Building blocks for establishing federation with organizations like ESA
|
|
- Poppy Brown
- 8 years ago
- Views:
Transcription
1 Building blocks for establishing federation with organizations like ESA ESA Single Sign-on & OGC Authentication Standard A. Baldi ESA: M. Leonardi RHEA: Helsinki 02/10/2013 FIM4R
2 ESA EO IM introduced in 2011 ESA EO Identity Management and the supporting AAI infrastructure for the creation, maintenance, and utilization of digital identities was introduced in beginning of 2011 after an initial study: Initially based on Shibboleth 1 and then ported on Shibboleth 2 (current baseline) with few extensions Consists of: Redundant Identity providers (IDPs) Redundant Identity Registries (LDAPs) Multiple Service Provider (SPs) Check Points Is based on a common Minimal User Profile derived from inetorgperson + a dedicated common EO SP profile for specific attributes.
3 ESA EO IM Functions Authentication Single SIgn On for all Web applications with inheritance of User community between SPs. Authorization Exchange of attributes for granting user access to the resources with SP profile synchronization with IDP. Chained Multi Step Self Registration Acquiring user s identity information by IDP and SPs before issuing user credential. Credentials Recovery The user is able to self recover a forgotten password autonomously. Secure Storage Storage of sensitive identity information into secure registry (via encryption, owned by the IDP). Administration Self users administration of key profile information. More advanced administration functions across the enterprise for IM administrators. Security Enforcement Password strong security enforced upon registration and password management by the IDP. Auditing Auditing of user privileges, user access to resources, resource utilization. Reporting Reporting of user information for statistical utilization via a dedicated BI tool. Authentication for Java Applications JCL (Java Client Library) designed to offer an SSO API to Java applications. Easy AAI Deployment Virtual Environment with AAI infrastructure and IM template for SP. AAI Robustness Geographically Distributed Cluster for ESA AAI infrastructure.
4 Why FIM is important for ESA? Enable Internal Identity Federation: split/model ESA user communities into smaller dedicated domains (e.g. ESA ONLY projects, ESA/EU projects, etc) Allow different organizations to interoperate and efficiently share data and services via External Identity Federation: Enable ESA EO SSO users to access external resources operated by different space organizations. Enable others space partners users to access to ESA EO resources.
5 ESA$Data$ NASA/NOAA$ Data$ NASA/NOAA$Users$ Communi5es$ Third$Party$Data$$ (non<esa$missions)$ ESA$Data$ ESA$Federated$Users$ Community$ ESA$MMGS$$ Users$ ESA$Data$ Independent$Distributors$$ (e.g.$euroimage$ VITO)$ External$Users$ Communi5es$ A.$EO$ESA$ Domain$ (C2C)$ B.$ESA$EO$ Mirror$Sites$ Model$ (C2C)$ LTDP$Data$ Users$ Communi5es$ Heterogeneous$ Missions$Data$ Industry)$ External$Users$Communi5es$ SAML$$ Domain$ Mixed$$Models$ (B2B/C2B/C2C)$ A.$EO/EU$ Domain$ (C2C)$ B.$ESA$EO$ Mirror$Sites$ Model$ (C2C)$ C.$Collabora5ve$Model$$ (B2B/C2B)$ ESA$GMES$ Users$ ESA Use Cases
6 ESA Use Cases Details Use Case Source Context Description Model ESA EO Federation ESA/EU GMES & MM GS Implementation of EO Federated Domains: different administrative Domains for i.e. EO ESA, EO EU. Users shall coexist with no duplication of accounts. C2C ESA EO Mirror Sites ESA Nasa NOAA ESA VITO Envisat Terra/Aqua PROBA V Joint dissemination with other space organizations (e.g. NASA/NOAA MODIS/ MERIS): Nasa ~80000 Users, ESA ~12000 NASA selected users as ESA users (pilot?) VITO selected users as ESA PROBA V users C2C C2C ESA Euro Image 3rd Party Missions Independent distributor for ESA 3rd party mission data via ESA branded portal C2C Collaborative Scenarios ESA DLR UK Space Agency ESA Eumetsat DLR LTDP HMA geo/fedeo Each organization distributes its own long time data series (e.g. AVHRR) to the federation users. Authentication done by the Home organization Federating WEB SSO with WEBServices based on OGC User Management Interfaces for Earth Observation Services STS between SAML based systems Pilot with Eumetsat & DLR(~9000 Users) B2B C2C C2B Mixed Model ESA & TEP Operators Exploitation Platform Federation with Scientific Institutions and Industry. Includes thematic user community management delegated to partners. B2B B2C C2C
7 ESA EO IM Federating Models Objective: Federating different users communities belonging to space agencies to easily share EO data by allowing cross authentication and authorization. ESA EO IM will use AuthZ/AuthN OGC Web services & Web SSO: 1. Business to Business (B2B) Authentication & Authorization via SAML 2 Security Token Service between systems. 2. Consumer to Business (C2B) Authentication & Authorization: Web SSO shall interact with B2B service authorization environment based on SAML tokens. 3. Different Consumer to Consumer (C2C) Authentication & Authorization: ESA Web SSO shall interact with other space agencies Web SSO (e.g. ESA SSO with NASA SSO).
