安全身份管理ppt課件

1、平安身份管理understanding the big picture廣州紫光北美科技:Opening the door to Web servicesNovell exteNdSecurely getting the right information to the right peopleNovell NsureThe best foundation for yourmixed environmentNovell NterpriseThe experience to solve your business problemsNovell NgageNovell Nsure 方案把身份管理提高

2、到一個(gè)新的層次，Novell的相關(guān)產(chǎn)品獲得多項(xiàng)大獎(jiǎng)，Novell的方案是把產(chǎn)品，客戶以及協(xié)作方式結(jié)合的處理方案，此方案的中心是訪問(wèn)控制把資源權(quán)限平安、方便、高效地分配給合理的人Novell 的“一體化網(wǎng)絡(luò)戰(zhàn)略SMIn the next hour1.什么是平安身份管理2. 為什么人們關(guān)懷這個(gè)問(wèn)題3. 如何處理目的企事業(yè)單位面臨的平安身份管理問(wèn)題You cant understand a subject 分而治之盲人與象You also have to understand 全局思索Secure identity management 涵蓋很多內(nèi)容Personalized User Interfa

3、ceContent AggregationSelf ServiceWeb Based AccessAuthenticationSingle Sign-onRemote AccessAuthoritative Identity SourcingPolicy Driven WorkflowRole Based ProfilingPassword Management Auditing &Intrusion Detectionsecure identity 分為三個(gè)主要部分Provide access to resources based on authenticated identityKnow

4、who youre dealing withDeliver servicesbased on a personsrole or preferences123accessmanagement訪問(wèn)管理identity management身份管理personalized delivery of applications and content運(yùn)用和內(nèi)容的個(gè)性化分發(fā)exploring secure identity management 一個(gè)商務(wù)環(huán)境的例子員工B2B協(xié)作同伴客戶企業(yè)財(cái)務(wù)經(jīng)濟(jì)市場(chǎng)銷售客戶效力員工B2B協(xié)作同伴客戶財(cái)務(wù)經(jīng)濟(jì)市場(chǎng)銷售客戶效力Roles & responsibilitiesA

5、cceptable useData classificationsPassword policiesCompliance procedures平安戰(zhàn)略Identity身份管理Secure identity management 始于平安戰(zhàn)略HRComputerPhoneWhite Pages對(duì)于新的員工,一同都輕而易舉.New employees receive access and resources quickly & automatically, based on roles & responsibilities戰(zhàn)略: Policies establish 哪些人 可以訪問(wèn) 哪些資源業(yè)務(wù)

6、Who are you? What is your role?What do you need access to?Access policies based on roles 簡(jiǎn)化管理CustomerSupplier信任證:Trusted credentials 允許對(duì)授權(quán)的資源進(jìn)展平安訪問(wèn)EmployeeHRComputerPhoneWhite PagesNew employees receive access and resources quickly & automatically, based on roles & responsibilities員工分開(kāi)的時(shí)候,問(wèn)題也變得簡(jiǎn)單. T

7、erminated employees have access revoked completely & immediately across all systemsPolicies also determine 什么時(shí)候讓訪問(wèn)權(quán)限失效Novell 的處理方案 of secure identity managementNsure 隨時(shí),隨地,把需求的權(quán)限賦予需求的人.Novell Nsure secure identity management solutions enable you to securely extend resources to the people who power y

8、our business, leveraging your current systems 跨平臺(tái)基于單一業(yè)務(wù)過(guò)程基于工業(yè)標(biāo)志Combination of our directory, meta-directory, provisioning, access management, and Professional Services capabilitiesNsureNAMDirXMLThe Novell products that power Nsure solutionsNovell Nsure Secure Identity ManagementNetDirectoryHostNT/20

9、00/XPCustomersPartners /SuppliersWeb ServersNAMNsure ResourcesEmployeesSecure LoginBorder ManageriChainDirXMLSecure Identity Management1.什么是平安身份管理2. 為什么人們關(guān)懷這個(gè)問(wèn)題3. 如何處理分析家: say we should all care about Secure Identity Management“While we still expect a return to 3A growth from increased activity in t

10、he security management area, we believe that identity management and Web services security, with their broad consumption of 3A technologies, will revitalize the market. However, these new initiatives will demand integration among previously separate products. Therefore, this transition will create e

11、ven greater turmoil in the 3A market for at least the next 12-24 months.(認(rèn)證/授權(quán)/審計(jì))Anthony C. Picardi, IDC (December 2002)“Identity has become a strategic business issue Integrated identity and access management infrastructure is “in Enterprises must create an Identity Management architecture and str

12、ategy.(身份管理體系構(gòu)造和戰(zhàn)略)Jamie Lewis, Burton Group (October 30, 2002)“Though IT budgets remain tight, organizations are continuing to invest in identity management because it addresses critical business issues and delivers a quantifiable return on investment (ROI). (投資報(bào)答)Jonathan Penn, Giga Information Gr

