The Management Centre for Interoperability, Cooperation and Access Infrastructure Services (CG-SICA)

Size: px
Start display at page:

Download "The Management Centre for Interoperability, Cooperation and Access Infrastructure Services (CG-SICA)"

Transcription

1 The Management Centre for Interoperability, Cooperation and Access Infrastructure Services (CG-SICA) part 2 Workshop on ICT Service Oriented Network Architectures University of Rome La Sapienza, May 19 th 2009 Stefano Fuligni Advanced interoperabilty and application cooperation services Unit, Italian National Agency for Digital Administration (CNIPA)

2 Agenda The SPC model for a Federated eid management SICA services for Identity &Access Mgmt: Certification Authority Federated Identity Management Index of Persons 2

3 eidm models User consented eids are managed and controlled by users delegated Authorities by a "contract" No interaction Corporate intranet User controlled eid are managed and controlled by third parties under user control Possible interaction User centered eid are managed by user High interaction and flexibility Internet Web 2.0 3

4 Some basic concepts (from laws) C.A.D. Digital authentication: the validation of a data set assigned to a subject in a solely and unambiguous way that distiguish his identity in information systems DPCM Technical Regulation SPC (art.71 CAD) Authorisation: all activities that allow access to a service or resource to those persons who, having been identified or authenticated beforehand, possess the attributes or necessary role; identification authority: the structure that enables a person to be identified using the procedures laid down by Article 66 of the Code; authentication authority: the structure that enables a person, an electronic system, or a service to be authenticated online, as laid down by Article 1(b) of the Code; attribute and role authority: the structure that has the power to certify attributes and roles for the purposes of providing a service; 4

5 Access to a PA s network service (CAD art.64) CIE and CNS are tools for digital authentication It s possible to use others tools that allow to verify the subject identity (until 31/12/2009), i.e. userid+pwd, PIN, OTP, others x.509v3 certificates CIE and CNS must be accepted 5

6 Federated eid management Tech.Regulations SPC art.22 (1) Within the framework of the SPC, authorisation to access its services shall be based on recognition of the digital identities of the natural persons and computer systems used to provide these services. Authorisation shall fall under the responsibility of the body providing the services and may employ mutual recognition mechanisms within the framework of federated digital identity management systems, in accordance with criteria and procedures laid down by the Committee. The services available within the SPC may operate according to various digital identity management levels: services that do not require any identification or authentication; services that require online authentication by an authentication authority; services that, in the case of natural persons, require online identification by an identification authority; services that, for users, require an attestation of attributes and/or roles, which will be further qualified by duties and/or powers, together with identification. 6

7 Federated eid management Tech.Regulations SPC art.22 (2) Authentication within the SPC framework shall be carried out under the responsibility of the body that provides a service on the basis of a set of data assigned exclusively and solely to one person. Such authentication may also be carried out by a subject delegated to perform this task, on the basis of a service agreement. The attestation of attributes and roles within the SPC framework shall be carried out by the subject (attribute and role authority) that, on the basis of the legislation in force, has the power to attest them in order to ensure the appropriate security levels required to provide a service The attribute and role authorities shall be entered into an appropriate register, available online, subject to their signing a specific service agreement defined by the Committee, describing the security and reliability levels, as well as the standard protocols used in the attestation process. 7

8 Service Agreement and eidm policy specifications Common for all users (*) Interface Provider and user Specified for each service Published in SICA s registry service behaviour model (for multiple async. Inter.) Provider and user Semantic reference Link to the Schemas/ Ontologies Catalogue For any Specific user(*) Ports Ports Ports Service level Service agreement level Service agreement level agreement Security agreement Security agreement Security agreement All in XML (*) users and providers are administrations or authorized organizations 8

9 FIM scenario on SPC Domain Gateway Applications/ services A2A Service Agreement SPC Federated Network Central Agency SPC Federated Network SPC Federated Network Central Agency Regional Agency Regional Network Federated Single Sign On Local Agency 9

10 The Federated Identity Management (FIM) in SPC User-centric approach, the user choose which profile to use to access to a service Role-Based Access control (RBAC), the access to services could be based also on user roles Standard based, to garantee interoperability among administrations and SICA services by commercial solutions and products 10

