identity management with midpoint
play

Identity Management with midPoint Radovan Semank FOSDEM, January - PowerPoint PPT Presentation

Aug 13, 2023 •196 likes •521 views

Identity Management with midPoint Radovan Semank FOSDEM, January 2016 Radovan Semank Current: Software Architect at Evolveum Architect of Evolveum midPoint Contributor to ConnId and Apache Directory API Past: Sun LDAP and IDM

  1. Identity Management with midPoint Radovan Semančík FOSDEM, January 2016

  2. Radovan Semančík Current: Software Architect at Evolveum Architect of Evolveum midPoint Contributor to ConnId and Apache Directory API Past: Sun LDAP and IDM deployments (early 2000s) OpenIDM v1, OpenICF Many software architecture and security projects

  3. Identity and Access Management Requester System Approver Users Admin Application Application Identity Management Identity A Repository M Application HR Application CRM Application

  4. There is no security without identity management

  5. If you have no IDM, how can you be sure that ... ● illegal accounts are disabled/deleted? ● temporary accounts are deleted? ● users have only the least privileges? ● the privileges are not accumulated? ● no secondary authentication is possible? ● the data are up to date? (title, affiliation, …) ● notifications and tasks are suspended?

  6. The solution is trivial Let's put everything in LDAP!

  7. Expectation Users HR Application Application S S O LDAP Application Application Application

  8. Reality Relational database Unsupported Users HR Application Unsupported Application Incompatible identifiers S Local copy S O No standard LDAP (ugly script needed) ! Application Custom schema ! Application Incompatible Expensive schema Application Extremely Home expensive directory

  9. “Single directory” approach is not going to work … and this has been known since 2006 (at least)

  10. Identity and Access Management Requester System Approver Users Admin Application Application Identity Management Identity A Repository M Application HR Application CRM Application

  11. How IDM works? Application Application Identity Management A Identity M Repository Application HR Application

  12. Automatic user provisioning Policies RBAC Application Rules Application Identity Management A Identity M Repository Application HR Application

  13. Business As Usual Application Application Identity Management A Identity M Repository Application HR Application

  14. Password reset (self-service) Application Application Identity Management A Identity M Repository Application HR Application

  15. Employee Leaves Company Application Application Identity Management A Identity M Repository Application HR Application

  16. Automatic user deprovisioning Policies RBAC Application Rules Application Identity Management A Identity M Repository Application HR Application

  17. Business As Usual Application Application Identity Management A Identity M Repository Application HR Application

  18. Bidirectional Synchronization Application Application Identity Management A Identity M Repository Application HR Application

  19. Policy enforcement Policies RBAC Application Rules Application Identity Management A Identity M Repository Application HR Application

  20. What Identity Management does? Provisioning Identifier management ● ● Synchronization Data mapping ● ● Self-service Segregation of duties ● ● Password management Workflow ● ● Credentials distribution Notifications ● ● (SSH, X.509) Auditing ● RBAC Reporting ● ● Organizational structure Governance ● ● Entitlement management ... ● ●

  21. This IDM looks like the best thing since the sliced bread. What's the catch?

  22. This IDM looks like the best thing since the sliced bread. What's the catch? The commercial IDM products are expensive.

  23. This IDM looks like the best thing since the sliced bread. What's the catch? The commercial IDM products are expensive. Very, very expensive.

  24. Open Source to the Rescue There was no practical FOSS solution until 2010 (Sun Identity Manager was the king) 2010-2011: Syncope, OpenIDM, midPoint, ... (that was the time when Oracle acquired Sun) Now there are two leading open source * IDMs: ● Apache Syncope ● Evolveum midPoint *) by “open source” I mean both license and practice

  25. Evolveum midPoint?

  26. midPoint Users Application Identity Management Application Identity A Repository M Application HR Application CRM Application

  27. The midPoint Story ● Started 2010-2011 (5 years, 14 releases) ● Github, Apache 2.0 License ● ~500K lines of code (Java) ● State-of-the-art IDM features Schema Provisioning Management Extensibility Conditions Password reset Expressions Segregation of duties Policy RBAC Synchronization Organizational structure Consistency Workflow HA Connectors Entitlements Governance Web UI Audit Authorization Localization Notifications Scripting Self-service Data mapping REST Identifiers Delegated administration Parametric roles Bulk actions

