Why Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity)
|
|
- Marilyn Walker
- 8 years ago
- Views:
Transcription
1 Why Identity Management Identity Management Claudiu Duma Identity crisis Privacy concerns Identity theft Terrorist threat Department of Computer and Information Science What We Cover Digital Identity (or network identity) Digital identity Problems with digital identity Requirements Identity management systems Collection of information relating to an individual, created and managed as a single unit, stored in electronic format in a given identity system. AKA user account, record, profile Digital Identity Role of Digital Identity May contain: Real attributes of an individual Personally identifiable information (PII) May or may not be traceable to an individual (person) Prerequisite for: Authorization and access control Logging and accountability Reputation 1
2 Multiple Identities Multiple Identity Systems Digital Identity on the Internet: Current Problems 1. Inconvenience 2. Inconsistence 3. In-transience 4. Insecurity 5. Privacy Problems: Inconvenience Problems: Inconsistency People have to Register and create multiple accounts Create strong, independent passwords Remember or securely store all this info Change passwords regularly Human or machine Many sites require CAPTCHAs Various types of registration/login systems around Many, many different authentication schemes Functionality greatly varies across these systems Problems: In-transience Online identity is not transitive An account in domain A is useless at domain B So is reputation, credibility, credit, experience across domains Problems: Insecurity Current infrastructure is basically insecure People lose/leak passwords People choose weak passwords Users machines can be compromised Trojans, Keyloggers, etc. Servers could be compromised too E.g. Lexis-Nexis massive leak Find and attack the weakest link! 2
3 Problem: Privacy Identity Management (IdM) Sites collect a lot of personal data Users can not control their disclosed data Vast propagation of sensitive information Very prone to leaking. Leaks are also vulnerable to weakest link. Provides the tools for managing identities In a consistent, automated, interoperable, secure, and privacy preserving way Main functionalities Single sign-on (SSO) Attribute sharing Stakeholders and Their Main Requirements Identity Management Components Users Convenience Control the disclosure and propagation of their data Service Providers User authentication Access control to resources Governments Reliable I&A of individuals Reliable signature User Identity Manager Services Architectural Choices User-centric IdM Centralized IdM Federated IdM National digital identity infrastructures Centralized IdM Systems 3
4 Centralized IdM: Microsoft Pasport Goal a one-stop-shop where personal information is stored and used for online activity Provides Single sign-on Wallet: credit card info, contact info, etc. Microsoft Passport Architecture Wallet functionality is similar 1. Request page at SP 2. Redirect to Passport Server 3. Checks Ticket Granting Cookie (TGC) 4. If not existent, MPS authenticates user 5. MPS sets TGC (encrypted with K MPS ) 6. MPS redirects to SP, with token (encrypted with K MPS-SP ) in header 7. MPS sets an encrypted cookie Service Provider (SP) Microsoft Passport Server (MPS) Cookies as Authenticators Problem No proof of cookie ownership Cookies can be stolen and reused E.g. Cross Site Scripting (XSS) In Kerberos, proof of token ownership is required Remedy? token proof Concerns with the Passport Vulnerable to several attacks Cross site scripting Bogus merchant Man-in-the-middle DNS attack Reshaped into Windows Live ID! Security concerns User interface Key management Central point of attack Persistent cookies Automatic credential assignment Privacy concerns All under control of Microsoft Federated IdM Systems Federated IdM: Liberty Alliance Goal Link user identities at different systems Dominant industry effort An open standard for Federated IdM Aims at providing and supporting interoperability Different implementations exists Provides SSO Cross domain data (attribute) sharing Anonymous data sharing 4