11 SICA s services for eid mgmt Tech.Regulations SPC art.15 They also allows: to manage on a federated basis the digital identities referred to in Article 22 and the functional roles associated with such identities, in order to create a group of trusted domains among the identification, authentication and attribute and role authorities, for the exchange of mutually guaranteed authentication credentials, to be used in accessing and providing services within the framework of the SPC; to manage a meta-directory for the public administration, through the Index of Persons Service" which, by integrating the P.A. Index (RPA), offers real-time telematic access to lists relating to the staff of the Administrations participating in the SPC, the publication and updating of which shall be the responsibility of the Administrations; to manage digital certificates, associated with bodies other than natural persons (hardware equipment, services and applications) within the framework of the SPC, through the Certification Service ; 11

12 SPC s interoperability infrastructure services Infrastruttura per la cooperazione applicativa SICA Nationwide Interoperability infrastructure services SICA Internal services for monitoring, Servizi di managing & security Monitoraggio, Gestione e Sicurezza Interna SICA Register Registro Service SICA & Generale P.A.s Directory Servizio di Servizio di Catalog of Catalogo Schemas Schemi & e Ontologies Servizio di Meta- Directory delle of Public Employees Gestione Federate Identit à digitali Secondary Servizio di level SICA supporto alla qualificazione Register service della Porta di Dominio Certifc. Author. dei & Validation Author. Servizio di Indice Soggetti Servizio di Servizio di Certificazione supporto alla qualificazione del Servizio di Registro SICA Secondario Supporto alla qualificazione di componenti di cooperazione appli Domain gateway Qualification Support services eid Federation Mgmt Sys cativa Porta Porta di di Dominio Dominio SICA SICA SICA Domain gateway 12

13 SPC s interoperability infrastructure services Infrastruttura per la cooperazione applicativa SICA Nationwide Interoperability infrastructure services SICA Internal services for monitoring, Servizi di managing & security Monitoraggio, Gestione e Sicurezza Interna SICA Register Registro Service SICA & Generale P.A.s Directory Servizio di Servizio di Catalog of Catalogo Schemas Schemi & e Ontologies Servizio di Meta- Directory delle of Public Employees Gestione Federate Identit à digitali Secondary Servizio di level SICA supporto alla qualificazione Register service della Porta di Dominio Certifc. Author. & Validation Author. Servizio di Indice eid and Servizio di eid Federation Mgmt Sys dei Certificazione access Soggetti management Servizio di supporto alla qualificazione del Servizio di Registro SICA Secondario Supporto alla qualificazione di componenti di cooperazione appli Domain gateway Qualification Support services cativa Porta Porta di di Dominio Dominio SICA SICA SICA Domain gateway 13

14 FIM: the players Service Providers: Provides the service based on identity and roles claims from a Local Domain Authority Is responsible of service providing and authorization/audit management Use the following components: Federation GW: single point of contact of every web access requests to available resources Policy Enforcement Point (PEP): the logical entity that enforces policies for admission control and policy decisions in response to a request from a user wanting to access a service Identity Providers: manages the information about identity of the federation users Attribute Authorities: certifies the attributes that are part of the user profile 14

15 The SICA - FIM Profile Authority, manages the users profiles Authority Registry Service, manages the Identity Provider or Profile Authority federated list Attribute Authority Registry Service, manages the Attribute Authority federated list 15

16 The identity profile Authority Registry service Attribute Authority Registry service 16

17 Interaction supported among eid Federation members Access a local service NO application cooperation Access a remote service via web browser. User redirected to his domain for authentication (nomadic user) Use of Federation Gateway NO application cooperation Admin A Admin B Access a remote service via Web Service. User already authenticated by his local service that interoperates with remote service by application cooperation. Use of Domain Gateways Admin C 17

18 Federated SSO FGW Access AARS ARS Get Info Get Info 18

19 Interaction via Web Browser 1/2 User already authenticated by IDP 19

20 Interaction via Web Browser 2/2 User not yet authenticated by IDP 20

21 FIM: application cooperation via Web Services scenario Administration A 3 Create Assertion Administration B USE Application DG Domain Gate 4 ASK For Cooperation DG 5 Authorize AAA 6 Access Application 2 Verify Attributes 1 GET AA List ARS Get Info Authority Registry Attribute Authority AARS Attributr Auth Reg Srvs Get Info Attribute Authority Registry Profile Authority SICA Center 21