8 ESA EO IM Federating News Importance of IM was recognized in the context of the Heterogeneous Mission Accessibility (HMA) project. HMA is an ESA, ASI, CNES, CSA, DLR, EUSC, EUMETSAT collaboration to harmonize access to heterogeneous EO data systems. Prototype of User Management Interface (STS SAML 1) implemented in 2012 followed by the full specification of User Management Interfaces for EO Services: OGC Covering B2B and C2B scenarios OGC Specification submitted in 24th September 2013 as best practice to Open Geospatial Consortium (OGC ) for approval as applicable standard. OGC describes interfaces and scenarios for Authentication & Authorization in a federated system of OGC Web Services for Earth Observation. Expected approval by end of Implementation in the scope of new Federated Identity Management project 2014
9 STS Security Model A Secure Token Service (STS) is a Web service that issues interoperable security tokens. It makes assertions based on evidence of the user identity An STS receives some kind of credential and returns a token that represents the user s identity. Presenting the token, as proof of user identity, lets the user to be served outside of his security domain without providing credential. A Web service itself can generate security tokens or it can rely on a separate STS to issue a security token. The STS security model includes a Target Service, a Client and the Security Token Service. There is an explicit trust relationship (PKI) between the Web service and the STS and between the client and the STS. There is not an implicit trust between the client and service.
10 STS Security Model Basic*case*with*the*STS*ac8ng*as*Iden8ty* Provider*(IDP)* 1."RST"(Request"Security"Token)" with"creden:als" STS* 2."Validate"iden:ty"in" the"local"user"registry" Users*Registry* 3."Create/Sign/Encrypt"" the"saml"token" Client* 4."RSTR"(Security"Token" Signed"and"Encrypted"by"the"STS)"" Service*Provider* 6."Validate"" Security"Token" 5."Service"Request"(Security"Token)" SP** PEP* 7."Service"Response"
11 B2B Authentication Model Federa+ng$Iden+ty$Provider$ Client$Home$Organiza+on$IDP$ Client$ 1."RST"with"" creden/als" STS$ 6."Sign/Encrypt"the" SAML"token" Users$$ Registry$ STS$ 3."Validate"iden/ty"in" the"user"registry" Users$$ Registry$ 7."RSTR" 2."Redirect"RST"to"the"client" home"organiza/on"idp" 4."Create"the"SAML" token" 5."RSTR"(SAML"token)" Federa+ng$Service$Provider$ 8."Service"Request"(Security"Token)" SP$$ PEP$ 9."Validate"" Security"Token" 10."Service"Response"
12 C2B Authentication Model Federa+ng$Iden+ty$Provider$ Client$Home$Organiza+on$IDP$ 7."Create/"Sign/Encrypt" the"saml"token" STS$ Users$$ Registry$ WEB$IDP$ 3."Validate"iden;ty"in" the"user"registry" Users$$ Registry$ 8."RSTR" 4."Create"the"SAML" Ar;fact"+"aFributes" 5."Return"the"SAML"Ar;fact"+" afributes" User$ Web$$ Browser$ Embedded$Client$into$$ Federated$WEB$$Service$Provider$ 6."RST"with"" Web"Auth" 2."Web"Auth"Request" redirected"to"the"client" home"organiza;on"idp" SP$Web$$ PEP$ Federa+ng$Service$Provider$ SP$PEP$ 10."Validate"" Security"Token" Client$ 9."Service"Request"(Security"Token)" 1."Protected"" Func;on"call" 11."Service"Response"
13 C2C Authentication Model Federa&ng)Domain)(i.e.)ESA)) User)Home)Organiza&on)IDP) (Federated)IDP,)e.g.)NASA)) Federa&ng)IM) Infrastructure) WEB)IDP) Users)) Registry) Federa&on) Gateway) IDP) 3b."Validate"iden+ty"in" the"user"registry" Users)) Registry) 4b."Create"the"" Authen+ca+on"statement" Federa&ng) Service)Provider) 2b."Federated"user"" authen+ca+on"process" 2a."Federa+ng"user"" authen+ca+on"process" 1b."Service"request" Federated)User)) Web)Browser)(e.g.)NASA)user)) 1a."Service"request" Federa&ng)User)) Web)Browser)(i.e.)ESA)user))
14 Conclusions FIM is a challenge and it is essential: to increase data exchange and collaboration with international partners to enable EO organizations to increase data distribution via a simplified user access Scenario is complex and multi-faced Need to cope with different technologies, organizations and their constrains. Collaboration among organizations is essential to be able to get concrete results. Space organizations have agreed to start co-operate to establish common building blocks
ESA EO Identify Management
ESA EO Identify Management The ESA EO IM Infrastructure & Services A. Baldi ESA: Andrea.Baldi@esa.int M. Leonardi ESA: m.leonardi@rheagroup.com 1 Issues @ ESA with legacy user management Users had multiple
More informationThe EUMETSAT EO Portal User Management Concept
The EUMETSAT EO Portal User Management Concept Second Workshop on the use of GIS/OGC standards in meteorology Météo-France International Conference Center 42 avenue Gaspard Coriolis, Toulouse, France 23.-25.
