Building blocks for establishing federation with organizations like ESA

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Building blocks for establishing federation with organizations like ESA"

Transcription

1 Building blocks for establishing federation with organizations like ESA ESA Single Sign-on & OGC Authentication Standard A. Baldi ESA: M. Leonardi RHEA: Helsinki 02/10/2013 FIM4R

2 ESA EO IM introduced in 2011 ESA EO Identity Management and the supporting AAI infrastructure for the creation, maintenance, and utilization of digital identities was introduced in beginning of 2011 after an initial study: Initially based on Shibboleth 1 and then ported on Shibboleth 2 (current baseline) with few extensions Consists of: Redundant Identity providers (IDPs) Redundant Identity Registries (LDAPs) Multiple Service Provider (SPs) Check Points Is based on a common Minimal User Profile derived from inetorgperson + a dedicated common EO SP profile for specific attributes.

3 ESA EO IM Functions Authentication Single SIgn On for all Web applications with inheritance of User community between SPs. Authorization Exchange of attributes for granting user access to the resources with SP profile synchronization with IDP. Chained Multi Step Self Registration Acquiring user s identity information by IDP and SPs before issuing user credential. Credentials Recovery The user is able to self recover a forgotten password autonomously. Secure Storage Storage of sensitive identity information into secure registry (via encryption, owned by the IDP). Administration Self users administration of key profile information. More advanced administration functions across the enterprise for IM administrators. Security Enforcement Password strong security enforced upon registration and password management by the IDP. Auditing Auditing of user privileges, user access to resources, resource utilization. Reporting Reporting of user information for statistical utilization via a dedicated BI tool. Authentication for Java Applications JCL (Java Client Library) designed to offer an SSO API to Java applications. Easy AAI Deployment Virtual Environment with AAI infrastructure and IM template for SP. AAI Robustness Geographically Distributed Cluster for ESA AAI infrastructure.

4 Why FIM is important for ESA? Enable Internal Identity Federation: split/model ESA user communities into smaller dedicated domains (e.g. ESA ONLY projects, ESA/EU projects, etc) Allow different organizations to interoperate and efficiently share data and services via External Identity Federation: Enable ESA EO SSO users to access external resources operated by different space organizations. Enable others space partners users to access to ESA EO resources.

5 ESA$Data$ NASA/NOAA$ Data$ NASA/NOAA$Users$ Communi5es$ Third$Party$Data$$ (non<esa$missions)$ ESA$Data$ ESA$Federated$Users$ Community$ ESA$MMGS$$ Users$ ESA$Data$ Independent$Distributors$$ (e.g.$euroimage$ VITO)$ External$Users$ Communi5es$ A.$EO$ESA$ Domain$ (C2C)$ B.$ESA$EO$ Mirror$Sites$ Model$ (C2C)$ LTDP$Data$ Users$ Communi5es$ Heterogeneous$ Missions$Data$ Industry)$ External$Users$Communi5es$ SAML$$ Domain$ Mixed$$Models$ (B2B/C2B/C2C)$ A.$EO/EU$ Domain$ (C2C)$ B.$ESA$EO$ Mirror$Sites$ Model$ (C2C)$ C.$Collabora5ve$Model$$ (B2B/C2B)$ ESA$GMES$ Users$ ESA Use Cases

6 ESA Use Cases Details Use Case Source Context Description Model ESA EO Federation ESA/EU GMES & MM GS Implementation of EO Federated Domains: different administrative Domains for i.e. EO ESA, EO EU. Users shall coexist with no duplication of accounts. C2C ESA EO Mirror Sites ESA Nasa NOAA ESA VITO Envisat Terra/Aqua PROBA V Joint dissemination with other space organizations (e.g. NASA/NOAA MODIS/ MERIS): Nasa ~80000 Users, ESA ~12000 NASA selected users as ESA users (pilot?) VITO selected users as ESA PROBA V users C2C C2C ESA Euro Image 3rd Party Missions Independent distributor for ESA 3rd party mission data via ESA branded portal C2C Collaborative Scenarios ESA DLR UK Space Agency ESA Eumetsat DLR LTDP HMA geo/fedeo Each organization distributes its own long time data series (e.g. AVHRR) to the federation users. Authentication done by the Home organization Federating WEB SSO with WEBServices based on OGC User Management Interfaces for Earth Observation Services STS between SAML based systems Pilot with Eumetsat & DLR(~9000 Users) B2B C2C C2B Mixed Model ESA & TEP Operators Exploitation Platform Federation with Scientific Institutions and Industry. Includes thematic user community management delegated to partners. B2B B2C C2C

7 ESA EO IM Federating Models Objective: Federating different users communities belonging to space agencies to easily share EO data by allowing cross authentication and authorization. ESA EO IM will use AuthZ/AuthN OGC Web services & Web SSO: 1. Business to Business (B2B) Authentication & Authorization via SAML 2 Security Token Service between systems. 2. Consumer to Business (C2B) Authentication & Authorization: Web SSO shall interact with B2B service authorization environment based on SAML tokens. 3. Different Consumer to Consumer (C2C) Authentication & Authorization: ESA Web SSO shall interact with other space agencies Web SSO (e.g. ESA SSO with NASA SSO).

8 ESA EO IM Federating News Importance of IM was recognized in the context of the Heterogeneous Mission Accessibility (HMA) project. HMA is an ESA, ASI, CNES, CSA, DLR, EUSC, EUMETSAT collaboration to harmonize access to heterogeneous EO data systems. Prototype of User Management Interface (STS SAML 1) implemented in 2012 followed by the full specification of User Management Interfaces for EO Services: OGC Covering B2B and C2B scenarios OGC Specification submitted in 24th September 2013 as best practice to Open Geospatial Consortium (OGC ) for approval as applicable standard. OGC describes interfaces and scenarios for Authentication & Authorization in a federated system of OGC Web Services for Earth Observation. Expected approval by end of Implementation in the scope of new Federated Identity Management project 2014

9 STS Security Model A Secure Token Service (STS) is a Web service that issues interoperable security tokens. It makes assertions based on evidence of the user identity An STS receives some kind of credential and returns a token that represents the user s identity. Presenting the token, as proof of user identity, lets the user to be served outside of his security domain without providing credential. A Web service itself can generate security tokens or it can rely on a separate STS to issue a security token. The STS security model includes a Target Service, a Client and the Security Token Service. There is an explicit trust relationship (PKI) between the Web service and the STS and between the client and the STS. There is not an implicit trust between the client and service.

10 STS Security Model Basic*case*with*the*STS*ac8ng*as*Iden8ty* Provider*(IDP)* 1."RST"(Request"Security"Token)" with"creden:als" STS* 2."Validate"iden:ty"in" the"local"user"registry" Users*Registry* 3."Create/Sign/Encrypt"" the"saml"token" Client* 4."RSTR"(Security"Token" Signed"and"Encrypted"by"the"STS)"" Service*Provider* 6."Validate"" Security"Token" 5."Service"Request"(Security"Token)" SP** PEP* 7."Service"Response"

11 B2B Authentication Model Federa+ng$Iden+ty$Provider$ Client$Home$Organiza+on$IDP$ Client$ 1."RST"with"" creden/als" STS$ 6."Sign/Encrypt"the" SAML"token" Users$$ Registry$ STS$ 3."Validate"iden/ty"in" the"user"registry" Users$$ Registry$ 7."RSTR" 2."Redirect"RST"to"the"client" home"organiza/on"idp" 4."Create"the"SAML" token" 5."RSTR"(SAML"token)" Federa+ng$Service$Provider$ 8."Service"Request"(Security"Token)" SP$$ PEP$ 9."Validate"" Security"Token" 10."Service"Response"

12 C2B Authentication Model Federa+ng$Iden+ty$Provider$ Client$Home$Organiza+on$IDP$ 7."Create/"Sign/Encrypt" the"saml"token" STS$ Users$$ Registry$ WEB$IDP$ 3."Validate"iden;ty"in" the"user"registry" Users$$ Registry$ 8."RSTR" 4."Create"the"SAML" Ar;fact"+"aFributes" 5."Return"the"SAML"Ar;fact"+" afributes" User$ Web$$ Browser$ Embedded$Client$into$$ Federated$WEB$$Service$Provider$ 6."RST"with"" Web"Auth" 2."Web"Auth"Request" redirected"to"the"client" home"organiza;on"idp" SP$Web$$ PEP$ Federa+ng$Service$Provider$ SP$PEP$ 10."Validate"" Security"Token" Client$ 9."Service"Request"(Security"Token)" 1."Protected"" Func;on"call" 11."Service"Response"

13 C2C Authentication Model Federa&ng)Domain)(i.e.)ESA)) User)Home)Organiza&on)IDP) (Federated)IDP,)e.g.)NASA)) Federa&ng)IM) Infrastructure) WEB)IDP) Users)) Registry) Federa&on) Gateway) IDP) 3b."Validate"iden+ty"in" the"user"registry" Users)) Registry) 4b."Create"the"" Authen+ca+on"statement" Federa&ng) Service)Provider) 2b."Federated"user"" authen+ca+on"process" 2a."Federa+ng"user"" authen+ca+on"process" 1b."Service"request" Federated)User)) Web)Browser)(e.g.)NASA)user)) 1a."Service"request" Federa&ng)User)) Web)Browser)(i.e.)ESA)user))

14 Conclusions FIM is a challenge and it is essential: to increase data exchange and collaboration with international partners to enable EO organizations to increase data distribution via a simplified user access Scenario is complex and multi-faced Need to cope with different technologies, organizations and their constrains. Collaboration among organizations is essential to be able to get concrete results. Space organizations have agreed to start co-operate to establish common building blocks

ESA EO Identify Management

ESA EO Identify Management ESA EO Identify Management The ESA EO IM Infrastructure & Services A. Baldi ESA: Andrea.Baldi@esa.int M. Leonardi ESA: m.leonardi@rheagroup.com 1 Issues @ ESA with legacy user management Users had multiple

More information

The EUMETSAT EO Portal User Management Concept

The EUMETSAT EO Portal User Management Concept The EUMETSAT EO Portal User Management Concept Second Workshop on the use of GIS/OGC standards in meteorology Météo-France International Conference Center 42 avenue Gaspard Coriolis, Toulouse, France 23.-25.

More information

Protect Everything: Networks, Applications and Cloud Services

Protect Everything: Networks, Applications and Cloud Services Protect Everything: Networks, Applications and Cloud Services Tokens & Users Cloud Applications Private Networks Corporate Network API LDAP / Active Directory SAML RADIUS Corporate Network LDAP / Active

More information

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation

More information

Federated Identity Architectures

Federated Identity Architectures Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany

HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany Goal Show the differences of two alternative federated user management specifications

More information

How to Implement Enterprise SAML SSO

How to Implement Enterprise SAML SSO How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and

More information

The Challenges of Web single sign-on

The Challenges of Web single sign-on Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012 Agenda Single sign-on technology Why single sign-on Challenges

More information

A Future Scenario of interconnected EO Platforms How will EO data be used in 2025?

A Future Scenario of interconnected EO Platforms How will EO data be used in 2025? A Future Scenario of interconnected EO Platforms How will EO data be used in 2025? ESA UNCLASSIFIED For Official Use European EO data asset Heritage missions Heritage Core GS (data preservation, curation

More information

Single Sign-On: Reviewing the Field

Single Sign-On: Reviewing the Field Outline Michael Grundmann Erhard Pointl Johannes Kepler University Linz January 16, 2009 Outline 1 Why Single Sign-On? 2 3 Criteria Categorization 4 Overview shibboleth 5 Outline Why Single Sign-On? Why

More information

GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on

GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on Presenter(s): John Ruegg, DOJ Global Security Working Group Mark Phipps, CJIS/FBI Law Enforcement Online Kevin Heald, PM-ISE

More information

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure

Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure Ahmed Shiraz Memon (JSC - DE) Jens Jensen (STFC escience - UK) Ales Cernivec (XLAB - SL) Krzysztof Benedyczak

