Auburn University Main Campus Chapter 15 Federated Identity Management Discussion

Content Type

User Generated

User

furyylznl

Subject

Computer Science

School

Auburn University Main Campus

Description

After reading chapter 15, describe how federated identity management will impact the processes behind identifying end users. The initial post must be completed by Thursday at 11:59 eastern. You are also required to post a response to a minimum of two other student in the class by the end of the week. You must use at least one scholarly resource. Every discussion posting must be properly APA formatted.

Your responses to other students must be more than a simple "Good job" or "I agree with your post". They must also not just be "Let me add to your post..." Instead, your responses to each other should do three things:

1. Acknowledge the other student's post with some form of recognition about what they posted
2. Relate their posting to something you have learned or are familiar with
3. Add to the conversation by asking additional questions about their post, or discussing their topic further

POST 1

According to Rosencrance, L,2018. Federated Identity Management (FIM) is a digital management system that allows enterprises and big corporations with several different technologies used by the stakeholders such as corporate-owned IoT devices and BYOD devices as well as different applications related to business or personal use are logged in by using the same login credentials across different domains of the organization. It is a seamless process to make access easy for the registered users to access any domain without providing administrative user information. In such an establishment, the corporation must rely on a third-party Federated Identity Management service provider. Confidentiality and trust can be established between the service provider and the user by establishing Security assertation Markup language (SAML) or a similar XML establishment with the same standards.

The Federated Identity Management works this way; initially, users will register to the home network and further authenticate their identity through the home security domain. Once the user is authenticated via the home domain, it additionally logs into the identity federation remote application.

The current Federated Identity Management systems that exist in the market today are OpenID, OAuth2.0, Shibboleth. These software’s are developed using OASIS SAMIL (Security assertation Markup language).

The function of OpenID applications is to log in one time and access different applications that are tagged to the OpenID. Top shelf cloud providers power the OpenID. Leading organizations such as Google and Microsoft are planning to replace their current authentications systems with Federated Identity Management. (Rosencrance, L,2018)

According to Johann. Some of the given advantages of Federated Identity Management are it improves the privacy of the registered users and enables the organizations to comply with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) regulations. It eliminates the tedious process of registering several times over and over for new applications, network domains, and devices. (Johann. (2018, June 18)

POST 2

Federated identity management (FIM) is an arrangement that can be made between multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all the enterprises in the group. The use of such a system is sometimes called identity federation.

Identity federation links a user's identity across multiple security domains, each supporting its own identity management system. When two domains are federated, the user can authenticate to one domain and then access resources in the other domain without having to perform a separate login process.

Identity federation offers economic advantages, as well as convenience, to enterprises and their network subscribers. For example, multiple corporations can share a single application, resulting in cost-savings and consolidation of resources.

How federated identity management works

Under a federated identity management scheme, credentials are stored with the user's identity provider -- usually the user's home organization. Then, when logging into a service such as a software-as-a-service app, that user does not need to provide credentials to the service provider: The service provider trusts the identity provider to validate the user's credentials. Consequently, the user only has to provide credentials directly to the identity provider, which is generally the user's home domain.

Under identity federation, the user authenticates once through the home domain; when that user initiates sessions in other security domains, those domains trust the user's home domain in order to authenticate the user (Chadwick, D. W. 2009).

Additionally, with identity federation, administrators can avoid some of the issues that go along with balancing multi-domain access, such as developing a specific system to make it easy to access the resources of an external organization.

