Identity Management in Telcos. Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008
|
|
- Brooke Strickland
- 8 years ago
- Views:
Transcription
1 Identity Management in Telcos Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April
2 Agenda. Introduction User-centric Identity and Telcos Comprehensive Identity Models IDM Reference Architecture Selected Concepts, Projects, Results 2
3 Introduction
4 TU Berlin Brings Inspired Research, Deutsche Telekom Contributes Engineering Skills and Business Experience. University Industry Research Center of Deutsche Telekom and TU Berlin Building excellence and reputation as a world class R&D institution in telecommunication Value creation for DT by substantial contributions to the product roadmap Technical University Berlin Scientific community Establishment of professorships Integration into TU curriculum Attraction of aspiring young scientists Deutsche Telekom AG Links to customers and industry Funding Private sector management 4
5 Deutsche Telekom Laboratories Innovation Framework. Focus fields (5i) Intuitive Usability Integrative Service Components Intelligent Access Infrastructure Development Inherent Security Innovation guidelines Simplify your life. Always best served. Always best connected. High quality at reasonable cost. Trusted IP networks and services. 5
6 Deutsche Telekom Business Areas and Divisions. Deutsche Telekom Broadband/ Fixed Network Mobile Communications Business Customers T-Com T-Online T-Mobile T-Systems 6
7 User-centric Identity and Telcos
8 User-centrism in Identity Transactions a Taxonomy (by Paul Madsen of NTT/LAP) User centric User interaction always required Identity flow always through User People always in the protocol User centric User controlled User consented User interaction is an option, but not mandatory Identity flow is user controlled by means of policies Users have identity agents User interaction is no option Identity flow is controlled by authorities Users have consented by means of contracting (e.g. employment contract) Source: User controlled User consented 8
9 Company centric Identity vs. User centric Identity. Company centric Identity User centric Identity Company Site Site Company / Site Community Community Company Identities issued by the company Liability is with the company Identities are issued by the user itself Liability is with the user 9
10 Concept of Claims vs. Concept of Assertion. User centric Identity: Claims Identity Issuer Identity Agent Authoritative Site releases assures Claim (in doubt) Claim (proven to be true) requests checks believes Identity Consumer Relying Party Company centric Identity: Assertion Identity and Role Provider Trust Broker releases assures Assertion requests believes Service Provider 10
11 User-centrism Transcends Beyond Identity Management. User-centric identities cannot replace corporate-centric identity management. Customer data bases Public/ governmental registers Financial institutions' accounts and records even your address book User-centrism puts power into the hand of the user but also liabilities. User-centrism can help saving users from advertisement-based harassment Changing service contracts on the fly is a cumbersome and expensive undertaking Users can mash-up services in a user-centric way much easier User-centric solutions introduces new complexities to the normal user There is a large gap between mash-ups and mess-ups 11
12 Comprehensive Identity Models
13 Identities in a Telco Organization. User/ Consumption Using access Reading Sending SMS. CRM/ Customer Care Ordering/upgrading products Contract administration Complaints Resource/ Delivery Provisioning/ creation of mailboxes Storage allocation Privacy Acquisition/ Profiling Browsing Identify/ Persona- Selection/ Pre-Pay Sale Registration Consistent Identity handling Login/ SSO Customer Care Use/ Aggregate/ Terminate Service/ Aggregation/ Federation Post-Pay/ Review Authentication Deregister De- Register 13
14 Our Telco Identity Reference Model. User Gov t Service Enabler SIM/ UICC Web 2.0 Service Cloud Identity Identity User-Centric Directories Federation Addreses Network AuthN NGN/ IMS Identity MSISDNs Network Addresses 14
15 IDM Reference Architecture
16 AAA & IdM Reference Architecture Challenges of Telcos. Service Provider Domain A Service Provider Domain B Mobile Applications Digital Content 3G Access Cost Control Roles Privacy Streaming Contracts Preferences Identities ISP Access Web Applications Digital Content Access Rights Credentials Roaming SIM Card Authentication Roaming ISP Network Access Network Access Provider Domain A Network Access Provider Domain B 16
17 AAA & IdM Reference Architecture Essentials. Domain centric Identity Management Corp. No Interop. Corp. Federated Identity Management Corp. SSO, SLO Attributes Corp. CoT 17
18 AAA & IdM Reference Architecture Essentials. Mission Provide guidance and blueprints for seamless and overarching AAA & IdM functionalities by means of defining an AAA & IdM Reference Architecture. Service Provider Domain A Service Provider Domain B Mobile Applications Digital Content Single Sign On/Off Attribute Exchange Web Applications Digital Content Authorization Privacy AAA & IdM Reference Architecture Identity Management Authentication SIM Card Authentication Federation Accounting Charging ISP Network Access Network Access Provider Domain A Network Access Provider Domain B 18