22 Interaction via Web Services Domain Gateway Back end services Front end service 22

23 Index of persons service Persons alias public employees It s the evolution of Rubrica PA, the meta-directory of central public administrations Over persons stored at today Theese employees receive their pay-packet to address stored in this meta-directory Could act as Local Domain Authority instead of public admin. Syncronized 23

24 Logical structure of rpa 24

25 Home page rpa 25

26 Index of Persons architecture overview Indice dei Soggetti <<web browser>> Accreditamento UtenteSPCoop <<usa>> UtenteSPCoop <<usa>> rpa <<usa>> AuthnManager <<web services>> <<usa>> AttributeManager <<web services>> WSS Firma del Boby request e response SAML Listener <<saml>> 26

27 Thank you SPCoop technical documentation: IT/Attivit%C3%A0/Sistema_Pubblico_di_Connettivit%C3%A0_(SPC)/Servizi_i nfrastrutturali_di_interoperabilit%c3%a0,_cooperazione_ed_accesso_(sica)/ Documenti_tecnico-operativi/ 27

The Management Centre for Interoperability, Cooperation and Access Infrastructure Services (CG-SICA) part 1

The Management Centre for Interoperability, Cooperation and Access Infrastructure Services (CG-SICA) part 1 The Management Centre for Interoperability, Cooperation and Access Infrastructure Services (CG-SICA) part 1 Workshop on ICT Service Oriented Network Architectures University of Rome La Sapienza, May 5

More information

Rules for the Public Administration

Rules for the Public Administration Cloud Computing & Healthcare Rules for the Public Administration Daniele Tatti tatti@digitpa.gov.it @DanieleTatti In the next 12 minutes What is DigitPA European scenario Cloud related activities ehealth

More information

Integrity measurements for stronger cloud-based authentication

Integrity measurements for stronger cloud-based authentication Integrity measurements for stronger cloud-based authentication John Žic1 Thomas Hardjono 2 1 CSIRO Computational Informatics 2 MIT Kerberos and Internet of Trust Trust in the Digital World: Enabling the

More information

Le sfide per il Sistema della Ricerca Trentino nell ambito della gestione dell Identità Digitale

Le sfide per il Sistema della Ricerca Trentino nell ambito della gestione dell Identità Digitale Le sfide per il Sistema della Ricerca Trentino nell ambito della gestione dell Identità Digitale Alessandro Armando Security & Trust Research Unit Fondazione Bruno Kessler Identità Digitale: il ruolo della

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Information technology infrastructures and services for creating a library's unified information system

Information technology infrastructures and services for creating a library's unified information system Purdue University Purdue e-pubs Proceedings of the IATUL Conferences 1999 IATUL Proceedings Information technology infrastructures and services for creating a library's unified information system Attilio

More information

Francesco Tortorelli

Francesco Tortorelli Francesco Tortorelli Joint CEN/TC 287 and OGC Workshop Bringing GI Standards-making bodies together Frascati (Rome), 30 September 2013 (AgID) AgID (previously CNIPA and DigitPA) is a government agency

More information

SPC BOARD (COMMISSIONE DI COORDINAMENTO SPC) AN OVERVIEW OF THE ITALIAN GUIDELINES FOR SEMANTIC INTEROPERABILITY THROUGH LINKED OPEN DATA

SPC BOARD (COMMISSIONE DI COORDINAMENTO SPC) AN OVERVIEW OF THE ITALIAN GUIDELINES FOR SEMANTIC INTEROPERABILITY THROUGH LINKED OPEN DATA SPC BOARD (COMMISSIONE DI COORDINAMENTO SPC) AN OVERVIEW OF THE ITALIAN GUIDELINES FOR SEMANTIC INTEROPERABILITY THROUGH LINKED OPEN DATA INDEX EXECUTIVE SUMMARY... 3 1. PREFACE... 5 1.1. Acronyms... 5

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on

GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on Presenter(s): John Ruegg, DOJ Global Security Working Group Mark Phipps, CJIS/FBI Law Enforcement Online Kevin Heald, PM-ISE

More information

OpenHRE Security Architecture. (DRAFT v0.5)

OpenHRE Security Architecture. (DRAFT v0.5) OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2