More information

Long Term Preservation of Earth Observation Data

Long Term Preservation of Earth Observation Data Long Term Preservation of Earth Observation Data QA4EO Workshop RAL, October 18-20 th 2011 Mirko Albani and Bojan Bojkov* (ESA/ESRIN) Page 1 Outline Earth Observation data preservation: the need and the

More information

GFIPM & NIEF Single Sign-on Supporting all Levels of Government

GFIPM & NIEF Single Sign-on Supporting all Levels of Government GFIPM & NIEF Single Sign-on Supporting all Levels of Government Presenter: John Ruegg, Director LA County Information Systems Advisory Body (ISAB) & Chair, Global Federated ID & Privilege Management (GFIPM)

More information

Shibboleth N-Tier Support. Chad La Joie chad.lajoie@switch.ch

Shibboleth N-Tier Support. Chad La Joie chad.lajoie@switch.ch Shibboleth N-Tier Support Chad La Joie chad.lajoie@switch.ch Agenda Use Case Terminology Shibboleth Solution Future Effort Resources 2 Use Case Current use case comes from University of Chicago University

More information

PortWise Access Management Suite

PortWise Access Management Suite Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Authentication Integration

Authentication Integration Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication

More information

How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data

How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data 2014 Fifth International Conference on Computing for Geospatial Research and Application How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data Andreas Matheus University of

More information

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011 NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: RESEARCH RESEARCH LTD. 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources

More information

Logout in Single Sign-on Systems

Logout in Single Sign-on Systems Logout in Single Sign-on Systems Sanna Suoranta, Asko Tontti, Joonas Ruuskanen, Tuomas Aura IFIP IDMAN, London, UK, 8-9.4.2013 Logout in Single Sign-on Systems Motivation Single sign-on (SSO) systems SSO

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

How to create a SP and a IDP which are visible across tenant space via Config files in IS

How to create a SP and a IDP which are visible across tenant space via Config files in IS How to create a SP and a IDP which are visible across tenant space via Config files in IS This Documentation is explaining the way to create a SP and IDP which works are visible to all the tenant domains.

More information

User Management Interfaces for Earth Observation Services Abstract Test Suite

User Management Interfaces for Earth Observation Services Abstract Test Suite User Management Interfaces for Earth Observation Services Abstract Test Suite Primary Author Andrew Woolf, STFC Rutherford Appleton Laboratory Revision history Version Contributors Date Changes 0.1 Andrew

More information

Federated Identity Management Solutions

Federated Identity Management Solutions Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

Biometric Single Sign-on using SAML

Biometric Single Sign-on using SAML Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On

More information

Federated Identity Management

Federated Identity Management Federated Identity Management SWITCHaai Team aai@switch.ch Agenda 2 What is Federated Identity Management? What is a Federation? The SWITCHaai Federation Interfederation Evolution of Identity Management

More information

Authentication As A Service. Why new Cloud based Authentication solutions will be adopted by about 50% of the companies by 2017?

Authentication As A Service. Why new Cloud based Authentication solutions will be adopted by about 50% of the companies by 2017? Authentication As A Service Why new Cloud based Authentication solutions will be adopted by about 50% of the companies by 2017? Jason Hart CISSP CISM VP Cloud Solutions What a great world Today's World

More information

SAML SSO Configuration

SAML SSO Configuration SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting

More information

Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training

Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training Federated Identity Management Willem Elbers (MPI-TLA) EUDAT training Date: 26 June 2012 Outline FIM and introduction to components Federation and metadata National Identity federations and inter federations

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES 1. Federation Participant Information 1.1 The InCommon Participant Operational Practices information below is for: InCommon Participant organization

More information

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release

More information

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR A Shibboleth View of Federated Identity Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR Short Section Title Agenda Assumptions and Trends Identity Management and Shibboleth Shibboleth

More information

Authentication and Single Sign On

Authentication and Single Sign On Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication

More information

PortWise Access Management Suite

PortWise Access Management Suite Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s

More information

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009.

