Identity, Entitlement & Access Management

Duration 03:23 1722 Views

Common terminologies
Some identity related terms to remember are as follows.

Identity – It is the means by which a user, device, or, code (entity) is identified as unique.
Identifier – This is another term, related to identity, referring the means by which the identity is asserted.
Another identity-related term is entity. It refers to types which have an identity, to users, devices, codes.
Entitlement – The process of managing privileges to identities and related attributes.

Federation is the term used for the connection between one identity repository to another. The term, persona, is identity plus attribute that provide context to the environment the entity is operating within.

Attributes – They are facets of an identity.
Introduction to Identity in cloud environment

In this slide, we will get introduced to identity in cloud environment. With industries scaling from small scale to global levels with different types cloud deployment models, identity management has become a major issue.
In cloud, using an identity for all entities is considered as a decision to mitigate risk and improve the security aspects of the cloud systems.

While implementing identity for cloud deployment, some factors have to be taken into consideration. One factor is the strength with which an identity can be asserted. Another factor is the strength with which an attribute can be asserted. The third factor is the instances during which a transient identity is sufficient. Last factor is the instances where pseudo-anonymity is needed.  

In the next slide we will learn about identity architecture for cloud.

Identity federation
Federation is basically the use of SAML (pronounced as S-A-M-L) or security assertion markup language for offering portability to varied security domains. By means of a federated gateway, organizations extend their DS environment to SAML assertions. There are other organizations, which consume SAML assertions from an identity service.

Federation standards are widely used in SaaS for the purpose of identity federation and access control. However, there are no equivalent standards for IaaS/PaaS. Organizations that use Privileged Identity Management (PIL) tools (tools used for managing identity of privileged users within an organization or outside) should explore their usage in cloud environment as well.