More information

ABFAB and OpenStack(in the Cloud)

ABFAB and OpenStack(in the Cloud) ABFAB and OpenStack(in the Cloud) David W Chadwick University of Kent 1 Authentication in OpenStack Keystone User Trust Relationship Swift/Glance etc. 2 Federated Authnwith External IdPs External IdP User

More information

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management

More information

PARTNER INTEGRATION GUIDE. Edition 1.0

PARTNER INTEGRATION GUIDE. Edition 1.0 PARTNER INTEGRATION GUIDE Edition 1.0 Last Revised December 11, 2014 Overview This document provides standards and guidance for USAA partners when considering integration with USAA. It is an overview of

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

SAML:The Cross-Domain SSO Use Case

SAML:The Cross-Domain SSO Use Case SAML:The Cross-Domain SSO Use Case Chris Ceppi Oblix Corporate Engineer Ed Kaminski OBLIX Federal Business Manager 410-349-1828 ekaminski@oblix.com Mike Blackin Principal Systems Engineer Oblix, Inc. 202-588-7397

More information

IAM Application Integration Guide

IAM Application Integration Guide IAM Application Integration Guide Date 03/02/2015 Version 0.1 DOCUMENT INFORMATIE Document Title IAM Application Integration Guide File Name IAM_Application_Integration_Guide_v0.1_SBO.docx Subject Document

More information

Processo Civile Telematico (On-line Civil Trial)

Processo Civile Telematico (On-line Civil Trial) Processo Civile Telematico (On-line Civil Trial) By Giulio Borsari Italian Ministry of Justice IT Department via Crescenzio 7/c Rome Phone +39 051 4200210 (alt. +39 06 68620209) Fax +39 051 4200200 giulio.borsari@giustizia.it

More information

L'SPC ovvero l'ict enabled government

L'SPC ovvero l'ict enabled government L'SPC ovvero l'ict enabled government Rossella Bellini Senior Engagement Manager Sun Microsystems Forum PA 2006 1 Agenda L'ICT enabled government e l'spc La Service Oriented Architecture L'SPC ovvero la

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

GFIPM & NIEF Single Sign-on Supporting all Levels of Government

GFIPM & NIEF Single Sign-on Supporting all Levels of Government GFIPM & NIEF Single Sign-on Supporting all Levels of Government Presenter: John Ruegg, Director LA County Information Systems Advisory Body (ISAB) & Chair, Global Federated ID & Privilege Management (GFIPM)

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Federated Identity Management Systems in e-government: the Case of Italy

Federated Identity Management Systems in e-government: the Case of Italy Electronic Government, An International Journal, Vol. x, No. x, xxxx 1 Federated Identity Management Systems in e-government: the Case of Italy Roberto Baldoni Università degli Studi di Roma La Sapienza

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

TrustedX - PKI Authentication. Whitepaper

TrustedX - PKI Authentication. Whitepaper TrustedX - PKI Authentication Whitepaper CONTENTS Introduction... 3 1... 4 Use Scenarios... 5 Operation... 5 Architecture and Integration... 6 SAML and OAuth 7 RESTful Web Services 8 Monitoring and Auditing...

More information

SAML SSO Configuration

SAML SSO Configuration SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting

More information

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach IDENTITY MANAGEMENT AND WEB SECURITY A Customer s Pragmatic Approach AGENDA What is Identity Management (IDM) or Identity and Access Management (IAM)? Benefits of IDM IDM Best Practices Challenges to Implement

More information

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release

More information

Configuring EPM System 11.1.2.1 for SAML2-based Federation Services SSO

Configuring EPM System 11.1.2.1 for SAML2-based Federation Services SSO Configuring EPM System 11.1.2.1 for SAML2-based Federation Services SSO Scope... 2 Prerequisites Tasks... 2 Procedure... 2 Step 1: Configure EPM s WebLogic domain for SP Federation Services... 2 Step 2:

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?

More information

GEC4. Miami, Florida

GEC4. Miami, Florida GENI Security Architecture GEC4 Stephen Schwab, Alefiya Hussain Miami, Florida 1 Outline Overview of Security Architecture Draft Work in progress Observations About Candidate Technologies Considerations

More information

The Ethicsweb European Project The Contribution of Istituto Superiore di Sanità

The Ethicsweb European Project The Contribution of Istituto Superiore di Sanità Workshop on Good Practice of Documentation Rome, ISS, April, 12th, 2010 The Ethicsweb European Project The Contribution of Istituto Superiore di Sanità Maurella Della Seta Istituto Superiore di Sanità,

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...

