationalIdentityName
  

26
Questions?