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009. MICROSOFT GENEVA SERVER AND SUN OPENSSO ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS White Paper May 2009 Abstract Interoperability between applications in heterogeneous technology

More information

Entrust IdentityGuard Comprehensive

Entrust IdentityGuard Comprehensive Entrust IdentityGuard Comprehensive Entrust IdentityGuard Comprehensive is a five-day, hands-on overview of Entrust Course participants will gain experience planning, installing and configuring Entrust

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and

More information

DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture

DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture Sascha Neinert Marseille, 06.02.2008, Sascha Neinert, 06.02.2008 Seite 1 Overview Project Goals Partners Network

More information

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect

More information

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1 Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1 Agenda Introduction PAGE 2 Organization Speakers Security Spectrum Information Security Spectrum Oracle Identity Management

More information

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication

More information

PingFederate. SSO Integration Overview

PingFederate. SSO Integration Overview PingFederate SSO Integration Overview 2006-2012 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 6.6 January, 2012 Ping Identity Corporation 1001 17th Street,

More information

DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity

DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity DEPLOYMENT GUIDE SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity Table of Contents SAML Overview...3 Integration Topology...3 Deployment Requirements...4 Configuration Steps...4 Step

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

OPENIAM ACCESS MANAGER. Web Access Management made Easy

OPENIAM ACCESS MANAGER. Web Access Management made Easy OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access

More information

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015 Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding

More information

Federated Identity Management Interest Group

Federated Identity Management Interest Group 1 Federated Identity Management Interest Group The FIM interest group (FIMig) is an international crossdomain interest group to work on all issues related to the use FIM for the implementation of AAIs

More information

Extend and Enhance AD FS

Extend and Enhance AD FS Extend and Enhance AD FS December 2013 Sponsored By Contents Extend and Enhance AD FS By Sean Deuby Introduction...2 Web Service SSO Architecture...3 AD FS Overview...5 Ping Identity Solutions...7 Synergy

More information

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to

More information

Federation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority

Federation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority Federation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority copyright of British Telecommunications plc 2006 Abstract As a large organisation with many partners BT has been

More information

Integral Federated Identity Management for Cloud Computing

Integral Federated Identity Management for Cloud Computing Integral Federated Identity Management for Cloud Computing Maicon Stihler, Altair Olivo Santin, Arlindo L. Marcon Jr. Graduate Program in Computer Science Pontifical Catholic University of Paraná Curitiba,

More information

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations

More information

NetworkingPS Federated Identity Solution Solutions Overview

NetworkingPS Federated Identity Solution Solutions Overview NetworkingPS Federated Identity Solution Solutions Overview OVERVIEW As the global marketplace continues to expand, new and innovating ways of conducting business are becoming a necessity in order for

More information

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1 PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Federated Identity Management

Federated Identity Management Federated Identity Management SWITCHaai Introduction Course Bern, 1. March 2013 Thomas Lenggenhager aai@switch.ch Overview What is Federated Identity Management? What is a Federation? The SWITCHaai Federation

More information

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant Easy as 1-2-3: The Steps to XE Mark Hoye Services Portfolio Consultant September 25, 2015 Objective / Agenda Objective Provide relevant information about Banner XE Provide a framework for understanding

More information

SAP HANA Cloud Portal Overview and Scenarios

SAP HANA Cloud Portal Overview and Scenarios SAP HANA Cloud Portal Overview and Scenarios HERUG 2014 Conference - Montevideo April 2014 Twitter: @portal_sap / #hanacloudportal HERUG 2014 Conference Event Website Event overview Information and Agenda

More information

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories Identity and Access Management for Federated Resource Sharing: Shibboleth Stories http://arch.doit.wisc.edu/keith/apan/ apanshib-060122-01.ppt Keith Hazelton (hazelton@doit.wisc.edu) Sr. IT Architect,

More information

QualysGuard SAML 2.0 Single Sign-On. Technical Brief

QualysGuard SAML 2.0 Single Sign-On. Technical Brief QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,

More information

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

Integrating Multi-Factor Authentication into Your Campus Identity Management System

Integrating Multi-Factor Authentication into Your Campus Identity Management System Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context

More information

Biometric Single Sign-on using SAML Architecture & Design Strategies

Biometric Single Sign-on using SAML Architecture & Design Strategies Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand

More information

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator

More information

The Role of Federation in Identity Management

The Role of Federation in Identity Management The Role of Federation in Identity Management August 19, 2008 Andrew Latham Solutions Architect Identity Management 1 The Role of Federation in Identity Management Agenda Federation Backgrounder Federation

More information

Introduction to Identity Management. Sam Lee, Outblaze Ltd.

