|
Device-based Identity Management in
Enterprises [back to
projects page]
This project focuses on the management of device-based identities
within enterprises. This is a key requirement in enterprises where
the identities of platforms and devices have become as important as
the identities of humans to grant access to enterprise resources.
In this context, access control systems need to
understand which devices with what properties are being used to
access resource, by whom and in which contexts. Trust in managed
devices’ identities is an important first step to enable this. No
effective commercial solution is currently available.
We have investigated requirements and related
issues. We have introduced an initial approach to: model devices’
identities; enable their provisioning in heterogeneous enterprise
systems; provide support for making and enforcing related access
control decisions; leverage trusted computing capabilities of modern
devices to deal with aspects of trust management.
We implemented a related solution where access
control is based on policies that take into account: device
identities in addition to traditional human-based identities;
protected resources; additional constraints on contextual
information. A working prototype (proof-of concept) has been fully
implemented by HP Labs by leveraging and extending HP OpenView
Identity Management solutions and using trusted computing-enabled
devices. This is work in progress.
Here are a few snapshots of our prototype, showing the provisioning
of device-based identity in an enterprise and its usage for
access control:
Further information and details about this
project can be found in the following HPL Technical Report:
|
printable version
