IETF 84 SCIM System for Cross-domain Identity Management. Kelly Grizzle
|
|
- Kerry Collins
- 8 years ago
- Views:
Transcription
1 IETF 84 SCIM System for Cross-domain Identity Management Kelly Grizzle
2 Agenda Overview What problem does SCIM solve? What is SCIM? History Lesson Deeper Dive Schema Protocol Security Other areas in charter: bindings, targeting What s Next?
3 What is the problem? How do I keep my organization s users in sync with service X? How do I provision a user account for service X? How do I deprovision a user account from service X? How do I update an existing account for service X? How do I manage groups? How do I add or remove users from groups to give them the correct level of access? How do I create new groups? 3
4 What is the problem? Mobile Connec vity Service Service Payroll Service SCIM Client Organiza on Directory 4
5 What is a user? dn: cn=homejsimpson,o=domain-name cn: HomerJSimpson objectclass: top objectclass: person objectclass: organizationalperson objectclass: inetorgperson mail: HJSimpson@burnsco.com givenname: Homer sn: Simpson postaladdress: 742 Evergreen Terrace l: Springfield st: Kentsouri postalcode: telephonenumber: (888) jpegphoto: Homer J. Simpson Springfield Nuclear Plant Safety Inspector (888) Work (123) Home HJSimpson@burnsco.com 742 Evergreen Terrace Springfield, Kentsouri h p:// 5
6 How do we do it today? Error-Prone Labor-Intensive Stale Accounts (no deprovision) Vendor-specific Manual, Hand-entry Bulk, CSV Latency Days Hours/Days Other No simple fetch method, no two-way synchronization Custom APIs & Connectors SAML Just-in-Time Provisioning No pre-provisioning, no groups And, there is always schema-mapping to deal with 6
7 What is SCIM? SCIM is a standard that defines schema and protocol for identity management. Schema Core representations of users and groups Extensible JSON/XML* Protocol REST, HTTP, Synchronous CRUD + Search* + Discovery + Bulk* And more cool stuff The S word
8 An example speaks words POST /v1/users HTTP/1.1 Host: example.com Accept: application/json Content-Type: application/json Authorization: Bearer h480djs93hd8 Content-Length:... { "schemas": ["urn:scim:schemas:core:1.0"], "externalid": "bjensen", "username":"bjensen", "name": { "familyname": "Jensen", "givenname": "Barbara"
9 History Lesson July 2010: Conceived at Cloud Identity Summit May 2011: Officially began at IIW 12 Oct 2011 May 2012: 3 interop events with 9 vendors (open source and proprietary) Dec 2011: Released 1.0 specification under OWF (Open Web Foundation) March 2012: BoF at IETF 83 June 2012: WG chartered July 2012: 1.1 specification released under OWF August 3, 2012: Here we are first WG meeting
10 Deeper Dive Schema Protocol Security SAML and LDAP bindings Targeting
11 Schema Core models for User and Group JSON and XML* representations Extensibility Extend existing resources (eg enterprise user) Define new resources (eg role)
12 Model
13 Simple Structure A resource is: An attribute container Name spaced An attribute is: Simple or complex Single or multi-valued
14 Required Complex Simple Complex multi-valued { Example: User "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d ", "externalid": "bjensen", "meta": { "created": " T18:29:49.793Z", "lastmodified": " T18:29:49.793Z", "location": " "version": "W\/\"f250dd84f0671c3\", "name": { "formatted": "Ms. Barbara J Jensen III", "familyname": "Jensen", "givenname": "Barbara", "username": "bjensen", "phonenumbers": [ { "value": " ", "type": "work" ]
15 Example: Extended User Declaration Use { "schemas": ["urn:scim:schemas:core:1.0", "urn:scim:schemas:extension:enterprise:1.0"], "id": "2819c223-7f76-453a-919d ", "externalid": "bjensen", "username": "bjensen", "urn:scim:schemas:extension:enterprise:1.0": { "employeenumber": "701984", "costcenter": "4130", "organization": "Universal Studios", "division": "Theme Park", "department": "Tour Operations", "manager": { "managerid": " e4-49d8ca9f808d", "displayname": "John Smith
16 Example: Group { Type (User Group) Optional & Read-only "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d ", "displayname": "Tour Guides", "members": [ { "value": "2819c223-7f76-453a-919d ", "displayname": "Babs Jensen", "type": "User", { "value": "2819c223-7f76-453a-919d ", "displayname": "Mandy Pepperidge", "type": "User" ]
17 Protocol REST, HTTP, Synchronous CRUD + Search* + Discovery + Bulk* Simple MTI, Complex optional Extensible*, Versioned curl friendly
18 Operations Create = POST Read = GET Update = PUT Delete = DELETE *Update = PATCH *Search = GET filter={attribute {op {value & sortby={attributename & sortorder={ascending descending & startindex={start & count={maxresults *Bulk
19 Discovery GET /Schemas Introspect resources and attribute extensions GET /ServiceProviderConfigs Spec compliance Support for bulk, patch, etc Authentication schemes OAuth, HTTP basic, etc Data formats Support XML?
20 Create Request Operation Resource Type POST /v1/users HTTP/1.1 Format Host: example.com AuthZ Accept: application/json Authorization: Bearer h480djs93hd8 { "schemas": ["urn:scim:schemas:core:1.0"], "externalid": "bjensen", "username":"bjensen", "name": { "familyname": "Jensen", "givenname": "Barbara" User Payload
21 Result code Create Response Format Permalink HTTP/ Created Content-Type: application/json Location: ETag: W/"e180ee84f0671b1" { "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d ", "externalid": "bjensen", "meta": { "created": " T21:32:44.882Z", "lastmodified": " T21:32:44.882Z", "location": " "version": "W\/\"e180ee84f0671b1\"", "name":{ "familyname":"jensen", "givenname":"barbara", "username":"bjensen" SP generated ID
22 Get Request Operation Resource Type Stable ID Format GET /v1/users/2819c223-7f76-453a-919d json Host: example.com Authorization: Bearer h480djs93hd8
23 Result code Get Response Format Permalink SP ID HTTP/ OK Content-Type: application/json Location: ETag: W/"e180ee84f0671b1" { "schemas": ["urn:scim:schemas:core:1.0"], "id": "2819c223-7f76-453a-919d ", "externalid": "bjensen", "meta": { "created": " T21:32:44.882Z", "lastmodified": " T21:32:44.882Z", "location": " "version": "W\/\"e180ee84f0671b1\"", "name":{ "familyname":"jensen", "givenname":"barbara", "username":"bjensen"
24 Search Request Operation Resource Type URL encoded filter GET /v1/users?filter=title pr and usertype eq "Employee" &sortby=title Sorting &sortorder=ascending &attributes=title,username Partial results &startindex=11 &count=10 Index-based pagination Host: example.com Accept: application/json Authorization: Bearer h480djs93hd8
25 Search Response { Pagination Users "schemas": ["urn:scim:schemas:core:1.0"], "totalresults": 2, "Resources": [ { "id": "c3a26dd3-27a0-4dec-a2ac-ce211e105f97", "title": "Assistant VP", "username": "bjensen", { "id": "a4a25dd3-17a0-4dac-a2ac-ce211e125f57", "title": "VP", "username": "jsmith" ] SP ID ever present
26 PATCH and Bulk PATCH Allows providing partial updates to resources May be important if modifying a large multi-valued attribute on a resource (eg group members) Bulk Allows performing many operations at once Useful for synchronizing data into a service provider Both are optional
27 Protocol Extensibility Version in URL Follow RESTful principles Additional URL arguments Additional resource endpoints
28 XML Schema XML XSD Core Resource, User, Group Payload wrappers, Errors Schema, Bulk, ServiceProviderConfig Enterprise Extension
29 Security Considerations Protocol Sensitive information abounds Authorization attributes are loosely defined Roles, groups, and entitlements
30 Protocol Security TLS MTI Standard HTTP considerations apply Authentication is discoverable, OAuth bearer token recommended HTTP basic is commonly implemented for interoperability
31 Sensitive Information in User Password AuthZ { "id": "2819c223-7f76-453a-919d ", "externalid": "bjensen", "name": { "familyname": "Jensen", "givenname": "Barbara", "username": "bjensen", "password": "maybe_plaintext", "roles": [ { "value": "RA" ], "groups": [ { "value": "2819c223-7f76-453a-919d ", "display": "Student" ], "entitlements": [ { "value": "delete users" ]
32 Hi/Low Fidelity Bindings LDAP SAML OpenID Connect
33 Targeting Proposed extension Allows a server to proxy a SCIM request to a target system GET Optionally can store links to target accounts on the core user
34 1.1 Release Released in July 2012 under OWF Mainly clarifications and small error fixes Many of these were found during interop testing Will serve as starting point for working group Final release under OWF
35 What s next? See charter for milestones Use cases document Binding documents (LDAP, SAML) Targeting document Continue working on schema and protocol * And much more
36 SCIM Core Values Simplicity Make it as simple as possible but no simpler. - Einstein Solving real-world problems Ease of implementation by consumers Don t make it too hard for service providers either Support the 80% in the core Extensions for everything else Interoperability