Unformatted Attachment Preview

Cryptography and Network Security: Principles and Practice Eighth Edition Chapter 15 Cryptographic Key Management and Distribution Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Cryptographic Key Management • The secure use of cryptographic key algorithms depends on the protection of the cryptographic keys • Cryptographic key management is the process of administering or managing cryptographic keys for a cryptographic system – It involves the generation, creation, protection, storage, exchange, replacement, and use of keys and enables selective restriction for certain keys • In addition to access restriction, key management also involves the monitoring and recording of each key’s access, use, and context • A key management system will also include key servers, user procedures, and protocols • The security of the cryptosystem is dependent upon successful key management Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Key Distribution Technique • Term that refers to the means of delivering a key to two parties who wish to exchange data without allowing others to see the key • For symmetric encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by others • Frequent key changes are desirable to limit the amount of data compromised if an attacker learns the key Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Symmetric Key Distribution • Given parties A and B, key distribution can be achieved in a number of ways: – A can select a key and physically deliver it to B – A third party can select the key and physically deliver it to A and B – If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key – If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A and B Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.1 Key Distribution Between Two Communicating Entities Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.2 Symmetric Key Hierarchy Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.3 Simple Use of Public-Key Encryption to Establish a Session Key Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.4 Another Man-in-the-Middle Attack Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.5 Public-Key Distribution of Secret Keys Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.6 Uncontrolled Public-Key Distribution Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.7 Public-Key Publication Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.8 Public-Key Distribution Scenario Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.9 Exchange of Public-Key Certificates Copyright © 2020 Pearson Education, Inc. All Rights Reserved. X.509 Certificates • Part of the X.500 series of recommendations that define a directory service – The directory is, in effect, a server or distributed set of servers that maintains a database of information about users • X.509 defines a framework for the provision of authentication services by the X.500 directory to its users – Was initially issued in 1988 with the latest revision in 2016 – Based on the use of public-key cryptography and digital signatures – Does not dictate the use of a specific algorithm but recommends RSA – Does not dictate a specific hash algorithm • Each certificate contains the public key of a user and is signed with the private key of a trusted certification authority • X.509 defines alternative authentication protocols based on the use of public-key certificates Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.10 X.509 Public-Key Certificate Use Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Certificates Created by a trusted Certification Authority (CA) and have the following elements: • Version • Serial number • Signature algorithm identifier • Issuer name • Period of validity • Subject name • Subject’s public-key information • Issuer unique identifier • Subject unique identifier • Extensions • Signature Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.11 X.509 Formats Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Obtaining a Certificate • User certificates generated by a CA have the following characteristics: – Any user with access to the public key of the CA can verify the user public key that was certified – No party other than the certification authority can modify the certificate without this being detected • Because certificates are unforgeable, they can be placed in a directory without the need for the directory to make special efforts to protect them – In addition, a user can transmit his or her certificate directly to other users • Once B is in possession of A’s certificate, B has confidence that messages it encrypts with A’s public key will be secure from eavesdropping and that messages signed with A’s private key are unforgeable Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.12 X.509 Hierarchy: A Hypothetical Example Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Certificate Revocation • Each certificate includes a period of validity – Typically a new certificate is issued just before the expiration of the old one • It may be desirable on occasion to revoke a certificate before it expires, for one of the following reasons: – The user’s private key is assumed to be compromised – The user is no longer certified by this CA – The C A’s certificate is assumed to be compromised • Each C A must maintain a list consisting of all revoked but not expired certificates issued by that CA – These lists should be posted on the directory Copyright © 2020 Pearson Education, Inc. All Rights Reserved. X.509 Version 3 • Version 2 format does not convey all of the information that recent design and implementation experience has shown to be needed • Rather than continue to add fields to a fixed format, standards developers felt that a more flexible approach was needed – Version 3 includes a number of optional extensions • The certificate extensions fall into three main categories: – Key and policy information – Subject and issuer attributes – Certification path constraints Each extension consists of: • An extension identifier • A criticality indicator • An extension value Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Key and Policy Information • These extensions convey additional information about the subject and issuer keys plus indicators of certificate policy • A certificate policy is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements • Included are: – Authority key identifier – Subject key identifier – Key usage – Private-key usage period – Certificate policies – Policy mappings Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Certificate Subject and Issuer Attributes • These extensions support alternative names, in alternative formats, for a certificate subject or certificate issuer • Can convey additional information about the certificate subject to increase a certificate user’s confidence that the certificate subject is a particular person or entity • The extension fields in this area include: – Subject alternative name – Issuer alternative name – Subject directory attributes Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Certification Path Constraints • These extensions allow constraint specifications to be included in certificates issued for CAs by other CAs • The constraints may restrict the types of certificates that can be issued by the subject CA or that may occur subsequently in a certification chain • The extension fields in this area include: – Basic constraints – Name constraints – Policy constraints Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 15.13 P K I Scenario Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Summary • Discuss the concept of a key hierarchy • Understand the issues involved in using asymmetric encryption to distribute symmetric keys • Present an overview of public-key infrastructure concepts • Present an overview of approaches to public-key distribution and analyze the risks involved in various approaches • List and explain the elements in an X.509 certificate Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Copyright This work is protected by United States copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from it should never be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials. Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Purchase answer to see full attachment

Tags: business cycle fim Identity management Business Management Business and Finance

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.

1

Chapter 15: Federated Identity Management (FIM)
Student’s Name
Institutional Affiliation

2
How does federated identity management impact the processes behind identifying endusers?
Federated identity management is where one organization can validate the identity of
a user from a third-party company that shares computer services or resources. For instance, a
web-based employer and an employee-benefit organization can use federated identity
management to allow one to access the employee's information using other's credentials. In
such a case, the employer retains the user identity data, while the employee-benefit agency
uses the recruiting organization's authentication details instead of each party having its own
user login details, including the associated costs. In other words, the user is only signed in
through one website, not multiple ones each time they need to log in.
Federated Identity Management surpasses the technical understanding of the
interaction between servers. That is, the technology and the organizational policies regulate
the service users and the reasons or purposes for the business (Aldini et al., 2009). Federate...