Presentation is loading. Please wait.

Presentation is loading. Please wait.

OASIS SAMLv2.0 and Liberty WSFv2.0 Deployment Notes circa Mid-2006.

Published byEmmett Phenix Modified over 9 years ago

Similar presentations

Presentation on theme: "OASIS SAMLv2.0 and Liberty WSFv2.0 Deployment Notes circa Mid-2006."— Presentation transcript:

1 OASIS SAMLv2.0 and Liberty WSFv2.0 Deployment Notes circa Mid-2006

2 OASIS SAMLv2.0 and Liberty WSFv2.0 Deployment Notes More that 1 Billion Identities Likely you use it for: –Banking –University –Government (DoD) –Mobile data (esp. Asia, Europe)

3 Certified Implementations, through U.S. Government, Ping Identity, or Liberty Alliance Programs Over 60 products have received certification or been otherwise validated for conformance or interoperability. These include SAML and Liberty ID-FF and ID-WSF products from the largest, and some smaller, identity management vendors. One consequence is that a significant majority of enterprises around the world already have the potential to run such services, through plug-ins and such to existing systems.

4 Adoption in other standards and recommendations This family of technologies have been adopted in a wide-ranging variety of technologies, from mobile services, to digital television broadcasting, and in healthcare. It is part of the trusted mobile platform, and is incorporated in ebXML Registry and the Globus Toolkit (OGSA). Notably, Microsoft and Sun have created an interoperability profile to bridge technologies. In addition, Microsoft has adopted SAMLv2.0 in its forthcoming InfoCard system.

5 Open Source or Developer Tools Several open source implementations are available, and range from deployment domains that are platform-focused to those that are global in scope. One such is the Shibboleth implementations of SAMLv1.1, with SAMLv2.0 imminent. Several of these are certified for interoperability

6 Wide-ranging Deployments General applications range from network devices to mobile handsets, and include consumer services and hardened smart cards. Several of these are deployments in the 10s of millions. Infrastructure and embedded systems implementations Education, Government, Defence, eHealth and Regulatory domains Financial services, both for consumers, through corporates, and within the banking and payment infrastructures Airlines and related businesses, ranging from maintenance to travel services Supply chain management, and ERP and HR systems

7 Protocol gateways and bridging systems These represent an important step in interoperability, and they also signify an increasing maturity in the marketplace

8 Implementations Certified for SAMLv1.0 Artifact Profile in U.S. eGov E-Authentication Program Entegrity, Entrust, Hewlett-Packard, IBM, CA/Netegrity, Novell, Oblix (Oracle), RSA Security, Sun Microsystems, Trustgenix (HP), DataPower (IBM)

9 Conformance-Tested Implementations of SAMLv2 (for various web single sign-on and SOAP profiles) Electronics and Telecommunications Research Institute (ETRI), Ericsson, Hewlett-Packard, IBM, NEC, NTT, Novell, Oracle, Reactivity, RSA Security, Sun Microsystems, Symlabs, Trustgenix (HP)

10 Demonstrated Mutual SAMLv2 Interoperability ECA/Netegrity, DataPower (IBM), Entrust, NTT, OpenNetwork, Oracle, RSA Security, Sun Microsystems, Symlabs, Trustgenix (HP)

11 Conformance-Tested Implementations of ID-WSF1.0 and ID-WSF1.1 Hewlett-Packard, Nokia, Novell, NTT, Sun Microsystems, Symlabs, Trustgenix (HP)

12 Adoption in other standards and recommendations ID-WSF1.1 in OMA (Open Mobile Alliance) in Web Services Enabler Releases, TV-Anytime Forum for AdvEPG (and therefore by the DVB Project) in Europe, Asia and Americas (possibly U.S.); Liberty ID-FF1.2 in SAMLv2.0 SAMLv2.0 in ebXML Registry v3.0, in WS-Security SAML Token Profile 1.1 (to be proposed), HIMSS IHE XUA for XDS (Global healthcare interoperability specification, cross-domain authentication including extended profiles), and in Liberty ID-WSF2.0 SAMLv1.1 in Trusted Mobile Platform Microsoft and Sun Microsystem’s convergence profile of ID-FF1.2 (therefore SAMLv1.1) and WS-Federation in Web SSO Interop Profile and WS-MetadataExchange in Web SSO MEX Microsoft InfoCard (use of SAMLv2.0, now in demonstration, forthcoming in Vista, 4Q06) Globus Tookit for Grid Security Infrastructure (use of SAMLv1.1 in OGSA; and GridShib Shib-to-glob attribute gateway)

13 Open Source or Developer Tools Entr’Overt Lasso (ID-FF1.2) for eGovernment; OpenSAML (SAMLv1.1, soon SAMLv2.0) PingIdentity (SAML and ID-FF, and toolkit) Sun Microsystems (ID-FF, and toolkit) Shibboleth (SAMLv1.1, SAMLv2.0 imminent) Oracle (toolkit) NTT for vendor integration; Guanxi and Samuel (SAML1.1 and Shibboleth)

14 ID-WSF Deployments including discovery and interaction services AOL Radio@AOL, Axalto, Hewlett- Packard, Nokia (including in retail handsets), Novell, NTT, Sun Microsystems, Juniper Networks (embedded in VPN appliances), Symlabs, Trustgenix (HP)

