CCSK

 View Only
Expand all | Collapse all

Doubt in Security Guidance- Domain 12: Identity, Entitlement and Access Management

  • 1.  Doubt in Security Guidance- Domain 12: Identity, Entitlement and Access Management

    Posted May 23, 2021 04:05:00 AM

    Can some please explain, what the last 3 lines on the Security Guidance, Domain 12: Identity, Entitlement and Access Management, Page 135 means ?

    More complex architectures can synchronize or federate a portion of an organization's
    identities for an internal directory through an identity broker and then to a cloud-hosted directory,
    which then serves as an identity provider for other federated connections.


    ------------------------------
    Chris Jaimon
    DevSecOps Engineer
    CloudCover
    ------------------------------


  • 2.  RE: Doubt in Security Guidance- Domain 12: Identity, Entitlement and Access Management

    CSA Instructor
    Posted May 24, 2021 12:09:00 PM
    To me, this talks about a situation where an organization is part of a larger ecosystem of identity providers and relying parties, that may be mediated by brokers.
    There are many, complex, scenarios.

    For example, one of my jobs is at a university in Utrecht, NL. My identity there is federated to the Eduroam organization, which means that when I arrive at Oslo airport, my phone can use the Eduroam WiFi there since the local Wifi uses that federated identity as well.
    This is a real-life scenario that actually works. I am not making this up.
    https://eduroam.org/

    Does that help?

    ------------------------------
    Peter HJ van Eijk
    CCSK & CCAK trainer
    https://www.clubcloudcomputing.com/
    ------------------------------