Blog Moved

Future posts related to technology are directly published to LinkedIn
https://www.linkedin.com/today/author/prasadchitta

Tuesday, August 17, 2010

Identity and Access management philosophy

Security of Information in the Information Technology world is very important component.

IT always revolves around making necessary information accessible to the authorized person as and when required to carryout his/her duties and help taking crucial decisions.

So, this post is about "identity management" in the IT world.

Identity can be established by one or more of the three factors:
1. What the requester "knows" e.g., password
2. What the requester "has" e.g., a token that generates random numbers every few seconds
3. What the requester "is" e.g., finger print or retina scan

Before letting the requester access a resource of IT infrastructure, the first thing to be done is to establish the identity of the requesting entity. Once the identity of the requester is established, the second step is to make sure the requester has necessary access to the resource.

The requester may be authorized to
a. read or view the information resource
b. make some modification to the information resource
c. create a new information resource
d. delete one of the resource

Some times the access is dependent on the value of the resource (a bank officer can only approve a transaction of value less than "some max limit")

Separation of duties:
One requester can only create a table and maintain it, but will not be able to read the data from it.

so, the "access policy" could be very complex to define, maintain and enforce it on the IT infrastructure. One very evolved method is Role based access control - RBAC.

There are multiple vendors who provide the solutions around Identity and Access Management in the IT world.

But, interestingly this problem was ancient and in the Great Indian epic of Ramayana, Hanuman establishes his identity to Mother Seetha using a two factor model with a token and a pass phrase! I think we are only applying an ancient solution in a modern way with IAM solution stacks...

Some modern architectural patterns are on this RedPaper..... for those who are interested!

No comments: