Federated Identity for Cloud Computing and Cross-organization Collaboration

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Federated Identity for Cloud Computing and Cross-organization Collaboration"

Transcription

1 Federated Identity for Cloud Computing and Cross-organization Collaboration Steve Moitozo Strategy and Architecture SIL International (ICCM)

2 Follow 2

3 Huge Claims You want federated identity, you just might not know it yet. streamline the way you integrate your Web applications change the way you think about partnerships and cloud services 3

4 About SIL Founded in 1943 Focused on language development for minority languages Linguistic investigation of over 2,590 languages in 100 countries 5,500 staff from 60 countries World authority in cataloging of languages Publisher of Ethnologue: Languages of the World 4

5 About SIL Registration Authority for the ISO standard Produced over 37,500 publications since 1943 Member of Micah Network and Forum of Bible Agencies Partner with over 120 organizations Wycliffe Global Alliance is our primary partner 5

6 What are the problems? Collaborating across organizational boundaries is hard because of authentication Cloud services (SaaS & PaaS) are hard for the same reason Too many passwords Permissions build-up Passing passwords around ain't cool 6

7 Historical Progression Per app credentials Central passwords with LDAP, AD, Radius, or Kerberos Web single sign-on Federated authentication Federated authorization 7

8 Per App Credentials 8

9 Per App Credentials Each app sees password Potential for different user/pass No SSO Permissions build up 9

10 (Permission build up?) Joe works for department A Joe moves to department B Gets new permissions for the new job Keeps old permissions from the old job Unintentionally Poor process, or no process Intentionally Retained old responsibilities Phase out period 10

11 Centralized Credentials 11

12 Centralized Credentials Each app still sees password One user/pass Still no SSO 12

13 Web Single Sign-on 13

14 Web Single Sign-on No app sees password important for big/distributed organizations One user/pass Single sign-on 14

15 Why go beyond Web SSO? New possibilities New opportunities 15

16 Driving Beyond Web SSO Drivers Cloud Services Partnerships 16

17 Cloud Anyone? Google Apps? Box.net? Salesforce.com? Others? 17

18 Driver 1: Cloud services 18

19 Back to the Future 19

20 Back to the Future Cloud app sees password Potential for different user/pass Permission build up No SSO 20

21 Back to the Future 2 21

22 Back to the Future 2 Cloud app sees password One user/pass Still no SSO Password antipattern 22

23 (Anti-pattern?) It's a pattern that should be avoided 23

24 (Password Anti-pattern?) 24

25 (Password Anti-pattern?) Each app sees password Impersonation! Passing passwords around ain't cool 25

26 Scenario: Google Analytics 26

27 Scenario: Google Analytics Entitlement/Authorization Mismatch! Entitlement based on org affiliation Authorization based on Google identity What happens when the person is no longer affiliated (entitled)? What happens when the admin leaves? 27

28 Driver 2: Partnerships 28

29 Back to the Future, again 29

30 Scenario: Drupal Partnership 30

31 Scenario: Drupal Partnership Entitlement/Authorization mismatch! Entitlement for access based on partner affiliation Access based on Drupal identity Provisioning rules are because he said so What happens when the user leaves? What happens when the admin leaves? 31

32 Pain is your friend Are these scenarios painful? Are you doing this? (rhetorical) Pain tells us something is wrong. Pain makes us look for alternatives. 32

33 Federated Pattern Qualities Independence where required Operational (procedures, practices) Political (policies, governance) Technical (OS, app stack) Interoperation were beneficial 33

34 Federated Identity Organizations issue credentials for their own people Organizations manage the identity lifecycle for their own people SSO that interoperates with other organizations 34

35 Hype Cycle 35

36 Hype Cycle Projection 36

37 Navigating the Buzzwords OpenID OAuth SAML WS-* Shibboleth ADFS (Microsoft Active Directory Federation Service) IDP SP 37

38 Federated Authentication OpenID SAML (Shibboleth, SimpleSAMLphp) WS-Federation (ADFS) 38

39 OpenID vs SAML Organization-toindividual relationship B2C relationships Engaging the public Organization-toorganization relationship B2B relationships Partnerships Cloud 39

