Lesson s From the Granddaddy of Federation



Similar documents
CA Federation Manager

Security Services. Benefits. The CA Advantage. Overview

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

CA SiteMinder SSO Agents for ERP Systems

The Primer: Nuts and Bolts of Federated Identity Management

How can Identity and Access Management help me to improve compliance and drive business performance?

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

The Primer: Nuts and Bolts of Federated Identity Management

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Interoperate in Cloud with Federation

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Introduction to SAML

White paper December Addressing single sign-on inside, outside, and between organizations

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

HOL9449 Access Management: Secure web, mobile and cloud access

Connecting Users with Identity as a Service

expanding web single sign-on to cloud and mobile environments agility made possible

The Role of Federation in Identity Management

STRONGER AUTHENTICATION for CA SiteMinder

managing SSO with shared credentials

The Challenges of Web single sign-on

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

identity management in Linux and UNIX environments

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

Federated Identity for Cloud Computing and Cross-organization Collaboration

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

BOF2337 Open Source Identity and Access Management Expert Panel, Part II. 23 September :30p Hilton - Golden Gate 6/7/8 San Francisco CA

Cloud Computing. Mike Bourgeois Platform as a Service Point of View September 17, 2015

Web Access Management and Single Sign-On

Extend and Enhance AD FS

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

LIBERTY ALLIANCE. Case Study: Aetna Enhances Secure Provider Portal with SSO and SAML 2.0. The Company. Key Objectives

Enabling SSO for native applications

Improving Interoperability and Reducing Cost in the Data Centre

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

The organization decided that creating a more robust approach to customerfacing identity management represented a strategic opportunity.

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

Hubspan White Paper: Beyond Traditional EDI

People-Focused Access Management. Software Consulting Support Services

Fujitsu Legacy Modernization Integrating Legacy Applications through Cloud Services

SAML:The Cross-Domain SSO Use Case

How to Get to Single Sign-On

HP Software as a Service. Federated SSO Guide

PROTECT YOUR WORLD. Identity Management Solutions and Services

SAP IT Infrastructure Management

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

The Role of Identity Enabled Web Services in Cloud Computing

Advanced Matching and IHE Profiles

Delivering value to the business with IAM

EXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015

Future-proofing Your Tactical IAM Projects

SINGLE & SAME SIGN-ON ASPECTS

Can We Reconstruct How Identity is Managed on the Internet?

WebLogic Server 7.0 Single Sign-On: An Overview

Modern Application Architecture for the Enterprise

Accenture and Software as a Service: Moving to the Cloud to Accelerate Business Value for High Performance

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

SAP Mobile Platform rapid-deployment solution

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

Leveraging SAML for Federated Single Sign-on:

The Future of Cloud Identity Security. Michael Schwartz Founder / CEO Gluu

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com. CA Security SaaS Validation Program. Copyright 2015 CA. All Rights Reserved.

What You Need to Know About Transitioning to SOA

IBM Tivoli Federated Identity Manager

The PBX Is Dead. Long Live the Integrated Communications System (ICS)

An Oracle White Paper July Oracle Identity Federation

Active Directory and DirectControl

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Automating User Management and Single Sign-on for Salesforce.com OKTA WHITE PAPER. Okta Inc nd Street Suite 350 San Francisco CA, 94107

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM)

SAML SSO Configuration

WHY YOU SHOULD CONSIDER CLOUD BASED ARCHIVING.

Software Journey to the Cloud - CATUG Discussion Document

ASG CloudFactory IT Transformation with Cloud Orchestration and Service Delivery Automation TECHNOLOGY TO RELY ON

BT One. Analyst and consultant update, September BT One. Communications that unify 1

Transcription:

Lesson s From the Granddaddy of Federation A SAML Centric Discussion Matthew Gardiner Matthew Gardiner Security Management BU & Bill Taub CISO

What You are Going to Hear About Today > Mostly topics on ongoing innovation (futures) Multi-Community Identity Federation Panels on trends & interoperability needs Role of identity-enabled Web Services in the Cloud Bridging OpenID & SAML > Don t forget your history! 2 Lessons from the Grandaddy of Federation Copyright 2009 CA

