Identity and Access Management
Trends, technologies and tools.
29 June 2004 (14-21)
Location: Sofitel Diegem
(Diegem near Brussels (Belgium))
Presented in English
Price: 480 EUR
(excl. 21% VAT)
This event is history,
please check out the List of Upcoming Seminars, or send us an email
Check out our related in-house workshops:
Registration and Coffee/Tea
Introduction: Why is Identity Management Important ?
(Marc Sel, PricewaterhouseCoopers)
- Today's identity and access management challenges - some use cases of what can go wrong
- The business case for identity management
- The ROI and payback time of IAM projects: justification and business benefits
- Underlying concepts: single sign-on, role-based access control (RBAC), directories and meta-directories, provisioning, federation, ...
- Strategic choices to be made
What is Secure Identity Management ?
(Chris Van den Abbeele, Novell)
What can Identity Management do for you ? Where is your pain: is it provisioning, SSO, One Password, Security, Helpdesk relief, User comfort....?
- Administrator(s) point of view: Directory, LDAP, Meta-Directory; Central user management; Political issues
- User point of view: "Log in once"
- Security Officer's point of view: Password Management (one password vs multiple passwords); Protect against "Man in the middle attack"
- Business view: Overall Manageability and consistency of Username/id's/phone numbers...; Delete user account in one subsystem vs block user account in another; Logging;Compliance with laws and legislation
What are the Building Blocks ?
- Provisioning solution: Directory, Meta engine, Connectors, Authoritative Data Source, Scripting language
- Access Management and Single Sign-On for Web Applications
- Reverse Proxy method, strong authentication (eID), Federation, ...
- the background process
- advantages / limitations
- Single Sign-On
- Agent on the desktop
- Central Management of a Distributed Solution
- How Secure is your "wallet" ?
- Advantages / disadvantages
- Establishing base lines
- Non-repudiation logging
Market Overview and Analysis
(Jan De Clercq, HP Security Office)
- Market overview for each of the components of an identity management solution (including a discussion and positioning of the solutions from HP, IBM, Microsoft, Netegrity, Novell, Oblix, RSA, SUN, ...):
- Identity repositories (Directories and meta-directories...)
- Triple AAA services:
- Authentication infrastructures
- Authorization infrastructures
- Auditing infrastructures
- Identity lifecycle management tools (provisioning, ...)
- Web access control software
- Privacy management tools
A Practical Approach to Identity Management
(Nils Meulemans, SecurIT)
Identity Management has many faces. In some cases it is used to refer to the mechanism of managing user identities and entitlements across various heterogeneous platforms and applications, both within and beyond the enterprise boundaries. On the other side it is seen as the solution for creating unique digital identities across all these platforms.
While most Identity Management projects start from one of these expectations, the combination of new and existing legacy applications using diverge identity systems usually result in an approach that goes for the best compromise of both models. This presentation will highlight the classical pitfalls related to the traditional identity management project approach and will provide some guidelines on how to avoid them.
Advanced Identity Management Topics and Tools
(Jan De Clercq, HP Security Office)
- Federation initiatives (Liberty Alliance, WS-Security)
- SAML-based single sign-on
- Liberty Alliance versus WS-Security
- How federation will be used in Web and e-government applications
- Best-of-breed solutions versus integrated single-vendor solutions.
Case Study: Secure Identity Management at ING Belgium
(Bernard Delsaux, ING Belgium, and Marc Vanmaele, SecurIT)
- WeB: ING's pan-European web-enabled transaction platform for wholesale customer
- WeB's value proposition for customers and ING
- WeB wholesale channel architecture
- WeB Access Management: authentication and authorisation
Roundup of this seminar, Conclusions & Summary, Final Questions and Answers
End of this seminar
Questions about this ? Interested but you can't attend ? Send us an email !