40 History of SAML and WS-Fed 40

41 SAML vs WS-Federation Similar in terms of function SAML is a self-contained specification WS-Fed specification depends on WS-Trust, WS-Policy, WS-SecurityPolicy, etc. SAML implementations tend to be self-contained as well WS-Fed implementations follow the dependancies SAML is simpler to understand and implement Simplicity is better for security, less potential for misconfiguration 41

42 Convergence 2007 SAML was the standard of choice for Research, Higher Ed, and Governments Microsoft ADFS v2 passed Liberty Alliance SAML 2.0 interoperability tests 42

43 SAML Terminology IdP = identity provider Where the user is authenticated Authoritative source of identity attributes SP = service provider The Web application The resource that requires authentication 43

44 SP? 44

45 SAML eases the pain SAML for Web SSO SAML for Cloud-based services Google Salesforce.com Box.net SAML for Partnerships 45

46 SAML for SSO 46

47 SAML for the Cloud 47

48 SAML for Partnerships 48

49 SSO, Cloud & Partnerships! 49

50 Scenarios with SAML 50

51 Scenario: Google Analytics 51

52 Scenario: Google Analytics No mismatch Entitlement based on affiliation Authorization based on organization identity Person leaves, access denied No special administrator knowledge 52

53 Scenario: Drupal Partnership 53

54 Scenario: Drupal Partnership No more mismatch Entitlement for access based on partner affiliation Access based on partner identity Provisioning rules are based on partner affiliation User leaves, access denied No special administrator knowledge 54

55 (Wait, what about OAuth?) The auth is for authorization, not authentication OAuth is about data transfer Can be used to compliment any authentication scheme Mitigation for password anti-pattern 55

56 Federating with Partners Federation can still fail Requires trust Establishing trust is tricky Requires interoperable technology Lots of configuration options Standards and guidelines can help establish trust and ensure interoperation 56

57 Our Partnership 57

58 Introducing: Polder Consortium Establishing an environment of trust for information sharing across organizational boundaries 58

59 Polder Consortium Why Polder? Started in January 2011 Focused on the federated pattern Trust through common standards and practices Alignment with established standards and working groups (Internet2, Kantara Initiative, REFEDs, etc.) 59

60 Polder Consortium Outputs Implementation standards Operational policies Good practices Orientation and Getting Started documentation Not just Federated Identity Core Themes Federated Identity Web Services Federated Authorization 60

61 Getting Started Manage your identities centrally Get involved with Polder Consortium Implement a SAML IdP Shibboleth (Java) SimpleSAMLphp (PHP) Federate your Web apps (SSO) Federate with partners, cloud, or both 61

62 Huge Claims Revisited I told you you wanted federated identity! streamline the way you integrate your Web applications change the way you think about partnerships and cloud services 62

63 Summary SAML SSO Cloud Partnerships OpenID Individuals Engaging public Oauth Authorization Standards & Community Polder Consortium 63

64 Follow 64

65 Reference URLs Standards & Good Practices SAML OpenID Oauth 65

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

Identity. Provide. ...to Office 365 & Beyond

Identity. Provide. ...to Office 365 & Beyond Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A

More information

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015 Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding

More information

The Primer: Nuts and Bolts of Federated Identity Management

The Primer: Nuts and Bolts of Federated Identity Management The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.

More information

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner

More information

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM, the only all-in-one open source access management solution, provides the

More information

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon

More information

OPENIAM ACCESS MANAGER. Web Access Management made Easy

OPENIAM ACCESS MANAGER. Web Access Management made Easy OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access

More information

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant Easy as 1-2-3: The Steps to XE Mark Hoye Services Portfolio Consultant September 25, 2015 Objective / Agenda Objective Provide relevant information about Banner XE Provide a framework for understanding

More information

The Challenges of Web single sign-on

The Challenges of Web single sign-on Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012 Agenda Single sign-on technology Why single sign-on Challenges

More information

OVERVIEW. DIGIPASS Authentication for Office 365

OVERVIEW. DIGIPASS Authentication for Office 365 OVERVIEW DIGIPASS for Office 365 Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security assumes no responsibility

More information

Egnyte Single Sign-On (SSO) Installation for OneLogin

Egnyte Single Sign-On (SSO) Installation for OneLogin Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

More information

Interoperate in Cloud with Federation

Interoperate in Cloud with Federation Interoperate in Cloud with Federation - Leveraging federation standards can accelerate Cloud computing adoption by resolving vendor lock-in issues and facilitate On Demand business requirements Neha Mehrotra

