Identity and Access Management
Trends, technologies and tools.
29 June 2004 (14-21)
Location: Sofitel Diegem
(Diegem near Brussels (Belgium))
Presented in English
Price: 480 EUR
(excl. 21% VAT)
This event is history,
please check out the List of Upcoming Seminars, or send us an email
Check out our related in-house workshops:
This seminar covers all phases of justifying, planning and deploying a comprehensive IAM solution that integrates directory services,
user management, authentication, and access management. If you want to investigate the growing need for identity management, don't miss
this unique one-day seminar.
Questions answered in this seminar
What is the strategic and business justification for identity and access management (IAM) ?
What are the business goals, how do you build a business case, and how do justify the ROI for an IAM project ?
What are the leading tools on the market, and do you need a best-of-breed solutions or an integrated end-to-end solution ?
How can IAM help in migrating and upgrading from one operating system to another ?
Learn how IAM will dramatically reduce the number of password-related calls to the helpdesk
Find out how IAM will increase enterprise portal security and effectiveness through automated user profile updates
Many other questions will be answered, including yours if you send them to firstname.lastname@example.org.
Who should attend this seminar ?
Security architects and technical managers who need to justify, design and build an identity and access management infrastructure, and others who would like to learn more about the status of IAM technology and IAM solutions.
Everybody who wants to know the state-of-the-art in identity & access management, application-level security, single sign-on, ..., etc.
Security managers who have to build a business case for IAM
Security and IT auditors who need to audit security infrastructures
IT managers who need to understand the concepts behind identity management such as single sign-on, role-based access control, provisioning, federation, ...
Registration and Coffee/Tea
Introduction: Why is Identity Management Important ?
(Marc Sel, PricewaterhouseCoopers)
- Today's identity and access management challenges - some use cases of what can go wrong
- The business case for identity management
- The ROI and payback time of IAM projects: justification and business benefits
- Underlying concepts: single sign-on, role-based access control (RBAC), directories and meta-directories, provisioning, federation, ...
- Strategic choices to be made
What is Secure Identity Management ?
(Chris Van den Abbeele, Novell)
What can Identity Management do for you ? Where is your pain: is it provisioning, SSO, One Password, Security, Helpdesk relief, User comfort....?
- Administrator(s) point of view: Directory, LDAP, Meta-Directory; Central user management; Political issues
- User point of view: "Log in once"
- Security Officer's point of view: Password Management (one password vs multiple passwords); Protect against "Man in the middle attack"
- Business view: Overall Manageability and consistency of Username/id's/phone numbers...; Delete user account in one subsystem vs block user account in another; Logging;Compliance with laws and legislation
What are the Building Blocks ?
- Provisioning solution: Directory, Meta engine, Connectors, Authoritative Data Source, Scripting language
- Access Management and Single Sign-On for Web Applications
- Reverse Proxy method, strong authentication (eID), Federation, ...
- the background process
- advantages / limitations
- Single Sign-On
- Agent on the desktop
- Central Management of a Distributed Solution
- How Secure is your "wallet" ?
- Advantages / disadvantages
- Establishing base lines
- Non-repudiation logging
Market Overview and Analysis
(Jan De Clercq, HP Security Office)
- Market overview for each of the components of an identity management solution (including a discussion and positioning of the solutions from HP, IBM, Microsoft, Netegrity, Novell, Oblix, RSA, SUN, ...):
- Identity repositories (Directories and meta-directories...)
- Triple AAA services:
- Authentication infrastructures
- Authorization infrastructures
- Auditing infrastructures
- Identity lifecycle management tools (provisioning, ...)
- Web access control software
- Privacy management tools
A Practical Approach to Identity Management
(Nils Meulemans, SecurIT)
Identity Management has many faces. In some cases it is used to refer to the mechanism of managing user identities and entitlements across various heterogeneous platforms and applications, both within and beyond the enterprise boundaries. On the other side it is seen as the solution for creating unique digital identities across all these platforms.
While most Identity Management projects start from one of these expectations, the combination of new and existing legacy applications using diverge identity systems usually result in an approach that goes for the best compromise of both models. This presentation will highlight the classical pitfalls related to the traditional identity management project approach and will provide some guidelines on how to avoid them.
Advanced Identity Management Topics and Tools
(Jan De Clercq, HP Security Office)
- Federation initiatives (Liberty Alliance, WS-Security)
- SAML-based single sign-on
- Liberty Alliance versus WS-Security
- How federation will be used in Web and e-government applications
- Best-of-breed solutions versus integrated single-vendor solutions.
Case Study: Secure Identity Management at ING Belgium
(Bernard Delsaux, ING Belgium, and Marc Vanmaele, SecurIT)
- WeB: ING's pan-European web-enabled transaction platform for wholesale customer
- WeB's value proposition for customers and ING
- WeB wholesale channel architecture
- WeB Access Management: authentication and authorisation
Roundup of this seminar, Conclusions & Summary, Final Questions and Answers
End of this seminar
Bernard Delsaux is an independant consultant, specialised in e-business and security solutions. He is currently leading the implementation of the new "Wholesale e-Banking Channel" security architecture at ING.
Chris Van den Abbeele is a Systems Engineer at Novell. Novell's solutions manage the full user lifecycle—deliver first-day access to essential resources, synchronize multiple passwords into a single login, modify or revoke access rights instantly and even support compliance with government regulations.
Marc Sel is Director Global Risk Management Services at PricewaterhouseCoopers Risk Management. Marc moved through various positions with Texas Instruments, Alcatel (the former Bell Telephone Manufacturing Company) and Esso. In January 1989 he joined Coopers & Lybrand, where he started as a consultant. After gradually building up more experience by serving international clients, he now takes on the role of Director the Belgian "Security & Technology" group of PwC. He specialises in security technology and cryptography, and in the various security aspects of networking in particular. He also has a keen interest in RBAC, Java, .NET, smartcards, Linux and wireless technologies.He carried out assignments with regard to security for leading organisations such as SWIFT and a wide variety of financial institutions, mostly in but not limited to Europe. He particularly performed pre- and post-implementation reviews for the first Internet banking solutions that went life in Belgium and Luxembourg. He also carried out numerous International assignments in an Internet context for other organisations across various industries as well as for government. As a reminiscence of his pre-Internet past, Marc also holds strong experience in most other networking technologies such SNA, X.25 and DECnet. Within PriceWaterhouseCoopers, Marc is a 'Subject Matter Expert' with regard to Emerging Technology as well as a member of the Cryptographic Centre of Excellence.
Marc Vanmaele is the Founder and Managing Director of SecurIT, a highly focused security company that provides a portfolio of customer services which guarantee a successful and on-time implementation of the corporate-wide Intranet, Extranet and Internet security policy.
Nils Meulemans is Chief Technology Officer and Co-founder of SecurIT, a highly focused company in Identity & Access Management.
He holds a Master in Computer Science from the V.U.B. and was involved for several years in standardisation and early piloting projects around X.500 and LDAP directories. In August 1999 he became co-founder of SecurIT, where he now holds the position of CTO. Nils has been involved in several Identity and Access Management projects both within and outside the Benelux. At present, Nils is involved as a senior security architect in the eID project at Acerta and with the Validation Certification project at le Centre Informatique de l’ État in Luxemburg.
Questions about this ? Interested but you can't attend ? Send us an email !