Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fidelity Feedback on SAML 1.X and ID-FF 1.X Patrick Harding Enterprise Architecture Fidelity Investments.

Published byHector Barker Modified over 8 years ago

Similar presentations

Presentation on theme: "Fidelity Feedback on SAML 1.X and ID-FF 1.X Patrick Harding Enterprise Architecture Fidelity Investments."— Presentation transcript:

1 Fidelity Feedback on SAML 1.X and ID-FF 1.X Patrick Harding Enterprise Architecture Fidelity Investments

2 Fidelity Proprietary Information 2 Fidelity and Web Services Enterprise commitment to XML in 1999 –Migrated 90% of inter-BU communication to XML/HTTP Endorse standards bodies –OASIS Member –WS-I Member –Liberty Management Board –W3C Member –HR-XML Consortium Externalized first web services to business partners in 2001

3 Fidelity Proprietary Information 3 Fidelity Use Cases These are the simple ones 1.Employee SSO across internal applications 2.Employee SSO access to external services 3.Customer SSO access to Fidelity

4 Fidelity Proprietary Information 4 Use Case 1: Employee SSO across Internal Applications Employee Intra-enterprise SSO –Current solution leverages proprietary cookie –Issues integrating COTS applications Use SAML V1.X –SSO Browser POST Profile –No requirement for federation –Starting proof-of-concept Issues –No logout in SAML –No profiles for Web Service clients –No profile for WSRP

5 Fidelity Proprietary Information 5 Use Case 2: Employee Access to External Services Employee Inter-enterprise SSO –Initiated from Fidelity employee portal –Current solutions are proprietary or involve separate UserID and Password –Also involves batch transfer of employee data Use SAML V1.X and Liberty ID-FF V1.X where appropriate. –Fidelity is the Source/Identity Provider –SSO Browser Artifact Profile –May require federation (account linking) –May require single logout –Also expose attribute service to allow service provider to retrieve employee data Issues –External Service Provider support for Liberty/SAML –Forced to use opaque id’s with Liberty

6 Fidelity Proprietary Information 6 Use Case 3: Customer SSO Access to Fidelity Customer Inter-enterprise SSO –Fidelity clients are requesting SSO access to Fidelity from their employee portal –Fidelity has at least two proprietary solutions in place –Fidelity accepts batch feeds of client’s employee data Use Liberty ID-FF V1.X –Fidelity is the Service Provider –SSO Browser Artifact Profile –Opt-in/Opt-out Dynamic Federation and Bulk Federation –Single Logout is required Issues –External client support for Liberty –Extensibility confusion (saml:Advice, etc) –Optional requirement for AuthNRequest –No standardized credential collection for web service clients

7 Fidelity Proprietary Information 7 Technical Issues Summary Fidelity needs a single standard for SSO and Identity Federation Client support for Liberty/SAML –Needs to be simpler –Every enterprise will be an IdP for its employees SAML 1.X lacks certain features that ID-FF 1.X provides –e.g. Log-out, Federation, De-federation ID-FF 1.X lacks certain features that SAML 1.X provides –e.g. One-way SSO flow SAML extensibility confusion No standardized XML language for credential collection Versioning is not well defined

Download ppt "Fidelity Feedback on SAML 1.X and ID-FF 1.X Patrick Harding Enterprise Architecture Fidelity Investments."

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Technical - SharePoint SharePoint grew out of the Exchange Development Teams collaboration work and Digital Dashboard initiative. SharePoint Team Services.

Technical - SharePoint SharePoint grew out of the Exchange Development Teams collaboration work and Digital Dashboard initiative. SharePoint Team Services.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Midwest Documentum User Group Harley-Davidson Documentum WCM 10/10/2006.

Midwest Documentum User Group Harley-Davidson Documentum WCM 10/10/2006.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.

SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The effect of standards on the enterprise Bill Stangel Fidelity Investments April 26, 2004.

The effect of standards on the enterprise Bill Stangel Fidelity Investments April 26, 2004.
Web Service Standards, Security & Management Chris Peiris www.ChrisPeiris.com.

Web Service Standards, Security & Management Chris Peiris
Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.

Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.
Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

Similar presentations

Ads by Google