Nick Duan and Kevin Smith
Internet security, identity and access management, federated identity
Many companies and government agencies are facing constant challenges of protecting vast information assets from malicious access while providing end users with convenient mechanism to share information. The key enabler in meeting these challenges is to establish a robust and scalable Identity and Access Management (IdAM) system based on open standards. While OpenID-based standards have been embraced by many online service providers, many believe that these implementations lack the necessary confidence level in user identity trust and interoperability. On the other hands, SAML has been the de-facto IdAM solution in the enterprise world due to its robustness and trust framework. However, for the most part, SAML lacks the flexibility and convenience in supporting RESTful applications. As the result of a SBIR research project funded by the Air Force, IDentia is an open-source based product that provides an online IdAM solution. It implements an identity bridge that integrates the flexibility of OpenID with the robustness of SAML, enabling PKI based authentication and ABAC-driven authorization in the enterprise environment. This paper introduces the fundamentals and standards of the IdAM technology, identifies the security limitations in the current implementations, and describes architecture design and implementation of IDentia as a solution for enterprise IdAM.
Important Links:
Go Back
