Identity and Access management philosophy

Security of Information in the Information Technology world is very important component.

IT always revolves around making necessary information accessible to the authorized person as and when required to carryout his/her duties and help taking crucial decisions.

So, this post is about “identity management” in the IT world.

Identity can be established by one or more of the three factors:
1. What the requester “knows” e.g., password
2. What the requester “has” e.g., a token that generates random numbers every few seconds
3. What the requester “is” e.g., finger print or retina scan

Before letting the requester access a resource of IT infrastructure, the first thing to be done is to establish the identity of the requesting entity. Once the identity of the requester is established, the second step is to make sure the requester has necessary access to the resource.

The requester may be authorized to
a. read or view the information resource
b. make some modification to the information resource
c. create a new information resource
d. delete one of the resource

Some times the access is dependent on the value of the resource (a bank officer can only approve a transaction of value less than “some max limit”)

Separation of duties:
One requester can only create a table and maintain it, but will not be able to read the data from it.

so, the “access policy” could be very complex to define, maintain and enforce it on the IT infrastructure. One very evolved method is Role based access control – RBAC.

There are multiple vendors who provide the solutions around Identity and Access Management in the IT world.

But, interestingly this problem was ancient and in the Great Indian epic of Ramayana, Hanuman establishes his identity to Mother Seetha using a two factor model with a token and a pass phrase! I think we are only applying an ancient solution in a modern way with IAM solution stacks…

Some modern architectural patterns are on this RedPaper….. for those who are interested!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: