identity management with midpoint
play

Identity Management with midPoint Radovan Semank FOSDEM, January - PowerPoint PPT Presentation

Aug 13, 2023 •196 likes •521 views

Identity Management with midPoint Radovan Semank FOSDEM, January 2016 Radovan Semank Current: Software Architect at Evolveum Architect of Evolveum midPoint Contributor to ConnId and Apache Directory API Past: Sun LDAP and IDM

  1. Identity Management with midPoint Radovan Semančík FOSDEM, January 2016

  2. Radovan Semančík Current: Software Architect at Evolveum Architect of Evolveum midPoint Contributor to ConnId and Apache Directory API Past: Sun LDAP and IDM deployments (early 2000s) OpenIDM v1, OpenICF Many software architecture and security projects

  3. Identity and Access Management Requester System Approver Users Admin Application Application Identity Management Identity A Repository M Application HR Application CRM Application

  4. There is no security without identity management

  5. If you have no IDM, how can you be sure that ... ● illegal accounts are disabled/deleted? ● temporary accounts are deleted? ● users have only the least privileges? ● the privileges are not accumulated? ● no secondary authentication is possible? ● the data are up to date? (title, affiliation, …) ● notifications and tasks are suspended?

  6. The solution is trivial Let's put everything in LDAP!

  7. Expectation Users HR Application Application S S O LDAP Application Application Application

  8. Reality Relational database Unsupported Users HR Application Unsupported Application Incompatible identifiers S Local copy S O No standard LDAP (ugly script needed) ! Application Custom schema ! Application Incompatible Expensive schema Application Extremely Home expensive directory

  9. “Single directory” approach is not going to work … and this has been known since 2006 (at least)

  10. Identity and Access Management Requester System Approver Users Admin Application Application Identity Management Identity A Repository M Application HR Application CRM Application

  11. How IDM works? Application Application Identity Management A Identity M Repository Application HR Application

  12. Automatic user provisioning Policies RBAC Application Rules Application Identity Management A Identity M Repository Application HR Application

  13. Business As Usual Application Application Identity Management A Identity M Repository Application HR Application

  14. Password reset (self-service) Application Application Identity Management A Identity M Repository Application HR Application

  15. Employee Leaves Company Application Application Identity Management A Identity M Repository Application HR Application

  16. Automatic user deprovisioning Policies RBAC Application Rules Application Identity Management A Identity M Repository Application HR Application

  17. Business As Usual Application Application Identity Management A Identity M Repository Application HR Application

  18. Bidirectional Synchronization Application Application Identity Management A Identity M Repository Application HR Application

  19. Policy enforcement Policies RBAC Application Rules Application Identity Management A Identity M Repository Application HR Application

  20. What Identity Management does? Provisioning Identifier management ● ● Synchronization Data mapping ● ● Self-service Segregation of duties ● ● Password management Workflow ● ● Credentials distribution Notifications ● ● (SSH, X.509) Auditing ● RBAC Reporting ● ● Organizational structure Governance ● ● Entitlement management ... ● ●

  21. This IDM looks like the best thing since the sliced bread. What's the catch?

  22. This IDM looks like the best thing since the sliced bread. What's the catch? The commercial IDM products are expensive.

  23. This IDM looks like the best thing since the sliced bread. What's the catch? The commercial IDM products are expensive. Very, very expensive.

  24. Open Source to the Rescue There was no practical FOSS solution until 2010 (Sun Identity Manager was the king) 2010-2011: Syncope, OpenIDM, midPoint, ... (that was the time when Oracle acquired Sun) Now there are two leading open source * IDMs: ● Apache Syncope ● Evolveum midPoint *) by “open source” I mean both license and practice

  25. Evolveum midPoint?

  26. midPoint Users Application Identity Management Application Identity A Repository M Application HR Application CRM Application

  27. The midPoint Story ● Started 2010-2011 (5 years, 14 releases) ● Github, Apache 2.0 License ● ~500K lines of code (Java) ● State-of-the-art IDM features Schema Provisioning Management Extensibility Conditions Password reset Expressions Segregation of duties Policy RBAC Synchronization Organizational structure Consistency Workflow HA Connectors Entitlements Governance Web UI Audit Authorization Localization Notifications Scripting Self-service Data mapping REST Identifiers Delegated administration Parametric roles Bulk actions

  30. Questions and Answers Schema Provisioning Management Extensibility Conditions Password reset Expressions Segregation of duties Policy RBAC Synchronization Organizational structure Consistency Workflow HA Connectors Entitlements Governance Web UI Audit Authorization Localization Notifications Scripting Self-service Data mapping REST Identifiers Delegated administration Parametric roles Bulk actions

  31. Thank You Radovan Semančík www.evolveum.com

Recommend

Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients & partners Conclusion Identity management System Requester Users admin Approver Application Application Provisioning system Identity A

826 views • 45 slides
Agenda About midPoint Features About Evolveum Clients & partners Conclusion

Agenda About midPoint Features About Evolveum Clients & partners Conclusion

Agenda About midPoint Features About Evolveum Clients & partners Conclusion About midPoint Open identity & organization management and governance platform Clean extensible architecture: component- based system

430 views • 22 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity

Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity

Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity Management Engineering, Red Hat jpazdziora@redhat.com 15 th October 2014 Identity Users; user groups. Hosts; host groups; services. Identities

700 views • 18 slides
Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and

Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and

Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder Topics Internet identity update Technology updates ISOC, IETF Identity,

601 views • 23 slides
IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg

IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg

IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg <roland.hedberg@adm.umu.se> Tuesday, May 19, 2009 WHAT IS IDM ? Identity management is the management of the identity life cycle of entities. --- wikipedia

