Tommy Gjertsen

Study Notes: CCSK Identity, Entitlement, and Access Management

Table of Contents

Identity and Access Management Terms

Term Description
Entity Someone or something with identity
Identity Unique expression of an entity withing an environment
Identifier Cryptographic token tied to identity, application or service
Attribute A static or dynamic aspect of an identity
Persona The combination of identity and attributes in a specific situation/context
Role Temporary credential or job function
Authentication (AuthN) Process of confirming identity
Multifactor authentication (MFA) Something you know, something you have, something you are
Access control A technical implementation that restricts access to a resource
Accounting Logging and monitoring activities
Authorization (AuthZ) Provides access for an identity
Entitlement Mapping between and identity and its authorization
Single Sign-On (SSO) Token system used to allow one sign-in across multiple systems
Federated identity management Enabled authenticating locally and authorizing remotely in context of SSO
Authoritative source The source of an identity
Identity provider The identity management party
Relying party System that consumes identity assertions from the provider

Identity and Access Management Standards

Standard Description
Security Assertion Markup Language (SAML) Federated identity management standard supporting both authentication and authorization.
OAuth Authorization standard used for web and consumer services.
OpenID Standard for federated authentication, using URLs to identify identity providers.

Questions to ask when designing IAM solutions

Other considerations when establishing federation

Authentication and Credentials

Options Description
Hard token Physical device presenting a one-time password
Soft token Like hard token, but runs as software on phone or computer
Out-of-band passwords Separate communication methods, like SMS.
Biometrics Involves the “something you are” factor of authentication.

Similar posts