Identity Network Ideals – Heterogeneity & Co-existence

Slides:

Advertisements

Similar presentations

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept

Advertisements

GT 4 Security Goals & Plans Sam Meder

© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5,

NRL Security Architecture: A Web Services-Based Solution

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Kim Cameron Integration Imperative Cloud Computing Compliance++ Compliance++ Mergers, Supply Chain, Outsourcing, Partnering, Globalization, …

WSO2 Identity Server Road Map

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Claims Based Authentication

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

APS (Keystone) Security “dial tone” Doron Grinstein Chief Architect October 2012 | Version 0.2 | Confidential.

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Copyright ©2012 Ping Identity Corporation. All rights reserved.1.

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Navigating the Standards Landscape Andrew Owen SEARCH.

Shibboleth: An Introduction

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Prabath Siriwardena, Director of Security, WSO2 Twitter

DOCUMENT #:GSC15-PLEN-27 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.4 CONTACT(S): Amardeo Sarma, ISG INS Chair Identity & Access Management activities.

Non Web-based Identity Federations - Moonshot Daniel Kouril, Michal Prochazka, Marcel Poul ISGC 2015.

Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2.

CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López

The FederID project The First Identity Management and Federation Free Software.

Application Authentication using Azure AD

GEOSS Federated Single Sign-On

Azure Active Directory - Business 2 Consumer

Cloud Security– an overview Keke Chen

Federation Systems, ADFS, & Shibboleth 2.0

Data and Applications Security Developments and Directions

Identity Federations - Overview

Data and Applications Security Developments and Directions

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

ESA Single Sign On (SSO) and Federated Identity Management

Enterprise Service Bus (ESB) (Chapter 9)

Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.

Device Registration and Multi-Factor Authentication

Presentation transcript:

Multi-Protocol Identity Provider Architecture Considerations Uppili Srinivasan, Oracle

Identity Network Ideals – Heterogeneity & Co-existence Point-to-point E-Business Relationships Partner Networks & Consortiums Internet Commerce Social Networks & Blogs Identity Solutions SAML Federation WS-Trust / WS-Federation OpenID Protocols Token Payload SAML X.509 Kerberos OpenID Circle of Trust User Mediated Dynamic Trust Point-point E-Business Trust Trust Fabric Ideal Architecture: Multi-Protocol but integrated Trust model, token types and protocols decoupled Legacy / Current : Multi-protocol Identity silos Trust model, token types and protocols tightly coupled in each silo (Adapted from Kim Cameron’s “ID meta-system Ideals”)

Card Based Authentication in SAML Card Enabled SAML IDP SSO / Card RP SP STS IDP SAML

Multi-Protocol Identity Environment Card Enabled End-users Outsourced (Web) Services WS-Trust / WS-Fed Partner circle of trust OpenID Consuming ISPs SAML OpenID OpenID Card RP STS SAML Protocol Facades Multi-protocol Identity Provider

Common Authentication & Trust Infrastructure Partner Networks & Consortiums Point-to-point E-Business Relationships Internet Commerce Social Networks & Blogs Interconnected Heterogeneous Identity Network Integrated Multi-protocol Technology Infrastructure SAML WS-Trust / WS-federation OpenID Identity Provider and Single Sign-on Services Token / Trust & Federation Services Attribute Authorities Session Mgmt Pseudonym & Privacy Handling Trust & Policy Mgmt Credential & Token Handling Card Enablement & Mgmt Attributes / Claims Access Authorization Decision Services Common Authentication and Trust F/W APIs

Multi-Protocol IDP Scenarios & Benefits Session management & global sign-off Consistent enforcement Privacy policies Trust policies / authorizations Single point of administration Card provisioning & enablement Attribute services External (IDP) token / credential service Trust policies and authorization