Step-up-authetication as a service
|
|
- Katrina Weaver
- 8 years ago
- Views:
Transcription
1 Step-up-authetication as a service Pieter van der Meulen Technical Product Manager For more details see the report at: Documents/rapport_Step-up_Authentication-as-a- Service_Architecture_and_Procedures_final.pdf
2 SURFsure Bind existing institutional authentication (SAML) Something you know to something you have Token, phone to offer higher a LoA to federated services Leverage existing relations SURFnet has with its constituency for the RA process Self service though website 2
3 SURFsure 2 Open - provide several 2nd factors SMS, Ubikey, tiqr Standards OATH SAML Easy implementation for IdPs 3
4 Use cases Institution administration e.g. access to financial records Research Access to sensitive data, expensive equipment e.g. life sciences VPN access Not in scope 4
5 Federation Models 1 to 1 IdP SP Business NSPs x NIdPs IdP SP Shared trust Point to Point IdP IdP SP SP IdP SP NSPs + NIdPs IdP SP IdP SP Central Gateway IdP Gateway SP 5 NxN : Mesh federation. Most common model N+N: Hub and Spoke model. Used by SURFnet and others. IdP: Identity Provider SP: Service provider
6 SURFsure AuthN flow IdP SURFconext SURFsure SP AuthN req LoA 1 AuthN reqest RequestedAuthContext AuthNResp LoA 1 Auth 2nd factor Resp 2nd factor AuthN response AuthContext Implement SURFsure as a transparant SAML proxy between the SP(s) requiring step-up and the IdPs in the federation. Can be added equally well to 1-1, NxM (Mesh) and (N+M) Hub-andspoke federation models. For hub-and-spoke the SURFsure gateway sits between the federation hub (SURFconext) and the SP. Before AuthN starts the user must have been enrolled resulting in a 2nd factor that is bound to the users federative (LoA 1) account. 1) SP uses RequestedAuthnContext (SAML 2.0 core, Section ) to request the LoA (STORK/NIST) 2) SURFsure performs a normal (LoA 1) SAML authentication to the user s home IdP; discovery (WAYF) for IdP selection can be performed at SP, SURFsure, SURFconext. Choose one. 3) SURFsure has the (LoA 1) identity of the user. Use that to authenticate the user using the (LoA > 1) 2nd factor bound the to the user. 4) If authentication is successful sent an AuthN response to the SP that contains the achieved LoA. 6
7 LoA : NIST, STORK LoA 1 No registration requirements Minimal assurance is requested for the authentication mechanism LoA 2 Registration requires information from an authoritative source A secure authentication protocol shall be used. Controls shall be in place to reduce the effectiveness of eavesdropper and online guessing attacks. Controls shall be in place to protect against attacks on stored credentials. 7
8 LoA : NIST, STORK LoA 3 Registration requires information from an authoritative source + verification Any secret information exchanged in authentication protocols shall be cryptographically protected LoA 4 Registration requires information from an authoritative source + verification + entity witnessed in person Tamper-resistant hardware devices for the storage of all secret or private cryptographic keys shall be used. Sensitive data included in authentication protocols shall be cryptographically protected. 8
9 Transmit LoA Use a standards based approach: The SAML 2.0 Authentication Context class reference Based on the SAML 2.0 Identity Assurance Profiles 1.0 (2010) Committee Specification 01 Using internationally used identifiers (URNs) possibly using the IANA registry Transmit LoA as a single URN. No differentiation between assurance level of the registration and the assurance level of the 9
10 Registration Remote registration Requires availability of trusted registries to validate name, address, ID numbers Dutch governmental/municipal registries may not be used by institutions Send registration letter to home address In person registration Seems more efficient!? Can meet requirements for LoA 4 10
11 Invite a User The RA invites a user to get and register a 2nd factor 11
12 The RA invites a user to get and register a 2nd factor. 12
13 User self registration 13
14 The user needs to have the LoA 2 or 3 authentication credential (token) that is going to be registered. The user goes to the SURFsure website. 14
15 The user is asked to authenticate. Since SURFsure is part of SURFconext, the user can use his institutional username and password combination for this purpose. 15
16 After successful authentication, the user is presented a number of LoA 2 and 3 authentication solutions. Possible solutions are e.g. tiqr, SMS-OTP, and Yubikey. 16
17 The user selects one of the solutions. 17
18 SURFsure initiates an authentication session with the selected solution. E.g. in case of SMS- OTP the user is asked to enter his mobile phone number and OTP challenge that is sent to him via SMS. Note that each solution may have its own authentication procedure. For instance, the selection of tiqr may involve downloading and installation operations prior to continuing with the SURFsure registration. 18
