Identity Management

Definition

Identity and Access Management (IAM) provides authorization and authentication capabilities automating the initiation, capturing, recording and management of user identities and their related access permissions.

This process also includes identifying, authenticating, and authorizing individuals and groups to access applications, systems, networks, and other judicial resources.

What it Includes

IAM has several areas:

  • Identity Management – baseline platform and infrastructure to support IAM.
    • Directory services – a digital identity needs to be securely stored and organized and directory services provide the infrastructure for meeting such needs.
    • Digital identity – personal identifications in today's society can take many different forms. Some examples of these forms are driver licenses, travel passports, employee cardkeys, and club membership cards. These forms of identifications typically contain information that is somewhat unique to the holder, for example, names, address and photos, as well as information about the authorities that issued the cards, for example, an insignia of the local department of motor vehicles.
    • Identity life cycle management – can be framed in similar stages to the life cycles of living things:
      • Creation
      • Utilization
      • Termination
    • Authentication to validate presented claims or assertions
    • Authorization to enable authenticated users to access Judicial resources for which they have been granted permission utilizing the principle of least privilege
  • Access Management – refers to the process of controlling and granting access to satisfy resource requests. This process is usually completed through a sequence of authentication, authorization, and auditing actions. The following sub-components are part of this:
    • Single Sign-On – the concept of single sign-on (SSO) is the ability to login once and gain access to multiple systems
    • Trust and Federation – federation implies delegation of responsibilities honored through trust relationships between federated parties. Authentication is just one form of delegated responsibility. Authorization, profile management, pseudonym services, and billing are other forms of identity-related functions that may be delegated to trusted parties. Concepts about identity providers and service providers are documented in the GFIPM guidelines.
    • User Entitlement Management – refers to the set of technologies used to grant and revoke access rights and privileges to identities. It is closely associated with authorization, which is the actual process of enforcing the access rules, policies and restrictions that are associated with business functions and data.
    • Auditing – auditing in the context of identity and access management, is about keeping records of 'who did what, when' within the IT infrastructure. Federal regulations such as the CJIS security policy are key drivers of the identity-related auditing requirements.
  • Authentication and Authorization – a process that includes the:
    • Identification of users and associated details of users
    • Identification of roles and associated permissions
    • Identification of permissions based upon users and roles
    • Identification of contextual attributes such as:
      • Title
      • Time/Day
      • Location
      • Data type
      • Access devices

Why IAM is Significant

Implementing IAM improves organizational value by:

  • Standardized authentication of identities accessing judicial resources;
  • Provides an improved framework for Single-Sign On (SSO) and/or Multi-Factor Authentication (MFA) implementations where appropriate;
  • Flexible but consistent identity management across applications, systems, networks and other judicial resources utilizing Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC);
  • Can help discover privileged accounts and their usage;
  • Provides full audit trail capabilities;
  • Is capable of delegating access, which can also be temporary, to people and accounts who are authorized and need to administer or perform specific duties within applications and systems; and
  • Rotating and randomizing privileged credentials automatically and on a schedule.

IAM Integration with Court Application Component Models

Identify and Access Management should be considered a critical component of the NextGen model in which all other case management components interact with to provide authentication, authorization, and accountability services. The IAM component will ensure need to know access for each case management component based upon well-defined role-based and/or attribute-based access controls.

What it Does not Include

Identity and Access Management is integral to i.e. enable users access to the following components but is not necessary to implement:   

  • Case Manager
  • Case Participant Manager
  • Accounting/Financial
  • Scheduling/Calendaring
  • Document/Content Management
  • Electronic Filing Service Provider(s)
  • Electronic Filing Manager
  • Judicial Tools/eBench
  • Public Access
  • Litigant Portal
  • Online Dispute Resolution
  • Jury Management
  • Remote A/V
  • Digital Recording
  • Electronic Transcripts
  • Evidence / Exhibit Management
  • Notifications
  • Electronic Payment Processing
  • Compliance Monitoring
  • Search Engine
  • Reporting / Analytics
  • Business Rules Engine
  • Work Flow Engine
  • Knowledge Management
  • Enterprise Security

Applicable Standards and Documents

  • Global Federated Identity and Privileged Management (GFPIM)
  • CJIS Security Policy