Showing posts from June, 2004

Identity and Access Management - Part III Access Management

In past few days a lot of discussions and past memories have resurfaced that has helped me bring together my ideas on the Access management piece of the Identity Access Management. So this is an attempt at putting together all those thoughts and ideas that I have heard from other people and some that I understood. See these locations for more details Tutorial of American National Standard on Role Back Access Control Types of Access Control SACMAT TISSEC (search for access control) What is Access Control Access Control is the mechanism by which a resource / object manager restricts the actions / operations that an identified user or Subject (including anonymous users) can perform on a resource or object based on predefined policy. Based on this simple definition we can see that following are the basic components of Access Control Subject The person, process, any physical or logical entity or group of entity who can be identified uniquely in a Access Control system / dom

Identity and Access Management Infrastructure

I have been thinking for some time about the possibility of developing an Identity and Access Management architecture using existing Opensource products. There where some ideas that I had with regards to component that I can use for example OpenLDAP and MySQL as Directory and Database respectively, Apache as the webserver and so on. But in order to do an end to end architecture, I thought of starting with a documented architecture which tries to accommodate as many IAM concepts as possible. The image below is an attempt at the same and I already know that I have not covered all the concepts that I could think of. But at the same time, this would be a good exercise in understanding where the opensource is with regards to developing a complete solution.