5 2. IDP sets a cookie Liberty Alliance Architecture Liberty Liberty Identity Identity Federation Framework (ID-FF) (ID-FF) Identity federation Account linkage SSO Liberty Liberty Identity Identity Service Service Interface Specifications (ID-SS) (ID-SS) Enables interoperable identity services such as alert, calendar, wallet, contacts, geo-location, etc. Liberty Liberty Identity Identity Web Web Service Service Framework (ID-WSF) Framework for interoperable identity services, permission based identity sharing, identity service description and discovery, etc. Liberty Liberty specifications build build on on existing existing standards XML, XML, SAML, SAML, SOAP SOAP Circle of Trust Model Principal G F F A Network identity providers E E D Circle of trust Business agreements Service level agreements (SLA) Policies, guidelines, acceptable use policies (AUP) Identity provider (IDP) (e.g. a bank) Authentication infrastructure Maintains core identity attributes B C Service providers (SPs) Offer services Don t need to invest in authentication infrastructure Identity Federation Identity Federation Identity linking alice@sp1 Alice_S@idp alice@sp1 Alice12@sp2 IDP IDP Alice12@sp2 aiw@sp3 Alice federates some of her identities, but not all of them aiw@sp3 Federated Identity Life-Cycle Federate an Identity: Introduction Metadata Metadata exchange exchange Federation Federation Single Single sign-on sign-on (already (already federated) federated) Name Name registration registration Airline. Inc (IDP) Welcome Alice You Airline. may federate Inc (IDP) your Airline.inc identity with any Member other of identities AAG you may Login: have with Alice members of our affinity group Alice AAG Pass: ***** Do you consent? ***** Yes Yes CarRental.inc (SP) Single Single logout logout Federation Federation termination termination Opt-in policy! 1. Logins to IDP Airline.Inc (IDP) 5
6 Federate an Identity: Account Linking CarRental.Inc Welcome Alice123 We CarRental.Inc noticed you recently sign-on to Airline.inc Member of AAG Would you like to federate Login: your CarRental.inc Alice123 Alice123 and Pass: Airline.inc ***** identities? ***** Yes Yes 5. Asks for federation 4. Checks cookie 3. Logins to SP CarRental.inc (SP) Common Domain Cookies Airline.Inc (IDP) Circle of trust common domain XXX.AGG.inc Airline.AGG.inc Common domain service sets cookie CarRental.AGG.inc Common domain service reads cookie CarRental.inc (SP) Airline.inc (IDP) Account Linking Multiple IdP and Multiple IDs IDP account Federate account Alias: mr3ttj Domain:.com Name: dtvlir Alias: xyrvds Domain:.com Name: pfk9uz account Federate account Alias: dtvlir Domain: IDP.com Name: mr3ttj work profile IDP1 IDP1 account home profile User handlers no global ID prevents collusion between SPs Federate account Alias: pfk9uz Domain: IDP.com Name: xyrvds Needs mechanisms to discern among IDPs and SPs IDP2 IDP2 SP4 SP4 Generic SSO Example: SSO with Browser Artifact 6. User gets service from SP 1. User accesses SP CarRental.inc (SP) 5. Authentication assertion checked 4.1. Back channel 4. Auth assertion or handle to assertion 2. AuthRequest() 3. Authentication assertion issued 0. Logins to IDP Airline.inc (IDP) 6
7 Assertions Signed claims Use Security Assertion Meta Language (SAML) SAML assertions Authentication assertion Authorization decision assertion Attribute assertion XML-based SAML Assertion Example <saml:assertion AssertionID="SqMC8Hs2vJ7Z+t4UiLSmhKOSUO0U > <saml:conditions NotBefore=" T21:42:12Z" NotOnOrAfter=" T21:42: 43Z"> </saml:conditions> <saml:authenticationstatement AuthenticationMethod= "urn:oasis:names: :password"> <saml:subject xsi:type="lib:subjecttype"> <saml:nameidentifier Format="urn:liberty:..:federated"> C9FfGouQdBJ7bpkismYgd8ygeVb3PlWK </saml:nameidentifier> <lib:idpprovidednameidentifier> C9FfGouQdBJ7bpkismYgd8ygeVb3PlWK </lib:idpprovidednameidentifier> </saml:subject> </saml:authenticationstatement> <ds:signature> <ds:digestvalue> ZbscbqHTX9H8bBftRIWlG4Epv1A= </ds:digestvalue> <ds:signaturevalue> H+q3nC3jUalj1uKUVkcC4iTFClxeZQIFF0nv HqPS5oZhtkBaDb </ds:signaturevalue> </ds:signature> </saml:assertion> Permission-Based Attribute Sharing Permission-Based Attribute Sharing 1. Access site and buy 2. Shipping address? 