cis14: case study: using a federated identity service for faster application deployment
DESCRIPTION
Rowland Nicholson, Caterpillar, Inc. Case study of how Caterpillar used identity virtualization to aggregate, correlate and remap identities to create virtual views, enabling each application to have the required identity information on demand.TRANSCRIPT
Caterpillar Non-Confidential
Identity Virtualization
Cloud Identity Summit – July 22, 2014 Rowland Nicholson - IAM Architect
Global Information Systems
Caterpillar Non-Confidential 2 Global Information Systems
N New App
Enterprise Directory
Caterpillar Non-Confidential 3 Global Information Systems
U Upgrade
Enterprise Directory
Caterpillar Non-Confidential 4 Global Information Systems
L Legacy
Enterprise Directory
Caterpillar Non-Confidential 5 Global Information Systems
Enterprise Directory
A App
Caterpillar Non-Confidential 6 Global Information Systems
1 VIRTUAL ATTRIBUTES
Caterpillar Non-Confidential 7 Global Information Systems
Enterprise Directory
X ISO Doc’s
Y Turbines
DB Accounts
Caterpillar Non-Confidential 8 Global Information Systems
Enterprise Directory
X ISO Doc’s
Y Turbines
DB Accounts
Radius Server
Caterpillar Non-Confidential 9 Global Information Systems
Enterprise Directory
X ISO Doc’s
Y Turbines
DB Accounts
Radius Server
Virtual Directory
solarid = ‘D’+ badgenumber
Caterpillar Non-Confidential 10 Global Information Systems
Enterprise Directory
F1 “Flexible”
F2 “Finicky”
Virtual Directory +4 virtual attributes
department entryUUID member memberOf
Caterpillar Non-Confidential 11 Global Information Systems
1 VIRTUAL ATTRIBUTES
Caterpillar Non-Confidential 12 Global Information Systems
2 DYNAMIC GROUPS
Caterpillar Non-Confidential 13 Global Information Systems
F2 “Finicky” Only groups
• affiliations • organizations • business units • rules
Caterpillar Non-Confidential 14 Global Information Systems
Enterprise Directory
F2 “Finicky”
Virtual Directory
ou=groups ou=groups ou=autogen ou=dynamic ou=groups
Caterpillar Non-Confidential 15 Global Information Systems
AttributeValues
Autogen Group
Members with value
Caterpillar Non-Confidential 16 Global Information Systems
Rule
Dynamic Group
Members match rule
Caterpillar Non-Confidential 17 Global Information Systems
Enterprise Directory
F2 “Finicky”
Virtual Directory
ou=groups ou=groups ou=autogen ou=dynamic ou=groups
F1 “Flexible”
Caterpillar Non-Confidential 18 Global Information Systems
2 DYNAMIC GROUPS
Caterpillar Non-Confidential 19 Global Information Systems
3 ”VIRTUALIZED” DIRECTORY
Caterpillar Non-Confidential 20 Global Information Systems
F2 “Finicky”
Supports only Directory “Q”
Caterpillar Non-Confidential 21 Global Information Systems
F2 “Finicky”
Enterprise Directory Virtual Directory
• “Q” DIT • “Q” Schema
Caterpillar Non-Confidential 22 Global Information Systems
3 ”VIRTUALIZED” DIRECTORY
Caterpillar Non-Confidential 23 Global Information Systems
… one more thing
Caterpillar Non-Confidential 24 Global Information Systems
Enterprise Directory Virtual Directory
PII Data View
F2 “Finicky”
F1 “Flexible”
Caterpillar Non-Confidential 25 Global Information Systems
APPLICATIONS:
F2 “Finicky”
F1 “Flexible” IAM
Virtual attributes Dynamic groups
Virtual DIT/Schema Federated
New Upgrades Legacy
LDAP
WS SAML WS-Fed OAuth
OpenID Connect WAM
Caterpillar Non-Confidential 26 Global Information Systems
Thank You!