More information

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by

More information

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House

More information

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001 Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance

More information

Online Identity Attribute Exchange 2013-2014 Initiatives

Online Identity Attribute Exchange 2013-2014 Initiatives Online Identity Attribute Exchange 2013-2014 Initiatives Agenda Overview AXN Services Framework Demonstration NSTIC Pilots Summary ABAC Services Attribute Exchange Network Page 2 AXN - Enabling IT & Other

More information

Securing Enterprise: Employability and HR

Securing Enterprise: Employability and HR 1 Securing Enterprise: Employability and HR Federation and XACML as Security and Access Control Layer Open Standards Forum 2 Employability and HR Vertical Multiple Players - Excellent case for federation

More information

Interoperable Provisioning in a Distributed World

Interoperable Provisioning in a Distributed World Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 IAM 302 Contacts Mark Diodati (mdiodati@burtongroup.com)

More information

APC-Pro sa Computer Service

APC-Pro sa Computer Service Configuring, Managing and Troubleshooting Microsoft Exchange Service Pack 2 (10135B) Durata: 5 giorni Orario: 8:30 12:00 / 13:30-17.00 Costo per persona: CHF 1 900.-- (Min. 5 partecipanti) Obiettivi di

More information

Network Identity. 1. Introduction. Kai Kang Helsinki University of Technology Networking Laboratory kkang@cc.hut.fi

Network Identity. 1. Introduction. Kai Kang Helsinki University of Technology Networking Laboratory kkang@cc.hut.fi Network Identity Kai Kang Helsinki University of Technology Networking Laboratory kkang@cc.hut.fi Abstract: This paper is concerning on modern Network Identity issues, emphasizing on network identity management,

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1 PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity

More information

SAM Context-Based Authentication Using Juniper SA Integration Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de

More information

Identity & Access Management Gliding Flight. Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL

Identity & Access Management Gliding Flight. Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL Identity & Access Management Gliding Flight Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL Agenda 1 General Concepts 2 Logical Components 3 Implementation Structure 4 5 Governance Web App Firewall

More information

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

Egnyte Single Sign-On (SSO) Installation for OneLogin

Egnyte Single Sign-On (SSO) Installation for OneLogin Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

More information

Identity Management in Telcos. Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008

Identity Management in Telcos. Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008 Identity Management in Telcos Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008 1 Agenda. Introduction User-centric Identity and Telcos Comprehensive Identity Models IDM Reference Architecture

More information

TIB 2.0 Administration Functions Overview

TIB 2.0 Administration Functions Overview TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR

More information

SD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier

SD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier ש בולת SD Departmental Meeting November 28 th, 2006 Ale de Vries Product Manager ScienceDirect Elsevier Shi... whát? : Shibboleth ש בולת [...] "stream, torrent". It derives from a story in the Hebrew Bible,

More information

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations

More information

The Challenges of Web single sign-on

The Challenges of Web single sign-on Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012 Agenda Single sign-on technology Why single sign-on Challenges

More information

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO

More information

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 Cloud Standards Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102 2011 IBM Corporation Agenda Overview on Cloud Standards Identity and Access Management Discussion 2 Overview on Cloud

More information

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011 NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity

More information

This research note is restricted to the personal use of christine_tolman@byu.edu

This research note is restricted to the personal use of christine_tolman@byu.edu Burton IT1 Research G00234483 Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance

More information

TrustedX: eidas Platform

TrustedX: eidas Platform TrustedX: eidas Platform Identification, authentication and electronic signature platform for Web environments. Guarantees identity via adaptive authentication and the recognition of either corporate,

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

Identity Management: The authentic & authoritative guide for the modern enterprise

Identity Management: The authentic & authoritative guide for the modern enterprise Identity Management: The authentic & authoritative guide for the modern enterprise Ellen Newlands, Product Manager Dmitri Pal, Director, Engineering 06-26-15 Goals of the Presentation Introduce Identity

More information

Server based signature service. Overview

Server based signature service. Overview 1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...

