Enterprise Identity Management
|
|
- Ashlie Booth
- 8 years ago
- Views:
Transcription
1 Enterprise Identity Management With inputs from : IAM Course; Institute for Internet Technologies and Applications, University of Applied Sciences, Rapperswil, Switzerland 1
2 Agenda IAM topics and concepts Common technical approaches Security of Internet banking authentication Enterprise Identity Management Electronic Identity Management Identity and Access Management (EIM) (IdM) (IAM) 2
3 Digital Identity On the Internet, nobody knows you re a dog Cartoon by Peter Steiner, July 5, 1993 The New Yorker (Vol. 69, No. 20) 3
4 This is why most businesses look like this 4 Source: Gilbert Maurer, Solution Architect, Hewlett Packard (Schweiz), 2005
5 IdM Three Perspectives In the real world context of engineering online systems, identity management can be given three perspectives: The pure identity paradigm creation, management and deletion of identities without regard to access or entitlements; The user access (log on) paradigm a smart card and its associated data that a customer uses to log on to a service or services (a traditional view); The service paradigm a system that delivers personalized, role based, online, on demand, multimedia (content), presence based services to users and their devices. wikipedia 5
6 IAM Process Framework User access Service Identity AM: WM: IM: Access Model Workflow Model Identity Model wiki.org 6
7 Generalized Access Control System Scheme (4 A System) Administration System to create identity and authentication information Identity Information Store (ID/PW) System to create policy sets Policy Information Store (R/W/E) Authentication Authentication decision Access decision Authorization Source: Ant Allen, "A Functional Model Auditing Aids Understanding of Identity and Access Management Tools", Gartner Group Research Report ID Number G , 15 December Audit Log administration activities successful, fildl failed logins (authentication) ti ti accesses (authorization) 7
8 Gartner IAM Hype Cycle (June 2006) 8
9 some Wikipedia definitions Active Directory is animplementation ofldapdirectoryservices by Microsoft for use primarily in Windows environments basic authentication scheme is a method designed to allow a web browser, or other client program, to provide credentials in the form of a user name and password when making a request. Federation is a new approach,, which uses standards based protocols to enable one application to assert the identity of a user to another.. Kerberos is a popular mechanism for applications to externalize authentication entirely Single sign on (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication i and authorization i data between security domains.. wikipedia 9
10 COMMON APPROACHES 10
11 Windows AD Srv Srv Srv DC Client Client Client DC 11
12 Windows AD based authentication (KERBEROS setup) User Client DC Target (KERBEROS) PW Ticket Granting Ticket (TGT) TGT Ticket Ticket 12
13 Windows Smart Card LogOn PIN DC Client PIN Kerberos KDC Certificate t Certificate E PK [TGT] TGT AD user cert
14 Web based SSO Srv Client Srv Srv 14
15 HTTP Basic Authentication Client GET / Server Basic NTLM Digest HTTP/ Unauthorized WWW Client WWW authenticate: Basic realm= MyServer" GET / Authorization: Basic QWxhZGRpbjpv WWW Server base64 t Show Document t RFC 2617 HTTP Authentication: Basic and Digest Access Authentication, June
16 Secure Entry Server (Gateway) setup Srv Srv Client SES Srv Srv Login Srv 16
17 SSL Client Certificate Authentication User client web server auth srv Client certificate request (challenge) PIN Retrieve secret key Sign challenge response Check signature Retrieve user Check user 17
18 SECURE INTERNET BANKING AUTHENTICATION 18
19 Attacks to be considered Fake Login Theft of credentials Phishing (passive) M i t M (Phishing active) Trojans Fake Transactions Session hijacking Session riding (html) Trojans 19
20 One Time Password: Scratch list Scratch list Scratch list Client uses next password widely used in Telebanking Sent to user over independent channel Created randomly In use: Raiffeisen 20
21 Challenge Response: Grid Card (Matrix Karte) Grid card In use: Zürcher Kantonalbank Banque Cantonale Vaudoise Grid card Client answers with password upon password number request used in Telebanking Sent to user over independent channel Created randomly 21
22 Traditional Token Examples Physical Devices Locks Tags/Cards (may be contactless) Special computers Mobile phones (SMS) 22
23 SMS Authentication Announced by: ZKB Raiffeisen mobile user client server Contract, PIN mtan mtan 23
24 axsionics Fingerprint reader Flickering interface Large display Optional card reader User token client server challenge challenge finger response response response 24
25 EMV CAP (Card Authentication Protocol) Karte wird ins PCR gesteckt PCR fragt nach Challenge, Bankenhost generiert Challenge Challenge wird ins PCR eingetippt PCR fragt nach Karten PIN PIN wird ins offline PCR eingetippt Wenn die PIN korrekt ist, generiert der Chip ein One Time Passwort Bankenhost authentifiziert i One Time Passwort Promoted by: Telekurs 25
26 One Time Password: Dynamic Password Generator Number changes every 60 seconds Time sync allows typically 3 possible codes (3 min interval) Security discussion Dec 2001 due to claimed emulation program In use: Credit Suisse 26
27 Challenge Response Tools SW: S/Key HW: RSA SecureID Vasco Digipass Token.. In use: UBS Telebanking Migrosbank Smart Card 27
28 A Classification of measures To protect Login Static Password / PIN Dynamic Scratch list, matrix card PIN Token autonomous Token Challenge / Response SMS token /Axsionics SSL certificate Hard ad Soft User token server PW Code Code To protect Transactions Secure session management autonomous code (TAN) Transaction based code Improve client security 28
