1. Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010

2. Main ContentsMain Contents  SSO Overview  Introduce and demo OpenSSO  Introduce and demo OpenID

3. SSO OverviewSSO Overview  Single Sign On is a property of access control of multiple, related but independent systems. This property allows an user to login and gain access to all systems without logging in in each of them  A group of those linked systems is called a Federation.  A Federated Identity Management provides a standardized central system to manage users’ identities

4. Roles in a federationRoles in a federation  End User  Identity Provider:  Manage Users’ Identities  Issue Identities  Manage Users  Authenticate Users’ Identities  Service Provider:  Manage access to the service  Check Users’s Identities from Identity Provider  Manage Users’s Profiles

5. Benefits of SSOBenefits of SSO  Reduce total cost of ownership  Provides measurable ROI across the organization  Helpdesk cost savings  Improve User Productivity and Convenience  Reduce frustration of multiple log-on events  Remembering passwords  Increase Security and Compliance  Strengthen and centralize user access control  Improved reporting and monitoring for regulatory compliance  Allow multi-factor authentication

6. Some Open SSO SolutionsSome Open SSO Solutions

7. OpenSSO  OpenSSO is an open source SSO solutions developed by Sun Microsystems Inc (now is subsidiary of Oracle)  OpenSSO provides access management by allowing the implementation of authentication, policy-based authorization, federation, SSO, and web services security from a single, unified framework  OpenSSO usually act as an Identity Provider in a Federation.

8. What does OpenSSO do ?What does OpenSSO do ?

9. What does OpenSSO provides ?  Access Control  Federation Management  Web Services Security  Identity Web Services

10. Demo OpenSSO – Step 1Demo OpenSSO – Step 1  Demonstrate the use of digital certificates to login to Google Apps via OpenSSO  We used services provided by SSOCircle, base on OpenSSO  User go to Google Apps website

11. Demo OpenSSO – Step 2Demo OpenSSO – Step 2  User is redirected to OpenSSO Login screen.  They can login using various of methods

12. Demo OpenSSO – Step 3Demo OpenSSO – Step 3  After logging in, I was redirected back to Google Apps  I used a certificate issued by SSOCircle to login

13. OpenID  An open, decentralized protocols that allow end-users login to multiple services with a single identity  Simple and easy to deploy  Base on mature technology like HTTP, SSL/TLS, Diffie- Hellman  Open, patent free  Supported by a lot of major companies like IBM, Microsoft, Google, Yahoo, AOL.

14. How does OpenID work ?How does OpenID work ?  Each OpenID is an unique URL  http://thangnm.myopenid.com  The service provider discover and establish a secure connection with the identity provider  Redirect user to the Identity Provider to login  Redirect back to service provider website  Service provider check OpenID response and grant user access if authenticated.

15. The popularity of OpenIDThe popularity of OpenID  1 billion OpenID accounts as of 12/2009  9 millions websites have integrated OpenID consumer support.  Major OpenID providers  Google  AOL  Orange  VeriSign  Yahoo  Microsoft

16. Demo OpenID – Step 1Demo OpenID – Step 1  Facebook allows a Facebook account to be linked with an OpenID account.  In Account Settings screen, you can select an OpenID provider to link accounts with.  I selected Google and enter my Facebook password to continue

17. Demo OpenID – Step 2Demo OpenID – Step 2  Facebook will redirect me to Google to login  I need to confirm once more to links the 2 accounts  From now on, after logging to Google Accounts, I will be logged in to Facebook automatically

18. Thank you.Thank you.