Difference between revisions of "Annex G: Identity, Credential, and Access Management"

From wiki
Jump to navigation Jump to search
(Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549...")
 
 
Line 29: Line 29:
  
 
{{TOCright}}
 
{{TOCright}}
 
+
{{Delete|reason=Expired Content}}
== Overview ==
 
As a part of a broader project under the ESA program, Identity, Credential, and Access Management (ICAM) has its own working group and initiatives, such as the Internal Centralized Authentication Service (ICAS), now called GCpass.
 
 
 
Please read the GC ICAM Working Group section below for more information and updates on working group minutes. For more information about the new GC ICAS tool, GCpass, please visit the [[GCpass - the GC Internal Centralized Authentication Service (ICAS)|GCpass]] page.
 
 
 
The Identity, Credential and Access Management (ICA) enterprise security focus area (ESFA) includes the infrastructure services required to create and manage GC Enterprise credentials, identify and authenticate users and non-person entities (NPEs), authorize and control access to GC resources, and create and manage keys for use in credential and encryption services.  The figure below shows the components used to define the ICA ESFA.
 
 
 
<br>
 
 
 
[[File:ICAESFAcomponents.png|center|link=http://www.gcpedia.gc.ca/wiki/File:ICAESFAcomponents.png]]
 
 
 
<br>
 
 
 
== Identity, Credential, and Access Management ESFA Component Descriptions ==
 
Descriptions of each of these components, including key interfaces with elements of the GC enterprise, are shown in the table below. The list of mechanisms for each component contains examples of the types of technical solutions that embody the functions of that component.
 
 
 
<br>
 
 
 
{| class="wikitable"
 
|+ style="background: #000000; color: #ffffff | Identity, Credential, and Access Management ESFA Component Descriptions
 
|-
 
| style="background: #727272; color: #ffffff | '''EUD Component'''
 
| style="background: #727272; color: #ffffff | '''Description'''
 
| style="background: #727272; color: #ffffff | '''Example Mechanisms''' 
 
| style="background: #727272; color: #ffffff | '''Key Interfaces'''
 
|-
 
| style="background: #b8b8b8 | [[File:ICA Services.png|link=http://www.gcpedia.gc.ca/wiki/File:ICA_Services.png]]
 
|Represents GC Enterprise identification, authentication, and authorization (IA&A) infrastructure elements including identity stores, identity sources, authoritative source (e.g., PKI, Device integrity measurements), and associated authorizations. IA&A services are provided for NPEs, Users, and Applications. Authorizations are based on a central security policy source for access control attributes of the requestor and the requested GC Resource.
 
|
 
*Public Key Infrastructure (PKI)
 
*Certificate Authorities (CA)
 
*Security Policy and Attribute Based Access Control (ABAC)
 
*RADIUS, Diameter, Kerberos, LDAP, Active Directory
 
*SAML
 
|
 
:[[Annex D: Security Operations|OPS]]
 
:All IA&A and access
 
|-
 
| style="background: #b8b8b8 | [[File:Key management.png|link=http://www.gcpedia.gc.ca/wiki/File:Key_management.png]]
 
|style="background: #e5e5e5 | Represents the trusted source for keys in the enterprise including key source, key recovery, secure storage, and secure delivery mechanisms.
 
| style="background: #e5e5e5 |
 
*Enterprise key management systems
 
*COMSEC management software
 
| style="background: #e5e5e5 |
 
:ICA Services
 
:[[Annex B: Data Security|DAT]]
 
:[[Annex A: Endpoint Security|END]]
 
:[[Annex D: Security Operations|OPS]]
 
|-
 
| style="background: #b8b8b8 | [[File:NPE credential.png|link=http://www.gcpedia.gc.ca/wiki/File:NPE_credential.png]]
 
|Represents a non-person entity (NPE) secure token.
 
|
 
*Smart Card
 
*Dongle
 
*Smart phone app
 
*Private Key (SW/HW)
 
|
 
:ICA Services
 
|-
 
| style="background: #b8b8b8 | [[File:User credential.png|link=http://www.gcpedia.gc.ca/wiki/File:User_credential.png]]
 
| style="background: #e5e5e5 | Represents a User assigned secure token.
 
| style="background: #e5e5e5 |
 
*Pre-placed X.509 certificates
 
*Private Key (HW/SW)
 
| style="background: #e5e5e5 |
 
:ICA Services
 
|}
 
 
 
<br>
 
 
 
{{:ICAM}}
 
 
 
[[Category:Government of Canada Enterprise Security Architecture (ESA) Program]]
 
[[Category:Enterprise Security Architecture]]
 
[[Category:GC Enterprise Architecture]]
 
[[Category:Identity Management]]
 

Latest revision as of 13:29, 20 April 2021