Single Sign On: Are we there yet?

Similar documents
A Data Synchronization based Single Sign-on Schema Supporting Heterogeneous Systems and Multi-Management Mode

SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments

Digital Identity Management

Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance

Secure the Web: OpenSSO

The Emerging Infrastructure for Identity and Access Management

Glossary of Key Terms

Liberty Alliance Project Setting the Standard for Federated Network Identity

Access Control Framework of Personal Cloud based on XACML

Challenges in Database Security. Elisa Bertino CERIAS Purdue University

The increasing popularity of mobile devices is rapidly changing how and where we

Web Access Management. RSA ClearTrust. Enhancing control. Widening access. Driving e-business growth. SSO. Identity Management.

A Delegation Framework for Federated Identity Management

MRBAC: Hierarchical Role Management and Security Access Control for Distributed Multimedia Systems

Perceptive Experience Single Sign-On Solutions

Federated Identity Management Solutions

SAML Security Option White Paper

Federated Identity Management for Protecting Users from ID Theft

Unique Challenges in Architecting a Healthcare PKI that Spans Public and Private Sectors

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

Biometric Recognition s Role in Identity Management

Evaluation of different Open Source Identity management Systems

Identity Management Systems A Comparison of Current Solutions

CLOUD-HOSTED PROXY BASED COLLABORATION IN MULTI- CLOUD COMPUTING ENVIRONMENTS WITH ABAC METHODS

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH

An Object Oriented Role-based Access Control Model for Secure Domain Environments

Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

A Taxonomy of Single Sign-On Systems

A Semantic Approach for Access Control in Web Services

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Cisco ASA 5500 Series Firewall Edition for the Enterprise

SAML-Based SSO Solution

The Role of Federation in Identity Management

MAX DOLGICER THE INTERNET OF THINGS NAVIGATING THE FUTURE OF INFORMATION TECHNOLOGY

Web Services: Role Based Access Control with Single Sign-on Architecture

Towards Risk-aware Policy based Framework for Big Data Security and Privacy (Position Paper)

Extended RBAC Based Design and Implementation for a Secure Data Warehouse

Situational Identity: a Person-centered Identity Management Approach

Single Sign On at Colorado State. Ron Splittgerber

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago

LIBERTY ALLIANCE. Case Study: Aetna Enhances Secure Provider Portal with SSO and SAML 2.0. The Company. Key Objectives

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

Research and Implementation of Single Sign-On Mechanism for ASP Pattern *

Identity Management. Concepts, Technologies, and Systems

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Securing the Cloud through Comprehensive Identity Management Solution

Identity Federation in Federated Trust Healthcare Network

Securing Web Services With SAML

Provide access control with innovative solutions from IBM.

Cisco ASA 5500 Series Firewall Edition for the Enterprise

Cloud Information Accountability Framework for Auditing the Data Usage in Cloud Environment

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

OPENIAM ACCESS MANAGER. Web Access Management made Easy

PRIME IDENTITY MANAGEMENT CORE

Getting Started with Single Sign-On

Introduction to SAML

IDENTITY AND RESILIENCE

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper

Leveraging New Business Models with Identity Management An e-learning case study

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Trusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents

Authentication. Authorization. Access Control. Cloud Security Concerns. Trust. Data Integrity. Unsecure Communication

Transcription:

Single Sign On: Are we there yet? Work In Progress Annual Computer Security Applications Conference December 08,2004 Rafae Bhatti, Elisa Bertino, Arif Ghafoor Electrical and Computer Engineering, And CERIAS Purdue University

Outline Single Sign On- An Overview Building Blocks and Challenges Federated Identity Privilege Management Integrated Approach

Why Single Sign On (SSO)? Today s collaborative and interconnected e-business landscape requires a secure and effective way to share trusted user identities, RSA Security, Federated Identity whitepaper

Example from the RSA Security Whitepaper

SSO.. so where s the challenge? An industry estimate puts identity theft as a $2 trillion criminal industry by year 2005 Aberdeen Group estimated $17 billion investments by corporations in security and privacy solutions in 2003

Aren t current SSO solutions enough? No, The problem definition is incomplete!! Today s collaborative and interconnected e-business landscape requires a secure and effective way to share trusted user identities and entitlements. We must further elaborate the interplay between authentication and authorization rather than following the classical approach and treating them as orthogonal issues. We must also refine existing access-control models to reflect the obligations on the provider and consumer of identities in multiparty transactions. Buell, Sandhu, Guest Editors Introduction, IEEE Internet Computing, Special Issue on Identity Management, November/December 2003.

Who s concerned? Results from a recent industrial survey Integration of access management with identity federation solutions is crucial!

Outline Single Sign On- An Overview Building Blocks and Challenges Federated Identity Privilege Management Integrated Approach

Federated Identity What are the issues? All implemented solutions are identity-based; has implications on scalability in open systems All known solutions (including the popular Passport) are centralized, an architecture that has been labeled by Rubin et.al. as antithetical to the distributed nature of the Internet Is that all? No, there remain other issues (Trust, Anonymity, Privacy,..)

Federated Identity (2) What is being done? Emerging federated identity standard (); adopted by Liberty Alliance provides decentralized but identity based authentication Integration with privilege management still an open issue

Privilege Management What are the issues? Granting single sign on access to collection of resources with different (possibly contradictory) access protection rules Buell, Sandhu, Guest Editors Introduction, IEEE Internet Computing, Special Issue on Identity Management, November/December 2003 Trend for Web-migration requires revisiting the existing specifications for suitability to open Internet environment

Privilege Management (2) What is being done? Recently proposed access management framework (X-GTRBAC) based on role based access control X-GTRBAC designed to provide decentralized access management in open systems; supports attribute based access control XML-based specification suitable to Web-based environments and integration with other XML-based specifications (such as )

Outline Single Sign On- An Overview Building Blocks and Challenges Federated Identity Privilege Management Integrated Approach

Integrated Approach 4 Persistence Management Module 4 Authorization Assertion Authorization Assertion 3 X-GTRBAC Authorization Model Authentication Authentication Assertion Assertion 2 5 Authentication Module 1 6 Request Request Response Response XKMS Web service Software architecture for an integrated federated identity and privilege management solution

Cont@ct us Rafae Bhatti rafae@purdue.edu http://web.ics.purdue.edu/~bhattir/academics/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information