19 After successful authentication with the selected solution an e- mail containing an activation link is sent to the user. 19
20 The user is asked to click on the link to confirm and prove that he/she is the owner of the token. This step proves that the user has access to the address that has been provided by the IdP and forms an additional validation of the user s identity. Moreover, the user can detect it if someone else attempts to request a token in his or her name. 20
21 After activation, SURFsure shows the user a registration form that contains personal information obtained from the IdP and possible authentication solution specific information such as a telephone number. The form also contains a unique registration code. The registration code should have enough entropy to prevent a guessing attack (an attacker should not be obtain the valid code via trial-and-error by generating codes), yet short enough to be written down by the user. The form is sent to the user s address. It is also possible to print the form if the user has access to a nearby printer. Additionally, SURFsure submits a second factor registration request entry to the RA of the user s institution. the user is asked to go to the RA of the institution to complete the registration process. 21
22 At the registration desk 22
23 To complete the registration the user, in possession of the registration code and the second factor and an identity document (e.g. passport, drivers license), visits the RA. The RA Logs in to the SURFsure web interface. Using two factor authentication. Note that the RA has to log in with a LoA that is equal to or higher than the LoA of the authentication solution selected by the user. Otherwise the RA cannot execute the registration. 23
24 The RA authenticates with the first factor. 24
25 The RA authenticates with the 2nd Factor. 25
26 The RA selects the user to register from the list. 26
27 At the RA desk, the user gives the registration form or shows the to the RA. The RA logs in to SURFsure and enters the registration code. 27
28 In registering the user, the RA must verify the IdP-provided information against other trusted sources. SURFsure shows the registration request including some personal information of the applicant obtained from the IdP (i.e. the user s first and last name and address). The registrar verifies this information against the information in the valid photo-id, i.e. he inspects the photo-id (is it valid), checks if the photo matches the applicant and if the first and last name on the ID corresponds to those provided by SURFsure14. Note that the RA is, in principle, able to perform additional checks based on other local trusted identity sources during registration. E.g. local HR sources could be used for validation of day of birth or social security number. This is not part of the requirements for SURFsure, however. 28
29 RA Vets identity document provided by the user 29
30 The user shows he or she controls the second factor by performing an authentication using the RA s workstation. The RA oversees the authentication attempt and can tell whether it was successful. 30
31 Having successfully identified the user, the RA confirms the registration and binds the second factor authentication solution to the user s federated account credentials; if this is not the case the registration is rejected. The user can now use step-up or strong authentication to access services. 31
32 De-registration 32
33 33
34 34
35 35
36 36
37 Questions? Remarks?
38 Delegation of RA Step-upauthentication as a Service Account advisor (AA) AA AA Institution Contact Person (ICP) ICP ICP ICP ICP ICP Registration Authority Administrator (RAA) RAA RA Registration Authority (RA) RA RA RA RA 38 Registration of users is performed by RAs and RAAs using the SuaaS webinterface. The delegation of authorization to RAs is handled through the existing SURFnet structure whereby the ICP authorize persons in their institution to perform tasks. For SuaaS two roles are used: 1) RAA: Can designate other RAs and can perform the tasks of a RA 2) RA: Can vet users using the SuaaS web interface.
Step-up Authentication-as-a-Service
A study of the architecture and processes Author(s): Martijn Oostdijk, Bob Hulsebosch and Maarten Wegdam (Novay) Roland van Rijswijk-Deij, Joost van Dijk, Pieter van de Meulen and Eefje van der Harst (SURFnet)
More informationInventory of strong identity assurance solutions and how they compare to a web of trust approach
09-07-2014 Milestone M3.1: Inventory of strong identity assurance solutions and how they compare to a web of trust approach Milestone M3.1 Contractual Date: 31-03-2014 Actual Date: 09-07- Grant Agreement
More informationSingle Sign On Implementation Guide
Michigan Health Information Network Single Sign On Implementation Guide Version 10 August 18, 2015 Document History Date Version Section(s) Revised Description Modifier 8/28/14 1 All Initial Draft Talley
More information2 business days from the date of K-Cyber Invest registration.