  30. Questions and Answers Schema Provisioning Management Extensibility Conditions Password reset Expressions Segregation of duties Policy RBAC Synchronization Organizational structure Consistency Workflow HA Connectors Entitlements Governance Web UI Audit Authorization Localization Notifications Scripting Self-service Data mapping REST Identifiers Delegated administration Parametric roles Bulk actions

  31. Thank You Radovan Semančík www.evolveum.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients & partners Conclusion Identity management System Requester Users admin Approver Application Application Provisioning system Identity A

826 views • 45 slides
Agenda About midPoint Features About Evolveum Clients & partners Conclusion

Agenda About midPoint Features About Evolveum Clients & partners Conclusion

Agenda About midPoint Features About Evolveum Clients & partners Conclusion About midPoint Open identity & organization management and governance platform Clean extensible architecture: component- based system

430 views • 22 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity

Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity

Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity Management Engineering, Red Hat jpazdziora@redhat.com 15 th October 2014 Identity Users; user groups. Hosts; host groups; services. Identities

700 views • 18 slides
Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and

Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and

Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder Topics Internet identity update Technology updates ISOC, IETF Identity,

601 views • 23 slides
IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg

IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg

IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg <roland.hedberg@adm.umu.se> Tuesday, May 19, 2009 WHAT IS IDM ? Identity management is the management of the identity life cycle of entities. --- wikipedia

534 views • 26 slides
Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online

Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online

Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online identity management (OIM) - Online personal/business branding also known as personal reputation management -The created presence of a person on the

471 views • 8 slides
Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it EOSC-Hub AAI Tech Talk Europe, Earth, June 15th 2018 INDIGO Identity and Access Management service Flexible authentication support (SAML,

430 views • 24 slides
Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto, 2005-11-07 Ingrid Melve, FEIDE manager From campus identity management to a federated solution Case: FEIDE Campus Identity Management 2

655 views • 30 slides
Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET Identity & Access Management Community of Practice Panelists: Corey Scholefield Vera Merkusheva Isabel Wong Sabrina da Silva 2 Conference

622 views • 19 slides
Introduction to Identity Management Systems Alan Robiette, JISC (UK)

Introduction to Identity Management Systems Alan Robiette, JISC (UK)

Introduction to Identity Management Systems Alan Robiette, JISC (UK) <a.robiette@jisc.ac.uk> Supporting education and research Overview What is meant by identity management? What are identifiers (IDs) for? How are they

815 views • 22 slides
LIGO Identity Management: Some Status and Trends Scott Koranda for LIGO LIGO and University of

LIGO Identity Management: Some Status and Trends Scott Koranda for LIGO LIGO and University of

LIGO Identity Management: Some Status and Trends Scott Koranda for LIGO LIGO and University of Wisconsin-Milwaukee March 8, 2010 LIGO-XXXXXXXX 1 / 12 Why the LIGO Identity Management Project? Unburden users from requesting, retrieving,

425 views • 13 slides
Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip

Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip

Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip What is an Identity provider (IdP)? 2 Proprietary IdM and PKI IdM e.g. e.g. Belgian eID Facebook IdP IdP Verifies Issues Issues credential

517 views • 22 slides
Identity management in the European Grid Infrastructure Established solutions, new needs, open

Identity management in the European Grid Infrastructure Established solutions, new needs, open

EGI InSPIRE Identity management in the European Grid Infrastructure Established solutions, new needs, open questions Gergely Sipos Technical Outreach Manager EGI.eu, Amsterdam gergely.sipos@egi.eu Identity Management for research and