13、oup (October 22, 2002)“No CIO checklist for 2003 can be complete without an item on security. Concerns, both real and imaginary, will continue to test the resolve and the budgets of IS organizations. Demand and expectation for business transparency by customers, partners and regulators continue to i

14、ncrease. This virtualization creates a strategic business challenge to provide access simply, safely and economically to everyone who needs it and simultaneously prevent unauthorized or destructive access. During 2003, CIOs should review and update the complex issues of identity and access managemen

15、t (IAM) polices and methods. J. Mahoney, Gartner, Inc. (December 24, 2002)“Convergence and security concerns will drive enterprise directory services adoption (2002+), reinforcing the need for identity management (2002-04). NOS upgrades, strong authentication, and higher demands for identity managem

16、ent will drive increasingly complex integration of multi-vendor/platform directory instances (2003+), resulting in more use of EAI-like integration “toolkits. Earl Perkins, Meta Group (November 4, 2002)案例一:TransUnion Credit 信托公司reporting and financial services company“We live and die by long lists o

17、f FTC regulations Our entire business is based on the ability to provide the right people with secure access to enormous volumes of highly sensitive, regulated information. Secure identity management is a huge deal for us.EmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentityHeav

18、ily regulated environmentSecurity a top concernMillions of credit reports processed dailyGrowth from 38,000-150,000 eCommerce users案例二: Mount Sinai NYU Health System 衛(wèi)生系統(tǒng)“Novell has increased our availability by 30 fold Our internet-enabled capability allows us to provide secure, remote access to ou

19、r users, empowering them to maximize productivity, provide better patient care, and ultimately save lives.EmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentityAffiliations with more than 17 hospitals, nine long-term care facilities, and four community physician practicesDisperse

20、d community of 10,000 usersDecrease time to access critical dataEmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentity案例三: Centennial College 高校Ontarios oldest community college“Unless we implemented a provisioning solution that made authentication and network administration fast

21、, reliable, simple and secure, the sheer volume of accounts would be unmanageable.4 campuses and 8 satellite locations3,000 faculty and staff12,000 full-time students30,000 part-time students80,000 alumniEmployeesB2BPartnersCustomersFinanceMarketingSalesCustomer serviceIdentity案例四 Allianz Suisse 保險(xiǎn)W

22、orlds 5th largest insurance company“We had to set up a secure external network to allow this cooperation to work efficiently, and we had only four months to do it.Merger of 3 large insurers250 offices4500 employees, many remoteDecided to offer new financial services provided by a partner想象:航空公司Digit

23、al航空公司舉例想象:航空公司牢不可破的參照與解析eDirectory 滿足的另一個(gè)全效力目錄要求是，它可以創(chuàng)建并維護(hù)目錄中不同對(duì)象間的關(guān)系。關(guān)系是樹中相關(guān)對(duì)象間的鏈接。例如，當(dāng)您將一位用戶確定為組員時(shí)，eDirectory 就會(huì)在兩個(gè)對(duì)象間建立鏈接。全效力目錄必需滿足的一個(gè)要求是在您更改目錄樹時(shí)，可以堅(jiān)持這些至關(guān)重要的關(guān)系。用戶 Fred.SLC.AM.Airports.DigitalAirlines 是 Pilots.Flight.Corp.DigitalAirlines組的一個(gè)成員。假設(shè)Digital航空公司將 Fred 派到亞特蘭大，并將其用戶對(duì)象轉(zhuǎn)移到ATL.AM.Airports.

24、DigitalAirlines。為了維護(hù) Fred 與機(jī)組間的關(guān)系，eDirectory 會(huì)自動(dòng)更新機(jī)組的屬性，以參考 Fred 的新位置。想象:航空公司虛擬復(fù)件例如，假設(shè)Digital航空公司假想的公司已在每架飛機(jī)上實(shí)施了 eDirectory，使機(jī)組人員可以在飛行時(shí)，經(jīng)過(guò)電子郵件將關(guān)鍵信息發(fā)送給地勤、維護(hù)或客戶效力部門。每架飛機(jī)上都安裝一臺(tái)效力器，效力器中存儲(chǔ)著一個(gè)復(fù)件，其中包含通常隨該飛機(jī)飛行的員工的網(wǎng)絡(luò)身份信息。當(dāng)飛機(jī)還在地面時(shí)，Digital航空公司的任何員工都可以在完好的目錄中找到他人，由于飛機(jī)與全球網(wǎng)絡(luò)互連。然而，飛機(jī)起飛后，銜接就斷開(kāi)了。在每架飛機(jī)上存儲(chǔ)Digital航空公司全