Introduction to Identity Management. Sam Lee, Outblaze Ltd. Introduction to Identity Management Sam Lee, Outblaze Ltd. Agenda Background Identity Management Single Sign-On Federation Future s Identity management Conclusions 2 Background Why identity management?

More information

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase Authentication and Authorisation for Research and Collaboration Federations 101 An Introduction to Federated Identity Management Peter Gietz, Martin Haase AARC NA2 Task 2 - Outreach and Dissemination DAASI

More information

SAML 2.0 SSO Deployment with Okta

SAML 2.0 SSO Deployment with Okta SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment

More information

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies

More information

Delegation for On-boarding Federation Across Storage Clouds

Delegation for On-boarding Federation Across Storage Clouds Delegation for On-boarding Federation Across Storage Clouds Elliot K. Kolodner 1, Alexandra Shulman-Peleg 1, Gil Vernik 1, Ciro Formisano 2, and Massimo Villari 3 1 IBM Haifa Research Lab, Israel 2 Engineering

More information

Can We Reconstruct How Identity is Managed on the Internet?

Can We Reconstruct How Identity is Managed on the Internet? Can We Reconstruct How Identity is Managed on the Internet? Merritt Maxim February 29, 2012 Session ID: STAR 202 Session Classification: Intermediate Session abstract Session Learning Objectives: Understand

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

Okta/Dropbox Active Directory Integration Guide

Okta/Dropbox Active Directory Integration Guide Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: University of Lethbridge 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources

More information

SD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier

SD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier ש בולת SD Departmental Meeting November 28 th, 2006 Ale de Vries Product Manager ScienceDirect Elsevier Shi... whát? : Shibboleth ש בולת [...] "stream, torrent". It derives from a story in the Hebrew Bible,

More information

E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine.

E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine. E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine. Yaroshenko Tetiana, yaroshenko[@]ukma.kiev.ua Introduction The Kyiv Mohyla Foundation of America and the National University of Kyiv Mohyla

More information

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization Agenda Office 365 Identity overview 1 Federation and Synchronization Federation using ADFS and Extensibility options 2 3 What s New in Azure AD? Cloud Business App - Overview 4 Identity Management is

More information

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services

More information

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Paul Riddle University of Maryland Baltimore County EDUCAUSE Mid-Atlantic Regional Conference January 16, 2008 Copyright

More information

First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2

First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2 First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2 SAP Product Management, SAP NetWeaver Identity Management & Security Kristian

More information

Securing the Cloud through Comprehensive Identity Management Solution

Securing the Cloud through Comprehensive Identity Management Solution Securing the Cloud through Comprehensive Identity Management Solution Millie Mak Senior IT Specialist What is Cloud Computing? A user experience and a business model Cloud computing is an emerging style

More information

Technology Day 2015 Xylos

Technology Day 2015 Xylos Stay in control of your identity with Azure Active Directory (Premium) Technology Day 2015 Xylos Robin Vermeirsch Sr. IT consultant CCM Azure Active Directory Introduction Competence Center Messaging (CCM)

More information

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them. This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and

More information

TrustedX - PKI Authentication. Whitepaper

TrustedX - PKI Authentication. Whitepaper TrustedX - PKI Authentication Whitepaper CONTENTS Introduction... 3 1... 4 Use Scenarios... 5 Operation... 5 Architecture and Integration... 6 SAML and OAuth 7 RESTful Web Services 8 Monitoring and Auditing...

More information

Framework for the Development of Environmental Risk Management Services According to the ORCHESTRA Architecture

Framework for the Development of Environmental Risk Management Services According to the ORCHESTRA Architecture EnviroInfo 2007 (Warschau) Environmental Informatics and Systems Research Framework for the Development of Environmental Risk Management s According to the ORCHESTRA Architecture Martin Schmieder 1, Thomas

More information