More information

OIS. CERN s Experience with Federated Single Sign-On. Operating Systems & Information Services IT-OIS. June 9-10, 2011

OIS. CERN s Experience with Federated Single Sign-On. Operating Systems & Information Services IT-OIS. June 9-10, 2011 Operating Systems & Information Services CERN s Experience with Federated Single Sign-On Federated identity management workshop June 9-10, 2011 IT-OIS Definitions IAA: Identity, Authentication, Authorization

More information

Identity Federation For Authenticating and Authorizing Researchers

Identity Federation For Authenticating and Authorizing Researchers Identity Federation For Authenticating and Authorizing Researchers Cletus Okolie NOC Manager Eko-Konnect Research and Education Initiative Outline What are IdFs? IdF components Software Packages for IdF

More information

Federated Identity Management Solutions

Federated Identity Management Solutions Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single

More information

Klaus Schmeh. Identity Super Hero

Klaus Schmeh. Identity Super Hero Klaus Schmeh Identity Super Hero My name is Klaus Schmeh, consultant at cryptovision. I m going to give an overview on identity initiatives. First of all, we need a model. This is our model mail server

More information

IBM Tivoli Federated Identity Manager

IBM Tivoli Federated Identity Manager IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations

More information

The Primer: Nuts and Bolts of Federated Identity Management

The Primer: Nuts and Bolts of Federated Identity Management The Primer: Nuts and Bolts of Federated Identity Management Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities. With so

More information

SECUREAUTH IDP AND OFFICE 365

SECUREAUTH IDP AND OFFICE 365 WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that

More information

SAML SSO Configuration

SAML SSO Configuration SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting

More information

SINGLE & SAME SIGN-ON ASPECTS

SINGLE & SAME SIGN-ON ASPECTS SINGLE & SAME SIGN-ON ASPECTS OF AZURE ACTIVE DIRECTORY Harold Baele Senior ICT Trainer JULY 2, 2015 SLIDE 1 TRAINER INFO Harold Baele MCT at RealDolmen Education Harold.baele@realdolmen.com - @hbaele

More information

Разработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet

Разработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet Разработка программного обеспечения промежуточного слоя TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet Contents - SURFnet Middleware Services department: - eduroam, SURFfederatie,

More information

The Role of Federation in Identity Management

The Role of Federation in Identity Management The Role of Federation in Identity Management August 19, 2008 Andrew Latham Solutions Architect Identity Management 1 The Role of Federation in Identity Management Agenda Federation Backgrounder Federation

More information

USING FEDERATED AUTHENTICATION WITH M-FILES

USING FEDERATED AUTHENTICATION WITH M-FILES M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication

More information

Extend and Enhance AD FS

Extend and Enhance AD FS Extend and Enhance AD FS December 2013 Sponsored By Contents Extend and Enhance AD FS By Sean Deuby Introduction...2 Web Service SSO Architecture...3 AD FS Overview...5 Ping Identity Solutions...7 Synergy

More information

Introduction to Identity Management. Sam Lee, Outblaze Ltd.

Introduction to Identity Management. Sam Lee, Outblaze Ltd. Introduction to Identity Management Sam Lee, Outblaze Ltd. Agenda Background Identity Management Single Sign-On Federation Future s Identity management Conclusions 2 Background Why identity management?

More information

HOL9449 Access Management: Secure web, mobile and cloud access

HOL9449 Access Management: Secure web, mobile and cloud access HOL9449 Access Management: Secure web, mobile and cloud access Kanishk Mahajan Principal Product Manager, Oracle September, 2014 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle

More information

ALF SSO: Security Framework for Tool Integration. Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com

ALF SSO: Security Framework for Tool Integration. Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com ALF SSO: Security Framework for Tool Integration Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com 2008 by Brian Carroll, Serena; made available under the EPL v1.0 March 2008 ALF: Is About Process

More information

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011 NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is

More information

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Sofia Event Center 14-15 May 2014 Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Radi Atanassov SharePoint MCM & MVP

More information

Federated Identity Architectures

Federated Identity Architectures Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,

More information

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning. PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading

More information

SAML 101. Executive Overview WHITE PAPER

SAML 101. Executive Overview WHITE PAPER SAML 101 Executive Overview Today s enterprise employees use an ever-increasing number of applications, both enterprise hosted and in the Cloud, to do their jobs. What s more, they are accessing those

