General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

Slides:

Advertisements

Similar presentations

Secure Single Sign-On Across Security Domains

Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Akshat Sharma Samarth Shah

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.

Eric Raff. Usergroup up

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Identity and Access Management

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Identity Management Report By Jean Carreon and Marlon Gonzales.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

10/25/20151 Single Sign-On Web Service Supervisors: Viktor Kulikov Alexander Sherman Liana Lipstov Pavel Bilenko.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

1 caGrid Security Overview Mark Grand Senior Engineer caGrid Knowledge Center February 7, 2011.

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.

1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October

Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.

Adxstudio Portals Training

3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.

Module 10: Identity and Access Services in Windows Server 2008 Active Directory.

- A. Celesti et al University of Messina, Italy Enhanced Cloud Architectures to Enable Cross-Federation Presented by Sanketh Beerabbi University of Central.

Integrating the Healthcare Enterprise Improving Clinical Care: Enterprise User Authentication For IT Infrastructure Robert Horn Agfa Healthcare.

b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

11 | Managing User Info Jeremy Foster Michael Palermo

Access Policy - Federation March 23, 2016

Secure Single Sign-On Across Security Domains

Using Your Own Authentication System with ArcGIS Online

Experiences to Date Faculty of Engineering April 2017

Analyn Policarpio Andrew Jazon Gupaal

Federation made simple

Shibboleth Integration Fairfield University

Data and Applications Security Developments and Directions

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Radius, LDAP, Radius used in Authenticating Users

CompTIA Security+ Study Guide (SY0-401)

Enterprise Authentication with Indico

Cloud Connect Seamlessly

Authentication Protocol

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.

Office 365 Identity Management

Architecture Competency Group

Matthew Levy Azure AD B2B vs B2C Matthew Levy

SharePoint Online Authentication Patterns

AD FS Installation Active Directory Federation Services (AD FS) 7.1

Device Registration and Multi-Factor Authentication

ADUG 21-Oct 2013 Grahame Grieve

Presentation transcript:

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen

Single Sign-On (SSO) “The ability to allow multiple actions to take place on behalf of a user, without requiring multiple authentications by that user.” (Anchan and Pegah, 2003) ”A method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems.” (Wikipedia, 2008)

Using services without SSO

Using services with SSO

Active Directory (AD) Active Directory (AD) is an implementation of LDAP (Lightweight Directory Access Protocol) directory services by Microsoft Contains resources, services and users of the network Client authenticates to AD and receives a ticket (presenting rights to use services)  Applications can impersonate client

Google SSO Uses SAML (Security Assertion Markup Language) technique Basically Google is the only service provider The user logs in Gmail  is able to use e.g. Google Calendar or Google Docs

Facebook “Facebook is a social utility that connects people with friends and others who work, study and live around them” (Facebook About Facebook) “Provides a framework for software developers to create applications that interact with core Facebook features” (Wikipedia 2008 – Facebook)

Facebook

Facebook SSO Uses sessions between Facebook and external applications Facebook offers linking for applications but it doesn’t take responsibility of them Session is established only once between application and Facebook

Facebook SSO If session does not exist  User gets an auth_token which is then exchanged, with api_key, to session_key Session is now established and application can make calls to Facebook API

Why SSO? Saves time Reduces authentication problems (lost passwords etc.) Enhances security Application makers don’t have to think about security and authentication in their applications BUT may create bottlenecks

Comparison of SSOs AD vs. Facebook & Google: AD is designed for more local environments and is intended for more administrative tasks Facebook vs. Google: Google uses a third party identity provider, Facebook doesn’t Facebook vs. Google: trust issues related to applications that are not created by their host

Thank you! Any questions?!