How to apply K-Cyber Invest How to apply for K-Cyber Invest There are 2 following ways to apply for K-Cyber Invest; 1. Online registration via K-Cyber Service without any documents (For user who had K-Cyber
More informationTIB 2.0 Administration Functions Overview
TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR
More informationRealMe. Technology Solution Overview. Version 1.0 Final September 2012. Authors: Mick Clarke & Steffen Sorensen
RealMe Technology Solution Overview Version 1.0 Final September 2012 Authors: Mick Clarke & Steffen Sorensen 1 What is RealMe? RealMe is a product that offers identity services for people to use and manage
More informationBlending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:
More informationSECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT
SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT Dmitry Barinov SecureKey Technologies Inc. Session ID: MBS-W09 Session Classification: Advanced Session goals Appreciate the superior
More informationInCommon Bronze Self-Certification September 26, 2014
September 26, 2014 This document contains the compliance assertions of Harvard University regarding InCommon Assurance Profile 1.2. Name of organization: Harvard University Name of contact: Scott Bradner
More informationMobile OTP Issuance Existing Users Non- Roaming Flow (Private Computer)
RETAIL USERS:- Mobile OTP Issuance Existing Users Non- Roaming Flow (Private Computer) User logs in to the application by entering user name and password User is navigated to the Software authentication
More informationRich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association. SAFE-BioPharma Association
Navigating the Identity Landscape Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association SAFE-BioPharma Association Overview An overview of US and EU government
More informationPreparing your Domain to transfer from Go Daddy
Preparing your Domain to transfer from Go Daddy Before you can transfer a domain: Getting Started Disable domain privacy. If the privacy service forwards incoming email, check the ʻforward toʼ contact
More informationGlossary of Key Terms
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
More informationExternal authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy
External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010
More informationOnline Identity Attribute Exchange 2013-2014 Initiatives
Online Identity Attribute Exchange 2013-2014 Initiatives Agenda Overview AXN Services Framework Demonstration NSTIC Pilots Summary ABAC Services Attribute Exchange Network Page 2 AXN - Enabling IT & Other
More informationStep by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)
Installation guide for securing the authentication to your F5 Big-IP APM solution with Nordic Edge One Time Password Server, delivering strong authetication via SMS to your mobile phone. 1 Summary This
More informationSAML for EPCS (Electronic Prescription of Controlled Substances)
SAML for EPCS (Electronic Prescription of Controlled Substances) Discussion Slides for review in the OASIS Security Services (SAML) TC August, 2014 DEA Regulation Compliance with New York s istop law-
More informationFederated Identity Management
Federated Identity Management AKA, Identity Federation or just Federation Siju Mammen SANReN 28th March 2013 Table of contents What is Federation? Main Actors in the Federation game Research and Education
More information7. In the boxed unlabeled field, enter the last 4 digits of your Social Security number.
CREATE YOUR MYVIEW LOGIN To access myview while ensuring security, you will be given an encrypted access key token. You will use this token the first time you log into myview. Once you have successfully
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationFaculty Introduction to Self-Service
Faculty Introduction to Self-Service This user guide focuses on how faculty members can use Self-Service to access and update their information. Using a Web browser, faculty members can enter student grades,
More informationA unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or
SBA Procedural Notice TO: All SBA Employees CONTROL NO.: 5000-1323 SUBJECT: Acceptance of Electronic Signatures in the 7(a) and 504 Loan Program EFFECTIVE: 10/21/14 The purpose of this Notice is to inform
More informationThese Frequently Asked Questions include information about both the Remote Identity Proofing (RIDP) and
Questions and Answers about Remote Identity Proofing and Multi- Factor Authentication About the Frequently Asked Questions These Frequently Asked Questions include information about both the Remote Identity
More informationProcedure for How to Enroll for Digital Signature
Procedure for How to Enroll for Digital Signature In Online Processing System getting to implement Digital Signature and Electronic Token for security and Authentication Purpose. For that bidder must have
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationMulti-Factor Network Authentication
Multi-Factor Network Authentication Setup Guide Multi-Factor Network Authentication (also called GhostPorts) is a powerful security feature available with the Halo Workload Firewall Management security
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationGetting Started with AD/LDAP SSO
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Royal Roads University_ Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationInstructions for users of the EU Emissions Trading Scheme Union Registry System. Registration and ECAS Account
Instructions for users of the EU Emissions Trading Scheme Union Registry System Registration and ECAS Account These instructions are addressed to persons who will require access to accounts held on the
More informationMy Private Cloud. Project Objectives
My Private Cloud David W Chadwick University of Kent 1 Dec 2011 IEEE CloudCom 2011 1 Project Objectives Migrate (as much as possible in 6 months of) the trust, security and privacy preserving infrastructure
More informationOnline Identity Attribute Exchange 2013-2014 Initiatives
Online Identity Attribute Exchange 2013-2014 Initiatives Agenda Overview AXN Services Framework Demonstration NSTIC Pilots Summary ABAC Services Attribute Exchange Network Page 2 AXN - Enabling IT & Other
More informationMobile multifactor security
Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,
More informationUsing GhostPorts Multi-Factor Authentication
Using GhostPorts Multi-Factor Authentication With CloudPassage Halo GhostPorts is a powerful multi-factor authentication feature available with the Halo NetSec and Halo Professional subscription plans.
