Single Sign-On Framework in Tizen Contributors: Alexander Kanavin, Jussi Laako, Jaska Uimonen



Similar documents
IT Exam Training online / Bootcamp

USING FEDERATED AUTHENTICATION WITH M-FILES

Copyright: WhosOnLocation Limited

IOS 8: Configure IMAP/POP/SMTP

OpenLogin: PTA, SAML, and OAuth/OpenID

Flexible Identity Federation

Protected Trust Directory Sync Guide

Qlik REST Connector Installation and User Guide

Client Configuration Guide

Mail 8.2 for Apple OSX: Configure IMAP/POP/SMTP

Salesforce1 Mobile Security Guide

Administering Jive for Outlook

Android: Configure IMAP/POP/SMTP

Single Sign On. SSO & ID Management for Web and Mobile Applications

Using SAML for Single Sign-On in the SOA Software Platform

Copyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft

ADFS Integration Guidelines

Building Secure Applications. James Tedrick

OPC UA vs OPC Classic

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

Using the MyProxy Online Credential Repository

OAuth 2.0 Developers Guide. Ping Identity, Inc th Street, Suite 100, Denver, CO

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Access By Federation for Client Collaboration INFO 1

Xerox DocuShare Security Features. Security White Paper

Xerox Mobile Print Solution

MailStore Server 7 Documentation

Identity Management with Spring Security. Dave Syer, VMware, SpringOne 2011

Webmail Using the Hush Encryption Engine

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

SSO Methods Supported by Winshuttle Applications

Safewhere*Identify 3.4. Release Notes

Configuring an Client to Connect to CASS Mail Servers

MailStore Server 5.0 Documentation

DreamFactory Security Whitepaper Customer Information about Privacy and Security

Ciphire Mail. Abstract

Flowpack Single sign-on Server Documentation

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Resco Mobile CRM Security

OAuth. Network Security. Online Services and Private Data. A real-life example. Material and Credits. OAuth. OAuth

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.

An Oracle White Paper June RESTful Web Services for the Oracle Database Cloud - Multitenant Edition

Basic Exchange Setup Guide

A Standards-based Mobile Application IdM Architecture

White Paper March 1, Integrating AR System with Single Sign-On (SSO) authentication systems

SERENA SOFTWARE Authors: Bill Weingarz, Pete Dohner, Kartik Raghavan, Amitav Chakravartty

OAuth Guide Release 6.0

OAuth Web Authorization Protocol Barry Leiba

Set up Outlook for your new student e mail with IMAP/POP3 settings

MAPI Connector Overview

administrator are Console Users that can log on to the Web Management console and

Pine Exchange mini HOWTO

Taylor & Francis Online Mobile FAQs

PUBLIC Secure Login for SAP Single Sign-On Implementation Guide

Introduction to the EIS Guide

nexus Hybrid Access Gateway

Single sign-on for ASP.Net and SharePoint

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

This section contains information intended to help plan for SocialMiner installation and deployment.

OpenID Single Sign On and OAuth Data Access for Google Apps. Ryan Dave Primmer May 2010

LANDESK Service Desk. Supported Platforms and Feature Compatibility

Securing WebFOCUS A Primer. Bob Hoffman Information Builders

Configuration Guide BES12. Version 12.3

How To Send Mail From A Macbook Access To A Pc Or Ipad With A Password Protected Address (Monroe Access) On A Pc (For Macbook) Or Ipa (For Ipa) On Pc Or Macbook (For

Cloud Computing for Education Workshop

Contents Release Notes System Requirements Administering Jive for Office

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Basic Exchange Setup Guide

Managing your accounts

TIBCO Spotfire Statistics Services Installation and Administration Guide

How to Extend your Identity Management Systems to use OAuth

Creating One Time Password (OTP) infrastructures using Open Source sofware

Using etoken for Securing s Using Outlook and Outlook Express

Departmental (Service) Account Set Up

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

How to Set Up LSUS IMAP in Outlook 2013

Configuring Salesforce

Login with other services to ASP.NET websites with TMS Cloud Pack for.net

Division of Information Technology Lehman College CUNY

Getting started with IMAP for Aggi What is IMAP?