3. Use my profile SP 4. Where is AP? 5. Use this AP 6. Give me address 10. Here is the address IDP Liberty specifies only technical guidelines No common interface for setting policies Liberty specification enables Principal s privacy but do not ensure it. 7. Check permission 8. Give permission 9. Could store permission Identity service could be the user! Attribute Provider (AP) Concerns with Liberty Alliance Concerns with Liberty Alliance User incur security & privacy problems Security One secret gives access to everything IdP can impersonate users across the circle of trust IdP can falsely deny access to users across the circle of trust Privacy IdP has real-time surveillance capabilities IdP and SPs may share user information Opt-in policy not very popular SPs lose their information autonomy IdP is one point of failure IdP has real-time surveillance capabilities Competitive intelligence of which users are services at what time All data sharing must go through IdP Liberty doesn't specify how authentication relations are maintained Maybe susceptible to same attacks as Passport 7
8 Other Federated IdM Systems WS-Federation An identity metasystem Set of protocols for distributing claims Based on SAML IBM, Microsoft, etc. working with OASIS Open standard User-centric IdM Systems User-centric (or local) IdM User-centric IdM Goals: No trusted third party Support multiple identities Avoid the interchange of user data between other parties Really keeps the user in control! Base idea: user is its own IdM Alice s profiles Identity Manager 1 2 HTML / HTTP 3 4 SOAP / HTTP SP Identity Agent Info about users Limitation of User-centered IdM Information is stored in two places Unsigned claims Not-portable Security of the client! End-user computer could be compromised Possible solution: Trusted Computing Platform National Digital Identity Infrastructure 8
9 National IdM Infrastructure Security Requirements e-government The interaction between state authorities and society with help of information and communication technology Goals: Improves services for citizens (e-voting, e-taxes, etc) Reduce retention periods and costs Major requirements: Security and privacy (paramount) Scalability Flexibility Entity authentication Data origin authentication Confidentiality Non-repudiation Electronic Signature Requirements for qualified signature (EU directive) Created by a secure signature-creation device (SSCD) In contact with the signature-creation data (Private key) Based on qualified certificate Contains the signature verification data (Public key) Certification service providers (CSP) Public or private organizations that asses SSCDs and CSPs Case Study: Austrian Citizen Card Signature-Creation System PIN should not be intercepted Data to be signed (DTBS) should not contain dynamic or hidden information Display should be trustworthy What you see is what you sign! Identification: Austrian Citizen Card Prohibit Inference: Sector Tags Goal: Unequivocally establish the individual Avoid digital twins! X509 certificates use distinguished names / O=LiU / OU=IDA / CN=Claudiu Duma / Qualified certificates use persona binding Name + CRR Number + date of birth CRR = Central Register of Residents 9
10 Application Environment Concerns and Challenges Concerns Integrity of the capsule and the trusted-paths Revocation of compromised certificates Tamper-resistance Further challenges Cross border IdM (Pan-European digital ID) Open the infrastructure to private sector (typical service providers) 10
Liberty Specs Tutorial WWW.PROJECTLIBERTY.ORG
Liberty Specs Tutorial WWW.PROJECTLIBERTY.ORG 1 Introduction to Liberty Alliance Overview & Key Concepts Resources Architecture and Spec documents Phase 1 - ID-FF Federated identity life-cycle Metadata
More informationFederated Identity Management Solutions
Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single
More informationTrusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents
Trusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents Farrukh Najmi and Eve Maler farrukh.najmi@sun.com, eve.maler@sun.com Sun Microsystems, Inc. Goals for today's
More informationIdentity Management im Liberty Alliance Project
Rheinisch-Westfälische Technische Hochschule Aachen Lehrstuhl für Informatik IV Prof. Dr. rer. nat. Otto Spaniol Identity Management im Liberty Alliance Project Seminar: Datenkommunikation und verteilte
More informationExtending DigiD to the Private Sector (DigiD-2)
TECHNISCHE UNIVERSITEIT EINDHOVEN Department of Mathematics and Computer Science MASTER S THESIS Extending DigiD to the Private Sector (DigiD-2) By Giorgi Moniava Supervisors: Eric Verheul (RU, PwC) L.A.M.