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationMasdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae
Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation
More informationFederated Identity Architectures
Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,
More informationProtect Everything: Networks, Applications and Cloud Services
Protect Everything: Networks, Applications and Cloud Services Tokens & Users Cloud Applications Private Networks Corporate Network API LDAP / Active Directory SAML RADIUS Corporate Network LDAP / Active
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationThe Challenges of Web single sign-on
Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012 Agenda Single sign-on technology Why single sign-on Challenges
More informationSingle Sign-On: Reviewing the Field
Outline Michael Grundmann Erhard Pointl Johannes Kepler University Linz January 16, 2009 Outline 1 Why Single Sign-On? 2 3 Criteria Categorization 4 Overview shibboleth 5 Outline Why Single Sign-On? Why
More informationHMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany
HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany Goal Show the differences of two alternative federated user management specifications
More informationIT@Intel. Improving Security and Productivity through Federation and Single Sign-on
White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing
More informationHow to Implement Enterprise SAML SSO
How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and
More informationShibboleth N-Tier Support. Chad La Joie chad.lajoie@switch.ch
Shibboleth N-Tier Support Chad La Joie chad.lajoie@switch.ch Agenda Use Case Terminology Shibboleth Solution Future Effort Resources 2 Use Case Current use case comes from University of Chicago University
More informationA Future Scenario of interconnected EO Platforms How will EO data be used in 2025?
A Future Scenario of interconnected EO Platforms How will EO data be used in 2025? ESA UNCLASSIFIED For Official Use European EO data asset Heritage missions Heritage Core GS (data preservation, curation
More informationGFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on
GFIPM Supporting all Levels of Government Toward the Holy Grail of Single Sign-on Presenter(s): John Ruegg, DOJ Global Security Working Group Mark Phipps, CJIS/FBI Law Enforcement Online Kevin Heald, PM-ISE
More informationHow Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data
2014 Fifth International Conference on Computing for Geospatial Research and Application How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data Andreas Matheus University of
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: RESEARCH RESEARCH LTD. 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources
More informationEnabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationLong Term Preservation of Earth Observation Data
Long Term Preservation of Earth Observation Data QA4EO Workshop RAL, October 18-20 th 2011 Mirko Albani and Bojan Bojkov* (ESA/ESRIN) Page 1 Outline Earth Observation data preservation: the need and the
More informationFederated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure
Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure Ahmed Shiraz Memon (JSC - DE) Jens Jensen (STFC escience - UK) Ales Cernivec (XLAB - SL) Krzysztof Benedyczak
More informationGFIPM & NIEF Single Sign-on Supporting all Levels of Government
GFIPM & NIEF Single Sign-on Supporting all Levels of Government Presenter: John Ruegg, Director LA County Information Systems Advisory Body (ISAB) & Chair, Global Federated ID & Privilege Management (GFIPM)
More informationHow to create a SP and a IDP which are visible across tenant space via Config files in IS
How to create a SP and a IDP which are visible across tenant space via Config files in IS This Documentation is explaining the way to create a SP and IDP which works are visible to all the tenant domains.
