Federated ID Management — Tackling Risk and Credentialing Users
This presentation will outline the approach taken by the International Aerospace and Defense Industry (IADI) to address the lack of common Identity Management policy and practice “standards,” and the deployment of PKI and Federated Identity Management with the goal of decreasing risk and cost in collaborative programs across the entire supply chain.
ID management is one of the most challenging security issues in business today. As collaboration moves quickly across geographies, organisational boundaries and more, security is increasingly important. More business is done online, but companies are unable to absolutely confirm the identity of those they are doing business with. Businesses relying solely on user ID/password combinations for authentication are at grave risk — and digging themselves deeper every day as hackers work to break codes into secure data.
The most secure means of multi-enterprise collaboration is achievable through Federated Identity Management.
Leading organisations are taking steps toward Federation — the single best source of authority to vouch for an individual’s identity. These businesses no longer have to manage identities and do password resets for customers, supply chain members, and collaboration partners. Instead, only those with issued credentials are allowed access to specified applications and databases.
• A better understanding of the approach that has been taken by IADI to implement Federated Identity Management
• Techniques and lessons learned for implementing Federated Identity Management
• An understanding of issues that remain to be solved before the full value of Federated Identity can be achieved.
KeywordsSupply Chain Credentialing User Intellectual Property Protection Supply Chain Member Entire Supply Chain
Unable to display preview. Download preview PDF.
- [GUIDE]See: http://www.guideproject.orgGoogle Scholar
- [eAUTH]See: http://cio.gov/eauthenticationGoogle Scholar
- [RFC3647]S. Chokhani, W. Ford, R. Sabett, C. Merrill, S. Wu, Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, Request for Comments3647, <http://www.ietf.org/rfc/ rfc3647.txt>, November2003.Google Scholar
- [PKIX]See: http://www.ietf.org/html.charters/pkixcharter.htmlGoogle Scholar
- [SAML]See: http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=securityGoogle Scholar
- [CardSpace]See: http://cardspace.netfx3.comGoogle Scholar
- [XACML]See: http://www.oasisopen.org/committees/xacml/Google Scholar
- [OOXML]See: http://www.ecmainternational.org/memento/TC45.htmGoogle Scholar
- [ODF]ISO/IEC 26300: 2006 Information technology — Open Document Format for Office Applications (OpenDocument), November 30, 2006, International Organization for Standardization, Geneva, Switzerland.Google Scholar