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications Matt Weisberg Vice President & CIO, Weisberg Consulting, Inc. matt@weisberg.net Paul McKeith Technical Sales, Novell, Inc. pmckeith@novell.com

More information

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents

More information

Speeding Office 365 Implementation Using Identity-as-a-Service

Speeding Office 365 Implementation Using Identity-as-a-Service August 2015 www.sarrelgroup.com info@sarrelgroup.com Speeding Office 365 Implementation Using Identity-as-a-Service White paper August 2015 This white paper is sponsored by Centrify. August 2015 www.sarrelgroup.com

More information

Google Apps. Google Apps. On Steroids. Extend Google Apps to your directory services. Extend Google Apps to your directory services

Google Apps. Google Apps. On Steroids. Extend Google Apps to your directory services. Extend Google Apps to your directory services Google Apps Google Apps On Steroids Extend Google Apps to your directory services Extend Google Apps to your directory services Google Apps On Steroids There has never been a better time in history to

More information

The Essential OAuth Primer: Understanding OAuth for Securing Cloud APIs

The Essential OAuth Primer: Understanding OAuth for Securing Cloud APIs The Essential OAuth Primer: Understanding OAuth for Securing Cloud APIs Executive Overview A key technical underpinning of the Cloud is the Application Programming Interface (API). APIs provide consistent

More information

CA Federation Manager

CA Federation Manager PRODUCT BRIEF: CA FEDERATION MANAGER CA FEDERATION MANAGER PROVIDES STANDARDS-BASED IDENTITY FEDERATION CAPABILITIES THAT ENABLE THE USERS OF ONE ORGANIZATION TO EASILY AND SECURELY ACCESS THE DATA AND

More information

User Identity and Authentication

User Identity and Authentication User Identity and Authentication WordPress, 2FA, and Single Sign-On Isaac Potoczny-Jones ijones@tozny.com http://tozny.com About the Speaker Galois, Inc. - @galoisinc. Research & Development for computer

More information

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

White Paper. What is an Identity Provider, and Why Should My Organization Become One? White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today

More information

Simplify and Secure Cloud Access to Critical Business Data

Simplify and Secure Cloud Access to Critical Business Data SAP Brief SAP Technology SAP Cloud Identity Objectives Simplify and Secure Cloud Access to Critical Business Data Gain simplicity and security in a single cloud solution Gain simplicity and security in

More information

Securing WebFOCUS A Primer. Bob Hoffman Information Builders

Securing WebFOCUS A Primer. Bob Hoffman Information Builders Securing WebFOCUS A Primer Bob Hoffman Information Builders 1 Agenda Gain an understanding of the WebFOCUS Architecture Where can security be implemented? Review the internal WebFOCUS repository and resource

More information

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009.

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009. MICROSOFT GENEVA SERVER AND SUN OPENSSO ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS White Paper May 2009 Abstract Interoperability between applications in heterogeneous technology

More information

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion. Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On

More information

An Overview of Samsung KNOX Active Directory-based Single Sign-On

An Overview of Samsung KNOX Active Directory-based Single Sign-On C E N T R I F Y W H I T E P A P E R. S E P T E M B E R 2013 An Overview of Samsung KNOX Active Directory-based Single Sign-On Abstract Samsung KNOX is a set of business-focused enhancements to the Android

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Canadian Access Federation: Trust Assertion Document (TAD) Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes

More information

Biometric Single Sign-on using SAML

Biometric Single Sign-on using SAML Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

Enabling SAML for Dynamic Identity Federation Management

Enabling SAML for Dynamic Identity Federation Management Enabling SAML for Dynamic Identity Federation Management Patricia Arias, Florina Almenárez, Andrés Marín and Daniel Díaz-Sánchez University Carlos III of Madrid http://pervasive.gast.it.uc3m.es/ WMNC 2009

More information

Federated Identity and Single Sign-On using CA API Gateway

Federated Identity and Single Sign-On using CA API Gateway WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED

More information

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY Shane Weeden IBM Session ID: CLD-W01 Session Classification: Advanced Agenda Cloud security

More information

A Standards-based Mobile Application IdM Architecture

A Standards-based Mobile Application IdM Architecture A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted

More information

Integrating Apex into Federated Environment using SAML 2.0. Jon Tupman Portalsoft Solutions Ltd