More informationLiberty Alliance. CSRF Review. .NET Passport Review. Kerberos Review. CPSC 328 Spring 2009
CSRF Review Liberty Alliance CPSC 328 Spring 2009 Quite similar, yet different from XSS Malicious script or link involved Exploits trust XSS - exploit user s trust in the site CSRF - exploit site s trust
More informationEnabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationComputer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationFederated Identity Architectures
Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,
More informationIMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS
APPLICATION NOTE IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS SAML 2.0 combines encryption and digital signature verification across resources for a more
More informationIdentity Management. Audun Jøsang University of Oslo. NIS 2010 Summer School. September 2010. http://persons.unik.no/josang/
Identity Management Audun Jøsang University of Oslo NIS 2010 Summer School September 2010 http://persons.unik.no/josang/ Outline Identity and identity management concepts Identity management models User-centric
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationWeb Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On
More informationGlossary of Key Terms
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
More informationNationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance
Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance Christina Stephan, MD Co-Chair Liberty Alliance ehealth SIG National Library of Medicine
More informationInternet Single Sign-On Systems
Internet Single Sign-On Systems Radovan SEMANČÍK nlight, s.r.o. Súľovská 34, 812 05 Bratislava, Slovak Republic semancik@nlight.sk Abstract. This document describes the requirements and general principles
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationEnabling SAML for Dynamic Identity Federation Management
Enabling SAML for Dynamic Identity Federation Management Patricia Arias, Florina Almenárez, Andrés Marín and Daniel Díaz-Sánchez University Carlos III of Madrid http://pervasive.gast.it.uc3m.es/ WMNC 2009
More informationNetwork Identity. 1. Introduction. Kai Kang Helsinki University of Technology Networking Laboratory kkang@cc.hut.fi
Network Identity Kai Kang Helsinki University of Technology Networking Laboratory kkang@cc.hut.fi Abstract: This paper is concerning on modern Network Identity issues, emphasizing on network identity management,
More informationNegotiating Trust in Identity Metasystem
Negotiating Trust in Identity Metasystem Mehmud Abliz Department of Computer Science University of Pittsburgh Pittsburgh, Pennsylvania 15260 mehmud@cs.pitt.edu Abstract Many federated identity management
More informationWeb Services and Federated Identity Management
Web Services and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com with Thomas Gross, Ahmad Sadeghi DIMACS, May 6, 2005 www.zurich.ibm.com What s New about Federated Identity Management?
More informationSTUDY ON IMPROVING WEB SECURITY USING SAML TOKEN
STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC
More informationOIO Web SSO Profile V2.0.5
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
More informationFederated Identity in the Enterprise
www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember
More informationTIB 2.0 Administration Functions Overview
TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationDesigning federated identity management architectures for addressing the recent attacks against online financial transactions.
Designing federated identity management architectures for addressing the recent attacks against online financial transactions. Dr. Christos K. Dimitriadis Security Officer INTRALOT S.A. Scope and Agenda
More informationTitle: A Client Middleware for Token-Based Unified Single Sign On to edugain
Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationNew Generation of Liberty. for Enterprise. Fulup Ar Foll, Sun Microsystems Fulup@sun.com
New Generation of Liberty TEG Federated Progress Architecture Update for Enterprise Fulup Ar Foll, Sun Microsystems fulup@sun.com 1 Identity Framework Problematic User Seamless (nothing is too simple)
More informationIdentity Management. Critical Systems Laboratory
Identity Management Critical Systems What is Identity Management? Identity: a set of attributes and values, which might or might not be unique Storing and manipulating identities Binding virtual identities
More informationWeb Services Security and Federated Identity Management
Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com with Thomas Gross March 8, 2005 www.zurich.ibm.com Federated Identity Management (FIM) Roles Exchange Possible?
