Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0
|
|
- Frederick Moody
- 8 years ago
- Views:
Transcription
1 sm Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0
2 Table of Contents Legal Notice... 3 Executive Summary... 4 Related Usage Models... 5 Reference Framework... 5 Applicability... 6 Taxonomy... 6 Usage Scenarios... 7 Privileged User Access... 7 Industry Call to Action...10 References
3 Legal Notice This Open Data Center Alliance SM Usage Model: Infrastructure as a Service (IaaS) Privileged User Access is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS WHO ARE NOT OPEN DATA CENTER ALLIANCE PARTICIPANTS: Non-Open Data Center Alliance Participants only have the right to review, and make reference or cite, this document. Any such references or citations to this document must give the Open Data Center Alliance, Inc. full attribution and must acknowledge the Open Data Center Alliance, Inc. s copyright in this document. Such users are not permitted to revise, alter, modify, make any derivatives of, or otherwise amend this document in any way. NOTICE TO USERS WHO ARE OPEN DATA CENTER ALLIANCE PARTICIPANTS: Use of this document by Open Data Center Alliance Participants is subject to the Open Data Center Alliance s bylaws and its other policies and procedures. OPEN CENTER DATA ALLIANCE SM, ODCA SM, and the OPEN DATA CENTER ALLIANCE logo SM are service marks owned by Open Data Center Alliance, Inc. and all rights are reserved therein. Unauthorized use is strictly prohibited. This document and its contents are provided AS IS and are to be used subject to all of the limitation set forth herein. Users of this document should not reference any initial or recommended methodology, metric, requirements, or other criteria that may be contained in this document or in any other document distributed by the Alliance ( Initial Models ) in any way that implies the user and/or its products or services are in compliance with, or have undergone any testing or certification to demonstrate compliance with, any of these Initial Models. Any proposals or recommendations contained in this document including, without limitation, the scope and content of any proposed methodology, metric, requirements, or other criteria does not mean the Alliance will necessarily be required in the future to develop any certification or compliance or testing programs to verify any future implementation or compliance with such proposals or recommendations. This document does not grant any user of this document any rights to use any of the Alliance s trademarks. All other service marks, trademarks and trade names referenced herein are those of their respective owners. Published April,
4 sm Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0 Executive Summary When an administrator manages a cloud resource on behalf of multiple users or when an administrator accesses resources in the cloud, this role becomes significant in terms of security. The level of access granted to administrators is enhanced in the administrator role and, therefore, the potential risk to the organization is increased. Access breaches that use administrative accounts can lead to significant problems for an enterprise. It is therefore desirable to provide enhanced security controls for these accounts. Many organizations that are considering purchasing cloud-based resources will already have solved this internally by using multi factor authentication (MFA) techniques and seek to use the existing systems to provide initial username/password logon and further factors of authentication to enhance security. This usage model defines a mechanism for extending existing strong authentication methods used in the enterprise to cloud-based resources. It provides cloud providers and subscribers clear guidelines for development of identity management and administrative systems for cloudbased resources. Following these guidelines will promote a single, consistent approach for administrative logon to these resources. It is assumed throughout this usage model that existing Organization for the Advancement of Structured Information Standards (OASIS) Security Assertion Markup Language (SAML) standards, using an agreed upon profile, will be used for communication between subscriber and provider systems. This document serves a variety of audiences. Solution providers and technology vendors will benefit from its content to better understand customer needs and tailor service and product offerings. Standards organizations will find the information helpful in defining end-user relevant and open standards. 4
5 Related Usage Models This usage model should be read in conjunction with the ODCA Identity Management Interoperability Guide 1 and the ODCA Provider Assurance Usage Model 2. The Interoperability Guide defines the interaction between the different technical usage models in the identity management area. The Provider Assurance Usage Model defines the overall requirements for security in the cloud and defines where identity management should be used. Reference Framework The following diagram shows a framework of the functional areas of identity management. This framework provides a reference model for the usage models described below. This usage model covers one of the potential cases in strong authentication. Identity and Access Management Framework Identity and Access Management Identity Lifecycle Management Identity and Authentication Management Authorization and Permission Lifecycle Management Authorization and Permission Management Identity Governance Identity Creation/ Validation Identity Federation Entitlement Externalization Access Control Services Confirm Validation Identity Provisioning (add/modify/delete) Directory Services / User Repositories Entitlement Provisioning Policy Enforcement Point (PEP) Auditing and Reporting Mover / Leaver Process Authentication Mover / Leaver Process Policy Decision Point (PDP) Monitoring Strong Authentication Role Mining and Discovery Weak Authentication Reporting for Audit / Compliance Checks Sign On Multiple Sign On Reduced Sign On (web, desktop) Single Sign On Credential Management Policy Enforcement Point (PEP) 1 InteropGuide_Rev1.0_final.pdf 2 5
6 Applicability This usage model is applicable to all types of cloud service including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The usage model should be applied in cases where Bronze, Silver, Gold or Platinum levels of security, as defined in the ODCA Cloud Provider Assurance Usage Model 2, are required. Correlation of applicability to other use cases can be found in the ODCA Identity Management Interoperability Guide 1 Taxonomy Actor Cloud Subscriber Cloud Subscriber User Cloud Subscriber Administrator Cloud Provider Administrator Cloud Administrator Cloud Provider Identity Provider Description A person or organization that has been authenticated to a cloud and maintains a business relationship with a cloud. An organization providing network services and charging cloud subscribers. A (public) cloud provider provides services over the Internet. An administrator type of user of a cloud subscriber organization that performs (cloud) system related administration tasks for the cloud subscriber organization. An administrator type of user of a cloud provider organization that performs system related administration tasks on systems that host services for the cloud subscriber organization. An administrator type user that performs administration tasks on a system providing services to a cloud subscriber organization. This is independent of whether the administrator is part of the cloud subscriber organization or whether he/she is part of a cloud provider organization working on resources supplied to the cloud subscriber. An organization providing network services and charging cloud subscribers. A (public) cloud provider provides services over the Internet. An entity that is responsible for establishing and maintaining the digital identity associated with a person, organization, or (in some cases) a software program. [e.g., National Strategy for Trusted Identities in Cyberspace NSTIC] 6
7 Usage Scenarios Privileged User Access This usage model is to be adopted where an administrator of a cloud-based resource requires strong authentication due to the enhanced privileges and higher risk associated with the account. Actors: cloud subscriber, cloud administrator, cloud provider Goal: The cloud subscriber requires the cloud administrator to authenticate by using a further factor of authentication before access is granted to the administrative area of a cloud provider s system. Assumptions: The following assumptions are made regarding authentication: Assumption 1: The cloud subscriber and cloud provider both operate (or have operated for them) identity management systems that are capable of SAML transactions and have provisioned further factor systems that are also SAML capable. The relevant systems that are within the cloud subscriber organization must be accessible by the cloud provider. Assumption 2: Where possible, the identity management systems of the cloud subscriber can generate a SAML message identifying that the cloud subscriber administrator has already completed both authentication steps. Assumption 3: The OASIS SAML standard will be used during all transactions between cloud provider and cloud subscriber. Assumption 4: All transactions between cloud provider and cloud subscriber will only be made using secure protocols. Assumption 5: The interactions defined below are to be carried out in a timely manner. The maximum delay in transaction time should be defined in the contract. Success Scenario 1: A cloud subscriber administrator is only able to authenticate to the administrative areas of a cloud provider s system or application following a multiple factor authentication at the start of, or during, the session. Steps: 1. The cloud subscriber administrator accesses the administrative area of a cloud-based resource. 2. The cloud provider s system makes a SAML request to the cloud subscriber to confirm the authorization level of the cloud subscriber administrator. 3. If the cloud subscriber administrator is already authenticated using both factors then, a. The identity management system of the cloud subscriber returns a SAML response indicating that access may be granted. b. The cloud provider then allows access to the administrative area of a cloud-based resource. 4. If the cloud subscriber administrator is already authenticated using only a single method of authentication then, a. The cloud provider s system identifies the requirement for a further factor of authentication and passes the cloud subscriber administrator to a web page controlled by the cloud subscriber which allows authentication using a further authentication factor. b. Once successfully authenticated the identity management system of the cloud subscriber returns a SAML message indicating that access may be granted. c. The cloud provider then allows access to the administrative area of a cloud-based resource. 7
