Title of presentation: 32 pt Arial bold
Download
Report
Transcript Title of presentation: 32 pt Arial bold
A Role-Based Approach to
Federated Identity
Ravi Sandhu*
Chief Scientist
NSD Security
www.nsdsecurity.com
*Also
Professor of Information Security and Assurance
George Mason University
Federated Identity
• Cross organization
• Maintain authentication and authorization
profile and provide single-sign-on across
multiple applications
• Focuses on “letting the good guys in”
Role-Based Management
Consumer
s
Roles
Authorization profiles
are managed in
terms of roles
Administration is
delegated in terms of
identity management
roles
Identity
Managemen
t Roles
Securing Identity Profiles
• Authentication and authorization profiles
are the organization’s most sensitive
data
• Managing these securely is an
organization’s most important security
objective
What is Security
• Catastrophic failure is far worse than
occasional failure
• Good enough security
—Is all we can achieve
—Tolerates occasional failure
—Does not tolerate catastrophic failure
Security is
Only One
Objective
Ease of Use
Security
Total Cost of
Ownership
Integrated, identity
management
infrastructure
Security Appliances
• Dedicated (but COTS) hardware
• Hardened OS
• Managed by restricted protocols (no root access)
• Highly available, scalable and secure
Secure
Identity
Appliance
TM
Authentication Ladder
Two-factor (with
optional PKI)
Secure
Identity
Appliance
TM
Roaming PKI
Weak Password
Systems,
Catastrophic
Dictionary attacks
Password plus
USB token or
variant
Password Usability
Zero Footprint
Hardened
Password
PKI Security
No change for users
No change for issuer
No password file (PKI hardened)
2-Key RSA vs.
3-Key
RSA
Difference #1: Alice has
Old PKI
short convenient password
Practical PKI
Keys:
Keys:
a) Alice Public = e
a) Alice Public = e
b)
Alice Private = d
b) Alice password = d1
c)
Alice Cert = C
c) Alice Cert = C
d) Alice appliance key = d2
Signing:
a) S = Sign (M,d)
Signing:
a) Alice logs on to appliance
using strong authentication
and creates secure channel
Difference #2: Alice has to
b) Spartial = Sign(M,d2)
interact with appliance to
Send [S, C] to Bob
sign.
c) S = Sign(Spartial,d1)
Send [S, C] to Bob
Bob:
Gets e from C
Does Verify(S,e) = M?
Bob:
Gets e from C
Does Verify(S,e) = M?
Single Sign On
• Cookie-based
—Zero footprint on client
—Lightweight footprint on servers
• Certificate-based
—Lightweight footprint on client
—Zero or lightweight footprint on servers
SSO and Authentication
• Authentication
—Single factor
—Two factor factor
• Single sign on
—Cookie based
—Certificate based
Security Identity Appliance Roles
• Appliance management roles
• Consumer management roles
• Consumer roles
Appliance Management Roles
• Supermanager
— Not your usual root user
• Security manager
• System manager
Supermanager
Can-create but
Cannot do
Security manager
System manager
Consumer Management Roles
• Consumer management roles manage
consumer roles
• Built in roles
— Super-csr
— Create-csr
— Modify-csr
— Read-only-csr
Consumer Management Roles
Can-create but
Cannot do
Create-csr
Consumer
Super-csr
Modify-csr
Read-only-csr
Consumer Management Roles
Createcsr1
Modifycsr1
Read-onlycsr1
Modifycsr2
Read-onlycsr2
Consumer1
userid
user personal profile
org1 roles
org2 roles
…..
Identity Management Processes
• Provisioning
— Enrollment
— Registration
— Revocation
• Rights Management
— Role and attribute assignment by Identity Management roles
— Role revocation by Identity Management roles
• Consumer self-administration
— Password change
— Password reset
— Profile update (such as address, phone number, etc.)
— Revocation
OneHealthPort
Trading
Partner1
Relying
Party1
Trading
Partner2
Relying
Party2
Trading
Partner-k
OneHealthPort
Relying
Party-n
The technology behind OneHealthPort
Secure
Identity
Appliance
TM