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES 1. Federation Participant Information 1.1 The InCommon Participant Operational Practices information below is for: InCommon Participant organization
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationFederated Identity Management. Willem Elbers (MPI-TLA) EUDAT training
Federated Identity Management Willem Elbers (MPI-TLA) EUDAT training Date: 26 June 2012 Outline FIM and introduction to components Federation and metadata National Identity federations and inter federations
More informationAuthentication and Single Sign On
Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication
More informationAND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009.
MICROSOFT GENEVA SERVER AND SUN OPENSSO ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS White Paper May 2009 Abstract Interoperability between applications in heterogeneous technology
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationTitle: A Client Middleware for Token-Based Unified Single Sign On to edugain
Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de
More informationDAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture
DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture Sascha Neinert Marseille, 06.02.2008, Sascha Neinert, 06.02.2008 Seite 1 Overview Project Goals Partners Network
More informationCan We Reconstruct How Identity is Managed on the Internet?
Can We Reconstruct How Identity is Managed on the Internet? Merritt Maxim February 29, 2012 Session ID: STAR 202 Session Classification: Intermediate Session abstract Session Learning Objectives: Understand
More informationFederated Identity Management Solutions
Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationLogout in Single Sign-on Systems
Logout in Single Sign-on Systems Sanna Suoranta, Asko Tontti, Joonas Ruuskanen, Tuomas Aura IFIP IDMAN, London, UK, 8-9.4.2013 Logout in Single Sign-on Systems Motivation Single sign-on (SSO) systems SSO
More informationFederation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015
Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationBiometric Single Sign-on using SAML
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On
More informationUser Management Interfaces for Earth Observation Services Abstract Test Suite
User Management Interfaces for Earth Observation Services Abstract Test Suite Primary Author Andrew Woolf, STFC Rutherford Appleton Laboratory Revision history Version Contributors Date Changes 0.1 Andrew
More informationHow To Make A Multi-Tenant Platform Secure And Secure
Authentication As A Service Why new Cloud based Authentication solutions will be adopted by about 50% of the companies by 2017? Jason Hart CISSP CISM VP Cloud Solutions What a great world Today's World
More informationFederated Identity Management
Federated Identity Management SWITCHaai Team aai@switch.ch Agenda 2 What is Federated Identity Management? What is a Federation? The SWITCHaai Federation Interfederation Evolution of Identity Management
More informationA Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR
A Shibboleth View of Federated Identity Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR Short Section Title Agenda Assumptions and Trends Identity Management and Shibboleth Shibboleth
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationNetworkingPS Federated Identity Solution Solutions Overview
NetworkingPS Federated Identity Solution Solutions Overview OVERVIEW As the global marketplace continues to expand, new and innovating ways of conducting business are becoming a necessity in order for
More informationFederated Identity Management
Federated Identity Management SWITCHaai Introduction Course Bern, 1. March 2013 Thomas Lenggenhager aai@switch.ch Overview What is Federated Identity Management? What is a Federation? The SWITCHaai Federation
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationIdentity and Access Management for Federated Resource Sharing: Shibboleth Stories
Identity and Access Management for Federated Resource Sharing: Shibboleth Stories http://arch.doit.wisc.edu/keith/apan/ apanshib-060122-01.ppt Keith Hazelton (hazelton@doit.wisc.edu) Sr. IT Architect,
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationBiometric Single Sign-on using SAML Architecture & Design Strategies
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand
More informationDelegation for On-boarding Federation Across Storage Clouds
Delegation for On-boarding Federation Across Storage Clouds Elliot K. Kolodner 1, Alexandra Shulman-Peleg 1, Gil Vernik 1, Ciro Formisano 2, and Massimo Villari 3 1 IBM Haifa Research Lab, Israel 2 Engineering
More informationAgenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization
Agenda Office 365 Identity overview 1 Federation and Synchronization Federation using ADFS and Extensibility options 2 3 What s New in Azure AD? Cloud Business App - Overview 4 Identity Management is
More informationEnabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1
Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1 Agenda Introduction PAGE 2 Organization Speakers Security Spectrum Information Security Spectrum Oracle Identity Management
More informationAlex Wong Senior Manager - Product Management Bruce Ong Director - Product Management
Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release
More informationStep-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x
Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies
More informationFederations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase
Authentication and Authorisation for Research and Collaboration Federations 101 An Introduction to Federated Identity Management Peter Gietz, Martin Haase AARC NA2 Task 2 - Outreach and Dissemination DAASI
More informationPingFederate. SSO Integration Overview
PingFederate SSO Integration Overview 2006-2012 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 6.6 January, 2012 Ping Identity Corporation 1001 17th Street,
