expertise in identity & access management ad, authz and fim (oh my!) laura e. hunter identity...
TRANSCRIPT
Expertise in Identity & Access Management
www.oxfordcomputergroup.com
AD, AuthZ and FIM(Oh my!)
Laura E. Hunter
Identity Architect
www.oxfordcomputergroup.com
Active Directory
• Authentication, Authorization and Auditing– LDAP-based– Low barrier to entry
•No separate licensing – you own a Windows server license, you can deploy AD
– High levels of penetration in corporate and EDU environments
www.oxfordcomputergroup.com
AD for Role Management?
• Which of the following is my phone number?– +1 (215) 380-4476– 215.380.4476– (215) 380-4476– 215-380-4476
• Now…which of those will AD allow me to enter?– Good at replication and publication– Bad at enforcing business rules
www.oxfordcomputergroup.com
So What Else Is There?
• Identity Lifecycle Manager– Specifically ILM “2”, a.k.a. FIM 2010
• (It’ll ship someday, I swear)
– Enforces business rules before writing data to a connected directory• “All of Joe Smith’s direct reports will be in a
security group called ‘JSDR’”
– SQL store provides a single location for “role mining” and historical queries
• Additional cost/CAL considerations!
www.oxfordcomputergroup.com
Is There a Middle Ground?
• Sure. It’s a “build vs. buy” decision• Anything that can write to LDAP can
write to AD– Constrained proxy apps (usually web-
based) or scripts
• …but the native tools still won’t enforce logic!
Expertise in Identity & Access Management
www.oxfordcomputergroup.com
Thank You!