State of Michigan Horizon Program

1
State of Michigan - Horizon Program

• April 2005

April 2005
Ashish Larivee Director, Product Marketing alari
vee_at_novell.com
2
Agenda
Briefing Agenda
Identity
1
Identity Management
2
3
Provisioning Federation
Single Sign-On Portals
4
QA
5
3
Government Challenges Today

• Obtaining, updating and distributing decision
  making data is becoming evermore complex, time
  consuming, and expensive.

4
Challenge The Demanding CitizenOpportunity
Improve Constituent Service
"Theoretically, once enough transactions and
interactions have been integrated from the point
of view of the citizen or business, then in a
very real sense, the government as an entity is
transformed."
Transform
Integrate
Stages of eGovernmentEvolution
Transact
Complexity
Interact
"The dream is that this will constitute a
transformation of government from a rigid,
bureaucratic, inward-looking industrial-style
organization to a more agile, responsive,
accountable and transparent customer-centered
organization."
Publish
Time
Source Authentication and Identity Management
Information Age Policy Considerations
by Daniel Greenwood, esq., Director of the MIT
eCommerce Architecture Program
5
Challenge Transparency and Security

• Government faces two competing requirements
• Provide greater access to government data to
  comply with Freedom of Information laws and
  improve homeland security
  
• Safeguard access to constituent data to ensure
  confidentiality and prevent abuse

• Transparency
• Provide constituents access to data collected by
  government
  
• Provide law enforcement, humanservices and
  others the ability to connect the dots

• Privacy
• Ensure confidentiality of citizen data
• Prevent inappropriate use of data

6
Challenge Transparency and SecurityOpportunity
Identity

• Managing identities resolves the conflict between
  transparency and security
  
• Constituents and employees are authenticated
  based upon passwords, smartcards, digital
  signatures or other means
  
• Authorization to access data is based upon
  defined policies, regulations and statutes

• Identity
• who am I?
• what can I access?

Privacy
Transparency
7
Your organization
8
Employee
Nsure
9
Novell NsureIntegrating Isolated Identities
10
What is Identity Management?

• Identity how an individual (or entity) is
  represented within a heterogeneous IT system
  
• Identity Management streamlining the process of
  
  
• managing users
• Access/accounts
• Passwords
• Information
• Typical functions of Identity Management
• Directory
• Identity Synchronization (Metadirectory)
• Provisioning/De-provisioning
• Role-based Administration
• White Pages User Self-Service
• Secure Logging, Auditing, Reporting

11
Novell Nsure Identity Integration
Nsure Identity Manager
12
Managing the User Lifecycle
Provisioning
Relationship Begins
Promotion
Move Locations
USERLIFECYCLE
New Project
Forgot Password
Relationship Ends
Password Expires
13
What is Provisioning?

• Its about
• Immediate Access
• Instant On
• Rapid time to productivity
• Security Confidence
• Instant Off
• Eliminate known and unknown exposures
• Real Cost Savings
• Integrated, distributed identities
• Reduced points of administration

14
Managing the User Lifecycle
Provisioning
Relationship Begins
Promotion
Routine UserAdministration
Move Locations
USERLIFECYCLE
New Project
Forgot Password
Relationship Ends
Password Expires
15
Managing the User Lifecycle
Provisioning
Relationship Begins
Promotion
Routine UserAdministration
Move Locations
USERLIFECYCLE
New Project
Forgot Password
PasswordManagement
Relationship Ends
Password Expires
16
Managing the User Lifecycle
Provisioning
Relationship Begins
Promotion
Routine UserAdministration
Move Locations
USERLIFECYCLE
New Project
Forgot Password
PasswordManagement
Relationship Ends
Password Expires
De-Provisioning
17
Secure Logging, Auditing, and Reporting(Integrati
on with Novell Nsure Audit)
Access
Promotion
Move Locations
USERLIFECYCLE
New Project
Forgot Password
Relationship Ends
Password Expires
18
Provisioning for Resource access
19
De-Provisioning for Resource security
Terminated employees have access revoked
completely immediately across all systems
20
Simplified administration
Employee
Nsure
21
Identity Access Management
22
(No Transcript)
23
Novell Nsure Identity Manager
Novell Confidential Internal Use Only
Version 2002-4

• Comprehensive Identity Management Suite
• Single aggregated view of Identity
• Simplified policy definition Policy Builder
• Comprehensive password management
• Enhanced self service and Applications
• Role-based access privileges
• Delegated administration
• Monitoring and reporting Nsure Audit

24
Federation

• Provides the most viable solution for realizing
  Seamless Internet-based services
  
• Provides single sign-on and securely shares
  identity data between trusted systems
  
• Enables Liberty Alliance-based user federation,
  identity exchange and provisioning
  
• Enforces role-based policies to control access to
  Web sites and other applications
  
• Leverages proxy-based technology to provide
  Liberty Alliance and SAML-based services, without
  requiring modification to existing web
  applications
• Supports B2B, B2C and B2E deployments

25
Liberty Alliance - Basic Federation

• Users decide who they want to federate their
  Identity with
  
• Federation is actually the linking of two
  accounts using a unique pseudonym. The user
  account must already exist in both locations

26
Value Proposition Liberty Alliance Identity
Provider and Service Provider

• Federated Identity provides user controlled
  single sign-on between consumer based, or
  enterprise based resources.
  