37 For more information 1.1 Drafts (should be on datatracker soon) Site overhaul coming soon!
An Introduction to SCIM: System for Cross-Domain Identity Management
An Introduction to SCIM: System for Cross-Domain Identity Management Nicholas Crown UnboundID Session ID: IAM-107A Session Classification: General Interest Agenda Why Standards-Based Provisioning? History
More informationSimple Cloud Identity Management (SCIM)
Simple Cloud Identity Management (SCIM) Abstract The Simple Cloud Identity Management (SCIM) specification defines a simple, RESTful protocol for identity account management operations. SCIM s model is
More informationCross-domain Identity Management System for Cloud Environment
Cross-domain Identity Management System for Cloud Environment P R E S E N T E D B Y: N A Z I A A K H TA R A I S H A S A J I D M. S O H A I B FA R O O Q I T E A M L E A D : U M M E - H A B I B A T H E S
More informationOpen Source Identity Management
Open Source Management OpenAlt 2015 Radovan Semančík November 2015 Ing. Radovan Semančík, PhD. Software architect Co-owner of Evolveum (open source company) Architect of midpoint project Apache committer
More informationvcloud Air Platform Programmer's Guide
vcloud Air Platform Programmer's Guide vcloud Air OnDemand 5.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationIntegrating Single Sign-on Across the Cloud By David Strom
Integrating Single Sign-on Across the Cloud By David Strom TABLE OF CONTENTS Introduction 1 Access Control: Web and SSO Gateways 2 Web Gateway Key Features 2 SSO Key Features 3 Conclusion 5 Author Bio
More informationCloud Elements! Marketing Hub Provisioning and Usage Guide!
Cloud Elements Marketing Hub Provisioning and Usage Guide API Version 2.0 Page 1 Introduction The Cloud Elements Marketing Hub is the first API that unifies marketing automation across the industry s leading
More informationKeeping access control while moving to the cloud. Presented by Zdenek Nejedly Computing & Communications Services University of Guelph
Keeping access control while moving to the cloud Presented by Zdenek Nejedly Computing & Communications Services University of Guelph 1 Keeping access control while moving to the cloud Presented by Zdenek
More informationMY1LOGIN SOLUTION BRIEF: PROVISIONING. Automated Provisioning of Users Access to Apps
MY1LOGIN SOLUTION BRIEF: PROVISIONING Automated Provisioning of Users Access to Apps MY1LOGIN SOLUTION BRIEF: PROVISIONING Automated Provisioning of Users Access to Apps The ability to centrally provision
More informationOAuth2 and UMA for ACE draft-maler-ace-oauth-uma-00.txt. Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig
OAuth2 and UMA for ACE draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig Agenda 1. Motivation behind draft-maler-ace-oauth-uma-00.txt. 2. Mapping of existing
More informationACR Connect Authentication Service Developers Guide
ACR Connect Authentication Service Developers Guide Revision History Date Revised by Version Description 29/01/2015 Sergei Rusinov 1.0 Authentication using NRDR account Background The document describes
More informationMATLAB Toolbox implementation for LDAP based Server accessing
SHIV SHAKTI International Journal in Multidisciplinary and Academic Research (SSIJMAR) Vol. 2, No. 3, May-June (ISSN 2278 5973) MATLAB Toolbox implementation for LDAP based Server accessing Prof Manav
More informationEnterprise Access Control Patterns For REST and Web APIs
Enterprise Access Control Patterns For REST and Web APIs Francois Lascelles Layer 7 Technologies Session ID: STAR-402 Session Classification: intermediate Today s enterprise API drivers IAAS/PAAS distributed
More informationAxway API Gateway. Version 7.4.1
O A U T H U S E R G U I D E Axway API Gateway Version 7.4.1 3 February 2016 Copyright 2016 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.4.1
More informationCopyright Pivotal Software Inc, 2013-2015 1 of 10
Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10
More informationConfigure Directory Integration
Client Configuration for Directory Integration, page 1 Client Configuration for Directory Integration You can configure directory integration through service profiles using Cisco Unified Communications
More informationFederation architectures for mobile applications OAuth 2.0 Drivers OAuth 2.0 Overview Mobile walkthrough