19 AAA & IdM Reference Architecture Concepts. Simplified version. User Agent (Principal) Identity Provider Authentication Enforcement Authentication Validation Relying Party Attribute Provider Authorization Enforcement Authorization Decision Relying Party Accounting Provider Identity Provisioning Charging Provider Identity Auditing AAA & IdM Infrastructure 19
20 AAA & IdM Reference Architecture Concepts. Some selected concepts with regards to Service oriented Architectures. User Agent (Principal) Identity Provider Authentication Enforcement Authentication Validation Relying Party Attribute Provider Authorization Enforcement Authorization Decision Relying Party Accounting Provider Identity Provisioning Charging Provider Identity Auditing AAA & IdM Infrastructure 20
21 AAA & IdM Reference Architecture Concepts. Trust: Security Tokens, Claims & Assertions User Agent (Principal) Relying Party Security Token (Issuer) Information (about someone) Identity Provider Attribute Provider Authentication Enforcement Trust Validation Authentication Validation Security Token Service Basic Building Authorization Block of an IdM & AAA infrastructure Enforcement can be distributed over any fixed or mobile network and interchanged between Relying Party network and service layer without further requirement on security Accounting Provider Authorization Decision Identity Provisioning X.509, PKI SAML Kerberos WS-Trust Charging Provider Identity Auditing AAA & IdM Infrastructure 21
22 Selected Concepts, Projects, Results
23 Microsoft CardSpace - Dimensions. Dimensions Cardstore: Where is the cardstore? Service Providers store the information cards and facilitate the use through different devices. CredentialStore: Where are the credentials? Storage of credentials and engine for cryptographic operations. UI Generation: Where is the UI generated? The UI could be generated on a server but be displayed on one of the user s devices. Identity Selector (UI): Where is the UI displayed and where is the Information Card selected? STS: Where is the STS? STS Authentication: Authentication Technology Browser: On which device is the authentication needed? Browser SAML mobile Identity Selector mobile Self-issued IC Kerberos X509 PC PC Username/ PW network mobile removable local STS Authentication CardStore local PC removable Secure Desktop PC network mobile mobile CredentialStore network mobile UI Generation network removable (U3; midenty) Security Token Server 23
24 CardSpace Scenario. CardSpace H E D F G A B C Relying Party Secure Token Server IDP Website D NFC Card Driver on PC E Tools on PC Internet Internet F Applet on UICC RP A STS B IDP C G H X509 Certificate on UICC Managed Cards backed by X509 Certificate 24
25 Technology Prototype - Identity Broker. User Access to protected resource Redirect to Identity Provider Direct to login page Resource 8 9 LA ID-FF 7 STS 4 User chooses InfoCard for authentication 5 CardSpace preselects InfoCard based on tagged information by IDP User logs in using chosen InfoCard Security Token transfer to LA Redirect to Service Provider 9 SAML assertion Service Provider / Relying Party Identity Provider 10 Access to protected resource 25
26 Identity and Reputation The Building Blocks of Trust. Trust Identity Reputation In-game self-provided attributes External self-provided attributes 3 rd party authority provided attributes 3 rd party community provided perceptions Identity is my story about me. Reputation is your story about me. Phil Windley 26
27 Telcos need to solve Identity Management Issues in Many places. Telcos are large Enterprises too, they run operational infrastructures controlled by AAA-systems (Authentication, Authorization, Accounting), and handle customer data for Millions Privacy in contrast to ad-based players, telcos are obliged to handle personal data with extreme care. In the face of increasing amounts of unsolicited communication and unprecedented opportunities to disclose personal information in Social Networks, a crucial asset especially in conjunction with Establishing trust between consumers, prosumers, and enterprises. Advertisement-driven feels-like-free business models are limited usage-based models can help especially small sites and user-generated content. AAA, Billing, and Payment will be substantial for this. 27
28 Author s Contact Information. Thank You for Your Kind Attention. Dipl.-Inform. Jörg Heuer joerg.heuer@telekom.de Phone: +49 (30) Deutsche Telekom Laboratories Ernst-Reuter-Platz 7, 18th Floor Berlin, Germany Web: Fax: +49 (30)
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationIDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation
IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization
More informationInfocard and Eduroam. Enrique de la Hoz, Diego R. López, Antonio García, Samuel Muñoz
Infocard and Eduroam Enrique de la Hoz, Diego R. López, Antonio García, Samuel Muñoz Index Introduction to Infocard Infocard usage usso using Infocard in eduroam Questions Infocard Artifact with a unique
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationIdentity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect
Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner
More informationDistributed Identification and Consumer Data Protection. Khaja Ahmed Microsoft Corporation
Distributed Identification and Consumer Data Protection Khaja Ahmed Microsoft Corporation Threats to Online Safety Consumer privacy has steadily declined as internet use grew over the years Greater use
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationThe Challenges of Web single sign-on
Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012 Agenda Single sign-on technology Why single sign-on Challenges
More informationFederation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015
Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationInformation Security Group Active-client based identity management
Active-client based identity management Chris Mitchell Royal Holloway, University of London www.chrismitchell.net 1 Acknowledgements This is joint work with Haitham Al-Sinani, also of Royal Holloway. 2
More informationOpenID connect @ Deutsche telekom. Dr. Torsten Lodderstedt, Deutsche Telekom AG
OpenID connect @ Deutsche telekom Dr. Torsten Lodderstedt, Deutsche Telekom AG service ecosystem and Telekom Login Dr. Torsten Lodderstedt / OpenID Workshop @ IIW #18 2014-05-05 2 Open Standards: Our History
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationPROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN
PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationSafewhere*Identify 3.4. Release Notes
Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.
More informationFederated Identity and Trust Management
Redpaper Axel Buecker Paul Ashley Neil Readshaw Federated Identity and Trust Management Introduction The cost of managing the life cycle of user identities is very high. Most organizations have to manage
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationAuthor. Ginés Dólera Tormo. Advisors Dr. Félix Gómez Mármol (NEC Laboratories Europe) Prof. Dr. Gregorio Martínez Pérez (University of Murcia)
Systems with Faculty of Computer Science ENHANCING USER CENTRIC IDENTITY MANAGEMENT SYSTEMS WITH REPUTATION MODELS IN DISTRIBUTED ENVIRONMENTS Author Advisors Dr. Félix Gómez Mármol (NEC Laboratories Europe)
More informationTrustedX: eidas Platform
TrustedX: eidas Platform Identification, authentication and electronic signature platform for Web environments. Guarantees identity via adaptive authentication and the recognition of either corporate,
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationDigital Identity Management
Digital Identity Management Roohul Halim Syed Atif Shaharyar Email: {rooha433, syesh740}@student.liu.se Supervisor: Anna Vapen, {annva@ida.liu.se} Project Report for Information Security Course Linköpings
More informationLeveraging SAML for Federated Single Sign-on:
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
More informationGetting Started with AD/LDAP SSO
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationNew Generation of Liberty. for Enterprise. Fulup Ar Foll, Sun Microsystems Fulup@sun.com
New Generation of Liberty TEG Federated Progress Architecture Update for Enterprise Fulup Ar Foll, Sun Microsystems fulup@sun.com 1 Identity Framework Problematic User Seamless (nothing is too simple)
More informationB2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value
B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value IDM, 12 th November 2014 Colin Miles Chief Technology Officer, Pirean Copyright 2014 Pirean Limited. All rights reserved. Safe Harbor All
More informationEnabling SAML for Dynamic Identity Federation Management
Enabling SAML for Dynamic Identity Federation Management Patricia Arias, Florina Almenárez, Andrés Marín and Daniel Díaz-Sánchez University Carlos III of Madrid http://pervasive.gast.it.uc3m.es/ WMNC 2009
More informationIdentity Management. Audun Jøsang University of Oslo. NIS 2010 Summer School. September 2010. http://persons.unik.no/josang/
Identity Management Audun Jøsang University of Oslo NIS 2010 Summer School September 2010 http://persons.unik.no/josang/ Outline Identity and identity management concepts Identity management models User-centric
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationFederation Proxy for Cross Domain Identity Federation
Proxy for Cross Domain Identity Makoto Hatakeyama NEC Corporation, Common Platform Software Res. Lab. 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211-8666, Japan +81-44-431-7663 m-hatake@ax.jp.nec.com
More informationLes technologies de gestion de l identité
Commission Identité Numérique Groupe de travail Gestion des identités Les technologies de gestion de l identité ATELIER 1 Paul TREVITHICK, CEO de Parity Responsable projet Higgins Président Fondation Infocard
More informationFederated Identity Architectures
Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,
More informationDelivering value to the business with IAM
Delivering value to the business with IAM IDM, 18 th June 2014 Colin Miles Chief Technology Officer, Pirean Copyright 2014 Pirean Limited. All rights reserved. Safe Harbor All statements other than statements
More informationPrivacy in Cloud Computing Through Identity Management
Privacy in Cloud Computing Through Identity Management Bharat Bhargava 1, Noopur Singh 2, Asher Sinclair 3 1 Computer Science, Purdue University 2 Electrical and Computer Engineering, Purdue University
More informationIntegrity measurements for stronger cloud-based authentication
Integrity measurements for stronger cloud-based authentication John Žic1 Thomas Hardjono 2 1 CSIRO Computational Informatics 2 MIT Kerberos and Internet of Trust Trust in the Digital World: Enabling the
More informationHow to Implement Enterprise SAML SSO
How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and
More informationLeveraging New Business Models with Identity Management An e-learning case study