Teamcenter Security Services Installation/Customization. Publication Number TSS00001 R

Web Applications Access Control Single Sign On

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

DreamFactory on Microsoft SQL Azure

Xerox Mobile Print Cloud

Getting Started with PRTG Network Monitor 2012 Paessler AG

Securing ArcGIS Server Services: First Steps

StreamServe Persuasion SP5 StreamStudio

Design Notes for an Efficient Password-Authenticated Key Exchange Implementation Using Human-Memorable Passwords

Migration User Guides: The Console Application Setup Guide

Tutorial: Encrypted with Thunderbird and Enigmail. Author: Shashank Areguli. Published: Ed (August 9, 2014)

EMC Celerra Version 5.6 Technical Primer: Public Key Infrastructure Support

White Paper BMC Remedy Action Request System Security

enterprise^ IBM WebSphere Application Server v7.0 Security "publishing Secure your WebSphere applications with Java EE and JAAS security standards

TIBCO Spotfire Statistics Services Installation and Administration. Release 5.5 May 2013

Fairsail REST API: Guide for Developers

December P Xerox App Studio 3.0 Information Assurance Disclosure

How to configure your Desktop Computer and Mobile Devices post migrating to Microsoft Office 365

Transcription:

Single Sign-On Framework in Tizen Contributors: Alexander Kanavin, Jussi Laako, Jaska Uimonen

Introduction Architecture Demonstration 2

What is the problem that Single Sign-on systems are aiming to solve? Source: xkcd.com/1200

What is gsso? A system for storing sensitive user data (credentials is the term for it) securely* Provides implementations of common** operations and authentication protocols that use those credentials and the API to access it Written entirely in C using Glib and its class and object system (Gobject) License: LGPL 2.1+ * the word 'securely' will be explained in a moment ** what exactly is meant by 'common' operations will also be explained in a moment

What is 'security' as understood by gsso? (1/2) Credentials are stored in a database, and the database must be stored on disk so that only gsso can access it The details of such secure storage are handled by plugins By default classic Unix permissions on the database file are used The database can also be encrypted on disk using ecryptfs Other platform security mechanisms can be utilized by writing additional plugins

What is 'security' as understood by gsso? (2/2) Access to each credential must be allowed only to explicitly listed applications Each credential has an access control list Checks against this list are performed by an access control plugin The default plugin is using filesystem paths to perform checks There is also a plugin that is using SMACK labels There is also support for access controlling applications, if they are not standalone binaries, but scripts that run in a runtime

What are the common operations that use credentials? Applications do not access credentials directly (again, this is good for security) Applications initiate an operation on a credential from a list of allowed operations (mechanisms) List of allowed methods/mechanisms is stored together with the credential in a database Method is a class implemented by a plugin Mechanisms are functions of a method With that said, the methods fall broadly into two categories: Offline (do not send anything over the network) Online (usually, authentication protocols to get access to some service)

Offline methods The simplest method: store and retrieve a username/password pair X.509 Can be used for password management, or when the password is sent directly over the network (not a good idea!) Implemented by 'password' plugin Handles operations with X.509 certificates such as sign, verify, encrypt and decrypt, without exposing the related keys to applications Generic encryption/decryption engine The key is never exposed to the applications Front-end to specialized security hardware (such as a trusted execution engine or a smart card) Provides a common API to applications, so they don't have to implement a hardware specific API

Online methods OAuth version 1 and 2 Very popular mechanism for authorizing applications to access online services. Used by Google, Facebook, Twitter, Microsoft, LinkedIn, Amazon, Yahoo,... pretty much everybody. Typically involves showing the user a webpage which asks if the user trusts some application to access some data from a service, and if the user does, the application gets a magic access string (a 'token') GSSO implements the client side of OAuth 1 and 2 RFC standards fully, even though they are rather large :) SASL A set of mechanisms for challenge/response based authentication Used in IMAP, SMTP, XMPP, LDAP, IRC,... GSSO implements the most common mechanisms HTTP Digest authentication

Architecture all the pieces together

Architecture functional flow

Demo placeholder! (see notes)

Conclusion http://01.org/gsso LGPL 2.1+ Git repositories, mailing lists, bug tracker, IRC channel, documentation, tarball downloads, etc. All of that can be found at the above address

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information