8 5. If the cloud subscriber administrator is not authenticated then, Failure Condition 1: a. The cloud provider s system identifies the requirement for authentication and passes the cloud subscriber administrator to a web page controlled by the cloud subscriber which allows authentication. b. Once successfully authenticated, using both factors, the identity management system of the cloud subscriber returns a SAML message indicating that access may be granted. c. The cloud provider then allows access to the administrative area of a cloud-based resource. A cloud provider does not receive all required confirmations from the cloud subscriber s identity management systems. Failure Handling 1: Access to the administration area of the cloud provider s system is denied. In this model, the cloud provider s system should also provide appropriate error and audit messages back to the cloud subscriber administrator and the identity management system of the cloud subscriber. Success Scenario 2: A cloud provider administrator is only able to authenticate to the administrative areas of a cloud provider s system or application, on which services of the cloud subscriber are hosted, following a multiple factor authentication at the start of, or during, the session. Steps: 1. The cloud provider administrator accesses the administrative area of a cloud-based resource. 2. The cloud provider s system makes a SAML request to the internal identity management system to confirm the authorization level of the cloud provider administrator. 3. If the cloud provider administrator is already authenticated using both factors then, a. The identity management system of the cloud provider returns a SAML response indicating that access may be granted. b. The cloud provider then allows access to the administrative area of a cloud-based resource. 4. If the cloud provider administrator is already authenticated using only a single method of authentication then, a. The cloud provider s system identifies the requirement for a further factor of authentication and passes the cloud provider administrator to a system to provide a further factor of authentication. b. Once successfully authenticated, the identity management system of the cloud provider returns a SAML message indicating that access may be granted. c. The cloud provider then allows access to the administrative area of a cloud-based resource. 5. If the cloud provider administrator is not authenticated then, a. The cloud provider s system identifies the requirement for authentication and passes the cloud provider administrator to the systems controlled by the cloud provider which allow authentication. b. Once successfully authenticated using both factors the identity management system of the cloud provider returns a SAML message indicating that access may be granted. c. The cloud provider then allows access to the administrative area of a cloud-based resource. 8
9 Failure Condition 2: A cloud provider does not receive all required confirmations from the internal identity management systems. Failure Handling 2: Access to the administration area of the cloud provider s system is denied. In this model the cloud provider s system should also provide appropriate error and audit messages back to the cloud provider administrator and the event logging systems within the cloud provider organization. Success Scenario 3: A Cloud administrator is only able to complete a specific administrative task on a cloud provider s system or application following further authentication by using a multi factor authentication system. Steps: 1. The cloud administrator requires the completing of a task that requires confirmation of administrative status. 2. The cloud provider s system makes a SAML request to the same system that provided the further factor of authentication at the start of the session. 3. Once authenticated the relevant system will return a SAML response indicating that access may be granted. Failure Condition 3: A cloud provider does not receive all required confirmations from the internal identity management systems. Failure Handling 3: The complete administrative session is terminated, requiring the privileged user to restart the logon process. In this model the cloud provider s system should also provide appropriate error and audit messages back to the cloud provider administrator and the event logging systems within the cloud provider organization. 9
10 Industry Call to Action The following further actions are required: The ODCA requires providers of identity management systems for the enterprise and cloud providers to produce reference models and proofof-concept implementations that will show compliance to this requirement. References OASIS Service Provisioning Markup Language (SPML) Version 2 3 OASIS Security Assertion Markup Language (SAML) Version 2 4 Any use or other implementation of the above cited OASIS markup language specifications / protocols ( OASIS Language ) are subject to any and all intellectual property rights and other rights held by, and any other limitations or restrictions which may be asserted by, OASIS and/or its members as the owner or owners of said OASIS Language ( Proprietary Rights ). ODCA takes no position regarding the validity or scope of any such Proprietary Rights that might be claimed or asserted by OASIS and/ or its members which may pertain to the use or other implementation of said OASIS Language or the extent to which any license of any such Proprietary Rights might or might not be available; nor does it represent that it has made any independent effort to identify any such Proprietary Rights. Each user and implementer of the OASIS Language is solely responsible for obtaining any and all licenses which may be needed in order to use or otherwise implement said OASIS Language. Requests for information regarding the Proprietary Rights and any applicable licenses should only be directed to OASIS and should not be made to the ODCA. Copies of any Proprietary Rights disclosures that may have been made, or potential licenses to be made available, or the result of an attempt made to obtain a license or other permission for the use or implementation of such Proprietary Rights by any implementer or user of the OASIS Language should only be directed to OASIS. This reference to, or citation of, the OASIS Language is provided on an AS IS basis and THE OPEN DATA CENTER ALLIANCE AND ITS PARTICIPANTS AND MEMBERS HEREBY DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, ANY WARRANTY THAT THE USE OR OTHER IMPLEMENTATON OF THE OASIS LANGUAGE (AS DEFINED ABOVE) WILL NOT INFRINGE ANY PROPRIETARY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0
sm Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Reference Framework... 5 Applicability... 6 Related Usage Models...
