Transcript Slide 1

ICT Strategy
Identity Management and
Enterprise Single Sign-On (ESSO)
Introduction
• Follows on from other related themes:
•
•
•
•
•
•
•
•
Unified Operator Interface (UOI)
Network Convergence
Network Security and Domains
Circles of Trust
Federated Identities
Security as a Service
Location transparency
Virtualisation
Identity Management
Business Value
“Identity management projects are much more
than technology implementations — they drive
real business value by reducing direct costs,
improving operational efficiency and enabling
regulatory compliance.”
Explosion of ID’s
Business Partners
Automation (B2B)
# of
Digital IDs
Intra-Agency
(B2E)
Customers
(B2C)
Mobility
Internet
Client Server
Mainframe
Time
Pre 1980’s
1980’s
1990’s
2000’s
The Disconnected Reality
Enterprise Directory
•Authentication
•Authorisation
•Identity Data
HR
System
•Authentication
•Authorisation
•Identity Data
NOS
•Authentication
•Authorisation
•Identity Data
Web Apps
•Authentication
•Authorisation
•Identity Data
Infrastructure
Application
•Authentication
•Authorisation
•Identity Data
COTS
Application
•Authentication
•Authorisation
•Identity Data
In-House
Application
•Authentication
•Authorisation
•Identity Data
In-House
Application
• “Identity Chaos”
• Lots of users and systems required to do business
• Multiple repositories of identity information; Multiple user IDs, multiple passwords
• Decentralised management, ad hoc data sharing
Multiple Contexts
Customer satisfaction & customer intimacy
Cost competitiveness
Reach, personalisation
Our SUPPLIERS
Our CUSTOMERS
Collaboration
Outsourcing
Faster business cycles;
process automation
Value chain
Our AGENCY and EMPLOYEES
Mobile workforce
Flexible/temp workforce
Our REMOTE and
VIRTUAL EMPLOYEES
Our PARTNERS
Pain Points
IT Admin
Too many
user stores
and account
admin
requests
Unsafe sync
scripts
Developer
Redundant
code in each
app
Rework
code too
often
End User
Too many
passwords
Long waits
for access to
apps,
resources
Security/
Compliance
Too many
orphaned
accounts
Limited
auditing
ability
Business
Owner
Too
expensive to
reach new
partners,
channels
Need for
control
To-Be Authentication
• Should only have to
•
•
•
login once
Identity is federated
across domains
Access permissions
determined by Role(s),
Groups and Policies
Automated provisioning
linked to ERP Systems
• Employees
•
joining/leaving (HR)
Contractors
(Procurement)
Federated Identities
• Cross domain trust using:
• Security Access Markup Language (SAML)
• Liberty Alliance (ID-FF)/WS-Federation protocols
• Digital Certificates
IAM Architecture