More informationSD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier
ש בולת SD Departmental Meeting November 28 th, 2006 Ale de Vries Product Manager ScienceDirect Elsevier Shi... whát? : Shibboleth ש בולת [...] "stream, torrent". It derives from a story in the Hebrew Bible,
More informationOut-of-Band Multi-Factor Authentication Cloud Services Whitepaper
Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper StrikeForce Technologies, Inc. 1090 King Georges Post Rd. Edison, NJ 08837, USA Tel: 732 661-9641 Fax: 732 661-9647 http://www.sftnj.com
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationStop Identity Theft. with Transparent Two-Factor Authentication. e-lock Corporation Sdn Bhd
Stop Identity Theft with Transparent Two-Factor Authentication e-lock Corporation Sdn Bhd December 2009 Table Of Content Table Of Content... 2 Executive Summary... 3 1. Introduction... 4 1.1 The Issue
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationDIGIPASS Authentication for Sonicwall Aventail SSL VPN
DIGIPASS Authentication for Sonicwall Aventail SSL VPN With VASCO IDENTIKEY Server 3.0 Integration Guideline 2009 Vasco Data Security. All rights reserved. PAGE 1 OF 52 Disclaimer Disclaimer of Warranties
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationDocuSign Single Sign On Implementation Guide Published: March 17, 2016
DocuSign Single Sign On Implementation Guide Published: March 17, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents
More informationNISTIC Pilot - Attribute Exchange Network. Biometric Consortium Conference - 2013
NISTIC Pilot - Attribute Exchange Network Biometric Consortium Conference - 2013 Market Development Startup (2011) Unrealized Large Market Potential Evolving Value Props & Use-Cases Evolving Tech/Policy
More informationIGI Portal architecture and interaction with a CA- online
IGI Portal architecture and interaction with a CA- online Abstract In the framework of the Italian Grid Infrastructure, we are designing a web portal for the grid and cloud services provisioning. In following
More informationVetting, Proofing and Registration Focus Group
Vetting, Proofing and Registration Focus Group Group Participants Masume Assaf, University Office of International Programs Jason Gilham, University Outreach Paula Hamaty, University Outreach Tom Irwin,
More informationARCHIVED PUBLICATION
ARCHIVED PUBLICATION The attached publication, NIST Special Publication 800-63 Version 1.0.2 (dated April 2006), has been superseded and is provided here only for historical purposes. For the most current
More informationDIGIPASS Authentication for GajShield GS Series
DIGIPASS Authentication for GajShield GS Series With Vasco VACMAN Middleware 3.0 2008 VASCO Data Security. All rights reserved. Page 1 of 1 Integration Guideline Disclaimer Disclaimer of Warranties and
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationRSA SecurID Software Token 1.0 for Android Administrator s Guide
RSA SecurID Software Token 1.0 for Android Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,
More informationOwner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use SQL Server 2008 Express Reporting Services Abstract In this
More informationLogMeIn Hamachi. Getting Started Guide
LogMeIn Hamachi Getting Started Guide Contents What Is LogMeIn Hamachi?...3 Who Should Use LogMeIn Hamachi?...3 The LogMeIn Hamachi Client...4 About the Relationship Between the Client and Your LogMeIn
More informationFrequently Asked Questions (FAQs) SIPRNet Hardware Token
Air Force Public Key Infrastructure System Program Office (ESC/HNCDP) Phone: 210-925-2562 / DSN: 945-2562 Web: https://afpki.lackland.af.mil Frequently Asked Questions (FAQs) SIPRNet Hardware Token Updated:
More informationNIST E-Authentication Guidance SP 800-63 and Biometrics
NIST E-Authentication Guidance SP 800-63 and Biometrics September 21, 2004 Bill Burr william.burr@nist.gov OMB M-0404 Guidance on E-Auth Part of E-Government initiative put services online About identity
More informationSwisscom Mobile Device Services Quick Start Guide: Set-up Remote Management basic. Mobile Device Services Februar 2014
Swisscom Mobile Device Services Quick Start Guide: Set-up Remote Management basic Mobile Device Services Februar 2014 Contents 2 Login «Welcome to Swisscom MDS» First steps Step 1: Installing the MDM certificate
More informationFederation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority
Federation Are We Ready? Alec Cartwright Authentication Common Capability Design Authority copyright of British Telecommunications plc 2006 Abstract As a large organisation with many partners BT has been
More informationa. StarToken controls the loss due to you losing your Internet banking username and password.
