Page 988 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 988

requires that all systems be time-synchronized within five minutes of
               each other. If a system is not synchronized or the time is changed, a

               previously issued TGT will no longer be valid and the system will not
               be able receive any new tickets. In effect, the client will be denied
               access to any protected network resources.


               Federated Identity Management and SSO

               SSO is common on internal networks, and it also used on the internet.
               Many cloud-based applications use an SSO solution, making it easier
               for users to access resources over the internet. Many cloud-based

               applications use federated identity management (FIM), which is a
               form of SSO.

               Identity management is the management of user identities and their
               credentials. FIM extends this beyond a single organization. Multiple
               organizations can join a federation, or group, where they agree on a
               method to share identities between them. Users in each organization
               can log on once in their own organization and their credentials are

               matched with a federated identity. They can then use this federated
               identity to access resources in any other organization within the group.

               A federation can be composed of multiple unrelated networks within a
               single university campus, multiple college and university campuses,
               multiple organizations sharing resources, or any other group that can
               agree on a common federated identity management system. Members
               of the federation match user identities within an organization to

               federated identities.

               As an example, many corporate online training websites use federated
               SSO systems. When the organization coordinates with the online
               training company for employee access, they also coordinate the details
               needed for federated access. A common method is to match the user’s
               internal login ID with a federated identity. Users log on within the
               organization using their normal login ID. When the user accesses the

               training website with a web browser, the federated identity
               management system uses their login ID to retrieve the matching
               federated identity. If it finds a match, it authorizes the user access to
               the web pages granted to the federated identity.
   983   984   985   986   987   988   989   990   991   992   993