Identity driven networking

Identity driven networking

Identity Driven Networking (IDN) is the process of applying network controls to a network device access based on the identity of an individual or group of individuals responsible to or operating the device. Individuals are identified, and the network is tuned to respond to their presence by context.

The OSI model provides for a method to deliver network traffic, not only to the system but through to the application that requested or is listening for data. These applications can operate either as a system based user -daemon process, or they may be a user application such as a web browser.
Internet security is built around the idea that the ability to request or respond to requests should be subjected to some degree of authentication, validation, authorization, and policy enforcement.Identity Driven Networking endeavors to resolve user and system based policy into a single management paradigm.

Since the internet comprises a vast range of devices and applications there are also many boundaries and therefore ideas on how to resolve connectivity to users within those boundaries. An endeavor to overlay the system with an identity framework must first decide what an Identity is, determine it, and only then use existing controls to decide what is intended with this new information.

The Identity

A digital identity represents the connectedness between the real and some projection of an identity; and it may incorporate references to "devices" as well as "resources" and "policies".

In some systems, policies provide the entitlements that an identity can claim at any particular point in time and space. For example, a person may be entitled to some privileges "during work from their workplace" that may be denied "from home out of hours".

How it might work

Before a user gets to the network there is usually some form of machine authentication, this probably verifies and configures the system for some basic level of access. Short of mapping a user to a MAC address prior or during this process (802.1x) it is not simple to have users authenticate at this point. It is more usual for a user to attempt to authenticate once the system processes (daemons) are started, and this may well require the network configuration to have already been performed.

The first task then, when seeking to apply Identity Driven Network controls, comprises some form of authentication. Since the first piece of infrastructure placed upon a network is often a network operating system (NOS) there will often be an Identity Authority that controls the resources that the NOS contains (usually printers and file shares). There will also be procedures to authenticate users onto it. Incorporating some form of single sign-on means that the flow on effect to other controls can be seamless.

Many network capabilities can be made to rely upon authentication technologies for the provisioning of an access control policy.For instance:Packet filtering -firewall, content-control software, Quota Management systems and Quality of service (QoS) systems are good examples of where controls can be made dependent upon authentication.

See also

* AAA protocols such as RADIUS
* LDAP
* EAP


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Identity management — In information systems, identity management is the management of the identity life cycle of entities (subjects or objects). An identity management system: # Establishes the identity ## Links a name (or number) with the subject or object; ## Re… …   Wikipedia

  • Social networking service — This article is about the type of service. For the concept of relationships between people, see Social network. For a list of services, see List of social networking websites. A social networking service is an online service, platform, or site… …   Wikipedia

  • Comparison of social networking software — Social Network Engine Comparison Social Network Engines or Social Engines provide the basis for community driven content and social/business networking. Category Tiki Wiki CMS Groupware BoonEx Dolphin BuddyPress EngineY PeopleAggregator ELGG… …   Wikipedia

  • Internet security — is a branch of computer security[1] specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet.[2] The Internet represents an insecure channel for exchanging information leading …   Wikipedia

  • Extensible Threat Management (XTM) — is the next generation of Unified Threat Management (UTM), integrated network security appliances. As stated by IDC industry analyst Charles Kolodgy, in [http://www.scmagazineus.com/UTMs Key cog in infrastructure/article/109728/ SC Magazine] (May …   Wikipedia

  • Role-based access control — In computer systems security, role based access control (RBAC) [cite conference author = Ferraiolo, D.F. and Kuhn, D.R. title = Role Based Access Control booktitle=15th National Computer Security Conference year = 1992 month = October pages=554… …   Wikipedia

  • Unified threat management — (UTM) is used to describe network firewalls that have many features in one box, including e mail spam filtering, anti virus capability, an intrusion detection (or prevention) system (IDS or IPS), and World Wide Web content filtering, along with… …   Wikipedia

  • Twisted (software) — Infobox Software name = Twisted caption = collapsible = author = Glyph Lefkowitz developer = Community released = 22 October 2002 [cite mailinglist|last=Shtull Trauring|first=Itamar|title=ANN: Twisted 1.0|date=2002 10 22|accessdate=2008 08… …   Wikipedia

  • ProCurve Manager — (PCM) is a Comprehensive Network Management suite for products and solutions by ProCurve Networking, a division of HP. Versions ProCurve Manager comes in two versions; a base version supplied both free of charge with all managed ProCurve Products …   Wikipedia

  • Computers and Information Systems — ▪ 2009 Introduction Smartphone: The New Computer.       The market for the smartphone in reality a handheld computer for Web browsing, e mail, music, and video that was integrated with a cellular telephone continued to grow in 2008. According to… …   Universalium

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”