Agenda Federation architectures for mobile applications OAuth 2.0 Drivers OAuth 2.0 Overview Mobile walkthrough Enter OAuth 2.0 Defines authorization & authentication framework for RESTful APIs An open
More informationFrom the Intranet to Mobile. By Divya Mehra and Stian Thorgersen
ENTERPRISE SECURITY WITH KEYCLOAK From the Intranet to Mobile By Divya Mehra and Stian Thorgersen PROJECT TIMELINE AGENDA THE OLD WAY Securing monolithic web app relatively easy Username and password
More informationHOST EUROPE CLOUD STORAGE REST API DEVELOPER REFERENCE
HOST EUROPE CLOUD STORAGE REST API DEVELOPER REFERENCE REST API REFERENCE REST OVERVIEW Host Europe REST Storage Service uses HTTP protocol as defned by RFC 2616. REST operations consist in sending HTTP
More informationOracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.4.0)
Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.4.0) July 2015 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.4.0) Copyright 1999, 2015, Oracle and/or its
More informationContents. 2 Alfresco API Version 1.0
The Alfresco API Contents The Alfresco API... 3 How does an application do work on behalf of a user?... 4 Registering your application... 4 Authorization... 4 Refreshing an access token...7 Alfresco CMIS
More informationUser and Programmer Guide for the FI- STAR Monitoring Service SE
User and Programmer Guide for the FI- STAR Monitoring Service SE FI-STAR Beta Release Copyright 2014 - Yahya Al-Hazmi, Technische Universität Berlin This document gives a short guide on how to use the
More informationTitle page. Alcatel-Lucent 5620 SERVICE AWARE MANAGER 13.0 R7
Title page Alcatel-Lucent 5620 SERVICE AWARE MANAGER 13.0 R7 APPLICATION API DEVELOPER GUIDE 3HE-10590-AAAA-TQZZA Issue 1 December 2015 Legal notice Legal notice Alcatel, Lucent, Alcatel-Lucent and the
More informationJunos Space. Junos Space Security Director Restful Web Services API Reference. Modified: 2016-06-10. Copyright 2016, Juniper Networks, Inc.
Junos Space Junos Space Security Director Restful Web Services API Reference Modified: 2016-06-10 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationCloud Elements ecommerce Hub Provisioning Guide API Version 2.0 BETA
Cloud Elements ecommerce Hub Provisioning Guide API Version 2.0 BETA Page 1 Introduction The ecommerce Hub provides a uniform API to allow applications to use various endpoints such as Shopify. The following
More informationIdentity Management with Spring Security. Dave Syer, VMware, SpringOne 2011
Identity Management with Spring Security Dave Syer, VMware, SpringOne 2011 Overview What is Identity Management? Is it anything to do with Security? Some existing and emerging standards Relevant features
More informationSonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support
SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory
More informationHow To Use Kiteworks On A Microsoft Webmail Account On A Pc Or Macbook Or Ipad (For A Webmail Password) On A Webcomposer (For An Ipad) On An Ipa Or Ipa (For
GETTING STARTED WITH KITEWORKS DEVELOPER GUIDE Version 1.0 Version 1.0 Copyright 2014 Accellion, Inc. All rights reserved. These products, documents, and materials are protected by copyright law and distributed
More informationA Standards-based Mobile Application IdM Architecture
A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted
More informationrackspace.com/cloud/private
TM rackspace.com/cloud/private Rackspace Private Cloud Active v 4.0 (2013-06-25) Copyright 2013 Rackspace All rights reserved. This document is intended to assist Rackspace Private Cloud customers in updating
More informationCloudwork Dashboard User Manual
STUDENTNET Cloudwork Dashboard User Manual Make the Cloud Yours! Studentnet Technical Support 10/28/2015 User manual for the Cloudwork Dashboard introduced in January 2015 and updated in October 2015 with
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationBYE BYE PASSWORDS. The Future of Online Identity. Hans Zandbelt Sr. Technical Architect. CTO Office - Ping Identity
BYE BYE PASSWORDS The Future of Online Identity Hans Zandbelt Sr. Technical Architect CTO Office - Ping Identity 2015 Copyright 2014 Ping Identity Corp. All rights reserved. 1 Agenda 1 2 3 Cloud & Mobile:
More informationDirectory Interface for User Management via LDAP BC-LDAP-USR 6.30 Test Catalog
