The Federated Identity Management Consolidator

The Federated Identity Management Consolidator Wim Coulier – 13/06/2007 1 Fact sheet: sa Certipost nv Shareholders De Post / La Poste - Belgacom HQ Erembodegem (Aalst), Belgium Sales offices in Amsterdam and Paris Headcount 85 Partners include Clear2Pay, SAP, Asterion, Microsoft, Zetes. Our mission We facilitate & certify e-Communications Platform business CertiONE platform Identity & Service provider Project business Belgian e-identity card (e-ID) Competence Recognized Trusted Third Party by the Belgian Government Certification ISO9001:2000 2 2 The CertiFY offering Security project implementation Project methodology Solutions & Services e-Registered Mail e-Federated Identity Management Competence Program & Project Management ICT Security Development Team Service Management Consultancy Federated IM & SSO Trusted Third Party (CSP, TSA) e-ID competence center Technology SSO framework Federated IM platform Trust² PKI eID Development Kit Time stamping e-Timestamping e-Signing e-ID e-Certificates 3 3 Identity & Access Management history: appl. per appl. up to well into the nineties = IAM system 4 4 Identity & Access Management history: company SSO from second half nineties 5 5 General vision IAM software vendors today: Federated Identity Management (FIM) Networks 6 6 Identity & Access Management future: Certipost vision: FIM Consolidator model 7 7 Certipost experience High expertise in Identity Management Trusted Third Party! (even CSP for eID!) Security technologies Procedures & processes Consultancy High expertise in B2C user management and consolidator Registration eID integration Specialized helpdesk High expertise in B2B consolidator role High interoperability (support for multiple networks, data formats, data types, etc.; data mappings) Roll-out in international contexts Specialized helpdesk 8 8 Actors in the consolidator model Target Application Owners (Service Providers) • Need for security: o Role based access control o Correct level of ID information (registration, credentials, attributes) o Guarantee on ID information o Prompt information updates • Need for easy integration • Need for low maintenance and operations cost (helpdesk!) 9 9 Actors in the consolidator model Users (identity principals) • 1 federated identity => 1 account • Same account for all target apps • Multiple credentials of different levels • Multiple roles (e.g. private vs. professional) • Privacy => minimal sharing of ID information 10 10 Actors in the consolidator model Data sources owners • Authentic sources • By preference authoritative sources • Data replication or accessed just in time • In control of their data (e.g. chinese wall) 11 11 Actors in the consolidator model Federated Identity Management Consolidator • Professional Identity Services Provider • Trusted Third Party (procedures, auditing, etc.) • Helpdesk helpdesk Specialized • SLA • Several modes of Identity servicing possible: o Authentication o Authorization o Attributes o Combinations 12 12 Added value consolidator model Reduction of N x (N-1)/2 relations to N x 1 Privacy (user in control of his own identity information, anonymization) Profile based on consolidated information from different Data Source Owners Support for multiple technologies Attribute mapping services (N x 1 !) Easier agreements with authoritative sources (scale) Better technology at lower cost through leveraging scale High SLA Specialized helpdesk Centralized registration (opt-in + validation workflows) Maximal Single Sign On 13 13 Thanks for your attention QUESTIONS? More information: http://www.certipost.be wim.coulier@staff.certipost.be Tel: +32 53 60 11 15 On user friendly Qualified Electronic Signatures: http://www.e-signing.be 17 17