Lessons from Your Grandfather 3 Lessons from the Grandaddy of Federation Copyright 2009 CA

Lessons from Your Grandfather Grandfather SAML Born 2000? Baptized - November 2002 by OASIS 4 Lessons from the Grandaddy of Federation - SAML Copyright 2009 CA

Agenda > Observations on business of SAML Matthew Gardiner > CA s SAML-centric federation case study Bill Taub 5 Lessons from the Grandaddy of Federation Copyright 2009 CA

Why was SAML Created? > To solve a pretty narrow problem Standards-based browser-federation (Internet SSO) between enterprises Previously orgs. accomplished using custom approaches Lightly synchronize security, while easing usability in B2B relationships User shouldn t be bothered with how/where an application is deployed Primarily between two closely aligned organizations Without the user s knowledge (or really caring) IT s version of Don t ask, don t tell 6 Lessons from the Grandaddy of Federation Copyright 2009 CA

What Have We Learned? > Standards/Specifications move much faster than real life SAML federation adoption is now in early-mainstream adoption ~>1000 organizations doing this now Maybe 1/3 of those who will do it with SAML > Technology is the (relatively) easy part More challenging Awareness/confidence, experience, enterprise trust, contracts, coordination, IT management, business drivers Liberty Alliance testing is/was important as it proved interoperability This must be a part of every standard Beware requiring the users to understand or change 7 Lessons from the Grandaddy of Federation Copyright 2009 CA

What Have We Learned? > Simplicity is critical Beware of writing specification to cover all/edge use cases Makes things too complex & impacts interoperability > Identity federation is just a portion of the IAM story Part of the identity continuum Proofing, authentication, authorization, provisioning, self-service, auditing > SAML SSO is a great way to get ready for the future What are SaaS/Cloud, Web services, SOA? Systems which require cross-domain, identity-enabled security? SAML federation is a simple case of this 8 Lessons from the Grandaddy of Federation Copyright 2009 CA

CA s Own SAML Federation Story Web-Based Training SalesForce.coms CAintranet.com Employee Rewards Authenticate Here 9 Lessons from the Grandaddy of Federation Copyright 2009 CA

CA: At-a-Glance Company Overview: 32 years successfully delivering software & services to optimize IT performance 30k+ customers; 1k+ where CA works with and/or supports SAP landscape 5th largest independent software vendor 4.4bn LTM billings; 3.4bn LTM revenue 700m annual R&D investment Global Business Transformation Underway Global Organization: Headquarters: Islandia, NY 150+ offices; ~14k employees; 50% mobile Technology 27k+ PCs; 40k+ network devices 1300+ production servers Linux, UNIX, Windows 680+ Applications 4 IBM Mainframes, 20+ LPARs, 15k MIPs 1500+ voice/data circuits 150+ phone systems 300+ routers, 465+ switches 400 TB array storage Using bespoke & packaged applications Using Outsourcing and SAAS solutions 10

CA in 2005 Issues: One or two federations with third parties Using proprietary schemes & legacy technology No centralized infrastructure for Web authentication/access management CA Acquired several companies Business Driver Needed to provide a seamless experience to our customers CA invested to unify the customer support experience Took this as opportunity to establish a WAM solution that could be extended to other applications at CA Of course used our home cooking CA SiteMinder & CA Federation Manager 11

CA in 2009 Current Status: > Single WAM/Federation infrastructure to manage access to internal & external/federated applications > Learned lesson from deployment of outsourced learning management system > Outsourcing is a key IT strategy to reduce costs or enhance services SAML federation is a key enabler of this ~30 federations in production & development > Federation is portion of IAM strategy Should not be treated as a standalone security management issue 12

Final Thoughts > Leverage SAML to federate user identity SAML is proven, interoperable, and secure > Push your IT partners to use SAML We have found this becoming easier over the last couple years > Fits perfectly into SaaS/Cloud movement Both offering & consuming services > Challenge - cross-enterprise collaboration leveraging social networking tools Control/governance/security.vs. Ease-of-use

Thank You

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information