Directory Interface for User Management via LDAP BC-LDAP-USR 6.30 Test Catalog Version 6.3 Test Catalog Page 1 of 30 Copyright(c) 2005 SAP AG. All rights reserved. Neither this document nor any part of
More informationPHIN DIRECTORY EXCHANGE IMPLEMENTATION GUIDE. Version 1.0
PHIN DIRECTORY EXCHANGE IMPLEMENTATION GUIDE Version 1.0 May 16, 2007 VERSION HISTORY Version # Implemented By Revision Date Approved By Approval Date Reason 0.1 Robb Chapman 02/25/2006 Initial Draft 0.2
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationDecember 2014 Keywords/Summary
December 2014 Keywords/Summary: SAML, OpenID, OAuth, XACML, Identity, Authentication, Authorization, Accounting, Federation, Auditing, Meta-Users, Meta-Attributes, Stores, RBAC, Roles, Access Contents
More informationIdentity Management in Quercus. CampusIT_QUERCUS
Identity Management in Quercus Student Interaction. Simplified CampusIT_QUERCUS Document information Document version 1.0 Document title Identity Management in Quercus Copyright All rights reserved. No
More informationThe Future of Cloud Identity Security. Michael Schwartz Founder / CEO Gluu
The Future of Cloud Identity Security Michael Schwartz Founder / CEO Gluu Session ID: IAM-207 Session Classification: General Interest Background 2 Finally an Internet Identity Foundation 3 Who is behind
More informationOpenID connect @ Deutsche telekom. Dr. Torsten Lodderstedt, Deutsche Telekom AG
OpenID connect @ Deutsche telekom Dr. Torsten Lodderstedt, Deutsche Telekom AG service ecosystem and Telekom Login Dr. Torsten Lodderstedt / OpenID Workshop @ IIW #18 2014-05-05 2 Open Standards: Our History
More informationADAM (AD LDS) Pass thru Authentication. Idalia Torres STC 2012- Using ADAM to Keep AD out of Harm s Way
ADAM (AD LDS) Pass thru Authentication Idalia Torres STC 2012- Using ADAM to Keep AD out of Harm s Way Overview What is it? What s New in ADLDS? Instal ADAM Instance Extend ADAM Schema Select Target Class
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationFederated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationIVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0
International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices
More information2015-11-30. Web Based Single Sign-On and Access Control
0--0 Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationApigee Gateway Specifications
Apigee Gateway Specifications Logging and Auditing Data Selection Request/response messages HTTP headers Simple Object Access Protocol (SOAP) headers Custom fragment selection via XPath Data Handling Encryption
More informationMIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation
MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation Approved for Public Release Distribution Unlimited 13-1871 2013 The MITRE Corporation All Rights Reserved } OpenID Connect and OAuth2 protocol
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationAAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle lukas.haemmerle@switch.ch
AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes Lukas Hämmerle lukas.haemmerle@switch.ch Berne, 13. August 2014 Introduction App by University of St. Gallen Universities
More informationConfiguration Guide. BES12 Cloud
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
More informationThe Integration of LDAP into the Messaging Infrastructure at CERN
The Integration of LDAP into the Messaging Infrastructure at CERN Ray Jackson CERN / IT-IS Group 29 Nov 2000 16:00 CERN IT Auditorium, bldg. 31, 3-005 A bit about me Technical Student Sep 1997-1998 in
More informationTechnology Primer. OPS Manager, Release 7.4. Integrating Your Directory Server with our Directory Service Solution
Technology Primer OPS Manager, Release 7.4 Integrating Your Directory Server with our Directory Service Solution The Mitel Integrated Directory Services (IDS) application synchronizes the telephone directory
More informationIntegrate with Directory Sources
Cisco Jabber integrates with directory sources in on-premises deployments to query for and resolve contact information. Learn why you should enable synchronization and authentication between your directory
More informationSAML and OAUTH comparison
SAML and OAUTH comparison DevConf 2014, Brno JBoss by Red Hat Peter Škopek, pskopek@redhat.com, twitter: @pskopek Feb 7, 2014 Abstract SAML and OAuth are one of the most used protocols/standards for single
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.