More informationOpen Data Center Alliance Usage: Cloud Based Identity Provisioning Rev. 1.0
sm Open Data Center Alliance Usage: Cloud Based Identity Provisioning Rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Reference Framework... 5 Applicability... 6 Related
More informationOpen Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0
sm Open Data Center Alliance Usage: Cloud Based Identity Governance and Auditing REV. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Reference Framework... 5 Context... 6 Applicability...
More informationOpen Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0
sm Open Data Center Alliance Usage: Identity Interoperability Guide rev. 1.0 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary...
More informationOPEN DATA CENTER ALLIANCE SM USAGE MODEL: E-DISCOVERY AND FORENSICS
OPEN DATA CENTER ALLIANCE SM USAGE MODEL: E-DISCOVERY AND FORENSICS Version Date Editor Description of Change 1.0 27 Aug 2014 Security WG Initial release Contributors Christophe Gévaudan UBS Tino Hirschmann
More informationOpen Data Center Alliance Usage: Provider Assurance Rev. 1.1
sm Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 Legal Notice This Open Data Center Alliance SM Usage:Provider Assurance is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS
More informationOPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds
sm OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds SM Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Overview... 5 Interoperability... 6 Service
More informationOpen Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1
sm Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1 Open Data Center Alliance Usage: Virtual Machine (VM) Interoperability in a Hybrid Cloud
More informationOPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0
sm OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0 SM Table of Contents Legal Notice... 3 Executive Summary... 4 Purpose... 5 Assumptions... 5 SaaS Interoperability
More informationOPEN DATA CENTER ALLIANCE SM CLOUD ADOPTION SURVEY
OPEN DATA CENTER ALLIANCE SM CLOUD ADOPTION SURVEY 2014 TABLE OF CONTENTS 3 Legal Notice 5 Executive Summary 5 ODCA Members Respond to Survey on Data Center Practices and Plans 6 Methodology 6 Growth in
More informationOpen Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY
sm Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY 1 Legal Notice This Open Data Center Alliance SM Usage: VM Interoperability is proprietary to the Open Data Center Alliance, Inc.
More informationOPEN DATA CENTER ALLIANCE USAGE: Data Security Rev. 1.0
OPEN DATA CENTER ALLIANCE USAGE: Data Security Rev. 1.0 Table of Contents Legal Notice...3 Executive Summary...4 Purpose...5 Reference Framework...5 Taxonomy...5 Usage Scenarios...6 Usage Scenario Transfer
More informationCLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service
CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service Open Data Center Alliance, Inc. 3855 SW 153 rd Dr. Beaverton, OR 97003 USA Phone +1 503-619-2368 Fax: +1 503-644-6708 Email:
More informationCloud Tech Solution at T-Systems International Cloud Integration Center
Cloud Tech Solution at T-Systems International Cloud Integration Center Executive Overview In 2009 T-Systems identified that in order for the organizational processes/products/services incorporating use
More informationOpen Data Center Alliance Usage: SERVICE CATALOG
sm Open Data Center Alliance Usage: SERVICE CATALOG Legal Notice This Open Data Center Alliance SM Usage: Service Catalog is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS WHO ARE NOT
More informationOPEN DATA CENTER ALLIANCE USAGE MODEL: Provider Assurance Rev. 2.0
OPEN DATA CENTER ALLIANCE USAGE MODEL: Provider Assurance Rev. 2.0 Table of Contents Legal Notice...3 Executive Summary...4 Purpose...5 Taxonomy...6 Usage Model Diagram...6 Usage Model Details...6 Usage
More informationOPEN DATA CENTER ALLIANCE Sm Master Usage Model: Commercial framework REV 1.0
OPEN DATA CENTER ALLIANCE Sm Master Usage Model: Commercial framework REV 1.0 Table of Contents Proprietary Notice And Other Notifications... 5 Legal Notice... 6 Acknowledgments... 6 Terminology And Provenance...
More informationidentity as the new perimeter: securely embracing cloud, mobile and social media agility made possible
identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,
More informationHow To Manage A Plethora Of Identities In A Cloud System (Saas)
TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities
More informationCA SiteMinder SSO Agents for ERP Systems
PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security
More informationThe Gale Group Subscription and License Agreement
The Gale Group Subscription and License Agreement This legal document is an agreement between THE GALE GROUP, INC. (herein referred to as Gale ), a Thomson Corporation company, and you, the subscriber
More informationIdentity in the Cloud Use Cases Version 1.0
Identity in the Cloud Use Cases Version 1.0 Committee Note 01 08 May 2012 Specification URIs This version: http://docs.oasis-open.org/id-cloud/idcloud-usecases/v1.0/cn01/idcloudusecases-v1.0-cn01.pdf (Authoritative)
More informationCanadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document:
Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement In this document: Company refers to the hospital, hospital group, or other entity that has been pre- registered by
More informationSelf Help Guides. Create a New User in a Domain
Self Help Guides Create a New User in a Domain Creating Users & Groups This document is to be used as a guide to creating users and/or groups in a Domain Server environment; 1. Windows Server Domain exists,
More informationGuideline on Implementing Cloud Identity and Access Management
CMSGu2013-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Implementing Cloud Identity and Access Management National
More informationOracle Enterprise Manager
Oracle Enterprise Manager System Monitoring Plug-in Installation Guide for Microsoft Active Directory Release 12.1.0.1.0 E28548-04 February 2014 Microsoft Active Directory, which is included with Microsoft
More informationOpen Data Center Alliance - Sustain andustain
sm OPEN DATA CENTER ALLIANCE : National Australia Bank Carbon Neutral White paper SM Table of Contents Legal Notice... 3 Executive Summary... 4 Leading the Carbon Neutral Commitment in Australia... 5 Continued
More informationRethinking Schools Limited Institutional Site License
Rethinking Schools Limited Institutional Site License This License Agreement ( License ) is entered into the day of [20 ] ( Effective Date ) between Rethinking Schools Limited, a Wisconsin Corporation,
More informationCompute Infrastructure as a Service: Recommendations from the Open Data Center Alliance SM and TM Forum A joint perspective on the requirements of
Compute Infrastructure as a Service: Recommendations from the Open Data Center Alliance SM and TM Forum A joint perspective on the requirements of the enterprise consumer Legal Notice This CIaaS: Recommendations
More informationSafeNet Authentication Service
SafeNet Authentication Service Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep
More informationCA Business Service Insight
DATA SHEET CA Business Service Insight With CA Business Service Insight, you can know what services are being used within your business, improve service performance while helping to reduce operating costs,
More informationOPEN DATA CENTER ALLIANCE USAGE MODEL: Cloud Maturity Model Rev. 2.0
OPEN DATA CENTER ALLIANCE USAGE MODEL: Cloud Maturity Model Rev. 2.0 Table of Contents Legal Notice...3 Executive Summary...4 Overview of the Cloud Maturity Model...5 Description of the Cloud Maturity
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More information1 Novell Use Cases. 1.1 Use Case: Per Tenant Identity Provider Configuration. 1.1.1 Description/User Story. 1.1.2 Goal or Desired Outcome
1 Novell Use Cases 1.1 Use Case: Per Tenant Identity Provider Configuration 1.1.1 Description/User Story Multi-tenant service providers, whether they are SaaS, PaaS, or IaaS vendors, benefit from quick
More informationService Description: Cisco Prime Home Hosted Services. This document describes the Cisco Prime Home Hosted Services.
Service Description: Cisco Prime Home Hosted Services This document describes the Cisco Prime Home Hosted Services. Related Documents: The following documents also posted at www.cisco.com/go/servicedescriptions/
More informationIBM WebSphere Application Server
IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationEMC ViPR Controller. Version 2.4. User Interface Virtual Data Center Configuration Guide 302-002-416 REV 01 DRAFT
EMC ViPR Controller Version 2.4 User Interface Virtual Data Center Configuration Guide 302-002-416 REV 01 DRAFT Copyright 2014-2015 EMC Corporation. All rights reserved. Published in USA. Published November,
More informationZIMPERIUM, INC. END USER LICENSE TERMS
ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side
More informationTERMS AND CONDITIONS
TERMS AND CONDITIONS 1. Your Acceptance Welcome to the website operated by Joint Aid Management ( JAM ) International. By using or visiting this website, you signify your agreement to the terms and conditions
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationOracle Enterprise Manager. Description. Versions Supported
Oracle Enterprise Manager System Monitoring Plug-in Installation Guide for Microsoft Active Directory 10g Release 2 (10.2.0.2) B28044-02 June 2006 This document provides a brief description about the Oracle
More informationBringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com
Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services
More informationDualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.
