Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone



Similar documents
This way, Bluewin will be able to offer single sign-on for service providers within the circle.

IDDY. Case Study: ConAgra Deploys SSO for Travel Planning

Enhancing Web Application Security

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Scalable Authentication

LIBERTY ALLIANCE. Case Study: Aetna Enhances Secure Provider Portal with SSO and SAML 2.0. The Company. Key Objectives

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

The Role of Federation in Identity Management

Open Source Identity Integration with OpenSSO

SAML-Based SSO Solution

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

Flexible Identity Federation

Managing Trust in e-health with Federated Identity Management

Auth0 SSO Drives B2B Expansion

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Increase the Security of Your Box Account With Single Sign-On

Cloud SSO and Federated Identity Management Solutions and Services

FIDO Modern Authentication Rolf Lindemann, Nok Nok Labs

The Top 5 Federated Single Sign-On Scenarios

White paper December Addressing single sign-on inside, outside, and between organizations

OpenSSO: Cross Domain Single Sign On

Using SAML for Single Sign-On in the SOA Software Platform

The increasing popularity of mobile devices is rapidly changing how and where we

Shibboleth : An Open Source, Federated Single Sign-On System David E. Martin martinde@northwestern.edu

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Can We Reconstruct How Identity is Managed on the Internet?

Adding Stronger Authentication to your Portal and Cloud Apps

OpenID and identity management in consumer services on the Internet

SAML-Based SSO Solution

SUPERVALU Successfully Leverages Tablet Technology and Identity and Access Management Infrastructure for Increased Security and Business Productivity

The Primer: Nuts and Bolts of Federated Identity Management

SAML 101. Executive Overview WHITE PAPER

Device-Centric Authentication and WebCrypto

NOK NOK LABS AUTHENTICATION & OTT SERVICES

Identity Federation Broker for Service Cloud

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

The Primer: Nuts and Bolts of Federated Identity Management

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

An Oracle White Paper Dec Oracle Access Management Federation Service

Leveraging SAML for Federated Single Sign-on:

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

TIB 2.0 Administration Functions Overview

HP Software as a Service. Federated SSO Guide

An Oracle White Paper July Oracle Identity Federation

Liberty Alliance. CSRF Review. .NET Passport Review. Kerberos Review. CPSC 328 Spring 2009

Interoperate in Cloud with Federation

Entrust Managed Services PKI Administrator Guide

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Google Identity Services for work

An Oracle White Paper August Oracle OpenSSO Fedlet

Single Sign On. SSO & ID Management for Web and Mobile Applications

Evaluation of different Open Source Identity management Systems

The Future of Cloud Identity Security. Michael Schwartz Founder / CEO Gluu

managing SSO with shared credentials

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Trend of Federated Identity Management for Web Services

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Google Apps Deployment Guide

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

Getting Started with AD/LDAP SSO

Federated Identity for Cloud Computing and Cross-organization Collaboration

API-Security Gateway Dirk Krafzig

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

SECUREAUTH IDP AND OFFICE 365

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

IBM Tivoli Federated Identity Manager

How To Get A Single Sign On (Sso)

Global Headquarters: 5 Speen Street Framingham, MA USA P F

A Standards-based Mobile Application IdM Architecture

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Biometric SSO Authentication Using Java Enterprise System

Addressing threats to real-world identity management systems

SAML 101 WHITE PAPER

Transcription:

Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone Although single sign-on (SSO) technology based on Liberty standards is being rapidly adopted by businesses, governments and educational institutions, it hasn t made it to the general, user-facing Web. Typical Internet users still regularly log in separately to different online services and vendors and are forced to manage multiple passwords. The lack of SSO for the general-use public Web also encourages users to save their multiple passwords in their browser or accept cookies that keep their computer logged in for weeks at a time. While more convenient than managing multiple digital identities, this practice is also an enormous security risk. Anyone who gains access to that user s machine can access all sorts of personal information and even send emails or make purchases in that person s name. In addition, as the range of activities conducted online grows with the expansion of Software as a Service (SaaS) offerings, the problem gets compounded further. There is clearly a need for a simple, secure consumeroriented SSO solution. A lot of people have problems setting up an identity provider and getting started with SAML, so our first goal was to set up an identity provider, get people started and grow our offering from there. It was a first step. Chris Mueller SSOCircle Co-Founder The Solution Enter SSOCircle. In 2006, a group of like-minded consultants, with backgrounds in building Internet Service Provider (ISP) infrastructures and applications, decided the time was right to create a SSO solution for everyone. They envisioned something open, a service that could be both quickly deployed and make federation possible over a wide range of use cases. So they got together and developed a SAML 2.0 Identity Provider, a service that allows anyone to join as a user or integrate with their existing system as a Service Provider and participate in what they came to call SSOCircle. A lot of people have problems setting up an identity provider and getting started with SAML, explains Chris Mueller, a founder of SSOCircle. So our first goal was to set up an identity provider, get people started and grow our offering from there. It was a first step. This new offering was launched in January 2007 and in one year, SSOCircle has grown to include more than 500 participants, and also dramatically increased the scope of their functionality and offering. Key Facts Organization: SSOCircle Location: Frankfurt, Germany Solution: Identity provider service designed for everyone Launched: January 2007 Multi-Protocol Support: SAML 2.O; OpenID Key Features: Strong authentication; integration with Google Apps - 1 -

