Annex G: Identity, Credential, and Access Management

From wiki
Revision as of 08:42, 7 April 2021 by Greggory.elton (talk | contribs) (Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
JoinusonGCconnex.png
ESAcontactus.png
GOC ESA.jpg
ESA Program Overview ESA Foundation ESA Artifacts ESA Initiatives ESA Tools and Templates ESA Reference Materials Glossary
ESA Requirements ESA Concept of Operations ESA Description Document ESA Pattern Diagram Repository
END DAT NCS OPS APP CSS ICA

Overview

As a part of a broader project under the ESA program, Identity, Credential, and Access Management (ICAM) has its own working group and initiatives, such as the Internal Centralized Authentication Service (ICAS), now called GCpass.

Please read the GC ICAM Working Group section below for more information and updates on working group minutes. For more information about the new GC ICAS tool, GCpass, please visit the GCpass page.

The Identity, Credential and Access Management (ICA) enterprise security focus area (ESFA) includes the infrastructure services required to create and manage GC Enterprise credentials, identify and authenticate users and non-person entities (NPEs), authorize and control access to GC resources, and create and manage keys for use in credential and encryption services. The figure below shows the components used to define the ICA ESFA.


File:ICAESFAcomponents.png


Identity, Credential, and Access Management ESFA Component Descriptions

Descriptions of each of these components, including key interfaces with elements of the GC enterprise, are shown in the table below. The list of mechanisms for each component contains examples of the types of technical solutions that embody the functions of that component.


Identity, Credential, and Access Management ESFA Component Descriptions
EUD Component Description Example Mechanisms Key Interfaces
File:ICA Services.png Represents GC Enterprise identification, authentication, and authorization (IA&A) infrastructure elements including identity stores, identity sources, authoritative source (e.g., PKI, Device integrity measurements), and associated authorizations. IA&A services are provided for NPEs, Users, and Applications. Authorizations are based on a central security policy source for access control attributes of the requestor and the requested GC Resource.
  • Public Key Infrastructure (PKI)
  • Certificate Authorities (CA)
  • Security Policy and Attribute Based Access Control (ABAC)
  • RADIUS, Diameter, Kerberos, LDAP, Active Directory
  • SAML
OPS
All IA&A and access
File:Key management.png Represents the trusted source for keys in the enterprise including key source, key recovery, secure storage, and secure delivery mechanisms.
  • Enterprise key management systems
  • COMSEC management software
ICA Services
DAT
END
OPS
File:NPE credential.png Represents a non-person entity (NPE) secure token.
  • Smart Card
  • Dongle
  • Smart phone app
  • Private Key (SW/HW)
ICA Services
File:User credential.png Represents a User assigned secure token.
  • Pre-placed X.509 certificates
  • Private Key (HW/SW)
ICA Services


ICAM
Retrieved from "https://wiki.gccollab.ca/index.php?title=Annex_G:_Identity,_Credential,_and_Access_Management&oldid=45616"