More informationInteroperable Provisioning in a Distributed World
Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 IAM 302 Contacts Mark Diodati (mdiodati@burtongroup.com)
More informationDell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps
Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps May 2015 This guide includes: What is OAuth v2.0? What is OpenID Connect? Example: Providing OpenID Connect SSO to a Salesforce.com
More informationPRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY
PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY Shane Weeden IBM Session ID: CLD-W01 Session Classification: Advanced Agenda Cloud security
More informationServer based signature service. Overview
1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?
More informationBanner, BEIS and Active Directory Identity Integration
Banner, BEIS and Active Directory Identity Integration Presented by: Khouloud H. Hawasli St. Louis Community College March 21, 2011 Session ID 4059 Introduction Review how St. Louis Community College (STLCC)
More informationXML Processing and Web Services. Chapter 17
XML Processing and Web Services Chapter 17 Textbook to be published by Pearson Ed 2015 in early Pearson 2014 Fundamentals of http://www.funwebdev.com Web Development Objectives 1 XML Overview 2 XML Processing
More informationAn Oracle White Paper June 2014. RESTful Web Services for the Oracle Database Cloud - Multitenant Edition
An Oracle White Paper June 2014 RESTful Web Services for the Oracle Database Cloud - Multitenant Edition 1 Table of Contents Introduction to RESTful Web Services... 3 Architecture of Oracle Database Cloud
More informationAdeptia Suite LDAP Integration Guide
Adeptia Suite LDAP Integration Guide Version 6.2 Release Date February 24, 2015 343 West Erie, Suite 440 Chicago, IL 60654, USA Phone: (312) 229-1727 x111 Fax: (312) 229-1736 DOCUMENT INFORMATION Adeptia
More informationIBM WebSphere Application Server
IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationOIX IDAP Alpha Project - Technical Findings
OIX IDAP Alpha Project - Technical Findings Warwickshire County Council - using a Federated UK Government ID in trusted Local Authority transactions. By Graham Dunnings and Ian Litton 1 Table of Contents
More informationInternet infrastructure. Prof. dr. ir. André Mariën
Internet infrastructure Prof. dr. ir. André Mariën 1 Lightweight Directory Access Protocol 2 Object Identifier Representation: dotted decimal OID not intended for end-users Universally unique Example:
More informationDigital Enterprise. White Paper. Enhancing User Experience with Secure Single Sign-On for Enterprise Mobile Apps
Digital Enterprise White Paper Enhancing User Experience with Secure Single Sign-On for Enterprise Mobile Apps About the Author Sundar Venugopalan Solution Architect -Mobility, TCS Digital Enterprise Sundar
More informationLecture Notes for Advanced Web Security 2015
Lecture Notes for Advanced Web Security 2015 Part 6 Web Based Single Sign-On and Access Control Martin Hell 1 Introduction Letting users use information from one website on another website can in many
More informationMigrating application users and passwords with Password Manager
Migrating application users and passwords with Password Manager 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Migrating Users 1 3 Initializing Passwords 2 4 Maintaining
More informationConfiguration Guide BES12. Version 12.2
Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining
More informationSonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support
SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory
More informationOpenID Connect 1.0 for Enterprise
OpenID Connect 1.0 for Enterprise By Paul Madsen Executive Overview In order to meet the challenges presented by the use of mobile apps and cloud services in the enterprise, a new generation of identity
More informationWP4: Cloud Hosting Chapter Object Storage Generic Enabler
WP4: Cloud Hosting Chapter Object Storage Generic Enabler Webinar John Kennedy, Thijs Metsch@ Intel Outline 1 Overview of the Cloud Hosting Work Package 2 Functionality Trust and Security Operations FI-WARE
More informationOAuth 2.0: Theory and Practice. Daniel Correia Pedro Félix
OAuth 2.0: Theory and Practice Daniel Correia Pedro Félix 1 whoami Daniel Correia Fast learner Junior Software Engineer Passionate about everything Web-related Currently working with the SAPO SDB team
More informationProxied Authentication in SSO Setups with Common OSS. Open Identity Summit 2015 Prof. Dr. René Peinl Berlin, 10.11.2015
Proxied Authentication in SSO Setups with Common OSS Open Identity Summit 2015 Prof. Dr. René Peinl Berlin, 10.11.2015 Agenda 1 Use case / context 2 Challenge and ideal solution 3 Analysis of established
More informationDesigning RESTful Web Applications
Ben Ramsey php works About Me: Ben Ramsey Proud father of 7-month-old Sean Organizer of Atlanta PHP user group Founder of PHP Groups Founding principal of PHP Security Consortium Original member of PHPCommunity.org
More informationAn Introduction to User-Managed Access (UMA)
An Introduction to User-Managed Access (UMA) Eve Maler VP Innovation & Emerging Technology eve.maler@forgerock.com @xmlgrrl February 9, 2015 FORGEROCK.COM Some apps are still in the Web 1.0 dark ages Provisioning
More informationProgramming Autodesk PLM 360 Using REST. Doug Redmond Software Engineer, Autodesk
Programming Autodesk PLM 360 Using REST Doug Redmond Software Engineer, Autodesk Introduction This class will show you how to write your own client applications for PLM 360. This is not a class on scripting.