A Cycle of Constant Improvement: Integrating Multi-Protocol Support Once the SAML-based offering was up and running, the SSOCircle team decided to improve it and launched a pilot to support OpenID. Their thinking was: Rather than simply adding to a list of competing approaches, why not make it possible to federate across identity solutions? After having watched SSO and federation protocols and products during the last years, we are convinced that now is the time that technologies converge and, depending on the deployment use case, only a few protocols will form the basis for common deployments, says Hu Liu, one of SSOCircle s founding partners. That s why today, we are focusing on SAML 2.0 and OpenID. We hope to provide a useful platform to ease SSO and federation deployments. The SSO Circle of Trust The pilot was successful and SSOCircle officially became the first public identity provider supporting SAML 2.0 and OpenID protocols. Today SSOCircle support now includes attribute exchange through OpenID Simple Registration Extension. This means users are now able to share profile attributes (like name or email address) between the IDP and the Relying Party. Users can easily use their SSOCircle account at any of the wide range of OpenID relying parties. By entering http://<yourssocircleid>.ssocircle.com as their personal OpenID URL at the service site, users access a SSO experience that opens up both the SAML and OpenID worlds. Integrating with Google Apps In order to open the benefits of SSO to the wider public, SSOCircle used the SAML 2.0 standard to integrate their offering closely with the popular Google Apps suite of online services. You can use Google Mail, you can use your calendar, you have a start page and it is all done with SAML single sign-on, Mueller elaborates. So for most people, I think this is the first real example of integrating with SAML and a real service provider, a useful service provider, not just samples. As the industry continues to bring a steady stream of new capabilities and standards to the market, SSOCircle makes SSO available to everyone, fostering convergence, accessibility and security. Britta Glade Director of Marketing at the Liberty Alliance The combination of tight integration with Google Apps and the ability to access a growing list of OpenID-enabled services makes SSOCircle s offering able to include a broad range of diverse Web activity under the same identity umbrella. Offering a bridge that connects SAML and OpenID means that SSOCircle can take advantage of each one s strengths in different contexts. There s a good example even within the context of Google s products: The more secure SAML 2.0 solution is used for access to business applications like email that might contain sensitive information, and the more publicly accessible OpenID is used as an identification method for leaving comments on blogs hosted at the Blogger site. - 2 -

Identity Provider: SAML and OpenID A Focus on Improved Security One of SSOCircle s primary goals is to continually improve their authentication security. In August 2007, they introduced Strong Authentication with X.509 Certificates and a PKI supporting automatic enrollment of Certificates. Using certificate-based authentication reduces the threat of phishing. With certificate-based login there is no need to let a password travel over the network. SSOCircle also recently announced support of USB hardware smart card tokens called epass. These tokens are a combined smart card and smart card reader with a USB interface. This will enable SSOCircle users to protect themselves from keystroke loggers and other potential threats at public terminals or on computers that aren t their own. With this device, users can be 100% sure that nobody can trap their password and get access to a site s services. This is a significant improvement over existing solutions. Because of the driverless tokens no software needs to be installed at a public terminal. You just put it in, start your Firefox and get your certificate from the stick, and then single sign-on with the certificate to the identity provider. If SSOCircle says okay, then the SAML assertion is sent to Google and you are signed on, explains Mueller. If you leave the public terminal and take your stick with you, nobody can access your account. It makes single signon really secure and demonstrates the added value for connected service providers. Mueller adds that in the coming months, SSOCircle will also support biometrics and integrate a fingerprint sensor. Benefits to Enterprises/Organizations Secure access to service Less set up and administrative costs Value added through SSO to other services by joining the COT Benefits to Consumers/Users Single Sign-On Control over trust settings Better password protection Deployed Technologies OpenSSO ZXID Feitian Strong Authentication Token - 3 -

Signing On to Google Apps Using Strong Authentication - 4 -

Moving to the Future: Identity Provider in a Box Sometime in 2008, SSOCircle plans on offering a service that is a white label identity provider in a box. This service will be targeted to small to midsize companies that don t want the hassle of having to set up the whole identity provider infrastructure. This product would basically enable companies to have their own private Circles of Trust. This way if one service provider (e.g., a marketplace) requests from their partner to set up their own identity provider, the partner would be able to leverage the hosting service, and direct their own circle by building a trust relationship with the marketplace. A solution that speeds up account processes and saves costs for administration at moderate infrastructure costs for the partner. This is our target: the companies that don t want to invest a lot in setting up and operating an identity provider infrastructure, explains Mueller. What s Next Mueller and his team at SSOCircle are well positioned for the future. According to Mueller, the potential of identity and federation market is forecasted to reach $730m in 2010, and taking into account that, according to analysts, 25% of business software will be delivered as SaaS about that time, the market for hosted identity services estimates approximately $180m. - 5 -

About SSOCircle SSOCircle is a group of consultants each with more than 10 years of business experience mostly in building large ISP hosting infrastructures and applications. From the beginning of SSOCircle their mission has always been to help jumpstart single sign-on deployments by providing an open identity provider for everyone and ready-to-use solutions. Supporting multiple protocols and introducing strong two-factor authentication together with simplified enrollment clearly demonstrates the power of a secure identity provider service. Visit www.ssocircle.com and participate in building the SSOCircle of Trust. About Liberty Alliance Liberty Alliance is the only global identity organization with a membership base that includes technology vendors, consumer service providers and educational and government organizations working together to build a more trusted Internet by addressing the technology, business and privacy aspects of digital identity management. The Liberty Alliance Management Board consists of representatives from AOL, BT, France Telecom, HP, Intel, Novell, NTT, Oracle and Sun Microsystems. Liberty Alliance works with identity organizations worldwide to ensure all voices are included in the global identity discussion, and regularly holds and participates in public events designed to advance the harmonization and interoperability of CardSpace, Liberty Federation (SAML 2.0), Liberty Web Services, OpenID and WS-* specifications. More information about Liberty Alliance as well as information about how to join many of its public groups and mail lists is available at www.projectliberty.org. - 6 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information