DualShield Integration Guide Copyright 2011 Deepnet Security Limited Copyright 2011, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID,
More informationIT@Intel. Improving Security and Productivity through Federation and Single Sign-on
White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing
More informationSoftware License Monitoring
LANDESK Quick Start Guide Software License Monitoring VERSION 2 Introduction This guide was designed to help those users new to Software License Monitoring (SLM) introduced in LANDESK Management Suite
More informationBIMASS and You - A Copyright Infringement Conclusions
PRODUCT SCHEDULE Hosted Exchange This Product Schedule (the Schedule ), between BIMASS and ( You ) is effective immediately and is issued pursuant to and incorporates by reference the terms and conditions
More informationFME SOFTWARE LICENSE AGREEMENT
FME SOFTWARE LICENSE AGREEMENT IMPORTANT READ CAREFULLY: This FME Software License Agreement ("Agreement") is a legal agreement between You (either an individual or a single legal entity) and Safe Software
More informationNew Security Features
New Security Features BlackBerry 10 OS Version 10.3.1 Published: 2014-12-17 SWD-20141211141004210 Contents About this guide... 4 Advanced data at rest protection... 5 System requirements... 6 Managing
More informationTerms Of Service. "The Company" means CIT Broadband, P.O. Box 122568, Fort Worth, TX 76121.
Terms Of Service BY USING THE COMPANY'S SERVICES YOU AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS. 1. Definitions. "The Company" means CIT Broadband, P.O. Box 122568, Fort Worth, TX 76121. "The Subscriber"
More informationSelf Help Guides. Setup Exchange Email with Outlook
Self Help Guides Setup Exchange Email with Outlook Setting up Exchange Email Connection This document is to be used as a guide to setting up an Exchange Email connection with Outlook; 1. Microsoft Outlook
More informationMobile Banking Service Agreement (Addendum to your Primary Online Banking Service Agreement)
Mobile Banking Service Agreement (Addendum to your Primary Online Banking Service Agreement) I. INTRODUCTION PARTIES AND DEFINITIONS This Mobile Banking Service Agreement (as amended from time to time,
More informationAzure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note
KEMP LoadMaster and Azure Multi- Factor Authentication Technical Note VERSION: 1.0 UPDATED: APRIL 2016 Copyright Notices Copyright 2002-2016 KEMP Technologies, Inc.. All rights reserved.. KEMP Technologies
More informationDLNA Guidelines March 2014
DLNA Guidelines March 2014 Part 7: Authentication An Industry Guide for Building Interoperable Platforms, Devices, and Applications Fulfilling the promise of the digital home requires a cross-industry
More informationHIPAA: The Role of PatientTrak in Supporting Compliance
HIPAA: The Role of PatientTrak in Supporting Compliance The purpose of this document is to describe the methods by which PatientTrak addresses the requirements of the HIPAA Security Rule, as pertaining
More informationHP Software as a Service
HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty
More informationDocuSign Single Sign On Implementation Guide Published: March 17, 2016
DocuSign Single Sign On Implementation Guide Published: March 17, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents
More informationADP Ambassador /Referral Rewards Program. Terms and Conditions of Use
ADP Ambassador /Referral Rewards Program Terms and Conditions of Use These Terms and Conditions ("Terms") are an agreement between ADP, LLC ("ADP"), on behalf of its Major Accounts Services Division ("MAS"),
More informationOracle Enterprise Manager
Oracle Enterprise Manager System Monitoring Plug-in Installation Guide for Microsoft Internet Information Services Release 12.1.0.2.0 E28547-05 February 2014 This document provides a brief description
More informationQUADRO POWER GUIDELINES
QUADRO POWER GUIDELINES DA-07261-001_v03 July 2015 Application Note DOCUMENT CHANGE HISTORY DA-07261-001_v03 Version Date Authors Description of Change 01 June 6, 2014 VL, SM Initial Release 02 June 2,
More informationSafeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
More informationProvider secure web portal & Member Care Information portal Registration Form
Provider secure web portal & Member Care Information portal Registration Form Thank you for your interest in registering for the Aetna Better Health Provider Secure Web Portal and the Aetna Better Health
More informationWhite Paper Delivering Web Services Security: The Entrust Secure Transaction Platform