• For enterprise-based deployments, it allows and
  organization to deliver the benefits of single
  sign-on, without jeopardizing any privacy
  regulations.
• For Business-to-Consumer type services, users and
  responsible for determining what information can
  be shared with Service providers, maintaining
  privacy, while realizing the benefits of SSO
• Use cases include
• Standard Federation and Identity Exchange (B2C
  and B2E)

27
Introduction to the Liberty Alliance
Specification

• Liberty Alliance
• The vision of Liberty Alliance members is to
  provide a networked world across which
  individuals and businesses can engage in
  virtually any transaction without compromising
  the privacy and security of vital identity
  information
• Structured framework removes the complexity in
  establishing SAML-enabled services
  
• Standard is spearheaded by various industry
  leaders (mostly non-technology businesses).
  

28
Liberty Alliance Membership
29
Government Portals

• To meet the challenges (and grasp the
  opportunities) facing government, portals must
  include
  
• Identities a central record of the role and
  profile of each user
  
• Policies a set of rules regarding the access
  entitlements for users based on their identity
  information
  
• Based on legislation, regulation or agency
  policy
  
• Authentication using passwords, smartcards and/or
  biometrics ensures that confidentiality and
  security are maintained

Who is this?
Identity
What canthey access?
Constituents, Employees
Policies
30
Secure Identity Infrastructure
Authentication
Work Flow
Identity
Digital Signatures
Personalization
Roles
Provisioning
Federated Identity
31
Secure Identity Infrastructure
Authentication
Work Flow
Identity
Digital Signatures
Personalization
Roles
Provisioning
Federated Identity
32
Manage Secure the enterprise
MANAGEMENT
SECURITY
Enterprise all its resources
Integration
Automation
Access
Compliance
Identity Applications Transactions
Provisioning Approvals Self-Service
Authentication Authorization Single Sign-On
Audit Monitoring Reporting

• Identity Management helps integrate identity
  stores and Access Management provides role-based
  security with auditing for compliance.
  
• Application Integration enables aggregated view
  of systems presented through Portals for
  self-service and automation.
  
• Resource Management automates management of IT
  Resources to Users and Devices, based on policy,
  and ensures a stable and secure environment

33
Focus on the Foundation
Educate toward Novells strengths in directory
and in meta-directory
34
Forrester Novell is a Full-Suite IDM Vendor
35
Novell End-to-End IDM Functionality
36
Michigan State Police
Customer situation
Approach
Business results

• 10 million citizens, 55,000 employees in 20 state
  agencies and 1,500 law enforcement professionals
  
• Shared IDs and passwords at common terminals did
  not meet federal security requirements

• Completed with a limited budget and no additional
  headcount
  
• Administration time reduced 40 percent
• Created a secure portal with single sign-on
  access
  
• Solution now being expanded state-wide

• Novell Nsure solution including
• Novell eDirectory
• Novell Identity Manager
• Novell iChain
• Novell exteNd

37
State of Nebraska
By using a Novell Nsure solution, the State of
Nebraska has made government services more
available and convenient. Employees and citizens
have personalized, role-based access to Web
applications from any location, using a standard
Web browser.
Approach
Customer situation
Business results

• Needed to provide more online services while
  reducing costs and maintaining the security of
  confidential information
  
• Believed that making services more accessible
  would minimize the amount of work for State
  employees

• Novell Nsure solution including
• eDirectory 8.5
• iChain
• BorderManager
• Identity Manager 2
• SUSE LINUX Enterprise Server (SLES)
• NetWare

• Web-enabled more than 20 applications without
  additional IT resources
  
• Single sign-on decreased password help desk
  calls 20
  
• Avoid creating a security front-end for new
  applications, reducing application development
  time 30

38
The Problem(s)
Unix Admin
Users
Apps Admin
DMZ
Web Users
Netware
Netware/NT Admin
Web Server
Web Server
AIX, Solaris, HP-UX, Linux, etc
Apps
Apps
NT/2000
OS/390 Admin
VPN, Dial-up, Wireless Users
Access Control Server
OS/390
39
The Solution
Employees, Citizens, Suppliers
Novell eDirectory
iChain
40
Getting the Right Resources to the Right People
at the Right Time

• Provide simple, secure, and streamlined
  role-based access to business content, services
  and resources that
  
• Increases productivity.
• Supports privacy and security.
• Enhances satisfaction.
• Reduces system administrative costs.

41
(No Transcript)