A linked electronic identity and attributes used across distinct access systems

Federated Identity

Proximity and Trust Continuum

Authentication – Username / Password

Authorization – open or simple permissions

Access – direct, local resources

Stand-alone / Single Resource

Authentication – shared/replicated credentials

Authorization – file permissions, Owner ID, GroupID

Access – system accessible resources, SAN

Common/Shared/Clustered Servers

Authentication – LDAP/AD, OTP, RADIUS/TACACS, SSO/RSO, PKI

Authorization – LDAP, GPO, NFS, Kerberos, IAM

Access – NFS, Kerberos, SMB, NAS

Distributed Data / Distributed Systems

Authentication – by service provider, LDAP/AD export, Public Key Infrastructure (PKI)

Authorization – brokered Digital Asset Management, Higgins trust framework, Bandit, Security Assertion Markup Language (SAML), OpenID, PKI

Access – via API, HADOOP, SPARK, S3, SOAP, REST, FASP, OpenStack

Internet / Hosted / Cloud / Object

A Drivers License is a physical example of a Federated ID

Issued by regional / delegated authority – state government

Recognized by other agencies - governments, businesses

Contains embedded security features – hologram, magnetic strip, UV seal, smartchip, barcodes

Contains unique attributes – photo, fingerprint, signature, license number, street address

Establishes context and limitations – operating class, expiration date, physical restrictions

A Drivers License is a Federated ID

Issued by regional / delegated authority – Certificate Authority (CA)

Recognized by other agencies – validated by other CAs, and filed to use during collaboration

Embedded security features – digital fingerprint , encryption key, and RSA hash

Contains unique attributes – email address, private key hash, digital signature, project ID, business affiliations, organizational roles, any relevant attribute

Establishes context and limitations – issuing authority, expiration times, revocation authority

Electronic Certificate as Federated ID

Identities and attributes are embedded in certificates.

Relationships and authorizations can be made using certificates.

Certificates are created and validated through Certificate Authority and exchanged between appropriate parties.

Storage vendor uses certificates for authentication, authorization, and access to objects.

FID and the production resources

Any data file, object storage or not, can contain value, so use of encryption is highly desirable.

The further away from direct control, the more important encryption becomes.

Encryption keys are much more easily exchanged using certificates, especially if based on public/private key pairs, like PGP.

A word about encryption

Project X example using FID