Identity Management Best Practices
Mobile Computing - refers to not only handheld devices, heterogeneous platforms that are available at present, which include notebooks, tablets, smartphones, and other mobile device management platforms
Social Computing - not only applies to internal users, but also includes integrating with partners, customers, prospects, and leads
Cloud Computing - has several deployment patterns that involve public cloud, private cloud, and hybrid model.
The computing troika and security
A key concern with regard to the above trends is security; therefore, the following factors would need to be considered when designing an effective security solution:
Extended enterprise: The security solution should be able to handle the widening systems perimeters, which would in turn translate to a continual growth in the number of partners, customers, etc. it would be connecting with.
Globalization: Given that a system or company’s reach is now expansive, covering regions and continents, the solution should ideally be able to capture this as well.
Agile business processes: Business processes are volatile and prone to constant changes; therefore, an efficient security system should be able to promptly configure or tweak the security solution to align with the changes.
Dynamic organizational policies: The security policies should be easily configurable and dynamic.
Economies of scale: This is the cost advantage that an enterprise obtains due to its increase in size and cannot be achieved if there is recreation or duplication; therefore, as more applications are deployed, duplication must be eliminated to achieve economies of scale.
Innovation: Security solutions must be forward-looking and should pre-empt future implementations.
Identity explosion: The rate at which the number of users that are being dealt with by a system is increasing constantly; therefore an efficient security solution should be able to cope with this increase.
In the traditional approach to security, information silos were used in what could be described as an introversive approach. Hence, there was a lot of duplication and it was difficult to reach economies of scale.
Sometime later, there was a need for ‘federation’ and soon people were connecting directly between services and partners, resulting in management nightmares. In this method, direct links such as SSL connections, VPNs and Basic Authentication were used. This technique was also not scalable even though it was a step-up from the previous silo solution.
The new and improved approach to federation has been explained in Figure 1. As illustrated, there is now a centralized Identity as a Service Provider. It is still an overall n to n relationship. There is a 1 to n relationship from federation partner to consumer services (where multiple consumer services rely on a single centralized federated Identity Provider for security) and a 1 to n relationship from consumer service to federation partners (where a single consumer service can rely on multiple Identity providers for security). This model ensures greater efficiency.
You might also like
BENIGN INDIFFERENCE TO SPAMby FWLittle
Anonymous posters all to often have bad habits of rudeness, misinformation and deliberate fraud. Take the posting of SPAM. It's certainly not the purpose of most forums. Yet, spam is posted and remains posted; in fact it gets pasted and posted again, day after day.
Gilding the Lilly - I: Then that posted SPAM gets endorsed. Instead of getting flagged, it gets endorsed!
Gilding the Lilly - II: That posted SPAM, unremoved, unflagged, multiple times reposted, receives replies. Instead of initially being removed, instead of initially being flagged, instead of being removed 3X, it gets endorsed, then replied to; instead of being identified, it's not removed, flagged or punished
WSO2 CTO to Present Keynote on Open Standards for Identity Management at .. — Virtual-Strategy Magazine
In his keynote presentation, “Open Standards for Identity: Understanding the Landscape,” Paul will look at identity management best practices and how open standards are evolving to handle the complexities of identity management and assurance.