15 Infrastructure and Embedded Implementations Ericsson, Alcatel, Elios, Nokia, Trustgenix (HP), France Telecom/Orange, IBM, Sun Microsystems, NEC, NTT, NTT DoCoMo, Vodafone, Turkcell

16 Education, Government, eHealth and Regulatory U.S. Government eGov E-Authentication (SAMLv1.0) for 14 major government agencies (The Danish Government have adopted this program, in SAMLv2.0); BIPAC (ID-FF1.2) for regulatory-compliant employee participation in government independent of employer; EduMart (ID-WSF1.1) in Japan for 98 public schools and 24 content providers; HAKA Federation (Shibboleth) of Finnish universities, polytechnics, and research institutions; Juniper Networks application at Catholic Health Systems in New York, NY; InCommon (Shibboleth) 18 higher institutions of higher- education throughout the US, including the University of California, Cornell, Ohio State, University of Chicago, and several content providers, such as Elsevier ScienceDirect, as well as products such as Blackboard, WebCT, WebAssign, EBSCO, JSTOR, and SFX; InQueue (Shibboleth) over 100 institutions across the Americas, Europe, and Asia in trial; Joint Warrior Interoperability Demonstration (JWID) 2003 with Canada, Australia, New Zealand, United States, United Kingdom, and Norway using ID-FF1.1; SDSS (Shibboleth Development and Support Services) for Edima at Edinburgh University Data Liberty for a large collection of UK academic online resources (Shibboleth); SWITCH Swiss education and Research Network (Shibboleth); U.S. Department of Labor Mine Safety and Health Administration (likely SAMLv1.0)

17 Financial Services and related Fidelity Investments, in a corporate setting 401(k) management application, uses Liberty ID-FF, with identity services discovery techniques, and Liberty Identity Services Personal Profiles, to isolate corporate from personal persona; Communicator’s SecuritiesHub (Citigroup, Credit Suisse First Boston, Goldman Sachs, JPMorgan Case & Co, Lehman Brothers, Merrill Lynch, Morgan Stanley, UBS Warburg) for over 24,000 institutional investors in 60 countries co- mingling 800 analysts results; ACS Electronic Land Records Exchange (eRX) electronic recordation; Nationwide Insurance throughout the producer channel; Niteo, for the Financial Services Technology Consortium (FSTC), JPMorgan Chase, Wachovia, and Bank of America; Workscape Inc. and Sun Microsystems providing General Motors’ 401(k) services portal; XConnect’s partnership with eBIZ.mobility Federated Payment for fixed and mobile payments; Other financial services companies thought to be active at some stage (Wells Fargo, AmericanExpress)

18 Airlines and related Star Alliance (Lufthansa, United Airlines, SAS Scandinavian Airlines, Thai Airways International, Air Canada and 10 more), for authentication and resources, with Novell; JAL Online (travel planning, check-in, expenses and reimbursement to credit cards) with NTT Data; Boeing in two applications, one for 500,000 former employees and beneficiaries, another for MyBoeingFleet for customer access to fleet operation and maintenance information

19 Supply Chain Management Proctor & Gamble (also an employee gateway); Covisint (using RSA Security FIM, for Ford, DaimlerChrysler, Delphi, Visteon, Freightliner, Metaldyne, Mitsubishi); ??Oracle implies PeopleSoft and Siebel; ??SAP’s wide use of

20 Protocol gateways and bridging Trustgenix (HP), PingIdentity, Sun Microsystem, BMC Software

21 Other Siemens HiPath DirX Access Federation (SAMLv1.0 and SAMLv1.1); BEA, a SAMLv1.1 gateway on WebLogic Server; Adobe in LiveCycle, SAMLv1.x, might be SAMLv2; Evidian, with Deutsche Post on SAMLv1.1? (c. 2003) and Liberty id- ff1.2?.

Download ppt "OASIS SAMLv2.0 and Liberty WSFv2.0 Deployment Notes circa Mid-2006."

Similar presentations

Govern the Flow of Data: Moving from Chaos to Control

Govern the Flow of Data: Moving from Chaos to Control
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
OASIS WSRP Technical Commitee Web Services for Remote Portlets (WSRP) Overview OASIS WSRP Technical Commitee September, 2003.

OASIS WSRP Technical Commitee Web Services for Remote Portlets (WSRP) Overview OASIS WSRP Technical Commitee September, 2003.
All Contents © 2003 Burton Group. All rights reserved. Identity Management Market Update Prepared for Cal State Universities Mike Neuenschwander senior.

All Contents © 2003 Burton Group. All rights reserved. Identity Management Market Update Prepared for Cal State Universities Mike Neuenschwander senior.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
August 2004 Providing Industry-wide Security and Identity Management Solutions.

August 2004 Providing Industry-wide Security and Identity Management Solutions.
UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.

UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.
Virtual Marketplace on the Internet by Zaharije Radivojevic, Zaharije Radivojevic, Prof. Dr. Veljko Milutinovic,

Virtual Marketplace on the Internet by Zaharije Radivojevic, Zaharije Radivojevic, Prof. Dr. Veljko Milutinovic,
Complete Open Integrated Software Portfolio Complete. Open. Integrated.

Complete Open Integrated Software Portfolio Complete. Open. Integrated.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Network Identity Kai Kang 27 th October 2004. Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.

Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.

UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.

EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.
Stork is an EU co-funded project INFSO-ICT-PSP-224993 STORK PRESENTATION STORK Presentation Lithuania March 2010.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.

The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Similar presentations

Ads by Google