1 / 10

Identity Management

Identity Management. Joe Braceland Mount Airey Group, Inc. MAG Security Products & Services. Actively supporting U.S. Federal Government since 2002. Designed and managed the Signature Delivery Service for U.S. Passports.

Download Presentation

Identity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Identity Management Joe Braceland Mount Airey Group, Inc.

  2. MAG Security Products & Services • Actively supporting U.S. Federal Government since 2002. • Designed and managed the Signature Delivery Service for U.S. Passports. • Recognized leaders in the area of Identity Management, Public Key Infrastructure, Biometrics, HSPD-12, Public Key Enablement, and secure authorization and privilege management. • Closely work with standards bodies in the development of new standards related to identity and authorization management. • Experienced with the full life cycle of applications within various federal agencies including supporting IT-CCB processes. • Provide thought leadership on IT security and HSPD-12 in support of federal agency missions both domestic and abroad. • Offer security products to quickly enable secure authentication and authorization. 2

  3. Overview • Identity Management • Terminology • Origins • Secure Authentication • Secure Authorization • What’s a role proof? • Secure Identity Management Systems • Examples • Physical/Logical access • Border security • Electronic documents

  4. Identity Management - Terminology • Identity Management (IdM) • Identity & Access Management (IAM) • Federated Identity Management (FIdM) • Identity, Credential, & Access Management (ICAM) • Federal ICAM (FICAM) • Privacy • Personal Identity Information (PII) • Health Insurance Portability & Accountability Act (HIPAA)

  5. Identity Management - Origins • Information Technology (IT) security • Cyber security • Technologies • Biometrics • Public Key Infrastructure (PKI) • Smart chips and cards • Personal Identity Verification (PIV), Common Access Card (CAC), Transportation Worker Identification Credential (TWIC), state driver licenses, electronic passports • Cloud, Mobility, Big Data, Social Networking • Regulations • Federal Information Processing Standard (FIPS) 140-2 • Homeland Security Presidential Directive 12 (HSPD-12)

  6. Secure Authentication • Who are you? Prove it. Authentication is verifying you are who you say you are. • Multi-factor authentication • What you know (e.g., password, passphrase, PIN) • What you have (e.g., badge, origination documents) • What you are (e.g., biometrics, behavior) • Cryptography • PKI (Digital Signatures, encryption, policies) • Hardware tokens and chips • Identity Validation • Global, national, local, and private database systems • Identity Verification

  7. Secure Authorization • What are you allowed to do? Let’s check. Authorization is determining what you are allowed to do. • Access control lists • Flat files and Database lookups • Directories (e.g., Active Directory, X500) • Access types • Risk Adaptive Access Control (RAdAC) • Role Based Access Control (RBAC) • Attribute Based Access Control (ABAC) • Extensible access control markup language (XACML 3.0) • Policy Based Access Control (PBAC) • Atomic Authorization • Published rights that are secured (cryptographically) independently of the applications that rely on them.

  8. Proofs are generated for each role repeatedly with each having only a short life. Proofs reference other proofs for delegation. This can be done across multiple authorities. Each contains a list of certificates, referenced by their hash to show authorization. Each proof represents an application or organizational role and has a unique ID. Signature Algorithm Not Before Time Signature Value Proof Name Extensions Proof Unique ID Not After Time Next Available Version User Digest Lists 1 References 2 4 3 Each is digitally signed to give it cryptographic authenticity. 5 What’s a role Proof?

  9. Secure identity management systems

  10. Examples • U.S. State Department access to federal systems • PIV card issuance and verification • Physical Access Control System (PACS) • Logical Access Control System using BLADE • Border security with DHS US-VISIT • IDENT program • Exit program • Electronic passports (ePassport) and documents • Creation using digital signatures • Validation at ports of entry • International Civil Aviation Organization (ICAO)

More Related