Professional Documents
Culture Documents
Actions: Federated Identity and Access Management
Actions: Federated Identity and Access Management
Where next?
The Federated Identity and Access Management: Creating a connected world report –
available from the ISF website – provides an overview of the challenges and solutions
related to implementation of FIAM. It also sets out approaches for developing a FIAM
programme and managing new FIAM connections.
The report and toolkit are supported by an implementation space on the ISF Member
website. This provides a facilitated forum for ISF Members to discuss FIAM-related issues
and solutions, along with a central pool of additional resources including a checklist tool,
webcast and presentations.
Input for the report was gathered from analysis by an ISF Principal Analyst, discussions
at global ISF development workshops, detailed Member expert interviews, vendor
interviews, Member case studies and recommendations from related ISF research
projects.
Reference: ISF 11 FIAM Marketing Copyright © 2011 Information Security Forum Limited.All rights reserved. Classification: Public, no restrictions
Developing a FIAM programme
FIA
M tor
ec
nn )
co (SP
HR Application Cloud
provider
G Define approach for managing relationships
My data
with FIAM partners
Food Ordering Air Organisations need to define policies for identifying, assessing
and mitigating the security risks involved in setting up each new
ffic
Tra M
Foods
on FIAector
en
tic
ati conn
(SP)
Application
C Establish a governance framework for FIAM
th
Au
M
IAM
M
FIAM r
FIIAM
FIAM
FIA
Freight
connecto
ectorr
(IdP)
(
(Id FIAM Auth
board.
entication FIAM co FIA
co FIA Traffic n M
nn M connecto (Idnecto
(SP) r
FIA
MA
uth
en
tica FIA
tio M
nT Au
raff
Parcel Company
H Create a process for managing FIAM
ic th
en
tic
ati
Booking
co FIA on
nn M Tr
aff
(SPecto ic
) r
Application
A
connections
co FIA
n
(Idnec M
P) to
r
Internal co FIA
nn M
(S ecto
P)
IAM
r
Application
FIA
M
Travel Agents
co FIA
n
(S nec M
addressed, and based on activities that need to be performed
at different stages of the FIAM connection lifecycle. These are
P) to
IAM
illustrated below.
Organisations need to define a set of security-related technical FIAM connection lifecycle
requirements and standards when establishing FIAM connections. 1 APPROVAL 2 DESIGN 3 IMPLEMENTATION 4 OPERATION 5 REVIEW
These include unique user identifiers, policy for user attributes, Example of how FIAM might work for an airline, its customers (Identity
FIAM protocols and certificate policy for federated connections. Providers) and its suppliers (Service Providers)
Information Security Forum • Federated Identity and Access Management Federated Identity and Access Management • Information Securit
ityy Fo
Security Foru
rum
Forum
Actions
Where next?
The Federated Identity and Access Management: Creating a connected world report –
available from the ISF website – provides an overview of the challenges and solutions
related to implementation of FIAM. It also sets out approaches for developing a FIAM
programme and managing new FIAM connections.
The report and toolkit are supported by an implementation space on the ISF Member
website. This provides a facilitated forum for ISF Members to discuss FIAM-related issues
and solutions, along with a central pool of additional resources including a checklist tool,
webcast and presentations.
Input for the report was gathered from analysis by an ISF Principal Analyst, discussions
at global ISF development workshops, detailed Member expert interviews, vendor
interviews, Member case studies and recommendations from related ISF research
projects.
Reference: ISF 11 FIAM Marketing Copyright © 2011 Information Security Forum Limited.All rights reserved. Classification: Public, no restrictions