Leveraging New Business Models with Identity Management An e-learning case study José M. del Álamo DIT, Universidad Politécnica de Madrid, Ciudad Universitaria s/n, 28040 Madrid, Spain jmdela@dit.upm.es,
More informationA Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR
A Shibboleth View of Federated Identity Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR Short Section Title Agenda Assumptions and Trends Identity Management and Shibboleth Shibboleth
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Canadian Access Federation: Trust Assertion Document (TAD) Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationSession Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo
Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple how-to whitepapers will
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationNegotiating Trust in Identity Metasystem
Negotiating Trust in Identity Metasystem Mehmud Abliz Department of Computer Science University of Pittsburgh Pittsburgh, Pennsylvania 15260 mehmud@cs.pitt.edu Abstract Many federated identity management
More informationQR-SSO : Towards a QR-Code based Single Sign-On system
QR-SSO : Towards a QR-Code based Single Sign-On system Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David Argles School
More informationWebNow Single Sign-On Solutions
WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationAn Anti-Phishing mechanism for Single Sign-On based on QR-Code
An Anti-Phishing mechanism for Single Sign-On based on QR-Code Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationHP Software as a Service
HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty
More informationOracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010
Oracle Platform Security Services & Authorization Policy Manager Vinay Shukla July 2010 The following is intended to outline our general product direction. It is intended for information purposes only,
More informationIdentity. Provide. ...to Office 365 & Beyond
Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A
More informationConnected Data. Connected Data requirements for SSO
Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationRealMe. Technology Solution Overview. Version 1.0 Final September 2012. Authors: Mick Clarke & Steffen Sorensen
RealMe Technology Solution Overview Version 1.0 Final September 2012 Authors: Mick Clarke & Steffen Sorensen 1 What is RealMe? RealMe is a product that offers identity services for people to use and manage
More informationTo set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.
w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for VMware Horizon To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to
More informationBlending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationMobile Security. Policies, Standards, Frameworks, Guidelines
Mobile Security Policies, Standards, Frameworks, Guidelines Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Rev. 1) http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf
More informationALF SSO: Security Framework for Tool Integration. Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com
ALF SSO: Security Framework for Tool Integration Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com 2008 by Brian Carroll, Serena; made available under the EPL v1.0 March 2008 ALF: Is About Process
More informationDocuSign Single Sign On Implementation Guide Published: March 17, 2016
DocuSign Single Sign On Implementation Guide Published: March 17, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents
More informationFirst-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2
First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2 SAP Product Management, SAP NetWeaver Identity Management & Security Kristian
More informationThe Role of Identity Enabled Web Services in Cloud Computing
The Role of Identity Enabled Web Services in Cloud Computing April 20, 2009 Patrick Harding CTO Agenda Web Services and the Cloud Identity Enabled Web Services Some Use Cases and Case Studies Questions
More informationShibboleth Development and Support Services. OpenID and SAML. Fiona Culloch, EDINA. EuroCAMP, Stockholm, 7 May 2008
OpenID and SAML Fiona Culloch, EDINA EuroCAMP, Stockholm, 7 May 2008 What is OpenID for? In principle, an OpenID is a universal username, valid across multiple, unrelated services E.g., I have fculloch.protectnetwork.org
More informationGlossary of Key Terms
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
More informationCloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper
Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Royal Roads University_ Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationUSING FEDERATED AUTHENTICATION WITH M-FILES
M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication
More informationInterwise Connect. Working with Reverse Proxy Version 7.x
Working with Reverse Proxy Version 7.x Table of Contents BACKGROUND...3 Single Sign On (SSO)... 3 Interwise Connect... 3 INTERWISE CONNECT WORKING WITH REVERSE PROXY...4 Architecture... 4 Interwise Web
More informationРазработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet
Разработка программного обеспечения промежуточного слоя TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet Contents - SURFnet Middleware Services department: - eduroam, SURFfederatie,
More informationSECUREAUTH IDP AND OFFICE 365
WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that
More informationCan We Reconstruct How Identity is Managed on the Internet?
