Date post: | 15-Apr-2017 |
Category: |
Technology |
Upload: | etcenter |
View: | 214 times |
Download: | 1 times |
A linked electronic identity and attributes used across distinct access systems
Federated Identity
Proximity and Trust Continuum
Authentication – Username / Password
Authorization – open or simple permissions
Access – direct, local resources
Stand-alone / Single Resource
Authentication – shared/replicated credentials
Authorization – file permissions, Owner ID, GroupID
Access – system accessible resources, SAN
Common/Shared/Clustered Servers
Authentication – LDAP/AD, OTP, RADIUS/TACACS, SSO/RSO, PKI
Authorization – LDAP, GPO, NFS, Kerberos, IAM
Access – NFS, Kerberos, SMB, NAS
Distributed Data / Distributed Systems
Authentication – by service provider, LDAP/AD export, Public Key Infrastructure (PKI)
Authorization – brokered Digital Asset Management, Higgins trust framework, Bandit, Security Assertion Markup Language (SAML), OpenID, PKI
Access – via API, HADOOP, SPARK, S3, SOAP, REST, FASP, OpenStack
Internet / Hosted / Cloud / Object
A Drivers License is a physical example of a Federated ID
Issued by regional / delegated authority – state government
Recognized by other agencies - governments, businesses
Contains embedded security features – hologram, magnetic strip, UV seal, smartchip, barcodes
Contains unique attributes – photo, fingerprint, signature, license number, street address
Establishes context and limitations – operating class, expiration date, physical restrictions
A Drivers License is a Federated ID
Issued by regional / delegated authority – Certificate Authority (CA)
Recognized by other agencies – validated by other CAs, and filed to use during collaboration
Embedded security features – digital fingerprint , encryption key, and RSA hash
Contains unique attributes – email address, private key hash, digital signature, project ID, business affiliations, organizational roles, any relevant attribute
Establishes context and limitations – issuing authority, expiration times, revocation authority
Electronic Certificate as Federated ID
Identities and attributes are embedded in certificates.
Relationships and authorizations can be made using certificates.
Certificates are created and validated through Certificate Authority and exchanged between appropriate parties.
Storage vendor uses certificates for authentication, authorization, and access to objects.
FID and the production resources
Any data file, object storage or not, can contain value, so use of encryption is highly desirable.
The further away from direct control, the more important encryption becomes.
Encryption keys are much more easily exchanged using certificates, especially if based on public/private key pairs, like PGP.
A word about encryption
Project X example using FID