Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com

Similar documents

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

AGILE API SECURITY API SECURITY GATEWAY

How to Implement Enterprise SAML SSO

Securely Managing and Exposing Web Services & Applications

The Role of Identity Enabled Web Services in Cloud Computing

Introduction to SAML

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

PARTNER INTEGRATION GUIDE. Edition 1.0

WebSphere Integration Solutions. IBM Day Minsk Anton Litvinov WebSphere Connectivity Professional Central Eastern Europe

Flexible Identity Federation

AquaLogic Service Bus

Secure the Web: OpenSSO

The increasing popularity of mobile devices is rapidly changing how and where we

Publishing Enterprise Mobile Services

Reverse Proxy for Trusted Web Environments > White Paper

API Management: Powered by SOA Software Dedicated Cloud

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

PingFederate. SSO Integration Overview

Mobile Security. Policies, Standards, Frameworks, Guidelines

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Enable Your Applications for CAC and PIV Smart Cards

API Architecture. for the Data Interoperability at OSU initiative

Using Layer 7 s API Gateway for vcloud Architectures How to achieve abstraction, security and management of vcloud APIs.

Managing SOA Security and Operations with SecureSpan

API-Security Gateway Dirk Krafzig

Interwise Connect. Working with Reverse Proxy Version 7.x

SAML and OAUTH comparison

CISCO ACE XML GATEWAY TO FORUM SENTRY MIGRATION GUIDE

Agenda. How to configure

NIST s Guide to Secure Web Services

HOL9449 Access Management: Secure web, mobile and cloud access

Improving performance for security enabled web services. - Dr. Colm Ó héigeartaigh

Leveraging SAML for Federated Single Sign-on:

Service Virtualization: Managing Change in a Service-Oriented Architecture

Apigee Edge API Services Manage, scale, secure, and build APIs and apps

Creating a Strong Security Infrastructure for Exposing JBoss Services

JVA-122. Secure Java Web Development

Final Project Report December 9, Cloud-based Authentication with Native Client Server Applications. Nils Dussart

Federated Identity and Single Sign-On using CA API Gateway

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Secure Identity in Cloud Computing

THE NEW DIGITAL EXPERIENCE

UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL SS. Single Sign-On (SSO) Solution

IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>

Managed File Transfer

Deploying RSA ClearTrust with the FirePass controller

Executive Summary. What is Authentication, Authorization, and Accounting? Why should I perform Authentication, Authorization, and Accounting?

Get Success in Passing Your Certification Exam at first attempt!

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

Providing Single Signon (SSO) with Enterprise Identity Services and Directory Integration

Keeping access control while moving to the cloud. Presented by Zdenek Nejedly Computing & Communications Services University of Guelph

SAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features

How To Use Netscaler As An Afs Proxy

An Oracle White Paper Dec Oracle Access Management Security Token Service

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Access Management Analysis of some available solutions

The bridge to delivering digital applications across cloud, mobile and partner channels

PingFederate. Integration Overview

The Challenges of Web single sign-on

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy

CA SOA Security Manager

Building Secure Applications. James Tedrick

Corporate Bill Analyzer

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen

Sentinet for BizTalk Server SENTINET

IBM WebSphere Application Server

Apigee Gateway Specifications

OpenText Secure MFT Network and Firewall Requirements

SAML: The Secret to Centralized Identity Management

Meet the Cloud API The New Enterprise Control Point

SOA Design Patterns for VistA Evolution: Web Technologies Data Sharing for VistA Evolution

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

SAML SSO Configuration

Intro to DataPower IBM WebSphere Connectivity and Integration Appliances

The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions

SSO Plugin. Release notes. J System Solutions. Version 3.6

Donky Technical Overview

Glinda Cummings World Wide Tivoli Security Product Manager

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Novell Access Manager

Security As A Service Leveraged by Apache Projects. Oliver Wulff, Talend

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

ESB solutions Title. BWUG & GSE Subtitle guy.crets@i8c.be. xx.yy@i8c.be

Workspot Enables Spectrum of Trust. Photo by Marc_Smith - Creative Commons Attribution License

304 - APM TECHNOLOGY SPECIALIST

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Web Application Firewall for Untrusted Web Environments > White Paper

TrustedX: eidas Platform

Transcription:

Mobile Identity and Edge Security Forum Sentry Security Gateway Jason Macy CTO, Forum Systems jmacy@forumsys.com

Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service PaaS Platform as a Service Virtualization Taking physical resources and rendering virtual Operating Systems and Systems provided on-demand Service Oriented Architecture Paradigm for designing and developing software Combined Web Services for Loosely Coupled Architecture Web Services Re-usable service components Open standards Messaging and Protocols

Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service PaaS Platform as a Service Mobile Apps Users / Portals B2B Cloud / 3 rd Party OAuth SAML WS-Tokens HTTP Basic HTTP Form Post Virtualization Taking physical resources and rendering virtual Operating Systems and Systems provided on-demand Service Oriented Architecture Paradigm for designing and developing software Combined Web Services for Loosely Coupled Architecture Web Services Re-usable service components Open standards Messaging and Protocols NTLM Kerberos X509 Mutual RSA SecureID Cookies

Enterprise Identities External FW B2B

Enterprise Identities External FW B2B

Enterprise Identities External FW Multiple Protocols Protocol Token Formats Message Token Formats

Enterprise Identities External FW Scalability Centralized Access Control Single Sign On

Gateway Architecture Edge Security / Identity

API Security Edge Deployment External FW Internal FW Mobile Apps Users / Portals B2B L O A D B A L A N C E R Secure API Protocol Break Forum Sentry SOAP, XML, REST, JSON, HTML, ebxml, SwA HTTP, FTP, SFTP, SMTP, JBOSS, IBM MQ, AS2, Tibco, Oracle, Active MQ, AMQP LOAD BALANCER DMZ Cloud / 3 rd Party Identity: Oauth, SAML, WS-Tokens, HTTP Form Post, HTTPBasic, HTTP Digest, NTLM, Kerberos, X509 Mutual, RSA SecureID, FTP Auth, SFTP Auth Mobile Services HTML Portal Servers REST Services FTP/SFTP Services XML Services SOAP Services ESB Services

SECURITY Threat Mitigation (IDP)?? Parse Detect Prevent Privacy Inbound Accountability Outbound ASIC Crypto Acceleration - Patent #7,516,333 PKI Infrastructure - DoD JITC Certified Security Architecture - FIPS 140-2 Certified Integrity?

Identity Management IDENTITY Access Control Federation OAuth, SAML, Active Directory, LDAP, Siteminder, Tivoli AM, ClearTrust, Kerberos KDC, CoreID, JSAM, WS-Trust, REST

MEDIATION Standards PKI Protocols Comprehensive OASIS and W3C standards support Over 100 Task Processing Functions Mapping, Conversion, and Enrichment

Mobile Identity

Mobile Identity

Mobile Identity

Mobile Identity External FW

Single Sign On SAML SSO

SP-Initiated SSO Service Provider Mobile Apps Users / Portals

SP-Initiated SSO Service Provider Mobile Apps Users / Portals HTTP Redirect to IdP Identity Provider Javascript HTTP POST Redirect -- Signed SAML Request

SP-Initiated SSO Service Provider Mobile Apps Users / Portals Authentication Identity Provider

SP-Initiated SSO Service Provider Mobile Apps Users / Portals Redirect w/ Embedded Signed SAML Identity Provider

SP-Initiated SSO Service Provider Mobile Apps Users / Portals Access to Resource w/ SAML (allowed via DSIG Verify) Identity Provider

Mobile Authentication Use Case Distributed SSO

Mobile Authentication External FW HTTP / HTTPS Internal Apps Mobile Apps Basic Auth Cookie Auth Form Post Auth X509 Auth OAuth SAML SSO

Mobile Authentication - Direct External FW AUTH SESSION TOKEN Map User and Roles into request for back-end Internal Apps Forum Sentry Mobile Apps Intercept and provide authentication, access control, and session management No Agents, no central policy server calls Maximized performance, simpler architecture

Mobile Authentication 3 rd Party / Cloud Redirect w/signed SAML Request Mobile Device makes request Token is sent and validated by Sentry SAML parameters and DSIG are verified Internal Apps Forum Sentry Mobile Apps

Mobile Authentication 3 rd Party / Cloud SAML DSIG verify is used to validate trust And establish new SESSION Redirect w/signed SAML Response which Includes original target URI Internal Apps Forum Sentry Mobile Apps

Mobile API Security Identity Edge Deployment External FW Internal FW Mobile Apps Users / Portals B2B L O A D B A L A N C E R Forum Sentry HTML, XML, REST, JSON HTTP, FTP, SFTP, SMTP, JBOSS, IBM MQ, AS2, Tibco, Oracle, Active MQ, AMQP LOAD BALANCER DMZ Cloud / 3 rd Party Identity: Oauth, SAML, HTTP WS-Tokens, Form Post, HTTP Form Post, HTTPBasic, X509 HTTP Mutual, Digest, NTLM, RSA SecureID Kerberos, X509 Mutual, RSA SecureID, FTP Auth, SFTP Auth Mobile Services HTML Portal Servers REST Services FTP/SFTP Services ESB Services XML Services SOAP Services

What s Next Enhanced Mobile Device Identification Sentry Instance Auto-policy Enrollment Large Scale Secure Edge Caching & Persistence Geospatial Synchronization

Questions / Comments