EuroCAMP Authentication (AuthN)

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Identity Network Ideals – Heterogeneity & Co-existence
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
EIFL Thursday, December 15 th, 2011 Brook Schofield Project Development Officer Slide 1.
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Team: SuperBad Cats MSIT 458 – Dr. Chen Authentication through Password Protection.
Approaches and challenges for a SSO enabled extranet using Jasig CAS Florian Holzschuher René Peinl
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Virtualization and Cloud Computing
TF-EMC2 Tuesday, February 15 th, 2011 Brook Schofield Project Development Officer Slide 1.
WSO2 Identity Server Road Map
Identity Services Goals ① Improved and timely access to MIT services ② Reliable modular utilities (i.e. power, water, phone) ③ Easy integration for.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
MOBILE SECURITY MADE EASY. STOCKHOLM SOFTWARE COMPANY.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
ELCIRA and eduGAIN: Practical aspects of interfederation for academic collaboration Brook Schofield, TERENA ● TICAL2013, Cartagena, Colombia ● 8 th July.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Session: MIX09-T27F. Web Developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Configuration Manager and InTune Gemeinsam oder einsam?
Adxstudio Portals Training
F5 APM & Security Assertion Markup Language ‘sam-el’
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,
TF-EMC2 Tuesday, February 15 th, 2011 Brook Schofield Project Development Officer Slide 1.
SharePoint Authentication and Authorization
Access Policy - Federation March 23, 2016
Using Your Own Authentication System with ArcGIS Online
A lap around Azure Active Directory Business to Consumer (B2C)
Azure Active Directory - Business 2 Consumer
LIGO Identity and Access Management
Authentication Interact Cloud.
Federation made simple
Data and Applications Security Developments and Directions
CheckIn: the AAI platform for EGI
Secure Remote Access to on-premises Web Apps using Azure AD
9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.
Enterprise Authentication with Indico
Azure AD Application Proxy
ESA Single Sign On (SSO) and Federated Identity Management
Office 365 Identity Management
Office 365 Identity Management
EuroCAMP Authentication (AuthN)
Community AAI with Check-In
IST346: Namespaces, Identity Management
EuroCAMP Welcome EuroCAMP Tuesday, November 23rd, 2010 Brook Schofield
TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
07 | Introduction to Authentication
EuroCAMP Welcome EuroCAMP Tuesday, November 23rd, 2010 Brook Schofield
Getting Started With LastPass Enterprise
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

EuroCAMP Authentication (AuthN) Tuesday, November 23rd, 2010 Brook Schofield Project Development Officer brook@terena.org www.terena.org EuroCAMP Authentication (AuthN)

Campus Architecture & Middleware Planning… My Blurb: Focusing on the first step of the 'domestication' progression we'll cover authentication for applications, showing examples of externalising authentication and identifying the technologies of interest to this group. Q: First step? Q: Domestication? applications that work well with enterprise infrastructure, typically by externalizing group management, authentication, and/or authorization - COmanage webpage via RL ‘Bob’ Morgan

AuthN is easy! That’s why everyone does it! Previously everyone "had" to do it. Campus' created accounts because their students needed them. Commercial providers created accounts so people could access them. Password synchronization is handled by the user.

Remember to squat your name! http://namechk.com/

Many campus solutions to the username/password problem. NIS, Novell Windows for Work Groups LDAP and Microsoft AD Kerberos CAS, WebAuth Limited to the Campus Need to expand outside the Campus

We preached it, but didn’t live it.

TERENA Externalising AuthN

The campus problem disrupted. Campus’ always had external resources Solved by liberal licensing Reverse Proxies VPN Complicated by: Mobile students Proliferation of Devices IPv6 $ £ € ¥ ₨

Storm Brewing. A storm brewing over New South Wales (image credit: Jimmy Deguara)

Levels in the AuthN Continuum 1 - Username/Password for All Services Manual sign-up by the user Password reset problem Deprovisioning Problem 2 - Shared Identity LDAP Backend Password Synchronisation (maybe) 3 - Externalised Identity Identity Federation (SAML) Single Point OpenID vs Facebook vs Google

How many username/password combinations do use in a day? Quick Poll… How many username/password combinations do use in a day? Including the ones that your browser / os remember for you. 1 2-5 5-15 15+

Do we feel special?

Integrating 3rd Party Applications

Integrating 3rd Party Applications Stupid Applications are the easiest Any HTTP Basic Auth? Embedded Username/Password Dialog Hardest to deal with (especially flash) Lots of Options simpleSAMLphp Shibboleth-SP OIOSAML SP Fedlet OpenAM

…including the kitchen sink. Applications are diverse Skinning a Cat Users are diverse From different sources IdPs are diverse No two attributes the same

Scaling AuthN

brook@terena.org +31651553991 sip:schofield@terena.org skype://brookschofield @BrookSchofield facebook.com/brook.schofield linkedin.com/in/brookschofield Questions? “A man with one watch knows what time it is; a man with two watches is never quite sure.” Lee Segall

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.