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Lethbridge 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources
More informationFederated Identity Management Interest Group
1 Federated Identity Management Interest Group The FIM interest group (FIMig) is an international crossdomain interest group to work on all issues related to the use FIM for the implementation of AAIs
More informationHow To Manage Identity On A Cloud (Cloud) With A User Id And A Password (Saas)
Integral Federated Identity Management for Cloud Computing Maicon Stihler, Altair Olivo Santin, Arlindo L. Marcon Jr. Graduate Program in Computer Science Pontifical Catholic University of Paraná Curitiba,
More informationProduct overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities
PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to
More informationExtend and Enhance AD FS
Extend and Enhance AD FS December 2013 Sponsored By Contents Extend and Enhance AD FS By Sean Deuby Introduction...2 Web Service SSO Architecture...3 AD FS Overview...5 Ping Identity Solutions...7 Synergy
More informationFederated Identity: Leveraging Shibboleth to Access On and Off Campus Resources
Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Paul Riddle University of Maryland Baltimore County EDUCAUSE Mid-Atlantic Regional Conference January 16, 2008 Copyright
More informationPingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1
PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity
More informationTrustedX - PKI Authentication. Whitepaper
TrustedX - PKI Authentication Whitepaper CONTENTS Introduction... 3 1... 4 Use Scenarios... 5 Operation... 5 Architecture and Integration... 6 SAML and OAuth 7 RESTful Web Services 8 Monitoring and Auditing...
More informationEntrust IdentityGuard Comprehensive
Entrust IdentityGuard Comprehensive Entrust IdentityGuard Comprehensive is a five-day, hands-on overview of Entrust Course participants will gain experience planning, installing and configuring Entrust
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationTechnology Day 2015 Xylos
Stay in control of your identity with Azure Active Directory (Premium) Technology Day 2015 Xylos Robin Vermeirsch Sr. IT consultant CCM Azure Active Directory Introduction Competence Center Messaging (CCM)
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationCloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper
Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation March 2016 Public Agenda SAP security portfolio Overview SAP Single Sign-On Single sign-on main scenarios Capabilities Summary 2016 SAP SE or an SAP affiliate
More informationEasy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant
Easy as 1-2-3: The Steps to XE Mark Hoye Services Portfolio Consultant September 25, 2015 Objective / Agenda Objective Provide relevant information about Banner XE Provide a framework for understanding
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationFederation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority
Federation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority copyright of British Telecommunications plc 2006 Abstract As a large organisation with many partners BT has been
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationDEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity
DEPLOYMENT GUIDE SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity Table of Contents SAML Overview...3 Integration Topology...3 Deployment Requirements...4 Configuration Steps...4 Step
More informationOkta/Dropbox Active Directory Integration Guide
Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for
More informationSAP HANA Cloud Portal Overview and Scenarios
SAP HANA Cloud Portal Overview and Scenarios HERUG 2014 Conference - Montevideo April 2014 Twitter: @portal_sap / #hanacloudportal HERUG 2014 Conference Event Website Event overview Information and Agenda
More informationHow To Use Saml 2.0 Single Sign On With Qualysguard
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
More informationINF3510 Information Security University of Oslo Spring 2012. Lecture 8 Identity and Access Management. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2012 Lecture 8 Identity and Access Management Audun Jøsang Outline Identity and access management concepts Identity management models Access control
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationIntegrating Multi-Factor Authentication into Your Campus Identity Management System
Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context
More informationE-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine.
E-LibUkr portal: Case study of Shibboleth and EZProxy in Ukraine. Yaroshenko Tetiana, yaroshenko[@]ukma.kiev.ua Introduction The Kyiv Mohyla Foundation of America and the National University of Kyiv Mohyla
More informationFederated Identity in the Enterprise
www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember
More informationProvisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1
Item Count Provisioning/Deprovisioning Automated Deprovisioning 1 Automated on/off boarding from an authoritative source AUTOMATED [DE-]PROVISIONING 1 Removal of resources at the appropriate time 1 Timeliness
More informationSD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier
ש בולת SD Departmental Meeting November 28 th, 2006 Ale de Vries Product Manager ScienceDirect Elsevier Shi... whát? : Shibboleth ש בולת [...] "stream, torrent". It derives from a story in the Hebrew Bible,
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationFederated Identity Management Checklist
Federated Identity Management Checklist This document lists the minimum (marked with an *) and recommended policy, process, and technical steps required to implement Federated Identity Management and operate
More informationComputer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
More informationWebNow Single Sign-On Solutions
WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,
More information