Enterprise Identity Steve Plank Microsoft Hugh SimpsonWells Oxford
- Slides: 17
Enterprise Identity Steve Plank – Microsoft Hugh Simpson-Wells – Oxford Computer Group Dave Nesbitt – Oxford Computer Group
Agenda • Overview of Enterprise Identity Challenges/Solutions • Individual Group Discussions (led) • Large Group “Debate”
The Digital Identity Lifecycle Roles 3 Product Manager Director Service Manager HR Admin PA Customer Service Call Handler Sales Person Engineer
The Digital Identity Lifecycle • A business owns critical assets • Roles are defined • People are hired • People change role • People are fired • They access critical They leave of their assets own accord too! Role 1 Role 2 Role 3 Access Management Joining Identities Identity Data Aggregation Identity Data Enforcement Identity Data Brokering 4 Role 5 Hire/Fire Scenario
Hire Scenario HR System Δ Contractor System E-mail Infrastructure Directory Application Directory Database LOB App 5 E-mail LDAP SQL API Provisioning System or Metadirectory
Fire Scenario HR System Δ Contractor System E-mail Infrastructure Directory Application Directory Database LOB App 6 E-mail LDAP SQL API Provisioning System or Metadirectory
Join, Attribute Flow, Enforcement… HR System given. Name sn title mail employee. ID telephone Clark Kent given. Name sn title mail employee. ID telephone Clark Kennttt Reporter Clark@contoso. com 007 Infrastructure given. Name sn Directory Klarke Kent Superhero Clark@contoso. com E-mail System title mail employee. ID telephone Application Directory 7 given. Name sn title mail employee. ID telephone Reporter 007 JOINED Project to Metadirectory JOINED Join on employee. ID JOINED Join on mail Klarek Cenntt JOINED Join on employee. ID Manual Join 008 867 -5309 +44 123 456 7890 Metadirectory
Identity Joining Scenario HR System given. Name sn title mail employee. ID telephone Clark Kent given. Name sn title mail employee. ID telephone Clark Kennttt Reporter Clark@contoso. com 007 Infrastructure given. Name sn Directory Klarke Kent Superhero Clark@contoso. com Application Directory Klarek Cenntt E-mail System title mail employee. ID telephone 8 given. Name sn title mail employee. ID telephone Reporter 007 008 +44 867 -5309 123 456 7890 given. Name sn title mail employee. ID telephone Clark Kent Superhero Clark@contoso. com 007 +44 123 456 7890 Metadirectory
Single Sign On • Simple SSO • Single Authentication Authority, Single Server • Single Authentication Authority, Multiple Server • Complex SSO • Single Credential Set • Token Based SSO • PKI Based SSO • Multiple Credential Set • Credential Sync (Consistent Sign On) • Client-side Credential Mapping • Server-side Credential Mapping 9
Simple SSO Auth. N Exchange Authentication Service Trust Auth. N Exchange Resource Server 1 Token Validation Credential Store (probably LDAP directory) Replication
No SSO Auth. N Exchange Authentication Service Credential Store (probably LDAP directory) Auth. N Exchange Authentication Service 1 Credential Store (probably LDAP directory)
Complex SSO: 1 Credential, Token-based Auth. N Exchange Authentication Service Temp Token Credential Store (probably LDAP directory) Temp Token Trust Authentication Service 1 Credential Store (probably LDAP directory)
Consistent Sign On: Password Sync Auth. N Exchange Authentication Service PW trap plaintext pw Password cyphertext pw Crypto System Credential Store (probably LDAP directory) Auth. N Exchange Normalize identities - metadirectory Authentication Service 1 Password Crypto cyphertext pw System Credential Store (probably LDAP directory) Password Copy Service
Complex SSO – Client Cache Auth. N Exchange Authentication Service Credential Store (probably LDAP directory) Password Cache Auth. N Exchange Authentication Service 1 Credential Store (probably LDAP directory)
Complex SSO – Server Cache Auth. N Exchange password Authentication Service Client Installed SSO Agent Credential Store (probably LDAP directory) Auth. N Exchange Authentication Service 1 Credential Store (probably LDAP directory)
Complex SSO – Server Cache • SSO Agent detects login dialog • Retrieves credentials from ID store & fills in dialog Single Sign-On Understands password change dialogs Auto-generates new passwords Client ID Store Login User-id: Password: 1 Client-side SSO Agent User object SSO Attributes: User-id: FSmith Password: *****
Review • Overview of Enterprise Identity Challenges/Solutions • Individual Group Discussions (led) • Large Group “Debate”
- Dr steve pearce oxford
- Steve strand oxford
- Steve jobs steve wozniak and ronald wayne
- Social identity mapping
- Oracle esso
- Steve riley microsoft
- Constanta lui plank
- Henry fayol principle of management
- Better backs
- Rock and roll snowman
- What are the planks of confidence
- A thin rectangular wooden plank is floating
- Plank road publishing
- Ugly sweater music k8
- Plank road publishing
- Floor plank
- Helmut plank
- Calculate pressure exerted by a screw on the wooden plank