534 views • 26 slides
Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online

Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online

Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online identity management (OIM) - Online personal/business branding also known as personal reputation management -The created presence of a person on the

471 views • 8 slides
Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it EOSC-Hub AAI Tech Talk Europe, Earth, June 15th 2018 INDIGO Identity and Access Management service Flexible authentication support (SAML,

430 views • 24 slides
Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto, 2005-11-07 Ingrid Melve, FEIDE manager From campus identity management to a federated solution Case: FEIDE Campus Identity Management 2

655 views • 30 slides
Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET Identity & Access Management Community of Practice Panelists: Corey Scholefield Vera Merkusheva Isabel Wong Sabrina da Silva 2 Conference

622 views • 19 slides
Introduction to Identity Management Systems Alan Robiette, JISC (UK)

Introduction to Identity Management Systems Alan Robiette, JISC (UK)

Introduction to Identity Management Systems Alan Robiette, JISC (UK) <a.robiette@jisc.ac.uk> Supporting education and research Overview What is meant by identity management? What are identifiers (IDs) for? How are they

815 views • 22 slides
LIGO Identity Management: Some Status and Trends Scott Koranda for LIGO LIGO and University of

LIGO Identity Management: Some Status and Trends Scott Koranda for LIGO LIGO and University of

LIGO Identity Management: Some Status and Trends Scott Koranda for LIGO LIGO and University of Wisconsin-Milwaukee March 8, 2010 LIGO-XXXXXXXX 1 / 12 Why the LIGO Identity Management Project? Unburden users from requesting, retrieving,

425 views • 13 slides
Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip

Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip

Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip What is an Identity provider (IdP)? 2 Proprietary IdM and PKI IdM e.g. e.g. Belgian eID Facebook IdP IdP Verifies Issues Issues credential

517 views • 22 slides
Identity management in the European Grid Infrastructure Established solutions, new needs, open

Identity management in the European Grid Infrastructure Established solutions, new needs, open

EGI InSPIRE Identity management in the European Grid Infrastructure Established solutions, new needs, open questions Gergely Sipos Technical Outreach Manager EGI.eu, Amsterdam gergely.sipos@egi.eu Identity Management for research and

452 views • 28 slides
CONVERGENCE OF A GENERALIZED MIDPOINT ITERATION JARED ABLE, DANIEL BRADLEY, ALVIN MOON, AND

CONVERGENCE OF A GENERALIZED MIDPOINT ITERATION JARED ABLE, DANIEL BRADLEY, ALVIN MOON, AND

CONVERGENCE OF A GENERALIZED MIDPOINT ITERATION JARED ABLE, DANIEL BRADLEY, ALVIN MOON, AND XINGPING SUN Abstract. We give an analytic proof for the Hausdorff convergence of the midpoint or derived polygon iteration. We generalize this iteration

409 views • 10 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
Identity Management Identity Management Alberto Pace Alberto Pace CERN, Information Technology

Identity Management Identity Management Alberto Pace Alberto Pace CERN, Information Technology

Identity Management Identity Management Alberto Pace Alberto Pace CERN, Information Technology Department alberto.pace@cern.ch Computer Security Computer Security The present of computer security Bugs Vulnerabilities Known exploits

506 views • 23 slides
Secure Identity Changes in a Changing World S Id tit Ch i Ch i W ld WG 5 Identity

Secure Identity Changes in a Changing World S Id tit Ch i Ch i W ld WG 5 Identity

ISO/IEC JTC 1/SC 27/WG 5 Identity Management & Privacy Technologies Secure Identity Changes in a Changing World S Id tit Ch i Ch i W ld WG 5 Identity Management & Privacy Technologies Id tit M t & P i T h l i within

831 views • 20 slides
Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research

Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research

Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research Sun Microsystems Agenda Business Drivers for Identity Management Suns Identity Management Solution Sun Java System Access Manager

1.12k views • 87 slides
IDENTITY What is the Relationship Between Identity and the College Experience? What Role

IDENTITY What is the Relationship Between Identity and the College Experience? What Role

2/15/2019 Jordan Truex Agenda or Summary Layout The Road to SelfAuthorship NonTraditional Students Effective Interview Strategies Meeting the Student Where They Are IDENTITY What is the Relationship Between Identity and the

367 views • 10 slides
FreeIPA www.freeipa.org Identity Management in the FOSS World Simo Sorce Principal Software

FreeIPA www.freeipa.org Identity Management in the FOSS World Simo Sorce Principal Software

FreeIPA www.freeipa.org Identity Management in the FOSS World Simo Sorce Principal Software Engineer Red Hat, Inc. What is FreeIPA ? Acronym: Free Identity, Policy, Audit Purpose: Make it simpler to manage a complex problem

730 views • 28 slides
How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red

How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red

How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red Hat, Inc. What is an Identity Management System and why should I care ? In a nutshell: an IdM system is a set of services and rules to manage

586 views • 22 slides
Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief Solutions Architect AWS Public Sector team Khawaja Shams Cloud Architect Jet Propulsion Labs / NASA QCon New York 2012 Agenda Identity &

594 views • 21 slides
Enhancements to FreeIPA Replication Topology Management Jan Pazdziora Sr. Principal Software

Enhancements to FreeIPA Replication Topology Management Jan Pazdziora Sr. Principal Software

Enhancements to FreeIPA Replication Topology Management Jan Pazdziora Sr. Principal Software Engineer Identity Management Special Projects, Red Hat 6 th October 2015 FreeIPA Integration of multiple identity-management tools. directory

352 views • 17 slides

More recommend