Can We Reconstruct How Identity is Managed on the Internet? Merritt Maxim February 29, 2012 Session ID: STAR 202 Session Classification: Intermediate Session abstract Session Learning Objectives: Understand
More informationPRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS
www.openi-ict.eu Open-Source, Web-Based, Framework for Integrating Applications with Social Media Services and Personal Cloudlets PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS Open-Source,
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationSingle Sign On for ShareFile with NetScaler. Deployment Guide
Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents
More informationAdding Federated Identity Management to OpenStack
Adding Federated Identity Management to OpenStack David Chadwick University of Kent 3 December 2012 University of Kent 1 Some Definitions What is Identity? A whole set of attributes that in combination
More informationCONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER
UMANTIS CLOUD SSO CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER THIS DOCUMENT DESCRIBES THE REQUIREMENTS TO SETUP A SINGLE SIGN ON (SSO) CONFIGURATION ON UMANTIS CLOUD BASED SOLUTIONS
More informationOn the Application of Trust and Reputation Management and User-centric Techniques for Identity Management Systems
On the Application of Trust and Reputation Management and User-centric Techniques for Identity Management Systems Ginés Dólera Tormo Security Group NEC Laboratories Europe Email: gines.dolera@neclab.eu
More informationEgnyte Single Sign-On (SSO) Installation for OneLogin
Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin
More informationSWIFT: Advanced identity management
SWIFT: Advanced identity management Elena Torroglosa, Alejandro Pérez, Gabriel López, Antonio F. Gómez-Skarmeta and Oscar Cánovas Department of Information and Communications Engineering University of
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationAlex Wong Senior Manager - Product Management Bruce Ong Director - Product Management
Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release
More informationAn Identity Management Survey. on Cloud Computing
Int. Journal of Computing and Optimization, Vol. 1, 2014, no. 2, 63-71 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ijco.2014.458 An Identity Management Survey on Cloud Computing Ardi BENUSI
More informationWhat s New in Juniper s SSL VPN Version 6.0
What s New in Juniper s SSL VPN Version 6.0 This application note describes the new features available in Version 6.0 of the Secure Access SSL VPN products. This document assumes familiarity with the Juniper
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.
More informationHow to create a SP and a IDP which are visible across tenant space via Config files in IS
How to create a SP and a IDP which are visible across tenant space via Config files in IS This Documentation is explaining the way to create a SP and IDP which works are visible to all the tenant domains.
More informationUsing Shibboleth for Single Sign- On
Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review
More informationOracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007
Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...
More informationFederated Identity in the Enterprise
www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember
More informationSalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy
SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House
More informationEXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Dave Kearns March 2015 SecureAuth IdP SecureAuth IdP combines cloud single sign-on capabilities with strong authentication and risk-based access control while focusing
More informationMIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation
MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation Approved for Public Release Distribution Unlimited 13-1871 2013 The MITRE Corporation All Rights Reserved } OpenID Connect and OAuth2 protocol
More informationGFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on
GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on Presenter(s): John Ruegg, DOJ Global Security Working Group Mark Phipps, CJIS/FBI Law Enforcement Online Kevin Heald, PM-ISE
More informationManaging Identity & Access in On-premise and Cloud Environments. Ellen Newlands Identity Management Product Manager Red Hat, Inc. 06.27.
Managing Identity & Access in On-premise and Cloud Environments Ellen Newlands Identity Management Product Manager Red Hat, Inc. 06.27.12 Agenda What is identity and access management Why should you care
More informationSEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public
SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On Public Speakers Las Vegas, Oct 19-23 Christian Cohrs, Area Product Owner Barcelona, Nov 10-12 Regine Schimmer, Product Management
More informationMobile Connect & FIDO
Mobile Connect & FIDO About the GSMA The GSMA represents the interests of mobile operators worldwide Spanning more than 220 countries, the GSMA unites nearly 800 of the world s mobile operators, as well
More information