Access to online information and services is critical for
productivity in the workplace and at home; however, the complexity
of managing an increasing number of digital identities presents
unique challenges. These issues often frustrate potential users,
and do not sufficiently mitigate the risk of digital identity theft
and misuse. To explore methods of addressing these issues, this IVA
lab covers solutions to the issues of:
- Enabling collaboration with partners, suppliers, and customers
while maintaining security, operational efficiency, and regulatory
compliance,
- Easily accessing online resources, without sacrificing security
or privacy,
- Managing identities across a diverse array of directories and
systems.
Lab Scenarios
Identity Federation with CA SiteMinder, IBM Tivoli
Manager, Microsoft Active Directory Federation Services and Oracle
Identity Federation
In this lab the IVA explored how users can to work efficiently
across boundaries, without the need to repeatedly engage IT staff,
using identity federation
Identity federation enables companies to provide external users
with secure, single-sign-on access to internal resources with the
same credentials they use to login to their "home" networks every
day. By building solutions on the WS-Federation protocol,
federation partners around the industry are enabling secure
collaboration while preserving auditability and ease of
management.
CA SiteMinder, IBM Tivoli Manager, Microsoft Active Directory
Federation Services, and Oracle Identity Federation were combined
to enable identity federation with interoperable identity systems
that communicate using the WS-Federation protocol. Developed by
Microsoft and IBM, this protocol has been submitted to OASIS for
standardization.
Information Cards and The Identity
Metasystem
Access to online information and services is more important than
ever for productivity in the workplace and at home. But the
Internet lacks a common way to share identity information, forcing
users to remember an ever-increasing number of username/password
combinations, leading to password fatigue. In addition, username
and password combinations are vulnerable to password theft, through
attacks such as phishing, undermining user confidence in the safety
of the Internet.
The Identity Metasystem is the "identity layer" users and
service providers need for simple and secure online interactions.
It is based on interoperable Web Service protocols and data
formats. Industry partners, through user-centric identity
interoperability events hosted by the Burton Group and other
industry collaborations are working to solve this challenge by
bringing the "Identity Metasystem" to reality.
This lab demonstrated how applications called "Identity
Selectors," such as Windows CardSpace™, help users better manage
their digital identities. Each identity is represented as an
"Information Card", that can be used to access online services,
much as one might reach into a wallet for a driver's license or
membership card.
Decentralized Identity system management with Microsoft
Identity Lifecycle Manager 2007
Many organizations use a combination of systems to store identity
information. Decentralized Identity Information must be
synchronized across HR Systems, directories, databases, etc.
Microsoft's Identity Lifecycle Manager 2007 was used in this lab
enables provisioning, validation, and enforcement of identity
information through extensible management agents, integrated with
IVA member adaptor solutions.
Related Links
Lab step-by-step
Information Card Relying parties
Identity Plug-fest results