White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationIntroduction to Virtual Datacenter
Oracle Enterprise Manager Ops Center Configuring a Virtual Datacenter 12c Release 1 (12.1.1.0.0) E27347-01 June 2012 This guide provides an end-to-end example for how to use Oracle Enterprise Manager Ops
More informationCITRIX SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT
CITRIX SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT PLEASE READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY BEFORE DOWNLOADING, INSTALLING OR USING CITRIX OR CITRIX-SUPPLIED SOFTWARE. BY DOWNLOADING OR INSTALLING
More informationSimplify and Secure Cloud Access to Critical Business Data
SAP Brief SAP Technology SAP Cloud Identity Objectives Simplify and Secure Cloud Access to Critical Business Data Gain simplicity and security in a single cloud solution Gain simplicity and security in
More informationAddressing Security for Hybrid Cloud
Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly
More informationgoberlin a Trusted Cloud Marketplace for Governmental and Commercial Services
goberlin a Trusted Cloud Marketplace for Governmental and Commercial Services Data Protection and Security Considerations in an egovernment Cloud in Germany Dr. Klaus-Peter Eckert Public Sector Cloud Forum
More informationMcAfee Cloud Single Sign On
Setup Guide Revision B McAfee Cloud Single Sign On COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee
More informationWork Space Manager for BES12 26387_449
Work Space Manager for BES12 26387_449 About this document This guide contains fixed and known issues for version 26387_449 of Work Space Manager for BES12. To see previous versions of the release notes,
More informationPrivacy Policy and Terms of Use
Privacy Policy and Terms of Use Pencils of Promise, Inc. ( PoP, we, us or our ) shares your concern about the protection of your personal information online. This Privacy Policy and Terms of Use ( Policy
More informationSAML:The Cross-Domain SSO Use Case
SAML:The Cross-Domain SSO Use Case Chris Ceppi Oblix Corporate Engineer Ed Kaminski OBLIX Federal Business Manager 410-349-1828 ekaminski@oblix.com Mike Blackin Principal Systems Engineer Oblix, Inc. 202-588-7397
More information"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.
QUICKSSL PREMIUM(tm) SUBSCRIBER AGREEMENT Please read the following agreement carefully. By submitting an application to obtain a QuickSSL Premium(tm) Certificate and accepting and using such certificate,
More informationWhite paper December 2008. Addressing single sign-on inside, outside, and between organizations
White paper December 2008 Addressing single sign-on inside, outside, and between organizations Page 2 Contents 2 Overview 4 IBM Tivoli Unified Single Sign-On: Comprehensively addressing SSO 5 IBM Tivoli
More informationOracle Enterprise Manager. Description. Versions Supported. Prerequisites
Oracle Enterprise Manager System Monitoring Plug-in Installation Guide for Microsoft SQL Server 10g Release 2 (10.2) B28049-01 January 2006 This document provides a brief description about the Oracle System
More informationThis research note is restricted to the personal use of christine_tolman@byu.edu
Burton IT1 Research G00234483 Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance
More informationStatusScope Remote Monitoring Service. Mobile User Guide
StatusScope Remote Monitoring Service RUO-IDV-05-0881-A February 2014 This document is provided to customers who have purchased AB SCIEX equipment to use in the operation of such AB SCIEX equipment. This
More informationWE RECOMMEND THAT YOU PRINT OUT AND KEEP A COPY OF THIS AGREEMENT FOR YOUR FUTURE REFERENCE.
RAPID CONNECT SERVICES(sm) and SPECIFICATION LICENSE AGREEMENT THIS RAPID CONNECT SERVICES AND SPECIFICATION LICENSE AGREEMENT IS BETWEEN FIRST DATA MERCHANT SERVICES CORPORATION ( FDMS ) FDMS AND YOU,
More informationADP Ambassador / Referral Rewards Program Terms and Conditions of Use
ADP Ambassador / Referral Rewards Program Terms and Conditions of Use These Terms and Conditions ("Terms") constitute an agreement between ADP Canada Co. ("ADP"), and You and apply to the ADP Canada Ambassador/Referral
More informationCA Spectrum and CA Embedded Entitlements Manager
CA Spectrum and CA Embedded Entitlements Manager Integration Guide CA Spectrum Release 9.4 - CA Embedded Entitlements Manager This Documentation, which includes embedded help systems and electronically
More informationEntitlements Access Management for Software Developers
