NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.

Slides:



Advertisements
Similar presentations
1.Click on the Need a login? Click here. link directly beneath the login boxes. 2.Enter your social security number & birth date. When finished, click.
Advertisements

Dear OpenID Santa This Christmas I wish…. To Accept OpenID Please find a way to allow users to login to clients apps Messenger Phone/apps Allow them to.
Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).
Setting Up Your Facebook Account. Step 1: Ensure you have a valid account to use for your login. Eg. Hotmail, Gmail, Me etc.
Research and Innovation Participant Portal How to register for an ECAS account NEXT.
For new coming user, you need to request account before log-in to the system by 1. Go to 2. Click “Register”
By: Ansuya Chauhan.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
© 2010, University of KentPrimeLife Vienna, 10 Sept CardSpace in the Cloud David Chadwick, George Inman University of Kent.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
WebFTS as a first WLCG/HEP FIM pilot
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 16 Prof. Crista Lopes.
Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
COIS11011 Resource Package. How can MyITLab help you? Online training resource to improve your skills in Office Applications Online training resource.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Identity Management Report By Jean Carreon and Marlon Gonzales.
1 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Chad La Joie Shibboleth’s Future.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Shibboleth 2.0 IdP Training: Authentication January, 2009.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Simplify TeleHealth - Copyright 2012 Emerge.MD inc - Confidential Single Sign On via Active Directory Federation Services 4.6 Release (March 2014) Updates.
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Keith Brown Cofounder pluralsight.com SIA312 Outline What is identity? Challenges Federated identity How it works from a 10,000 foot view Terminology.
Go Animate Tutorial. Home Sign Up Click Sign Up.
Payment in Identity Federations David J. Lutz Universitaet Stuttgart.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Session: MIX09-T27F. Web Developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Adxstudio Portals Training
Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.
HOW TO CREATE A DCF ACCOUNT. Go to myflfamilies.com.
Improving the Usability and Security of OpenID Mike Jones Microsoft Federated Identity Team
Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.
F5 APM & Security Assertion Markup Language ‘sam-el’
B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.
HMA-S Project User Management for EO Services OGC r9
Access Policy - Federation March 23, 2016
Using Your Own Authentication System with ArcGIS Online
Shibboleth Architecture
Mechanisms of Interfederation
Analyn Policarpio Andrew Jazon Gupaal
Federation made simple
Identity Federations - Overview
Data and Applications Security Developments and Directions
Identity management Aalto University, autumn 2013.
Yahoo Support Ireland Toll-Free Number:
dCache, towards Federated Identities and Anonymized Delegation
TCEQ Migration to EPA’s National NetDMR
TCEQ Migration to EPA’s National NetDMR
ESA Single Sign On (SSO) and Federated Identity Management
Voly Registration Cedar Hill ISD
OSCAR/Surface How to register
If you need to set your agency up as a new user, select Setup Agency Profile.
Project OSCAR Main Page
Registering an Account
Step 1: Choose your Level
Student user guide for getting started with Microsoft
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions

Does NASA accept OpenID login? Does NASA accept OpenID login and rely on the level of user identity assurance level 0? –NO! But what do they do? For the NEX – NASA EARTH EXCHANGE – they do the following (c) Secure Dimensions2NASA NEX & OpenID

Go to the NEX homepage If you go they require you to login via HTTP BASIC AUTH, using your NEX accounthttps://c3.nasa.gov –=> No username/password = no login If you go then you can choose a login methodhttps://c3.nasa.gov/nex –E.g. OpenID as I do not have an account 2012 (c) Secure Dimensions3NASA NEX & OpenID

NEX Login No – don‘t have one  Yes – do have one 2012 (c) Secure Dimensions4NASA NEX & OpenID

Sign In with your OpenID 2012 (c) Secure Dimensions5NASA NEX & OpenID

After Login... Your Browser gets redirected back to ?NASA? Looks like a perfect Phishing Attack to me! 2012 (c) Secure Dimensions6NASA NEX & OpenID

After accepting the redirect back to NASA Surprise – You arrive a the „Create New OpenID User“ page 2012 (c) Secure Dimensions7NASA NEX & OpenID

What happens next? You need to fill out the form You will receive an to confirm Your account creation with NASA is then pending (c) Secure Dimensions8NASA NEX & OpenID

„Conclusions“ from Observation NASA NEX does not allow straight OpenID login! NASA NEX is accepting OpenID login, but only if your identity was checked by NASA before So essentially, NASA has applied their on extra security to lift OpenID identity assurance level 0 to their own level Problem: –You will end up in one NEX account for each of your OpenID accounts –Not interoperable if each „federation“ service provider uses on selection of OpenID providers 2012 (c) Secure Dimensions9NASA NEX & OpenID

This fits the SAML2 / OpenID proposal SAML 2 as the standard for exchanging user assertions and establishing identity assurance throught trusted Identity Providers Users from trusted IdPs are directly accepted Users from OpenId IdPs require extra checking Advantage of SAML2 base vs. NASA approach –Not each Service Provider must create accounts themselves – trusted Identity Providers would do that –Guarantee to the user that once accredited at the SAML2 / OpenID IdP, the account would work with all Service Providers and not only NEX from NASA 2012 (c) Secure Dimensions10NASA NEX & OpenID

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.