More informationStandards for Identity & Authentication. Catherine J. Tilton 17 September 2014
Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationFairsail REST API: Guide for Developers
Fairsail REST API: Guide for Developers Version 1.02 FS-API-REST-PG-201509--R001.02 Fairsail 2015. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced,
More informationAPI Architecture. for the Data Interoperability at OSU initiative
API Architecture for the Data Interoperability at OSU initiative Introduction Principles and Standards OSU s current approach to data interoperability consists of low level access and custom data models
More informationFederated Identity and Single Sign-On using CA API Gateway
WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED
More informationMessage Containers and API Framework
Message Containers and API Framework Notices Copyright 2009-2010 Motion Picture Laboratories, Inc. This work is licensed under the Creative Commons Attribution-No Derivative Works 3.0 United States License.
More informationActive Directory Synchronization Tool Architecture and Design
Active Directory Synchronization Tool Architecture and Design Revised on: March 31, 2015 Version: 1.01 Hosting Controller www.hostingcontroller.com Contents Proprietary Notice... 1 1. Introduction... 2
More information70-487: Developing Windows Azure and Web Services
70-487: Developing Windows Azure and Web Services The following tables show where changes to exam 70-487 have been made to include updates that relate to Windows Azure and Visual Studio 2013 tasks. These
More informationPingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0
Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity
More informationOAuth 2.0 Developers Guide. Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900
OAuth 2.0 Developers Guide Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900 Table of Contents Contents TABLE OF CONTENTS... 2 ABOUT THIS DOCUMENT... 3 GETTING STARTED... 4
More informationOAuth 2.0 andinternet Standard. Torsten Lodderstedt Deutsche Telekom AG
OAuth 2.0 andinternet Standard Protocols Torsten Lodderstedt Deutsche Telekom AG Whatshallweaimfor? make OAuth the authorization framework of choice for any internet standard protocol, such as WebDAV,
More informationSTUDY ON IMPROVING WEB SECURITY USING SAML TOKEN
STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC
More informationSecuring your business
Securing your business Anders Askåsen Product Manager for OpenIDM * World Wide Coverage ForgeRock.com Enterprise Open Source Software ForgeRock Norway ForgeRock USA ForgeRock UK ForgeRock France Consulting
More informationUNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS. Single Sign-On (SSO) Solution
UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL39027649-SS Single Sign-On (SSO) Solution For University Information Systems (UIS) May 9, 2013 2 University of Colorado
More informationUNIL Administration. > Many databases and applications:
Directories at UNIL UNIL Administration > Many databases and applications: > ResHus: contracts with Etat de Vaud > SAP: other contracts > Immat: students > Physical persons in a single table > Moral persons
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.6 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationOpen Cloud Computing Interface - RESTful HTTP Rendering
GFD-P-R.185 OCCI-WG Thijs Metsch, Platform Computing Andy Edmonds, Intel June 21, 2011 Open Cloud Computing Interface - RESTful HTTP Rendering Status of this Document This document provides information
More informationSmartphone Enterprise Application Integration
WHITE PAPER MARCH 2011 Smartphone Enterprise Application Integration Rhomobile - Mobilize Your Enterprise Overview For more information on optimal smartphone development please see the Rhomobile White
More informationCommon definitions and specifications for OMA REST interfaces
Common definitions and specifications for OMA REST interfaces Candidate Version 1.0 11 Jan 2011 Open Mobile Alliance OMA-TS-REST_Common-V1_0-20110111-C OMA-TS-REST_Common-V1_0-20110111-C Page 2 (20) Use
More information