By: Nikhil Bendre

Gauri Jape

What is Identity?

Digital Identity

Attributes Role Relationship

Authentication◦ Who wants to access the system?

Authorization◦ Defining the rights to access

IDAM

Streamlines the access to resources

Reduces the wastage of time

Efficient Provisioning

Reduces Administrative Cost

Single Password

Ensures greater user productivity

Software Engineering

Architecture

Scalability

Need to standardize IDAM

Composed of◦ Subjects◦ Objects◦ Access rights

Types◦ ACL◦ RBAC◦ ABAC◦ CWAC

Access Control List

Consists of list of subjects & objects with the access rights

Example◦ acl(file 1) = { (process 1, {read, write, own}),

(process 2 {append}) } ◦ acl(process 1) = { (process 1, {read, write,

execute, own}), (process 2, {read}) }

Role Based Access Control

Consists of◦ Group of users based on roles◦ Permissions to roles

Supports revocation of access

High level specification possible

Attributes Based Access Control

◦ Grants access to the entities based on attributes

Context Aware Access Control

◦ Access based on surrounding context of subjects or objects

Both Support High Level Specification

Property of access control

Single Login In

Total Access to System

Examples◦ One Time Password◦ Smart Cards

New token structure

Conference key mechanism◦Secure way between service provider & identity provider

Service token mechanism for IDAM

IDAM

Access Control Models

Single Sign On

Sourceld Liberty