452 views • 28 slides
CONVERGENCE OF A GENERALIZED MIDPOINT ITERATION JARED ABLE, DANIEL BRADLEY, ALVIN MOON, AND

CONVERGENCE OF A GENERALIZED MIDPOINT ITERATION JARED ABLE, DANIEL BRADLEY, ALVIN MOON, AND

CONVERGENCE OF A GENERALIZED MIDPOINT ITERATION JARED ABLE, DANIEL BRADLEY, ALVIN MOON, AND XINGPING SUN Abstract. We give an analytic proof for the Hausdorff convergence of the midpoint or derived polygon iteration. We generalize this iteration

409 views • 10 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
the HEAnet NOC(s) Gareth Eason (HEAnet) TF-NOC meeting, Ljubljana, 15 th Feb 2011 the network

the HEAnet NOC(s) Gareth Eason (HEAnet) TF-NOC meeting, Ljubljana, 15 th Feb 2011 the network

TF-NOC flash presentation the HEAnet NOC(s) Gareth Eason (HEAnet) TF-NOC meeting, Ljubljana, 15 th Feb 2011 the network dark fibre (~2,600km) + managed circuits (ADSL, 10Mb-1Gb, wireless) national network, direct to customers (L1)

471 views • 7 slides
AI IN DEBT OPTIMISATION Th The Debt t Challen llenge ge A growing issue that businesses must

AI IN DEBT OPTIMISATION Th The Debt t Challen llenge ge A growing issue that businesses must

AI IN DEBT OPTIMISATION Th The Debt t Challen llenge ge A growing issue that businesses must address to: Accurately predict what debt will or wont be resolved Effectively plan for debt to mitigate risk in times of uncertainty Identify

234 views • 7 slides
Taking a Broader Look at Outcom es: How Social Determ inants of Health Can Positively Im pact

Taking a Broader Look at Outcom es: How Social Determ inants of Health Can Positively Im pact

Taking a Broader Look at Outcom es: How Social Determ inants of Health Can Positively Im pact Ongoing Independence Self Direction Conference May 8, 2017 A Snapshot of Anthem s Affiliated Plans Efforts Significant state movement to

232 views • 6 slides
Segmentation Analysis: The Segmentation Analysis: The Principal Stages Principal Stages

Segmentation Analysis: The Segmentation Analysis: The Principal Stages Principal Stages

Segmentation Analysis: The Segmentation Analysis: The Principal Stages Principal Stages Identify segmentation variables Identify key variables Reduce to 2 or 3 variables Identify discrete categories for and categories. each variable

489 views • 9 slides
F2 Information Systems Presented By: Danielle McConville Pu Purpose of of the the session

F2 Information Systems Presented By: Danielle McConville Pu Purpose of of the the session

CPA Ireland Skillnet CPA Ireland Skillnet, is a training network that is funded by Skillnets, a state funded, enterprise led support body dedicated to the promotion and facilitation of training and up-skilling as key elements in sustaining

686 views • 25 slides
Table Infrastructures 27th October 2015 Katrin Hlldobler, Pedram Mir Seyed Nazari, and Bernhard

Table Infrastructures 27th October 2015 Katrin Hlldobler, Pedram Mir Seyed Nazari, and Bernhard

Adaptable Symbol Table Management by Meta Modeling and Generation of Symbol Table Infrastructures 27th October 2015 Katrin Hlldobler, Pedram Mir Seyed Nazari, and Bernhard Rumpe Software Engineering RWTH Aachen University

178 views • 13 slides
CS 215: Data Interpretation and Analysis Fall 2017 Instructors: Ajit Rajwade & Suyash

CS 215: Data Interpretation and Analysis Fall 2017 Instructors: Ajit Rajwade & Suyash

CS 215: Data Interpretation and Analysis Fall 2017 Instructors: Ajit Rajwade & Suyash Awate Where all do you analyze and interpret data? (1) In Medicine: Examples Pathology reports, Epidemiology studies

473 views • 43 slides
Strategy, trends and the marketing man Proton Global MDP December 26, 2008 Where were

Strategy, trends and the marketing man Proton Global MDP December 26, 2008 Where were

Strategy, trends and the marketing man Proton Global MDP December 26, 2008 Where were heading today Placing global trends into context What are those trends? Consumer democratization India in the global context Red Chinas folly

384 views • 25 slides

More recommend