More information

Adding Federated Identity Management to OpenStack

Adding Federated Identity Management to OpenStack Adding Federated Identity Management to OpenStack David Chadwick University of Kent 3 December 2012 University of Kent 1 Some Definitions What is Identity? A whole set of attributes that in combination

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market

Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012) 135 final} {SWD(2012) 136 final} Andrea SERVIDA

More information

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing

More information

CIO Survey. Karel De Vriendt

CIO Survey. Karel De Vriendt CIO Survey Karel De Vriendt Thursday, June 19, 2008 Purpose of the CIO survey Provide input to and define priorities for: European Interoperability Strategy European Interoperability Framework Architectural

More information

Federated Identity & Access Mgmt for Higher Education

Federated Identity & Access Mgmt for Higher Education Federated Identity & Access Mgmt for Higher Education Dr. Erik Vullings Program Manager Macquarie University s s E-Learning E Centre of Excellence (MELCOE) Erik.Vullings@melcoe.mq.edu.au 1/23/2006 1 Backing

More information

Identity Governance Evolution

Identity Governance Evolution Identity Governance Evolution Paola Marino Principal Sales Consultant Agenda Oracle Identity Governance Innovation Cloud Scenarios enabled by Oracle Identity Platform Agenda Oracle

More information

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September 2007. Trianz 2008 White Paper Page 1

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September 2007. Trianz 2008 White Paper Page 1 White Paper Authentication and Access Control - The Cornerstone of Information Security Vinay Purohit September 2007 Trianz 2008 White Paper Page 1 Table of Contents 1 Scope and Objective --------------------------------------------------------------------------------------------------------

More information

ESA EO Identify Management

ESA EO Identify Management ESA EO Identify Management The ESA EO IM Infrastructure & Services A. Baldi ESA: Andrea.Baldi@esa.int M. Leonardi ESA: m.leonardi@rheagroup.com 1 Issues @ ESA with legacy user management Users had multiple

More information

Setup Guide Access Manager 3.2 SP3

Setup Guide Access Manager 3.2 SP3 Setup Guide Access Manager 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE

More information

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric

More information

SAML and OAUTH comparison

SAML and OAUTH comparison SAML and OAUTH comparison DevConf 2014, Brno JBoss by Red Hat Peter Škopek, pskopek@redhat.com, twitter: @pskopek Feb 7, 2014 Abstract SAML and OAuth are one of the most used protocols/standards for single

More information

IT-Security All safe and sound?

IT-Security All safe and sound? IT-Security All safe and sound? The building blocks for secure E-Government Dr. Vienna, 20.10.2014 Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU

More information

Sun Infrastructure Solution for Network Identity Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost

Sun Infrastructure Solution for Network Identity Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost Sun Infrastructure Solution for Network Identity Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost Timothy Siu SE Manager, JES Nov/10/2003 sun.com/solutions/

More information

NT III - Authentication and Authorisation Service

NT III - Authentication and Authorisation Service Tasmanian Cloud - Networking Tasmania Pre-Tender Consultation NT III - Authentication and Authorisation Service Scoping and implementation approach Department of Premier and Cabinet Office of e CONTENTS

More information

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion. Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On

More information

Poste Italiane ICT Measurement

Poste Italiane ICT Measurement Poste Italiane ICT Measurement Paolo Baldelli DCPT Process and Technologies Central Department Poste Italiane S.p.A. 1 Direzione Centrale Processi e Tecnologie Agenda! Poste Italiane : the Company and

More information

Federation Proxy for Cross Domain Identity Federation

Federation Proxy for Cross Domain Identity Federation Proxy for Cross Domain Identity Makoto Hatakeyama NEC Corporation, Common Platform Software Res. Lab. 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211-8666, Japan +81-44-431-7663 m-hatake@ax.jp.nec.com

More information

Identity Management for Interoperable Health Information Exchanges

Identity Management for Interoperable Health Information Exchanges Identity Management for Interoperable Health Information Exchanges Presented to the NASMD Medicaid Transformation Grants HIE Workgroup - March 26, 2008 Presented by: John (Mike) Davis, Department of Veterans

More information

Interoperable, Federated Identity Management Frameworks Across Enterprise Architectures. We can do this.

