Authentication and Authorization Federation CS 6393 Lecture 8 Part 1 Authentication and Authorization Federation Prof. Ravi Sandhu Executive Director and Endowed Chair April 1, 2016 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu World-Leading Research with Real-World Impact!

Federation Identity Federation Authentication Federation Authorization Single Credential Single Sign-On Multiple Sign-On © Ravi Sandhu World-Leading Research with Real-World Impact! 2

Identity Certificates ABAC is not New User (Identity) X.500 Directory X.509 Identity Certificates Attributes Public-keys + Secured secrets Pre Internet, early 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

Identity Certificates ABAC is not New User (Identity) X.509 Attribute Certificates X.509 Identity Certificates Attributes Public-keys + Secured secrets Post Internet, late 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

Federation OpenID OAuth SAML Identity Federation Authentication Authorization Single Credential OpenID OAuth SAML Single Sign-On Multiple Sign-On © Ravi Sandhu World-Leading Research with Real-World Impact! 5

NIST ABAC Building Block Page 12 Diagram © Ravi Sandhu World-Leading Research with Real-World Impact!