IAM Flashcards
Identification
To announce ourselves to a system of facility
Claiming to be a specific user (ex. username)
Authentication
To challenge the user’s claimed identity (ex: ask for password or PIN)
Authorization
To enforce permissions for each user
Accounting
To track user’s activities
auditing/logging - provides accountability
Identity Management Phases
- Provisioning - creating user accounts baed on NTK and Least Privilege
- Review - Perform user access reviews at least once a year (at a minimum)
- Edit - Procedures are established so that when a user moves around within the organization we review privileges to prevent Authorization/Privilege-Creep
- Deprovisioning - When the employee leaves the organization, we remove all access and disable the account according to the Retention Policy. Once the required retention period has expired we delete the account
List and give example of authentication factors
- Something you know (e.g. password, PIN, SSN, etc)
- Something you have (e.g. door key, smart card, badge)
- Something you are (thumb print, retina scan, iris scan, facial recognition)
- Some where you are (device IP, GPS coords)
Retina Scan
scan that looks at blood vessels in your eyes
think: red-ina scan
List Types of passwords, and what type of authentication factor are they
Static password = Fixed password = Reusable password > something you know
One-time password = Session password = Dynamic password > something you have
Tokens
provide one time, one session, or dynamic passwords
can be hardware or software based
(e.g. RSA token)
Federated Identity Management
Provides policies, process, and mechanisms to manage identity authentication and authorization to systems across organizations
Identity Provider
In a federated environment, the identity provider holds all the identities and generates a token for known users
In cloud it is preferable for the organization to maintain identities and act as the identity provider (e.g NOT CSP)
Relying Party
In a federated environment the relying party is the service provider and consumes tokens issued by the identity provider
XACML
communicating policy enforcement through a standard protocol
Used in ABAC and OpenID Connect
WS-Federation (Web Service Federation)
A federation identity specification from WS-Framework
SAML 2.0
An XML framework to communicate authentication, authorization, and attributes
Authentication tokens/assertions are digitally signed XML transmitted over TLS