1. What is StarToken? StarToken is the next generation Internet banking security solution that is being offered by Bank of India to all its Internet Banking customers (Retail as well as Corporate). StarToken
More informationProvider OnLine. Log-In Guide
Provider OnLine Log-In Guide Table of Contents 1 LOG-IN ACCESS... 3 1.1 ENTERING THE USER ID AND PASSWORD... 4 1.2 OVERVIEW AND PURPOSE OF TRICIPHER... 5 1.2.1 Log-in for Users Who Are Active, But Not
More informationDigital Identity Management
Digital Identity Management Techniques and Policies E. Bertino CS Department and ECE School CERIAS Purdue University bertino@cs.purdue.edu Digital Identity Management What is DI? Digital identity (DI)
More informationAuthentication Tokens
State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Authentication Tokens No: NYS-S14-006 Updated: 05/15/2015 Issued By: NYS ITS
More informationSecuring Adobe PDFs. Adobe - Certified Document Services Registration Authority (RA) Training. Enterprise Security. ID Verification Services
Web Security Enterprise Security ID Verification Services Signing Services Securing Adobe PDFs Adobe - Certified Document Services Registration Authority (RA) Training Introduction to CDS Certified Document
More information2-FACTOR AUTHENTICATION WITH
2-FACTOR AUTHENTICATION WITH 2X JUNE 2014 Two-Factor Authentication and Authy What is Two-Factor Authentication? Two-Factor Authentication is a process involving two stages to verify the identity of someone
More informationNetIQ Advanced Authentication Framework
NetIQ Advanced Authentication Framework Security Officer Guide Version 5.2.0 1 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 Authenticators Management 4 Card 8 Email OTP
More informationSingle Sign-On (SSO), Identity Exchange Hub, Remote Identity Proofing
Single Sign-On (SSO), Identity Exchange Hub, Remote Identity Proofing Brian Seggie Director of Security 1 Why are we doing this? Leverage large MICAM investment ($30 M) Improve identity verification to
More informationIdentity & Access Frequently Asked Questions (FAQs)
Contents Contents... 1 General... 2 Registration... 7 My Profile... 9 Employer Information... 11 My Connections... 15 My Staff... 22 Appendix A Acronyms, Key Terms, and Definitions... 25 6/27/2015 1 General
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is
More informationZendesk SSO with Cloud Secure using MobileIron MDM Server and Okta
Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta Configuration Guide Product Release Document Revisions Published Date 1.0 1.0 May 2016 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San
More informationProposed Service. Name of Proposed Service: Technical description of Proposed Service: Registry-Registrar Two-Factor Authentication Service
Print Date: 2009-06-25 23:04:33 Proposed Service Name of Proposed Service: Registry-Registrar Two-Factor Authentication Service Technical description of Proposed Service: Background: The frequency and
More informationSAML 2.0 SSO Deployment with Okta
SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment
More informationOpenID & Strong Authentication
OpenID & Strong Authentication CTST 2009: Emerging Technology D14: Smart Cards, Tokens & Digital Identity May 5, 2009 Brian Kelly Vice President TrustBearer Labs Simplify Multi-factor authentication can
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationOne-Time Password Contingency Access Process
Multi-Factor Authentication: One-Time Password Contingency Access Process Presenter: John Kotolski HRS Security Officer Topics Contingency Access Scenarios Requesting a Temporary One-Time Password Reporting
More informationEntrust IdentityGuard Comprehensive
Entrust IdentityGuard Comprehensive Entrust IdentityGuard Comprehensive is a five-day, hands-on overview of Entrust Course participants will gain experience planning, installing and configuring Entrust
More informationWhite Paper. The risks of authenticating with digital certificates exposed
White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric
More informationINTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationFederated Identity Management
Federated Identity Management David W Chadwick Computing Laboratory, University of Kent, Canterbury, CT2 7NF, UK d.w.chadwick@kent.ac.uk Abstract. This paper addresses the topic of federated identity management.