29 The Evaluation Login focus staticdynamic SSL cert Transaction focus passwo ord Scratch list auton. Token C/R tok ken SMS to ken hard soft session mgmt TAN au to Xact TA AN Client S ec login theft of credentials phishing passive M i t M Trojans Transactions session hijack session riding (html) Trojans 29
30 wiki.org/home h THANKSFORYOURATTENTION! 30
API-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationIdentity Management. Audun Jøsang University of Oslo. NIS 2010 Summer School. September 2010. http://persons.unik.no/josang/
Identity Management Audun Jøsang University of Oslo NIS 2010 Summer School September 2010 http://persons.unik.no/josang/ Outline Identity and identity management concepts Identity management models User-centric
More informationMobile Security. Policies, Standards, Frameworks, Guidelines
Mobile Security Policies, Standards, Frameworks, Guidelines Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Rev. 1) http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf
More informationCS; SSART-Treffen, November 18, 2015. Internet Banking: Increasing power of cyber crime... and what to do?
CS; SSART-Treffen, November 18, 2015 Internet Banking: Increasing power of cyber crime.. and what to do? Different targets for cyber crime Collect large data volumes (financial data) Collect customer related
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationTrends in Mobile Authentication. cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona esther.haenggi@cnlab.ch, +41 55 214 33 36
Trends in Mobile Authentication cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona esther.haenggi@cnlab.ch, +41 55 214 33 36 E-banking authentication mtan 2 Phishing passiv Man-in-the-Middle
More informationDIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access
DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations
More informationKerberos and Single Sign On with HTTP
Kerberos and Single Sign On with HTTP Joe Orton Senior Software Engineer, Red Hat Overview Introduction The Problem Current Solutions Future Solutions Conclusion Introduction WebDAV: common complaint of
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationArchitecture of Enterprise Applications III Single Sign-On
Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: chen-hp@sjtu.edu.cn
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationIntegrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER
Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication
More informationInternet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic) miko@dcit.cz
Internet Banking Attacks Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic) miko@dcit.cz Contents Agenda Internet banking today The most common attack vectors The possible countermeasures What protection
More informationKerberos and Single Sign-On with HTTP
Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Introduction The Problem Current Solutions Future Solutions Conclusion Overview Introduction WebDAV: common complaint of poor support for authentication
More informationWHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)
WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,
More informationEnabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationApplication Security Made in Switzerland
Application Security Made in Switzerland Overview The problem of internet security is almost as old as the internet itself. But there is a reliable solution: Airlock Suite from Ergon. Airlock Suite is
More informationStrong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012
Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationSalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy
SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House
More informationSAM Context-Based Authentication Using Juniper SA Integration Guide
SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationINTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN
INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO
More informationWindows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation
Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication
More informationJuniper Networks Secure Access Kerberos Constrained Delegation
Juniper Networks Secure Access Kerberos Constrained Delegation Release 6.4 CONTENT 1. BACKGROUND...3 2. SETTING UP CONSTRAINED DELEGATION...5 2.1 ACTIVE DIRECTORY CONFIGURATION...5 2.1.1 Create a Kerberos
More informationA Guide to New Features in Propalms OneGate 4.0
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationGENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK
Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment 29.4.2008 Jyväskylä University Department of Computer Science
More informationHOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services
1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided
More informationSmart Card Authentication Client. Administrator's Guide
Smart Card Authentication Client Administrator's Guide April 2013 www.lexmark.com Contents 2 Contents Overview...3 Configuring Smart Card Authentication Client...4 Configuring printer settings for use
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More information2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec
2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec TECHNOLOGY WHITEPAPER DSWISS LTD INIT INSTITUTE OF APPLIED INFORMATION TECHNOLOGY JUNE 2010 V1.0 1 Motivation With the increasing
More informationCAC AND KERBEROS FROM VISION TO REALITY
CAC AND KERBEROS FROM VISION TO REALITY Mil OSS Conference 2011 Dmitri Pal Sr. Engineering Manager Red Hat Inc. Aug 31, 2011 Outline Setting up context... Card authentication now Open issues Pieces of
