Fidelity Feedback on SAML 1.X and ID-FF 1.X Patrick Harding Enterprise Architecture Fidelity Investments.

Slides:

Advertisements

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Advertisements

Identity Network Ideals – Heterogeneity & Co-existence

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Technical - SharePoint SharePoint grew out of the Exchange Development Teams collaboration work and Digital Dashboard initiative. SharePoint Team Services.

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

Midwest Documentum User Group Harley-Davidson Documentum WCM 10/10/2006.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

The effect of standards on the enterprise Bill Stangel Fidelity Investments April 26, 2004.

Web Service Standards, Security & Management Chris Peiris

Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.

Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

SWITCHaai Team Introduction to Shibboleth.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

Evaluation and Testbed Development Bhavani Thuraisingham The University of Texas at Dallas Jim Massaro and Ravi Sandhu.

Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Avaya Single Sign On (SSO)

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Catalyst 2002 SAML InterOp July 15, 2002 San Francisco.

SAML 2.0: Federation Models, Use-Cases and Standards Roadmap

Saml-v1_x-tech-overview-dec051 Security Assertion Markup Language SAML 1.x Technical Overview Tom Scavo NCSA.

An XML based Security Assertion Markup Language

Shibboleth: An Introduction

Technical Break-out group What are the biggest issues form past projects – need for education about standards and technologies to get everyone on the same.

Comments on SAML Attribute Mgmt Protocol Contribution to OASIS Security Services TC Phil Hunt & Prateek Mishra

Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Shibboleth 2.0 Update Ken Klingenstein. 2 Topics Shib v1.3 Status SAML new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Review of Liberty Alliance 1.1 Web Browser Profiles Prateek Mishra Netegrity.

Web Services Martin Nečaský, Ph.D. Faculty of Mathematics and Physics Charles University in Prague, Czech Republic Summer 2014.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

 1 Employee Performance Management HR-XML Technical Standards.

Security Assertion Markup Language (SAML) Interoperability Demonstration.

EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.

OASIS ebXML Registry Standard Open Forum 2003 on Metadata Registries 10:30 – 11:15 January 20, 2003 Kathryn Breininger The Boeing Company Chair, OASIS.

SAML Interoperability Lab RSA Conference Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML History SAML Interop Lab Q & A Demo.

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

The FederID project The First Identity Management and Federation Free Software.

Security Assertion Markup Language, v2.0 Chad La Joie Georgetown University / Internet2.

Improving Extending the Shibboleth Identity Provider User Experience Keith Hazelton University of Wisconsin-Madison William G. Thompson, Jr. Unicon, Inc.

Access Policy - Federation March 23, 2016

Using Your Own Authentication System with ArcGIS Online

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

Federation made simple

SAML New Features and Standardization Status

HMA Identity Management Status

Identity Federations - Overview

Data and Applications Security Developments and Directions

Identity management Aalto University, autumn 2013.

Office 365 Identity Management

BPOS to Office 365 Transition for Existing BPOS Customers

Presentation transcript:

Fidelity Feedback on SAML 1.X and ID-FF 1.X Patrick Harding Enterprise Architecture Fidelity Investments

Fidelity Proprietary Information 2 Fidelity and Web Services Enterprise commitment to XML in 1999 –Migrated 90% of inter-BU communication to XML/HTTP Endorse standards bodies –OASIS Member –WS-I Member –Liberty Management Board –W3C Member –HR-XML Consortium Externalized first web services to business partners in 2001

Fidelity Proprietary Information 3 Fidelity Use Cases These are the simple ones 1.Employee SSO across internal applications 2.Employee SSO access to external services 3.Customer SSO access to Fidelity

Fidelity Proprietary Information 4 Use Case 1: Employee SSO across Internal Applications Employee Intra-enterprise SSO –Current solution leverages proprietary cookie –Issues integrating COTS applications Use SAML V1.X –SSO Browser POST Profile –No requirement for federation –Starting proof-of-concept Issues –No logout in SAML –No profiles for Web Service clients –No profile for WSRP

Fidelity Proprietary Information 5 Use Case 2: Employee Access to External Services Employee Inter-enterprise SSO –Initiated from Fidelity employee portal –Current solutions are proprietary or involve separate UserID and Password –Also involves batch transfer of employee data Use SAML V1.X and Liberty ID-FF V1.X where appropriate. –Fidelity is the Source/Identity Provider –SSO Browser Artifact Profile –May require federation (account linking) –May require single logout –Also expose attribute service to allow service provider to retrieve employee data Issues –External Service Provider support for Liberty/SAML –Forced to use opaque id’s with Liberty

Fidelity Proprietary Information 6 Use Case 3: Customer SSO Access to Fidelity Customer Inter-enterprise SSO –Fidelity clients are requesting SSO access to Fidelity from their employee portal –Fidelity has at least two proprietary solutions in place –Fidelity accepts batch feeds of client’s employee data Use Liberty ID-FF V1.X –Fidelity is the Service Provider –SSO Browser Artifact Profile –Opt-in/Opt-out Dynamic Federation and Bulk Federation –Single Logout is required Issues –External client support for Liberty –Extensibility confusion (saml:Advice, etc) –Optional requirement for AuthNRequest –No standardized credential collection for web service clients

Fidelity Proprietary Information 7 Technical Issues Summary Fidelity needs a single standard for SSO and Identity Federation Client support for Liberty/SAML –Needs to be simpler –Every enterprise will be an IdP for its employees SAML 1.X lacks certain features that ID-FF 1.X provides –e.g. Log-out, Federation, De-federation ID-FF 1.X lacks certain features that SAML 1.X provides –e.g. One-way SSO flow SAML extensibility confusion No standardized XML language for credential collection Versioning is not well defined