Week 9 Flashcards
What is the relationship between entities and identities?
A many-to-many relationship where one entity can have multiple identities and one identity can be used by multiple entities.
What is the purpose of an Identity Management (IdM) System or Identity Provider (IdP)?
Manages identities (creation, maintenance, expiration) and links identities to entities.
What is the difference between Identity and Identifier (ID)?
Identities usually have a unique identifier to prevent ambiguity.
What is the NIST definition of Identity Management?
IdM manages the creation, use, and termination of electronic identities.
According to ISO/IEC 24760-1:2019, what does Identity Management focus on?
Managing the lifecycle, type, and metadata of identities.
What are the defined functions of IdM according to ITU-T X.1250 (2009)?
- Identity assurance (identifiers, credentials)
- Authentication & Policy enforcement
Why is Authentication important in Identity Management?
It identifies the entities being authenticated.
What does Authorization & Access Control define?
Who gets access under which conditions.
What are Attributes in the context of Identity Management?
Characteristics tied to an entity (self-claimed or assigned by an authority).
What are Credentials used for?
Authentication (e.g., digital certificates, SIM cards, ATM cards).
What is the problem addressed by Federated Identity Management (FIM)?
Managing multiple identities across systems is complex and error-prone.
What is Single Sign-On (SSO) in the context of FIM?
One login for multiple services using federations for centralized authentication.
Who handles Authentication in FIM?
Identity Providers (IdPs).
Who manages Authorization in FIM?
Service Providers (SPs).
What is the Trust Model in FIM?
- Users/SPs trust IdPs
- IdPs/SPs do not trust users.
What is the definition of Accountability according to IETF RFC 4949?
Ensures actions of a system entity can be traced to hold them responsible.
What does NIST define Accountability as?
Guarantees actions are uniquely linked to an entity.
Why is Accountability important?
- Legal Compliance
- Business Needs (quality assurance, monitoring)
- Ethical/Social Responsibility
- Personal and Organizational Security
What is an Audit Service?
Tracks events and user actions.
What is a Security Audit?
Independent review of system controls.
What are Audit Trails?
Recorded logs of system events.
What types of events are logged?
- Login attempts
- Authorization actions
- System changes
Where can logs be stored?
- Local devices
- Remote servers
- Databases
- Cloud
What does the UK Computer Misuse Act (CMA) 1990 criminalize?
Unauthorized access, hacking, and malware creation.