25、體員工的一切用戶對(duì)象非常不切合實(shí)踐。然而，在一架飛機(jī)上存儲(chǔ)一切對(duì)象的一個(gè)子集可以行得通，例如每位員工的姓名和電子郵件地址。Novell 的 eDirectory 經(jīng)過(guò)虛擬復(fù)件提供了這種才干。 員工B2B協(xié)作同伴客戶財(cái)務(wù)經(jīng)濟(jì)市場(chǎng)銷售客戶效力Facilitate businessIncrease securityReduce costImprove productivityEnhance user satisfactionIdentityNsure identity management benefits業(yè)務(wù)客戶可以得到個(gè)性化的信息，從而提高稱心度，添加市場(chǎng)時(shí)機(jī)與協(xié)作同伴無(wú)縫交換必要信息，對(duì)結(jié)合工

26、程的時(shí)限和質(zhì)量要求。供應(yīng)商能更好地了解您的需求，從而帶來(lái)更好的購(gòu)買過(guò)程顯著提高員工效率，無(wú)論對(duì)于新加盟的員工還是轉(zhuǎn)換任務(wù)崗位的員工同類產(chǎn)品Alternative solution providers, such as IBM, Sun, Computer Associates, Netegrity and Business Layers:短少一致的身份根底架構(gòu), 只能處理一部分問(wèn)題 or 需求客戶改動(dòng)業(yè)務(wù)過(guò)程.These solutions:帶來(lái)新的問(wèn)題, 不能滿足業(yè)務(wù)增長(zhǎng) and 添加行政問(wèn)題.The Novell advantage優(yōu)勢(shì)Novell 具有獨(dú)特的優(yōu)勢(shì) Novell Nsure

27、:跨平臺(tái), 維護(hù)投資才干強(qiáng), 整合原有系統(tǒng),處理未來(lái)增長(zhǎng)需求.comprehensive and modular solutionleverages your existing investmentsautomates your existing business processesprovides a foundation that will support the business environment as it evolves to Web servicesAdvantageNovell Nsure gives you the control and agility to meet

28、your evolving business needsDifferentiatorsSecure Identity Management1.什么是平安身份管理2. 為什么人們關(guān)懷這個(gè)問(wèn)題3. 如何處理Secure Identity Management 處理重要的商務(wù)問(wèn)題It provides the means to:實(shí)時(shí)的, 基于角色的資源 適用分布的任務(wù)環(huán)境、協(xié)作同伴、客戶等從任何地方，支持無(wú)線保證系統(tǒng)的平安性Common challenges to successful Secure Identity ManagementProjectScopeApplicationIntegrat

29、ionRoleEngineeringArchitecturalDesignOrganizationalRealignmentLack ofExpertiseDataOwnershipTrainingChangeControl 2002 Giga Information Group, Inc.政策資金投入復(fù)雜度Your plans should address 多維問(wèn)題戰(zhàn)略組織過(guò)程技術(shù)人員變化管理工程管理PlanningDimensionsWhere is the enterprise going?What are the relevant business goals & initiative

30、s?How are business plans and technology strategy coordinated?How is the enterprise organized?What are the main business processes?How could these processes be improved?What is the current technical & application environment?What are the relevant technical requirements & constraints?Is there effectiv

31、e sponsorship for addressing these issues?What are the potential barriers to acceptance of solutions to these issues?How do you coordinate programs and projects across functional areas?What other initiatives or major changes may affect your plans?The solution delivery processBusiness focusRapid resu

32、ltsPhased approachConsensus drivenFlexibilityOpen systems and standards-basedLeverage existing investmentsSkills transferHigh value partnering加強(qiáng)戰(zhàn)略方案驗(yàn)證Direction Setting需求分析設(shè)計(jì)開(kāi)發(fā)與部署支持Implementation工程管理DirXML Concepts and Terms在NDS eDirectory之上運(yùn)用 DirXMLeDirectory 靈敏易變Change tree names, container namesAd

33、d or delete schema without shutting down serverSplit trees, merge trees, create or join partitionseDirectory 容錯(cuò)性強(qiáng)Multi-master replication - vehicle for data sharingSchema and data integrityReferential integrityeDirectory 可擴(kuò)展性好，速度快Billions of objects, thousands of searches/sec.DirXML 擴(kuò)展了eDirectory的功能

34、Multi-master Replication123changeReplicatedReplicatedchangeFilterReplicatedGuy23目的: link data objectsDirXML establishes links between similar data objects and maintains the consistency of the data in each object基于規(guī)那么的自動(dòng)鏈接匹配規(guī)那么Identifies if an object already exists with similar dataLinks the existing objects rather than creating new ones when rule is satisfied創(chuàng)建規(guī)那么Stipulates which attributes are required for create requestsSets default values交換規(guī)那么Provides placement handles for new objects數(shù)據(jù)流和數(shù)據(jù)轉(zhuǎn)換戰(zhàn)略映射 RuleConverts schema from XDS to th