Re: [DG-IDPro] Reminder: ID Pro Body of Knowledge Work Stream Meeting TODAY

Good points Bob. Group: is there merit in having a distinction between "Management of" versus "Active Control of" for all segments? I'm trying to think through how that might emerge in each segment - Identification / Registration (yes); Credentials (yes); authentication (maybe); privilege management (yes) andrew. *Andrew Hughes *CISM CISSP Independent Consultant *In Turn Information Management Consulting* o +1 650.209.7542 m +1 250.888.9474 1249 Palmer Road, Victoria, BC V8P 2H8 AndrewHughes3000@gmail.com ca.linkedin.com/pub/andrew-hughes/a/58/682/ *Identity Management | IT Governance | Information Security * On Mon, Nov 28, 2016 at 7:32 PM, Natale, Bob <RNATALE@mitre.org> wrote:

I recommend that you distinguish “Authorization” from “Access Management” … Authorization is a (logically) off-line activity relative to Access Control … Authorization is closer to Privilege Management (and might be a proper subset of it) … Access Control is a real-time/run-time activity that has to mediate across Authentication, Authorizations (note the plural form), and contextual factors to make an operational grant/deny decision.

Here are the supporting definitions from CNSSI 4009 (as reproduced in NIST IR 7298 Revision 1, *Glossary of Key Information Security Terms*:

Access Control

The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).

Authorization

Access privileges granted to a user, program, or process or the act of granting those privileges.

Privilege

A right granted to an individual, a program, or a process.

Privilege Management

The definition and management of policies and processes that define the ways in which the user is provided access rights to enterprise systems. It governs the management of the data that constitutes the user’s privileges and other attributes, including the storage, organization and access to information in directories.

YMMV, but I’ve been down this road a number of times and have always encountered the need to distinguish those two concepts/constructs.

Avanti,

BobN

*From:* dg-idpro-bounces@kantarainitiative.org [mailto:dg-idpro-bounces@ kantarainitiative.org] *On Behalf Of *Andrew Hughes *Sent:* Monday, November 28, 2016 5:49 PM *To:* Thorsten H. Niebuhr [WedaCon GmbH] <tniebuhr@wedacon.net> *Cc:* dg-idpro@kantarainitiative.org *Subject:* Re: [DG-IDPro] Reminder: ID Pro Body of Knowledge Work Stream Meeting TODAY

I created a PPTx and PDF version of the hand-drawn 'visual' taxonomy for debate and discussion

It is here http://kantarainitiative.org/confluence/download/ attachments/85492303/BoK%20Diagram.pdf?version=1&modificationDate= 1480373062000&api=v2

andrew.

*Andrew Hughes *CISM CISSP Independent Consultant *In Turn Information Management Consulting*

o +1 650.209.7542 m +1 250.888.9474 1249 Palmer Road, Victoria, BC V8P 2H8 AndrewHughes3000@gmail.com ca.linkedin.com/pub/andrew-hughes/a/58/682/ *Identity Management | IT Governance | Information Security *

On Mon, Nov 28, 2016 at 10:14 AM, Thorsten H. Niebuhr [WedaCon GmbH] < tniebuhr@wedacon.net> wrote:

Links to the minutes

https://kantarainitiative.org/confluence/pages/viewpage. action?pageId=85492564

thx all

On 28.11.2016 17:13, Shannon Taylor Kantara wrote:

All,

A reminder that the ID Pro Body of Knowledge work stream is *meeting TODAY at noon eastern*. The call details are below.

Regards,

Shannon

------------------------------

*Monday, November 28, 2016*

*12:00pm Eastern*

1. Please join my meeting.

https://global.gotomeeting.com/join/135593357

Meeting ID: 135-593-357

Audio PIN: Shown after joining the meeting

2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.

United States: +1 (571) 317-3116

Australia: +61 2 8355 1034

Austria: +43 1 2060 92964

Belgium: +32 (0) 28 08 4372

Canada: +1 (647) 497-9372

Denmark: +45 69 91 84 58

Finland: +358 (0) 923 17 0556

France: +33 (0) 170 950 590

Germany: +49 (0) 692 5736 7206

Ireland: +353 (0) 19 030 053

Italy: +39 0 699 26 68 65

Netherlands: +31 (0) 208 080 759

New Zealand: +64 9 974 9579

Norway: +47 21 04 30 59

Spain: +34 931 76 1534

Sweden: +46 (0) 775 757 471

Switzerland: +41 (0) 435 0026 89

United Kingdom: +44 (0) 20 3713 5011

_______________________________________________

DG-IDPro mailing list

DG-IDPro@kantarainitiative.org

http://kantarainitiative.org/mailman/listinfo/dg-idpro

_______________________________________________ DG-IDPro mailing list DG-IDPro@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idpro