Click here for full text:
On Device-based Identity Management in Enterprises
Casassa Mont, Marco; Balacheff, Boris
Keyword(s): device; device management; identity management; device identity; trust; trusted computing; identity provisioning; access control
Abstract: This paper focuses on the management of device-based identities within enterprises. This is a key requirement in enterprises where the identities of platforms and devices have become as important as the identities of humans to grant access to enterprise resources. In this context, access control systems need to understand which devices with what properties are being used to access resource, by whom and in which contexts. Trust in managed devices' identities is an important first step to enable this. No effective commercial solution is currently available. We investigate requirements and related issues. We introduce an initial approach to: model devices' identities; enable their provisioning in heterogeneous enterprise systems; provide support for making and enforcing related access control decisions; leverage trusted computing capabilities of modern devices to deal with aspects of trust management. We describe a related solution where access control is based on policies that take into account: device identities in addition to traditional human-based identities; protected resources; additional constraints on contextual information. A working prototype (proof-of concept) has been fully implemented by HP Labs by leveraging and extending HP OpenView Identity Management solutions and using trusted computing- enabled devices. This is work in progress: we aim at setting the context and discussing our current status and next steps.
Back to Index