(2) Identity and Access Management Flashcards
Define an Identity
An Identity is a set of declarations that an individual makes about one entity to another entity (such as to an app, computer, or service provider)
What do user accounts require?
User accounts require the skill to identify a specific person and other subjects such as services. These services then grant attributes, rights, memberships to groups, etc.
What are some attributes that are associated with an identity?
Some attributes that are associated with an identity would be items such as name, address, title, etc.
What overall system is used with the Authentication, Authorization, and Accounting (AAA) framework?
Identities are used with the Authentication, Authorization, and Accounting (AAA) framework.
What is privilege management?
Privilege management is the flowing management of Authentication, Authorization, and Accounting (AAA) rights.
When it comes to Multi Factor Authentication (MFA), describe what a knowledge factor is
When it comes to Multi Factor Authentication (MFA), a knowledge factor is something you know.
When it comes to Multi Factor Authentication (MFA), describe what a possession factor is
When it comes to Multi Factor Authentication (MFA), a knowledge factor is something you have.
When it comes to Multi Factor Authentication (MFA), describe what a biometric factor is
When it comes to Multi Factor Authentication (MFA), a biometric factor is something you are.
When it comes to Multi Factor Authentication (MFA), describe what a location factor is
When it comes to Multi Factor Authentication (MFA), a biometric factor is somewhere you are.
When it comes to Single Sign On (SSO), what is shared authentication?
Shared authentication is where an ID is used for multiple sights while relying on authentication through a single ID provider
Name two common SSO technologies
Two common SSO technologies are Lightweight Directory Access Protocol (LDAP) and Central Authentication Service (CAS)
What is OpenID?
OpenID is open sourced standard for decentralized authentication. It is used by the likes of Google, Amazon, and Microsoft, who function as ID providers.
Users create the ID with the ID provider and then people use the IDs to log into many different sites.
In terms of SSO technologies, what is OAuth?
In terms of SSO tech, OAuth is an open sourced standard used by Google, Microsoft, Facebook, and allows users to share parts of their ID or info while authenticating to the original ID provider.
It uses Access Tokens
In terms of SSO technologies, what is OpenID Connect?
OpenID Connect is an authentication layer that uses the OAuth Protocol
In terms of SSO technologies, what is Facebook Connect?
Facebook Connect is also known as Login with Facebook, which is a shared authentication system that uses Facebook credentials for authentication
Describe the most useful security benefits of Single Sign On (SSO)?
One of SSO’s most useful benefits is the reduction of password reuse, as well as the reduction of password resets and support calls.
What types of benefits do shared authentication systems provide?
Shared authentication systems allow users to use credentials without needing to make new accounts every time they visit a site, which cuts down on password tiredness.
Users are normally alerted to the type of data that is shared with the site they are using, such as gender, name, etc.
What are some risks of Single Sign On (SSO)?
Some risks of SSO include accessing multiple systems and accounts, so if an attacker accesses the SSO set, then this gives the attacker access to all the sites that the person uses.
What is the concept of Federation?
Federation is about combining an ID and its related data parts.
What service types or groups like to use federation?
Organizations and cloud services like to use federation
When it comes to federated security, describe what an Identity Provider (IDP) is and does
When it comes to federated security, an Identity Provider (IDP) has to provide identity components, make assertions about those ID components, and release information to parties that rely on that info and ID holders.
In terms of federated Identities, what does a relying party (RP) or Service Provider (SP) do?
An RP or SP has to provide services to federation members and has to securely treat user and ID provider data.
In terms of federated identity security, what must consumers of this service do?
Consumers of federated services have to make decisions about what data points are shared and validate those decisions through ID data point sharing
Describe some of the design choices that need to be made when using a Federated Identity system
When using a federated identity system, certain design choices need to be made such as
A. how much assurance of a persons Identity is needed? The more assurrance is needed, the more trust is required between ID providers and and other parties
B. Manual vs Automatic provisioning. Manual may provide more security but may delay access. The opposite is true for automatic provisioning
C. How much user data will be needed to provide authorization and access?