More informationStandards for Identity & Authentication. Catherine J. Tilton 17 September 2014
Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent
More informationDIGIPASS Authentication for Cisco ASA 5500 Series
DIGIPASS Authentication for Cisco ASA 5500 Series With IDENTIKEY Server 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 20 Disclaimer Disclaimer of Warranties and Limitations
More informationMonalisa P. Kini, Kavita V. Sonawane, Shamsuddin S. Khan
International Journal of Scientific & Engineering Research, Volume 5, Issue 7, July-2014 1410 Secured Authentication Using Mobile Phone as Security Token Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin
More informationESMO Online event registration instructions Register someone else or few participants (1-9 persons)
ESMO Online event registration instructions Register someone else or few participants (1-9 persons) INDEX Registration requirements... Page 2 1. Account with ESMO... Page 3 2. Login into your personal
More informationZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management
ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management Problem: The employees of a global enterprise often need to telework. When a sales representative
More informationA Federated Authorization and Authentication Infrastructure for Unified Single Sign On
A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de
More informationIntegrating Multi-Factor Authentication into Your Campus Identity Management System
Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context
More informationAlfresco Share SAML. 2. Assert user is an IDP user (solution for the Security concern mentioned in v1.0)
Alfresco Share SAML Version 1.1 Revisions 1.1 1.1.1 IDP & Alfresco user logs in using saml login page (Added info about saving the username and IDP login date as a solution for the Security concern mentioned
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the
More informationUsing Entrust certificates with VPN
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationScalable Authentication
Scalable Authentication Rolf Lindemann Nok Nok Labs, Inc. Session ID: ARCH R07 Session Classification: Intermediate IT Has Scaled Technological capabilities: (1971 2013) Clock speed x4700 #transistors
More informationFederated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications
Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management Management of digital identity/credentials (username/password) Access
More informationWHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES
WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES Executive Overview U.S. Federal mandates dictates that personal with defense related initiatives must prove access
More informationFAME-PERMIS Project Output WORKPACKAGE 1 Deliverable D1. Report on the Design of FAME Architecture and Components
FAME-PERMIS Project Output WORKPACKAGE 1 Deliverable D1 Report on the Design of FAME Architecture and Components Aleksandra Nenadić Ning Zhang Alan Rector Carole Goble School of Computer Science University
More informationDell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps
Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps May 2015 This guide includes: What is OAuth v2.0? What is OpenID Connect? Example: Providing OpenID Connect SSO to a Salesforce.com
More informationConfiguration Guide. SafeNet Authentication Service AD FS Agent
SafeNet Authentication Service AD FS Agent Configuration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document
More informationDEPARTMENT OF ECONOMICS AND STATISTICS NAGALAND: KOHIMA OFFICE MEMORANDUM
DEPARTMENT OF ECONOMICS AND STATISTICS NAGALAND: KOHIMA OFFICE MEMORANDUM Dated Kohima the 14 th June 2013 In pursuant to Notification NO.ES/SP&SSDG/2011-12/67 dated 17-05-2013 the Directorate of Economics
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationFree Multi-Factor Authentication. Using Email and SMS in Enterprise/Random Password Manager (E/RPM)
Free Multi-Factor Authentication Using Email and SMS in Enterprise/Random Password Manager (E/RPM) The controlled release of sensitive credentials in a privileged identity management (PIM) system requires
More informationUsing YSU Password Self-Service
Using YSU Password Self-Service Using YSU Password Self-Service Password Self-Service Web Interface Required Items: YSU (MyYSU) Directory account, Web browser This guide will assist you with using the
More informationAccessing TP SSL VPN
Accessing TP SSL VPN This guide describes the steps to install, connect and disconnect the SSL VPN for remote access to TP intranet systems using personal notebooks. A. Installing the SSL VPN client Junos
More informationWHITE PAPER Usher Mobile Identity Platform
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
More informationSECUREAUTH IDP AND OFFICE 365
WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that
More information