Integrating Apex into Federated Environment using SAML 2.0. Jon Tupman Portalsoft Solutions Ltd Integrating Apex into Federated Environment using SAML 2.0 Jon Tupman Portalsoft Solutions Ltd Introduction Migration challenge Federated vs Single sign-on SAML process flow Integrating Apex and Weblogic

More information

Connecting Users with Identity as a Service

Connecting Users with Identity as a Service Ping Identity has demonstrated support for multiple workforce and external identity use cases, as well as strong service provider support. Gregg Kreizman Gartner 1 Connecting Users with Identity as a Service

More information

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 Cloud Standards Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 2011 IBM Corporation Agenda Overview on Cloud Standards Identity and Access Management Discussion 2 Overview on Cloud

More information

INTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

Mobile Security. Policies, Standards, Frameworks, Guidelines

Mobile Security. Policies, Standards, Frameworks, Guidelines Mobile Security Policies, Standards, Frameworks, Guidelines Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Rev. 1) http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: RESEARCH RESEARCH LTD. 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources

More information

BYE BYE PASSWORDS. The Future of Online Identity. Hans Zandbelt Sr. Technical Architect. CTO Office - Ping Identity

BYE BYE PASSWORDS. The Future of Online Identity. Hans Zandbelt Sr. Technical Architect. CTO Office - Ping Identity BYE BYE PASSWORDS The Future of Online Identity Hans Zandbelt Sr. Technical Architect CTO Office - Ping Identity 2015 Copyright 2014 Ping Identity Corp. All rights reserved. 1 Agenda 1 2 3 Cloud & Mobile:

More information

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control agility made possible Enterprises Are Leveraging Both On-premise and Off-premise

More information

Domain 12: Guidance for Identity & Access Management V2.1

Domain 12: Guidance for Identity & Access Management V2.1 Domain 12: Guidance for Identity & Access Management V2.1 Prepared by the Cloud Security Alliance April 2010 Introduction The permanent and official location for this Cloud Security Alliance Domain 12

More information

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML

More information

Single Sign-On for the UQ Web

Single Sign-On for the UQ Web Single Sign-On for the UQ Web David Gwynne Infrastructure Architect, ITIG, EAIT Taxonomy Authentication - Verification that someone is who they claim to be - ie, only the relevant user

More information

Integral Federated Identity Management for Cloud Computing

Integral Federated Identity Management for Cloud Computing Integral Federated Identity Management for Cloud Computing Maicon Stihler, Altair Olivo Santin, Arlindo L. Marcon Jr. Graduate Program in Computer Science Pontifical Catholic University of Paraná Curitiba,

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

Enterprise Access Control Patterns For REST and Web APIs

Enterprise Access Control Patterns For REST and Web APIs Enterprise Access Control Patterns For REST and Web APIs Francois Lascelles Layer 7 Technologies Session ID: STAR-402 Session Classification: intermediate Today s enterprise API drivers IAAS/PAAS distributed

More information

Identity Management. Dave Romig, Sr Founder, CTO

Identity Management. Dave Romig, Sr Founder, CTO Identity Management Dave Romig, Sr Dave.Romig@TCSC.com Founder, CTO Identity Management What it is What it does What it means What it is Problem statement Connected apps must handle two functions Authenticate

More information

Ping Identity, Euro Cloud award entry

Ping Identity, Euro Cloud award entry Ping Identity, Euro Cloud award entry Category: Best Cloud Offering Product: PingFederate 6.6 About Ping Identity Ping Identity is the cloud identity security leader, specialising in cloud identity, security,

More information

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

HOTPin Integration Guide: Google Apps with Active Directory Federated Services HOTPin Integration Guide: Google Apps with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as

More information

Enable Your Applications for CAC and PIV Smart Cards

Enable Your Applications for CAC and PIV Smart Cards Enable Your Applications for CAC and PIV Smart Cards Executive Summary Since HSPD-2 was signed in 2004, government agencies have issued over 5 million identity badges. About 90% of government workers and

More information

SAML 101 WHITE PAPER

SAML 101 WHITE PAPER TABLE OF CONTENTS 03 04 05 06 08 10 11 12 EXECUTIVE OVERVIEW INTRODUCTION SECURITY IN AN INCREASINGLY CONNECTED WORLD FEDERATED IDENTITY Standardizing Federated Identity SAML IDENTITY FEDERATION USE CASES