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationIdentity Management with Spring Security. Dave Syer, VMware, SpringOne 2011
Identity Management with Spring Security Dave Syer, VMware, SpringOne 2011 Overview What is Identity Management? Is it anything to do with Security? Some existing and emerging standards Relevant features
More informationChapter 15 User Authentication
Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric
More informationDeploying RSA ClearTrust with the FirePass controller
Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSecurity Challenges. in Moving to Externalized Datacenters. (Focusing on SaaS) Eran Birk, Spring 2014. Business. Intelligence
Business Intelligence Security Challenges in Moving to Externalized Datacenters (Focusing on SaaS) Eran Birk, Spring 2014 Grid Computing Cloud Computing Compute Networks Storage Information provided in
More informationSession Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo
Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple how-to whitepapers will
More informationDIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication
DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationSaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology
SaaS at Pfizer Challenges, Solutions, Recommendations Agenda How are Cloud and SaaS different in practice? What does Pfizer s SaaS footprint look like? Identity is the Issue: Federation (SSO) and Provisioning/De-provisioning
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN
INTEGRATION GUIDE DIGIPASS Authentication for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data
More informationAuthentication. Authentication in FortiOS. Single Sign-On (SSO)
Authentication FortiOS authentication identifies users through a variety of methods and, based on identity, allows or denies network access while applying any required additional security measures. Authentication
More informationHOBCOM and HOBLink J-Term
HOB GmbH & Co. KG Schwadermühlstr. 3 90556 Cadolzburg Germany Tel: +49 09103 / 715-0 Fax: +49 09103 / 715-271 E-Mail: support@hobsoft.com Internet: www.hobsoft.com HOBCOM and HOBLink J-Term Single Sign-On
More informationFlexible Identity Federation
Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Canadian Access Federation: Trust Assertion Document (TAD) Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes
More informationSingle Sign-On: Reviewing the Field
Single Sign-On: Reviewing the Field Michael Grundmann, Erhard Pointl Johannes Kepler University Linz Abstract. The Idea of having only one password for every service has led to the concept of single sign-on
More informationSeptember 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence
September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple
More informationHOTPin Integration Guide: Google Apps with Active Directory Federated Services
HOTPin Integration Guide: Google Apps with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as
More informationPassword Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos
Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:
More informationnexus Hybrid Access Gateway
Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationIdentity Management: The authentic & authoritative guide for the modern enterprise
Identity Management: The authentic & authoritative guide for the modern enterprise Ellen Newlands, Product Manager Dmitri Pal, Director, Engineering 06-26-15 Goals of the Presentation Introduce Identity
More informationMobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com
Mobile Identity and Edge Security Forum Sentry Security Gateway Jason Macy CTO, Forum Systems jmacy@forumsys.com Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationCloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102
Cloud Standards Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 2011 IBM Corporation Agenda Overview on Cloud Standards Identity and Access Management Discussion 2 Overview on Cloud
More informationSetup Corporate (Microsoft Exchange) Email. This tutorial will walk you through the steps of setting up your corporate email account.
Setup Corporate (Microsoft Exchange) Email This tutorial will walk you through the steps of setting up your corporate email account. Microsoft Exchange Email Support Exchange Server Information You will
More informationTIB 2.0 Administration Functions Overview
TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationSmart Card Authentication. Administrator's Guide
Smart Card Authentication Administrator's Guide October 2012 www.lexmark.com Contents 2 Contents Overview...4 Configuring the applications...5 Configuring printer settings for use with the applications...5
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationIntroduction to Computer Security
Introduction to Computer Security Identification and Authentication Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests
More informationWhite Paper. McAfee Cloud Single Sign On Reviewer s Guide
White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationImplementing Identity Provider on Mobile Phone
Implementing Identity Provider on Mobile Phone Tsuyoshi Abe, Hiroki Itoh, and Kenji Takahashi NTT Information Sharing Platform Laboratories, NTT Corporation 3-9-11 Midoricho, Musashino-shi, Tokyo 180-8585,
More informationWeb Plus Security Features and Recommendations
Web Plus Security Features and Recommendations (Based on Web Plus Version 3.x) Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division of
More informationGateway Apps - Security Summary SECURITY SUMMARY
Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference
More informationKerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).
Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this
More informationArchitecture Guidelines Application Security
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
More informationTwo SSO Architectures with a Single Set of Credentials
Two SSO Architectures with a Single Set of Credentials Abstract Single sign-on (SSO) is a widely used mechanism that uses a single action of authentication and authority to permit an authorized user to
More informationDIGIPASS Authentication for Sonicwall Aventail SSL VPN
DIGIPASS Authentication for Sonicwall Aventail SSL VPN With VASCO IDENTIKEY Server 3.0 Integration Guideline 2009 Vasco Data Security. All rights reserved. PAGE 1 OF 52 Disclaimer Disclaimer of Warranties
More informationEconomic and Social Council
UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationModule: Authentication. Professor Trent Jaeger Fall 2010. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger Fall 2010 1 What is Authentication? Short answer: establishes identity Answers the question: To whom
More information> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional
Web Access Management May 2008 CA Canada Seminar > Please fill your survey to be eligible for a prize draw Only contact info is required for prize draw Survey portion is optional > How to Transform Tactical
More informationSECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT
SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT Dmitry Barinov SecureKey Technologies Inc. Session ID: MBS-W09 Session Classification: Advanced Session goals Appreciate the superior
More informationBiometric SSO Authentication Using Java Enterprise System
Biometric SSO Authentication Using Java Enterprise System Edward Clay Security Architect edward.clay@sun.com & Ramesh Nagappan CISSP Java Technology Architect ramesh.nagappan@sun.com Agenda Part 1 : Identity
More informationGFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on
GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on Presenter(s): John Ruegg, DOJ Global Security Working Group Mark Phipps, CJIS/FBI Law Enforcement Online Kevin Heald, PM-ISE
More informationCisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief
Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents
More informationScalable Authentication
Scalable Authentication Rolf Lindemann Nok Nok Labs, Inc. Session ID: ARCH R07 Session Classification: Intermediate IT Has Scaled Technological capabilities: (1971 2013) Clock speed x4700 #transistors
More informationADVANCE AUTHENTICATION TECHNIQUES
ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,
More informationLeveraging SAML for Federated Single Sign-on:
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationDIGIPASS Authentication for Citrix Access Gateway VPN Connections
DIGIPASS Authentication for Citrix Access Gateway VPN Connections With VASCO Digipass Pack for Citrix 2006 VASCO Data Security. All rights reserved. Page 1 of 31 Integration Guideline Disclaimer Disclaimer
More informationAlternative authentication methods. Niko Dukić/Mario Šale CS Computer Systems
Alternative authentication methods Niko Dukić/Mario Šale CS Computer Systems Table of contents: Authentication and why is it important Authentication methods RSA SecureID solutions for authentication Implementation
More informationSingle Sign On for ShareFile with NetScaler. Deployment Guide
Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents
More informationDIGIPASS as a Service. Product Guide
DIGIPASS as a Service Product Guide October 2011 Table of Contents 1. Introduction... 1 1.1. 1.2. 1.3. 1.4. Audience and Purpose of this Document... Available Guides... What is DIGIPASS as a Service?...
More informationEmbedded Web Server Security
Embedded Web Server Security Administrator's Guide September 2014 www.lexmark.com Model(s): C54x, C73x, C746, C748, C792, C925, C950, E260, E360, E46x, T65x, W850, X264, X36x, X46x, X543, X544, X546, X548,
More informationStrong Authentication in details
Strong Authentication in details Kuznetsov Alexander Technical Account Manager VASCO Core Activities Overview DIGIPASS DIGIPASS Go Range DIGIPASS E-signature DIGIPASS Reader DIGIPASS for Mobile DIGIPASS
More informationHow To Use Netscaler As An Afs Proxy
Deployment Guide Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Enabling seamless authentication for Office 365 use cases Table of Contents Introduction 3 ADFS proxy deployment
More information1 Introduction... 3 2 Product overview... 4. 2.1 Product description... 4. 3 System requirements... 7. 3.1 Software support... 7
Product announcement ----------------------------------------------------------------------------- ASEBA SxS PAAS module ----------------------------------------------------------------------------------------------------------
More informationConfiguring Single Sign-On from the VMware Identity Manager Service to Office 365
Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 VMware Identity Manager JULY 2015 V1 Table of Contents Overview... 2 Passive and Active Authentication Profiles... 2 Adding
More informationIDENTIKEY Appliance Administrator Guide 3.3.5.0 3.6.8
IDENTIKEY Appliance Administrator Guide 3.3.5.0 3.6.8 Disclaimer of Warranties and Limitations of Liabilities Legal Notices Copyright 2008 2015 VASCO Data Security, Inc., VASCO Data Security International
More information