Entitlements Access Management for Software Developers Market Environment The use of fine grained entitlements and obligations control for access to sensitive information and services in software applications
More informationBES10 Self-Service. Version: 10.2. User Guide
BES10 Self-Service Version: 10.2 User Guide Published: 2014-09-10 SWD-20140908171306471 Contents 1 BES10 Self-Service overview... 4 2 Log in to BES10 Self-Service... 5 3 Activating your device...6 Create
More informationPingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0
Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity
More informationTerms & Conditions MYJOB Website
Terms & Conditions MYJOB Website MY WEB LTD AND myjob.mu website. 1. My Web Ltd (a company duly registered in the Republic of Mauritius and hereinafter also referred in as the Company) is the maker and
More informationMAGNAVIEW SOFTWARE SUPPORT & MAINTENANCE. TERMS & CONDITIONS September 3, 2015 version
MAGNAVIEW SOFTWARE SUPPORT & MAINTENANCE TERMS & CONDITIONS September 3, 2015 version DEFINITIONS Agreement means (i) these Software Support & Maintenance Terms & Conditions, (ii) any exhibits and amendments
More informationDUAL MONITOR DRIVER AND VBIOS UPDATE
DUAL MONITOR DRIVER AND VBIOS UPDATE RN-07046-001_v01 September 2013 Release Notes DOCUMENT CHANGE HISTORY RN-07046-001_v01 Version Date Authors Description of Change 01 September 30, 2013 MD, SM Initial
More informationAn Oracle White Paper August 2010. Oracle OpenSSO Fedlet
An Oracle White Paper August 2010 Oracle OpenSSO Fedlet Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More informationDell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0
Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About
More informationOPEN DATA CENTER ALLIANCE USAGE MODEL: Cloud Infrastructure Rev. 1.0
OPEN DATA CENTER ALLIANCE USAGE MODEL: Cloud Infrastructure Rev. 1.0 Table of Contents Legal Notice...3 Executive Summary...4 Definitions...5 Purpose and Audience...5 Scope and Assumptions...5 Commonalities
More informationPointCentral Subscription Agreement v.9.2
PointCentral Subscription Agreement v.9.2 READ THIS SUBSCRIPTION AGREEMENT ( AGREEMENT ) CAREFULLY BEFORE INSTALLING THIS SOFTWARE. THIS AGREEMENT, BETWEEN CALYX TECHNOLOGY, INC., DBA CALYX SOFTWARE (
More informationAdopted as of February _18_, 2014
THE OPEN DATA CENTER ALLIANCE, INC. ANTITRUST POLICY (Version 2) Adopted as of February _18_, 2014 The Open Data Center Alliance, Inc. (the ODCA ) intends to conduct its affairs in compliance with the
More informationWI-FI ALLIANCE INTELLECTUAL PROPERTY RIGHTS POLICY
WI-FI ALLIANCE INTELLECTUAL PROPERTY RIGHTS POLICY BACKGROUND The purpose of the Wi-Fi Alliance ( WFA ) is to promote the IEEE 802.11 wireless networking standard by encouraging manufacturers of wireless
More informationHow to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications
SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this
More informationOPEN DATA CENTER ALLIANCE SM EXECUTIVE OVERVIEW Cloud Maturity Model Rev. 3.0
OPEN DATA CENTER ALLIANCE SM EXECUTIVE OVERVIEW Cloud Maturity Model Rev. 3.0 CONTRIBUTORS Allan Colins T-Systems Christoph Jung T-Systems Immo Regener PwC Lucia-Marie Muench Mariano Maluf The Coca-Cola
More informationSUBSCRIPTION SERVICES.
SUSE Manager Server SUSE Manager Server with Database SUSE Software License Agreement PLEASE READ THIS AGREEMENT CAREFULLY. BY PURCHASING, INSTALLING AND/OR USING THE SOFTWARE (INCLUDING ITS COMPONENTS),
More informationLOGIX Fax to Email Service
LOGIX Fax to Email Service ACCEPTANCE OF TERMS AND CONDITIONS This agreement is between LOGIX Communications, L.P. dba LOGIX Communications ("LOGIX") and Customer ("you" or "Customer"), as an authorized
More informationCA Nimsoft Monitor. Probe Guide for Cloud Monitoring Gateway. cuegtw v1.0 series
CA Nimsoft Monitor Probe Guide for Cloud Monitoring Gateway cuegtw v1.0 series Legal Notices This online help system (the "System") is for your informational purposes only and is subject to change or withdrawal
More informationADDENDUM TO THE BLACKBERRY SOLUTION LICENSE AGREEMENT FOR BLACKBERRY BUSINESS CLOUD SERVICES FOR MICROSOFT OFFICE 365 ( the ADDENDUM )
ADDENDUM TO THE BLACKBERRY SOLUTION LICENSE AGREEMENT FOR BLACKBERRY BUSINESS CLOUD SERVICES FOR MICROSOFT OFFICE 365 ( the ADDENDUM ) IMPORTANT NOTICES: In order to access and/or use this Cloud Service
More informationClosing the Biggest Security Hole in Web Application Delivery
WHITE PAPER DECEMBER 2014 Closing the Biggest Security Hole in Web Application Delivery Addressing Session Hijacking with CA Single Sign-On Enhanced Session Assurance with DeviceDNA Martin Yam CA Security
More information