More informationNIST s Guide to Secure Web Services
NIST s Guide to Secure Web Services Presented by Gaspar Modelo-Howard and Ratsameetip Wita Secure and Dependable Web Services National Institute of Standards and Technology. Special Publication 800-95:
More informationSAML Federated Identity at OASIS
International Telecommunication Union SAML Federated Identity at OASIS Hal Lockhart BEA Systems Geneva, 5 December 2006 SAML and the OASIS SSTC o SAML: Security Assertion Markup Language A framework for
More informationLecture Notes for Advanced Web Security 2015
Lecture Notes for Advanced Web Security 2015 Part 6 Web Based Single Sign-On and Access Control Martin Hell 1 Introduction Letting users use information from one website on another website can in many
More informationDisclaimer. SAP 2008 / SAP TechEd 08 / SIM202 / Page 2
SIM202 SAML 2.0 and Identity Federation Yonko Yonchev, NW PM Security SAP AG Dimitar Mihaylov, NW Security and Identity Management SAP Labs Bulgaria Tsvetomir Tsvetanov, Active Global Support SAP America
More informationIdentity Federation Broker for Service Cloud
2010 International Conference on Sciences Identity Federation Broker for Cloud He Yuan Huang 1, Bin Wang 1, Xiao Xi Liu 1, Jing Min Xu 1 1 IBM Research China {huanghey, wangbcrl, liuxx, xujingm}@cn.ibm.com
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationRevised edition. OIO Web SSO Profile V2.0.9 (also known as OIOSAML 2.0.9) Includes errata and minor clarifications
OIO Web SSO Profile V2.0.9 (also known as OIOSAML 2.0.9) Revised edition Includes errata and minor clarifications Danish Agency for Digitisation September 2012 Contents > 1 Introduction 8 1.1 Referenced
More informationAn Anti-Phishing mechanism for Single Sign-On based on QR-Code
An Anti-Phishing mechanism for Single Sign-On based on QR-Code Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David
More informationQR-SSO : Towards a QR-Code based Single Sign-On system
QR-SSO : Towards a QR-Code based Single Sign-On system Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David Argles School
More informationThe Role of Federation in Identity Management
The Role of Federation in Identity Management August 19, 2008 Andrew Latham Solutions Architect Identity Management 1 The Role of Federation in Identity Management Agenda Federation Backgrounder Federation
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationE-Authentication Federation Adopted Schemes
E-Authentication Federation Adopted Schemes Version 1.0.0 Final May 4, 2007 Document History Status Release Date Comment Audience Template 0.0.0 1/18/06 Outline PMO Draft 0.0.1 1/19/07 Initial draft Internal
More informationOpenSSO: Cross Domain Single Sign On
OpenSSO: Cross Domain Single Sign On Version 0.1 History of versions Version Date Author(s) Changes 0.1 11/30/2006 Dennis Seah Contents Initial Draft. 1 Introduction 1 2 Single Domain Single Sign-On 2
More informationIAM Application Integration Guide
IAM Application Integration Guide Date 03/02/2015 Version 0.1 DOCUMENT INFORMATIE Document Title IAM Application Integration Guide File Name IAM_Application_Integration_Guide_v0.1_SBO.docx Subject Document
More informationInformation Security Group Active-client based identity management
Active-client based identity management Chris Mitchell Royal Holloway, University of London www.chrismitchell.net 1 Acknowledgements This is joint work with Haitham Al-Sinani, also of Royal Holloway. 2
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationIdentity Federation Management to make Operational and Business Efficiency through SSO
2012 International Conference on Industrial and Intelligent Information (ICIII 2012) IPCSIT vol.31 (2012) (2012) IACSIT Press, Singapore Identity Federation Management to make Operational and Business
More informationIdentity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH
Identity opens the participation age Open Web Single Sign- On und föderierte SSO Dr. Rainer Eschrich Program Manager Identity Management Sun Microsystems GmbH Agenda The Identity is the Network Driving
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.
More informationA Data Synchronization based Single Sign-on Schema Supporting Heterogeneous Systems and Multi-Management Mode
A Data Synchronization based Single Sign-on Schema Supporting Heterogeneous Systems and Multi-Management Mode Haojiang Gao 1 Beijing Northking Technology Co.,Ltd Zhongguancun Haidian Science Park Postdoctoral
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationPrivacy in Cloud Computing Through Identity Management
Privacy in Cloud Computing Through Identity Management Bharat Bhargava 1, Noopur Singh 2, Asher Sinclair 3 1 Computer Science, Purdue University 2 Electrical and Computer Engineering, Purdue University
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More information2015-11-30. Web Based Single Sign-On and Access Control
0--0 Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationCA SiteMinder. Federation Security Services Release Notes. r12.0 SP3
CA SiteMinder Federation Security Services Release Notes r12.0 SP3 This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationAccount Management: A Deployment and Usability Problem Phillip Hallam- Baker VP & Principal Scientist, Comodo Group Inc.
Account Management: A Deployment and Usability Problem Phillip Hallam- Baker VP & Principal Scientist, Comodo Group Inc. Abstract Account management is the biggest challenge most Web users face today.
