Enterprise Identity - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Enterprise Identity

Description:

Dave Nesbitt Oxford Computer Group. Agenda ... 15. Complex SSO Server Cache. Authentication. Service. Credential Store (probably LDAP ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 18
Provided by: linseyd
Category:

less

Transcript and Presenter's Notes

Title: Enterprise Identity


1
Enterprise Identity
  • Steve Plank Microsoft
  • Hugh Simpson-Wells Oxford Computer Group
  • Dave Nesbitt Oxford Computer Group

2
Agenda
  • Overview of Enterprise Identity
    Challenges/Solutions
  • Individual Group Discussions (led)
  • Large Group Debate

3
The Digital Identity Lifecycle
Roles
Director
Service Manager
Product Manager
PA
Customer Service
HR Admin
Sales Person
Engineer
Call Handler
4
The Digital Identity Lifecycle
Hire/Fire Scenario
Access Management Joining Identities Identity
Data Aggregation Identity Data Enforcement Identit
y Data Brokering
  • A business owns critical assets
  • Roles are defined
  • People are hired
  • People change role
  • People are fired
  • They access critical assets

They leave of their own accord too!
Role 1
Role 3
Role 4
Role 5
Role 2
5
Hire Scenario
HR System
Provisioning System or Metadirectory
?
Contractor System
E-mail
E-mail
Infrastructure Directory
LDAP
Application Directory
LDAP
Database
SQL
LOB App
API
6
Fire Scenario
HR System
Provisioning System or Metadirectory
?
Contractor System
E-mail
E-mail
Infrastructure Directory
LDAP
Application Directory
LDAP
Database
SQL
LOB App
API
7
Join, Attribute Flow, Enforcement
Metadirectory
HR System
JOINED
Project to Metadirectory
E-mail System
givenName
Clark
Join on employeeID
sn
Kennttt
JOINED
title
Reporter
Reporter
Clark_at_contoso.com
mail
Clark_at_contoso.com
employeeID
007
007
telephone
Infrastructure Directory
givenName
Klarke
Join on mail
sn
Kent
JOINED
title
Superhero
mail
Clark_at_contoso.com
Clark_at_contoso.com
employeeID
telephone
Application Directory
givenName
Klarek
JOINED
sn
Cenntt
Join on employeeID
title
mail
employeeID
008
telephone
867-5309
44 123 456 7890
44 123 456 7890
8
Identity Joining Scenario
Metadirectory
HR System
E-mail System
givenName
Clark
sn
Kennttt
Clark
Clark
Clark
Clark
Clark
title
Reporter
Reporter
Kent
Kent
Kent
Kent
Clark_at_contoso.com
mail
Clark_at_contoso.com
Superhero
Superhero
Superhero
Superhero
employeeID
007
Clark_at_contoso.com
Clark_at_contoso.com
Clark_at_contoso.com
Clark_at_contoso.com
telephone
007
007
007
007
44 123 456 7890
44 123 456 7890
44 123 456 7890
44 123 456 7890
44 123 456 7890
Infrastructure Directory
givenName
Klarke
sn
Kent
title
Superhero
mail
Clark_at_contoso.com
employeeID
telephone
Application Directory
givenName
Klarek
sn
Cenntt
title
mail
employeeID
008
telephone
867-5309
44 123 456 7890
9
Single Sign On
  • Simple SSO
  • Single Authentication Authority, Single Server
  • Single Authentication Authority, Multiple Server
  • Complex SSO
  • Single Credential Set
  • Token Based SSO
  • PKI Based SSO
  • Multiple Credential Set
  • Credential Sync (Consistent Sign On)
  • Client-side Credential Mapping
  • Server-side Credential Mapping

10
Simple SSO
AuthN Exchange
Credential Store (probably LDAP directory)
Replication
AuthN Exchange
Resource Server
11
No SSO
AuthN Exchange
Authentication Service
Credential Store (probably LDAP directory)
AuthN Exchange
Authentication Service
Credential Store (probably LDAP directory)
12
Complex SSO 1 Credential, Token-based
AuthN Exchange
Authentication Service
Credential Store (probably LDAP directory)
Temp Token
Temp Token
Trust
Authentication Service
Credential Store (probably LDAP directory)
13
Consistent Sign On Password Sync
AuthN Exchange
Password Crypto System
PW trap
plaintext pw
cyphertext pw
plaintext pw
Authentication Service
Credential Store (probably LDAP directory)
AuthN Exchange
Normalize identities - metadirectory
Password Crypto System
Password Copy Service
cyphertext pw
Authentication Service
Credential Store (probably LDAP directory)
14
Complex SSO Client Cache
AuthN Exchange
Authentication Service
Credential Store (probably LDAP directory)
Password Cache
AuthN Exchange
Authentication Service
Credential Store (probably LDAP directory)
15
Complex SSO Server Cache
AuthN Exchange
password
Authentication Service
Credential Store (probably LDAP directory)
Client Installed SSO Agent
AuthN Exchange
Authentication Service
Credential Store (probably LDAP directory)
16
Complex SSO Server Cache
Single Sign-On
  • SSO Agent detects login dialog
  • Retrieves credentials from ID store fills in
    dialog
  • Understands password change dialogs
  • Auto-generates new passwords

ID Store
Client
Login
User object
User-id
Client-side SSO Agent
SSO Attributes User-id Password
FSmith
Password

17
Review
  • Overview of Enterprise Identity
    Challenges/Solutions
  • Individual Group Discussions (led)
  • Large Group Debate
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Enterprise Identity" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!