Agenda

High-profile data breaches emphasize the need to maintain and safeguard privileged accounts, but oftentimes, nothing is done to effectively limit exposure of highly sensitive data. There are four key processes that can help organizations regain control of privileged accounts in a cost-effective manner. Identifying, delegating, enforcing and auditing (I.D.E.A.) can improve security and operational efficiency, take control of privileged accounts and close security gaps within the infrastructure.

Specifically, the session will take a closer look at:

• The steps to identify and document all critical IT assets, their privileged accounts and interdependencies;
• How to delegate access so that appropriate personnel, using least privilege required, with documented purpose, can login to IT assets in a timely manner at designated times;
• The process of enforcing rules for password complexity, diversity and change frequency, while minimizing service disruption;
• Why you should audit and alert that so the requester, purpose, and duration of each privileged access request is documented and management is made aware of unusual events.

40 independent institutions with a SAML Identity Provider and close to 400 SAML Service Providers successfully interoperate. In 2009Q4 per minute 23 users authenticated using this federated Authentication and Authorization Infrastructure (AAI).

The SWITCHaai federation served as example for many other countries on how to implement their own AAI for higher education.

The presentation will provide answers to the following questions:

• What was the use case for building this infrastructure in the first place?
• How does the management of this infrastructure scale?
• How gets the discovery problem solved?
• What are the plans for extending it beyond national borders?

• Methods for endpoint integration (Both standards based and custom)
• How provisioning in the cloud can create the business case necessary to sell the service in the enterprise
• The difference between IDM in the cloud and Identity brokers.
• What the upcoming innovations will be for IDMaaS.
• How IDMaaS supports the SaaS employee model
• How the IDM service environment has evolved in the last 10 years.

Enterprise SSO is changing fundamentally. Having been a tool for quick-wins mainly, it becomes a strategic element in Information Security infrastructures. E-SSO expands to support new use cases, mainly versatility (the flexible use of different authentication means). Strong authentication means might be re-used. Beyond that, E-SSO is increasingly integrated with other elements of IAM, becoming a core element for consistent authentication strategies across the enterprise. The panelists will talk about the status and the upcoming changes for E-SSO - and how this potentially will lead to an even bigger quick-win potential whilst E-SSO's strategic relevance increases.

Looking at the current online world, performing transactions as online banking, online shopping or communicating in social networks has become an inherent part of life. Hereby, personal, identity-related data plays a major role, since for many activities a service provider requires details about the identity of a user.

However, does a service provider always require our true identity? Often a service provider just needs to recognize a user on repeated visits in order to offer personalized services. Only if critical transactions are involved as for example in online banking transactions a service provider has to be sure that a user’s identity matches with the real-life identity.

In her talk, Ivonne Thomas presents her experiences with an SOA-based identity management solution at the Hasso-Plattner-Institute, which enables identity providers, service providers as well as end users to distinguish between verified digital identities and user-created identities (anonymous identities). At the core of the presented solution is an identity provider based on the Identity Metasystem and the notion of claims that has been extended to include trust-related identity meta information. In her talk, she shows how service providers can use this information to derive access control decisions according to the level of trust they require for a certain transaction.