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationUsing SAML for Single Sign-On in the SOA Software Platform
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
More informationRevised edition. OIO Web SSO Profile V2.0.8 (also known as OIOSAML 2.0.8) Includes errata and minor clarifications
OIO Web SSO Profile V2.0.8 (also known as OIOSAML 2.0.8) Revised edition Includes errata and minor clarifications Danish Agency for Digitisation December 2011 Contents > 1 Introduction 8 1.1 Referenced
More informationMid-Project Report August 14 th, 2012. Nils Dussart 0961540
Mid-Project Report August 14 th, 2012 Nils Dussart 0961540 CONTENTS Project Proposal... 3 Project title... 3 Faculty Advisor... 3 Project Scope and Individual Student Learning Goals... 3 Proposed Product
More informationIBM WebSphere Application Server
IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application
More informationPARTNER INTEGRATION GUIDE. Edition 1.0
PARTNER INTEGRATION GUIDE Edition 1.0 Last Revised December 11, 2014 Overview This document provides standards and guidance for USAA partners when considering integration with USAA. It is an overview of
More informationShibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de
Shibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationNetwork-based Access Control
Chapter 4 Network-based Access Control 4.1 Rationale and Motivation Over the past couple of years, a multitude of authentication and access control technologies have been designed and implemented. Although
More informationSAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog
SAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog IIWb, Mountain View, CA, 4 December 2006 1 When you distribute identity tasks and information in the
More informationSingle Sign-on (SSO) technologies for the Domino Web Server
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
More informationResearch and Implementation of Single Sign-On Mechanism for ASP Pattern *
Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Bo Li, Sheng Ge, Tian-yu Wo, and Dian-fu Ma Computer Institute, BeiHang University, PO Box 9-32 Beijing 100083 Abstract Software
More informationUsing WS-Security and SAML for Internet Single Sign On Darren Miller
Using WS-Security and SAML for Internet Single Sign On Darren Miller Abstract Single Sign On solutions are desirable to reduce the number of usernames and passwords that each user has to manage. Managing
More informationInternet-Scale Identity Systems: An Overview and Comparison
Internet-Scale Identity Systems: An Overview and Comparison Overview An Internet-scale identity system is an architecture that defines standardized mechanisms enabling the identity attributes of its users
More informationOpenID and identity management in consumer services on the Internet
OpenID and identity management in consumer services on the Internet Kari Helenius Helsinki University of Technology kheleniu@cc.hut.fi Abstract With new services emerging on the Internet daily, users need
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationOn A-Select and Federated Identity Management Systems
On A-Select and Federated Identity Management Systems Joost Reede August 4, 2007 Master s Thesis Information Systems Chair Computer Science Department University of Twente ii This thesis is supervised
More informationImplementing Identity Provider on Mobile Phone
Implementing Identity Provider on Mobile Phone Tsuyoshi Abe, Hiroki Itoh, and Kenji Takahashi NTT Information Sharing Platform Laboratories, NTT Corporation 3-9-11 Midoricho, Musashino-shi, Tokyo 180-8585,
More informationD.I.M. allows different authentication procedures, from simple e-mail confirmation to electronic ID.
Seite 1 von 11 Distributed Identity Management The intention of Distributed Identity Management is the advancement of the electronic communication infrastructure in justice with the goal of defining open,
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities. With so
More informationServer based signature service. Overview
1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationUbilogin SSO. Product Description. Copyright Ubisecure Solutions, Inc., All rights reserved.
Ubilogin SSO Product Description Copyright Ubisecure Solutions, Inc., All rights reserved. 1. Introduction... 3 2. Ubilogin SSO components... 5 2.1. Ubilogin Authentication Server... 5 Management... 5
More informationZendesk SSO with Cloud Secure using MobileIron MDM Server and Okta
Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta Configuration Guide Product Release Document Revisions Published Date 1.0 1.0 May 2016 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San
More informationFederation Proxy for Cross Domain Identity Federation
Proxy for Cross Domain Identity Makoto Hatakeyama NEC Corporation, Common Platform Software Res. Lab. 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211-8666, Japan +81-44-431-7663 m-hatake@ax.jp.nec.com
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Royal Roads University_ Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationStandards for Identity & Authentication. Catherine J. Tilton 17 September 2014
Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent
More informationAdding Stronger Authentication to your Portal and Cloud Apps
SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well
More informationKerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su
Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on
More informationSecure Semantic Web Service Using SAML
Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationMONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY. ASR 2006/2007 Final Project. Supervisers: Maryline Maknavicius-Laurent, Guy Bernard
MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY ASR 2006/2007 Final Project Supervisers: Maryline Maknavicius-Laurent, Guy Bernard Federated Identity Project topic Superviser: Maryline Maknavicius
More information