More information

Authentication Methods

Authentication Methods Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the

More information

Collaboration and Interoperability Through Advanced SAML Implementations

Collaboration and Interoperability Through Advanced SAML Implementations Collaboration and Interoperability Through Advanced SAML Implementations A history, status, and vision for Federated Identity in the National Lab context David Cortijo Technology Architect Brookhaven National

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Identity Server Guide Access Manager 4.0

Identity Server Guide Access Manager 4.0 Identity Server Guide Access Manager 4.0 June 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF

More information

Access Management Analysis of some available solutions

Access Management Analysis of some available solutions Access Management Analysis of some available solutions Enterprise Security & Risk Management May 2015 Authors: Yogesh Kumar Sharma, Kinshuk De, Dr. Sundeep Oberoi Access Management - Analysis of some available

More information

SSO Plugin. Release notes. J System Solutions. http://www.javasystemsolutions.com Version 3.5

SSO Plugin. Release notes. J System Solutions. http://www.javasystemsolutions.com Version 3.5 SSO Plugin Release notes J System Solutions Version 3.5 JSS SSO Plugin v3.5 Release notes What's new...3 SSO Plugin for HP Service Manager & Request Catalog...3 SAP Business Objects XI (BMC Analytics)...3

More information

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com Mobile Identity and Edge Security Forum Sentry Security Gateway Jason Macy CTO, Forum Systems jmacy@forumsys.com Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service

More information

The Password Problem Will Only Get Worse

The Password Problem Will Only Get Worse The Password Problem Will Only Get Worse New technology for proving who we are Isaac Potoczny-Jones Galois & SEQRD ijones@seqrd.com @SyntaxPolice Goals & Talk outline Update the group on authentication

More information

Security Assertion Markup Language (SAML) Site Manager Setup

Security Assertion Markup Language (SAML) Site Manager Setup Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and

More information

Lets get a federated identity. Intro to Federated Identity. Feide OpenIdP. Enter your email address. Do you have access to your email?

Lets get a federated identity. Intro to Federated Identity. Feide OpenIdP. Enter your email address. Do you have access to your email? Lets get a feated identity Intro to Feated Identity EuroCAMP Training for APAN32 This work is licensed un a Creative Commons Attribution ShareAlike 3.0 Unported License. Do you have access to your email?

More information

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this

More information

VMware Identity Manager Integration with Active Directory Federation Services 2.0

VMware Identity Manager Integration with Active Directory Federation Services 2.0 VMware Identity Manager Integration with Active Directory Federation Services 2.0 VMware Identity Manager J ULY 2015 V 2 Table of Contents Active Directory Federation Services... 2 Configuring AD FS Instance

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Kenneth Hee Director, Business Development Security & Identity Management. Oracle Identity Management 11g R2 Securing The New Digital Experience

Kenneth Hee Director, Business Development Security & Identity Management. Oracle Identity Management 11g R2 Securing The New Digital Experience Kenneth Hee Director, Business Development Security & Identity Management Oracle Identity Management 11g R2 Securing The New Digital Experience This document is for informational purposes. It is not a

More information

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other. w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for VMware Horizon To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to

More information

UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS. Single Sign-On (SSO) Solution

UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS. Single Sign-On (SSO) Solution UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS Single Sign-On (SSO) Solution For University Information Systems (UIS) May 9, 2013 2 University of Colorado

More information

Azure Active Directory

Azure Active Directory Azure Active Directory Your Cloud Identity Brian Mansure Azure Specialist bmansure@enpointe.com Agenda What Azure Active Directory is What Azure Active Directory is not Hybrid Identity Features Roadmap

More information

Federated Wikis Andreas Åkre Solberg andreas@uninett.no

Federated Wikis Andreas Åkre Solberg andreas@uninett.no Federated Wikis Andreas Åkre Solberg andreas@uninett.no Wikis in the beginning...in the beginning wikis were wide open. Great! - But then the spammers arrived. Password protected wikis Create yet another

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

Identity Management: The authentic & authoritative guide for the modern enterprise

Identity Management: The authentic & authoritative guide for the modern enterprise Identity Management: The authentic & authoritative guide for the modern enterprise Ellen Newlands, Product Manager Dmitri Pal, Director, Engineering 06-26-15 Goals of the Presentation Introduce Identity

More information