APS (Keystone) Security “dial tone” Doron Grinstein Chief Architect

APS (Keystone) Security “dial tone” Doron Grinstein Chief Architect October 2012 Version 0.2 Confidential

Security? Authentication Single Sign On (SSO) Federation Session Management Delegated Administration Fine-Grained Authorization Audit Trail (e.g. who granted access to the user?) Reporting (e.g. what can Mike Smith do?) Segregation of Duties Enforcement (SOD) 2 Confidential Dell Software

Elements in enterprise settings COTS (commercial off the shelf) Applications – ERP, CRM, Collaboration (SharePoint, etc.) – Web Applications – Mobile Applications – Mainframe Application – Web Services – Rich Client Custom Applications – Web, Rich Client, Mobile, Web Services – Java, .NET,RUBY, PHP, Delphi, COM, C, C , F#, Power Builder, Cold Fusion, etc. 3 Confidential Dell Software

Application Security Today 4 Confidential Dell Software

Security should be as simple as this: 5 Confidential Dell Software

But in reality you’re faced with this CAS Kerberos Card Spaces SAML 2.0 RADIUS SAML 1.1 WS-Trust XACML 2.0 OAuth DSML SPML SAMLP Siteminder OpenID XACML 3.0 WIF OpenAuth LiveID Shibboleth ADFS WS-Federation WRAP 6 Confidential Dell Software

What is needed is a Universal Adapter of IdM! 7 Confidential Dell Software

How does it work? 8 Confidential Dell Software

Thank you

APS becomes the Dell Identity Glue 10 Confidential Dell Software

APS and Q1IM provide core services Workflow Assessment SoD Attestation Recertification Orchestration Compliance Governance Entitlement Mgmt Role Mgmt Policy Mgmt Self Service IT Shop Delegation Log Service Log Analysis Heuristics Fraud Detection Reporting Real Time Alerts Identity Admin Monitoring Quest One Core Services Data Access Context PIP Unified Namespace Provisioning / Sync Data Connectors Virtual Directory Authorization Policy Decision Policy Enforcement File SharePoint Web Data Code Authentication User Authentication Two Factor Authn IDP/STS SSO APS Q1I M 11 Confidential Dell Software