Secure & Tech konferencija Budućnost autentifikacije i autorizacije

Slides:

Advertisements

Similar presentations

Kviz iz informatike Izradio: Dubravko Kišić. Izrada prezentacije Internet Proračunske tablice Kraj.

Advertisements

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.

Contrail and Federated Identity Management

OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

WSO2 Identity Server Road Map

Projects on digital identification at MTA SZTAKI Ottó Hutter MTA SZTAKI.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Conditional access DirectAccess & automatic VPN Desktop Virtualization.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

SharePoint Design Tools Office Applications.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

1 Predlozi tema za master radove – 2010/11. Cvetana Krstev.

APS (Keystone) Security “dial tone” Doron Grinstein Chief Architect October 2012 | Version 0.2 | Confidential.

Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor

Toni Frankola Acceleratio d.o.o. SharePoint MVP. 2 | Create sites to share documents and insights with colleagues, partners and customers TEAM SITES Keep.

Miha Pihler MCSA, MCSE, MCT, CISSP, Microsoft MVP

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

A Lap Around Windows Azure Active Directory Stuart Kwan Lead Principal Program Manager Microsoft Corporation SIA209.

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Prabath Siriwardena – Software Architect, WSO2. Patterns Standards Implementations Plan for the session.

Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.

COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

AuthenticationService Application DelegationKerberos.

Chapter 13: Managing Identity and Authentication.

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Prabath Siriwardena, Director of Security, WSO2 Twitter

About Me AUTHENTICATION Identity Provider.

Ratko Štibrić IT.inteligentne tehnologije ProMDM Identiteti i autentikacija A- Z u oblaku i na zemlji.

CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Web site lifecycles Problem is that web sites live forever –Out of date sites with.

WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.

Secured Services Best Practices on ArcGIS for Server Patrick Jackson & Thomas Noble.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Dr. Michael B. Jones Identity Standards Architect at Microsoft

Throw away your DMZ Azure Active Directory Application Proxy deep-dive

Azure Active Directory - Business 2 Consumer

Azure Active Directory voor Developers

Solving the Identity Crisis

Docker – kontejnerizacija na serveru Vedran Vučetić, SPAN

SQL AlwaysOn Availability Groups

Exchange 2013 – integracija sa SharePoint-om i Lync-om

Broadband over powerlines

Provisioning Windowsa 10 na IoT, mobilnim i desktop uređajima

predavanja v.as.mr. Samir Lemeš

OPERACIJSKI SUSTAVI.

Azure AD Application Proxy

Azure Active Directory

Mrežni protokoli.

EBSCO eBook Academic Collection: upute za korištenje na računalu

Office 365 za akademske korisnike – prošlost, sadašnjost i budućnost

KONFIGURACIJA TCP/Ip protokola u LOKALNOJ (LAN) MREŽI

ACS Functionality.

Internet FTP usluga.

1.6. Pohrana podataka.

Do While ... Loop struktura

Authentication and Authorization Federation

Fakultet elektrotehnike i računarstva

Online pripreme za državnu maturu iz informatike

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

Building Security into Your System

Dvostruka autentifikacija

5/6/2019 5:15 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

NHS Identity Authentication fit for modern health and social care

COEN 351 Authentication.

Presentation transcript:

Secure & Tech konferencija Budućnost autentifikacije i autorizacije Ratko Štibrić stibra@promdm.com ProMDM

Povijest - lozinke Koliko lozinki pamtite? Lagano se ukradu ili pogode (i čak razbiju) Loše implementacije sustava Korištenje istih lozinki na različitim sustavima Politike jakih lozinki nisu dovoljne

Eksternalizacija autentikacije Izbaciti autentikaciju iz aplikacija Aplikacijama ostaviti samo autorizaciju (čak i taj dio može van) Security Token Servisi Claims based authentication Bogatstvo protokola (SAML, WS-Federation, OAuth2, OpenID Connect)

Što umjesto lozinke? PKI Par ključeva i certifikat Zaštita privatnog ključa Biometrija za zaštitu privatnog ključa? PIN

SSL (TLS) Client Certificate Authentication Osnova PKI naravno Kako sigurno generirati par ključeva na uređaju? Konfiguracija web servera Konfiguracija reverse proxy servera Kerberos Constrained Delegation

Windows Smartcard logon Kerberos (PKINIT) Pametne kartice Virtualne pametne kartice (Windows 10) Problemi? Cijena (ne samo fizički kartica, nego i CMS softvera) Čitači nisu dio svake tipkovnice i prijenosnog računala Strah od PKI-a Nedostatak znanja Loš smartcard softver

Windows Hello (for Business) Osnova je opet PKI - par ključeva i certifikat Web Authn (FIDO 2.0) standard Prijava na Windows 10 računalo Face, iris, fingerprint ili PIN Jednostavna integracija u web i moderne aplikacije

DEMO

Pitanja