Best Practices IV
Moderator:
Identity Management at BT with SAP Netweaver IDM
Identity Management at BT with SAP Netweaver IDM
By the acquisition of MaXware SA and the integration of their identity management products into SAP’s portfolio, SAP is becoming a new player in the identity management market space. This session presents how BT has implemented SAP’s identity management solution both internally and also with different functionality at a customer. The talk describes the architecture of the installations, their prominent features and the reasons behind the decision to choose SAP’s identity management solution. Also, lessons learned in developing, operating and extending the systems will be presented.
Provisioning, Entitlements
E.ON UK Case Study: Implementing an Identity and Access Management Solution that gives Business Value
Identity management isn’t just about security and cost, it can also deliver real business benefits. This presentation is based on the case study of the implementation at E.ON UK and the linking of this system to a European Identity Management system in E.ON Germany. It illustrates the key concepts of the implementation, where the value has been derived, and lessons learned during the implementation and subsequent operation and enhancement of the system.
Manage Governance: Manage Identities, Manage Access
The biggest part of an IAM solution for an enterprise is to manage the identities with their corresponding entitlements and therefore the entitlements structure. The implementation of a business oriented IAM will affect different areas: people, processes, policies and the IT infrastructure. Appropriate migration and change management plans will be needed to do this implementation efficiently after the processes, policies and IT infrastructure has been designed according to business’ requirements. This contribution describes best practices, lessons learned and experiences from Bombardier’s IAM program.
Universal CV - A Job Provider Circle of Trust based on HR-XML
Universal CV - A Job Provider Circle of Trust based on HR-XML
The aim of the CV Universel project is to give to an applicant the ability to store and share his CV data information in a circle of trust of Job providers.
The CV is based on the Europass CV model, which is the European Commission proposal for a European standard cV and is supported by their Cedefop Agency (the European EURES system is compliant with this standard).
This project is supported by the french 'Ethic and Recruiting' association as well as Syntec Recruiting' syndicate (association of more than 140 recruiting agencies in France).
The CV universel will use the HR-XML / EIfEL / Europortfolio proposal for a XML binding of this CV standard using HR-XML specifications supported by the industry.
To allow privacy data sharing of CV data this project will be based on the Liberty Alliance Web Service Framework including support of the draft proposal for a new Liberty Identity Service Interface Specifications for HR systems based on the HR-XML CV XML Binding.
This project will start its implementation phase in January 2008 and the pilot phase will start in March with three first job providers in the circle of trust:
- La Poste
- L'Oreal
- Integra (SME)
So this is a potential of more than 100 000 users per year.
The implementation and pilot phase of this project will be managed by EIfEL.
All the components used to build this federation are already existing in opensource, they will be updated to support this new HR Identity Service Interface Specifications.
The aims of this presentations are to:
- Explain the choices related to standards, components and architecture and how it is profitable for both the end user and the Job providers partners.
- Give the first results of the pilot phase.
- Give more information about the cost and difficulties to adapt / include new providers in this kind of circle of trust.
- Give some perspectives, especially at eGovernment level.
Diginotar: How to Launch a User centric E-Identity service - Are you Ready?
Organisations want to know the e-Identity of their users, but not be bothered with the management of all those e-Identities. These universal global needs have led to new techniques for User Centric e-Identity mechanisms resulting in a need for independent authentication services.
DigiNotar uses a SAML compliant Dutch open source standard providing an independent e-Identity Service. The Dutch government uses the same open source standard for millions of citizens that communicate with governmental web-applications. Organisations can "outsource" the e-Identity role to an independent and generic authentication service to enable quick online access to their e-businesses. DigiNotar e-Identities are cross-domain cross-application.
DigiNotar not only manages the systems but also provides a secure identification process to verify e-identities. By doing so, we take liabilities over from companies. On the other hand, we try to safeguard the privacy of the user. Users have the opportunity to access the applications anonymous.
Although the managed service is easy to setup and use, it is important that companies make a mind shift to start using a generic authentication service. Drs. de Bos will share his experience on e-Identity management by presenting examples from the financial, healthcare, legal and insurance sector. Different factors that influence success will be highlighted in the presentation:
- Legal issues: what is the minimum level of identity control, who will identify users and which legal status will that e-Identity have;
- Registration processes : what are their responsibilities of the organisations, their users and the independent authentication service provider;
- Management of the Identity: a user-centric model makes it possible for organisations to invite users to register their personal authentication mechanism themselves. The user manages his own data;
- Distribution of tokens: avoiding effort from the application provider that does not see it as it’s core and is not bothered with management of e-Identities.
- One e-Identity for multiple applications: an open standard and interoperability between applications and solutions enables the usage of a single universal e-identity or even authentication mechanism for multiple applications;
- Privacy: the ability to have anonymous authentication through an independent authentication provider.
The open structure of the technology makes it possible to extend the use to other e-Identity Providers. It is not a question more of technology, but the Trust Level of the e-Identity Provider.