ICT Strategy Identity Management and Enterprise Single Sign-On (ESSO)

  • View
    214

  • Download
    2

Embed Size (px)

Transcript

  • ICT Strategy Identity Management and Enterprise Single Sign-On (ESSO)

  • IntroductionFollows on from other related themes:Unified Operator Interface (UOI)Network ConvergenceNetwork Security and DomainsCircles of TrustFederated IdentitiesSecurity as a ServiceLocation transparencyVirtualisation

  • Identity ManagementBusiness ValueIdentity management projects are much more than technology implementations they drive real business value by reducing direct costs, improving operational efficiency and enabling regulatory compliance.

  • Explosion of IDsPre 1980s1980s1990s2000s# ofDigital IDsTime

  • The Disconnected RealityIdentity Chaos Lots of users and systems required to do businessMultiple repositories of identity information; Multiple user IDs, multiple passwordsDecentralised management, ad hoc data sharingEnterprise DirectoryHRSystemInfrastructureApplicationWeb AppsIn-HouseApplicationCOTSApplicationNOSIn-HouseApplication

  • Our AGENCY and EMPLOYEESCustomer satisfaction & customer intimacyCost competitivenessReach, personalisationCollaborationOutsourcingFaster business cycles; process automationValue chain

    Mobile workforceFlexible/temp workforceMultiple Contexts

  • Business OwnerEnd UserIT AdminDeveloperSecurity/ ComplianceToo expensive to reach new partners, channelsNeed for control

    Too many passwordsLong waits for access to apps, resourcesToo many user stores and account admin requestsUnsafe sync scripts

    Pain PointsRedundant code in each appRework code too often

    Too many orphaned accountsLimited auditing ability

  • To-Be AuthenticationShould only have to login onceIdentity is federated across domainsAccess permissions determined by Role(s), Groups and PoliciesAutomated provisioning linked to ERP SystemsEmployees joining/leaving (HR)Contractors (Procurement)

  • Federated IdentitiesCross domain trust using:Security Access Markup Language (SAML)Liberty Alliance (ID-FF)/WS-Federation protocolsDigital Certificates

  • IAM Architecture

    **********