Embed Size (px)
Citation preview
ICT Strategy
Identity Management and Enterprise Single Sign-On (ESSO)
Introduction
• Follows on from other related themes:• Unified Operator Interface (UOI)
• Network Convergence
• Network Security and Domains
• Circles of Trust
• Federated Identities
• Security as a Service
• Location transparency
• Virtualisation
Identity ManagementBusiness Value
“Identity management projects are much more than technology implementations — they drive real business value by reducing direct costs, improving operational efficiency and enabling
regulatory compliance.”
Explosion of ID’s
Pre 1980’s 1980’s 1990’s 2000’s
# ofDigital IDs
Time
Applicatio
ns
Mainframe
Client Server
Internet
BusinessAutomation
Intra-Agency (B2E)
Partners (B2B)
Customers (B2C)
Mobility
The Disconnected Reality
• “Identity Chaos”
• Lots of users and systems required to do business
• Multiple repositories of identity information; Multiple user IDs, multiple passwords
• Decentralised management, ad hoc data sharing
Enterprise Directory
HRSystem
InfrastructureApplication
Web Apps
In-HouseApplication
COTSApplication
NOS
In-HouseApplication
•Authentication•Authorisation•Identity Data
•Authentication•Authorisation•Identity Data
•Authentication•Authorisation•Identity Data
•Authentication•Authorisation•Identity Data
•Authorisation•Identity Data
•Authentication
•Authentication•Authorisation•Identity Data
•Authentication•Authorisation•Identity Data
Our AGENCY and EMPLOYEES
Our SUPPLIERS
Our PARTNERSOur REMOTE andVIRTUAL EMPLOYEES
Our CUSTOMERS
Customer satisfaction & customer intimacyCost competitivenessReach, personalisation
CollaborationOutsourcingFaster business cycles; process automationValue chain
Mobile workforceFlexible/temp workforce
Multiple Contexts
BusinessOwner
End UserIT Admin DeveloperSecurity/ Compliance
Too expensive to reach new partners, channels
Need for control
Too many passwords
Long waits for access to apps, resources
Too many user stores and account admin requests
Unsafe sync scripts
Pain Points
Redundant code in each app
Rework code too often
Too many orphaned accounts
Limited auditing ability
To-Be Authentication• Should only have to
login once
• Identity is federated across domains
• Access permissions determined by Role(s), Groups and Policies
• Automated provisioning linked to ERP Systems• Employees
joining/leaving (HR)
• Contractors (Procurement)
Federated Identities
• Cross domain trust using:• Security Access Markup Language (SAML)
• Liberty Alliance (ID-FF)/WS-Federation protocols
• Digital Certificates
IAM Architecture