Interoperable, Federated Identity Management Frameworks Across Enterprise Architectures. We can do this. Interoperable, Federated Identity Management Frameworks Across Enterprise Architectures. We can do this. Scott McGrath COO Organization for the Advancement of Structured Information Standards A diverse

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization

More information

API-Security Gateway Dirk Krafzig

API-Security Gateway Dirk Krafzig API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing

More information

Defender 5.7 - Token Deployment System Quick Start Guide

Defender 5.7 - Token Deployment System Quick Start Guide Defender 5.7 - Token Deployment System Quick Start Guide This guide describes how to install, configure and use the Defender Token Deployment System, based on default settings and how to self register

More information

Dell World Software User Forum 2013

Dell World Software User Forum 2013 Dell World Software User Forum 2013 December 9-12 Austin, TX SaaS Mobile Management Overview of Cloud Client Manager and integration with KACE K1000 Introducing Dell Enterprise Mobility Management Your

More information

EXECUTIVE VIEW. EmpowerID 2013. KuppingerCole Report. By Peter Cummings October 2013. By Peter Cummings pc@kuppingercole.

EXECUTIVE VIEW. EmpowerID 2013. KuppingerCole Report. By Peter Cummings October 2013. By Peter Cummings pc@kuppingercole. KuppingerCole Report EXECUTIVE VIEW By Peter Cummings October 2013 EmpowerID 2013 By Peter Cummings pc@kuppingercole.com October 2013 Content 1 Vendor Profile... 3 2 Product Description... 4 2.1 Single

More information

Tivoli Access Manager for e-business 6.1.1 FP4 with Tivoli Federated Identity Manager 6.2.1 FP2 Security Target

Tivoli Access Manager for e-business 6.1.1 FP4 with Tivoli Federated Identity Manager 6.2.1 FP2 Security Target Tivoli Access Manager for e-business 6.1.1 FP4 with Tivoli Federated Identity Manager 6.2.1 FP2 Security Target Document Version Number 1.30 Document Update Date: 2012-05-16 Authors: Scott Chapman, David

More information

Enabling SAML for Dynamic Identity Federation Management

Enabling SAML for Dynamic Identity Federation Management Enabling SAML for Dynamic Identity Federation Management Patricia Arias, Florina Almenárez, Andrés Marín and Daniel Díaz-Sánchez University Carlos III of Madrid http://pervasive.gast.it.uc3m.es/ WMNC 2009

More information

Getting Started with AD/LDAP SSO

Getting Started with AD/LDAP SSO Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories

More information

APC-Pro sa Computer Service

APC-Pro sa Computer Service Installing and Configuring Windows Server 2012 (20410A) Durata: 5 giorni Orario: 8:30 12:00 / 13:30-17.00 Costo per persona: CHF 1 900.-- (Min. 5 partecipanti) Obiettivi di formazione Al termine del corso

More information

DIGIPASS Authentication for GajShield GS Series

DIGIPASS Authentication for GajShield GS Series DIGIPASS Authentication for GajShield GS Series With Vasco VACMAN Middleware 3.0 2008 VASCO Data Security. All rights reserved. Page 1 of 1 Integration Guideline Disclaimer Disclaimer of Warranties and

More information

Online Identity Attribute Exchange 2013-2014 Initiatives

Online Identity Attribute Exchange 2013-2014 Initiatives Online Identity Attribute Exchange 2013-2014 Initiatives Agenda Overview AXN Services Framework Demonstration NSTIC Pilots Summary ABAC Services Attribute Exchange Network Page 2 AXN - Enabling IT & Other

More information

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple how-to whitepapers will

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

User Management Interfaces for Earth Observation Services Abstract Test Suite

User Management Interfaces for Earth Observation Services Abstract Test Suite User Management Interfaces for Earth Observation Services Abstract Test Suite Primary Author Andrew Woolf, STFC Rutherford Appleton Laboratory Revision history Version Contributors Date Changes 0.1 Andrew

More information

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210

More information

Identity Management Challenges for Intercloud Applications

Identity Management Challenges for Intercloud Applications Identity Management Challenges for Intercloud Applications David Núñez 1, Isaac Agudo 1, Prokopios Drogkaris 2 and Stefanos Gritzalis 2 1 Department of Computer Science, E.T.S. de Ingeniería Informática,

More information