Identity Toolkit

Identity Toolkit
A one stop site for all your IAM queries

Search for IAM topics

Monday, December 19, 2011

Up In the Cloud!!

So what does Identity have to do with the Cloud?


To begin with - What is the Cloud- It allows a Digital Identity to explore the virtual space which trancends the normally accepted boundries of an enterprise.


Cloud Services represent a radical shift in in the way information services are delivered, based on wide use of internet standards and virtualization.
Key Benefits:
•Increased Agility
•Reduced Capital Expenditures
•Optimized Resources


The Identity of the user in the cloud is of critical importance for the model to suceed and Federation plays a crucial role to enable Cloud service providers to create a layer of abstratction by relying on a trusted third party Identity Provider to authorize the access and provide the level of authorization without the overhead of sharing any personal identity information.

More later...

Tuesday, February 9, 2010

Identity Administration

Identity administration models include centralized, delegated, and self-service administration; delegated administration with workflow approval; public key infrastructure (PKI)-based administration; federated IdM; and automated administration. The identity of the person who is being allowed to administer designated IdM stores, functions, and data is often the principal difference among the models:
  • Manual: Administration of identity data and functions by IT personnel or LOB representatives; identity data may be entered directly into application environments that don’t source identity information from a shared service or into a user provisioning system that distributes identity data to multiple applications.
  • Automated: Administration based on rules according to business, security, or regulatory policies—accounts are created or access is granted based on the value of certain attributes (e.g., “if cost center is xyz, then permit access to procurement system”); these rules are evaluated and processed without human intervention or workflow approval:
    >>Workflow approval: A subset of automated administration requires the review and approval of system, resource, or application owner.
>>Federated: In federated models, identity attributes are sourced from partner systems in an automated fashion at runtime. This is also known as just in time provisioning of access.
  • Self-service: Administration of selected user-specific identity data by the users to whom the data pertains. Self-service interfaces are increasingly required to allow internal or external users, who are often the best information source, to update and manage a subset of data about their identities and therefore shoulder a portion of the administrative cost. Self-service capabilities can include self-registration, subscribing to published services, maintaining personal data, and self-help such as password resets.

Sunday, February 7, 2010

Federation : The Empire Strikes Back



What is Federation?
Let us discuss the challenges of Identity Silos.
Enterprise IAM suites provide a tightly coupled integration with managed resources.
This is better than having indipendent ID's on individual systems. But falls short of the ideal solution where we can maintain the unified identity outside the enterprise domain.

With increasingly collaborative environment being enabled by online communities there is a need for a loosely coupled system providing a way to identitify users accross domains which collaborate frequently.

This is what Federation addresses.
So to summarize technically, Federation is:
1.A set of technical, legal, and operations agreements that facilitate distributed identification, authentication & authorization across boundaries (security, departmental, organizational or platform).
2.A model based upon trust in which user identities and security are individually managed and distributed by the service providers or member organizations.
3.The individual organization is responsible for vouching for the identity of its own users and the users are able to transparently interact with other trusted partners based on this first authentication

The figure below depicts a typical Federated environment:

Wednesday, February 3, 2010

Entitlement Management: Business Value

The business value of an Identity Solution is directly proportional to the number of integrated business applications and systems.


Business applications and systems have owners
•Owners must be convinced to integrate with IAM
•Convincing stakeholders requires tangible business benefits:
–Business Executive Sponsors
–IT Executive Sponsors
–Business Owners
–IT Custodians
Implementing a successful Identity Management systems requires a "Buy-in" from all stakeholders. Only when the functional requirements are clearly defined does the IAM program deliver maximum benifit to the organization.

Tuesday, February 2, 2010

Corporate Identity Projects: The Stakeholders

Implementing a Corporate Identity management program affects not just the IT infrastructure and operation but also impacts the Business as usual. IAM solutions provide services to multiple business applications, and involve a broad group of stakeholders.



Understanding their concerns and perspectives is a key project success factor.

Identity and Access Management Business Drivers: Why, Who and Where

There are various Business Drivers for implementing IAM solution.

Its is critical to know what your stakeholders want for an IAM program to be successful.
In our next post we will take a look at some of our prime stakeholders.

Identity and Access Management Overview

Identity and Access Management is the set of business processes, information, and technology for managing and using digital identities.

The diagram below illustrates these various components :