Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5,
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Virtualization and Cloud Computing
Eric Raff. Usergroup up
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar.
WebFTS as a first WLCG/HEP FIM pilot
GRDevDay March 21, 2015 Cloud-based Identity for Applications.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
Authentication via campus single sign-on 2012 VIVO Implementation Fest.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Quarterly Customer Meeting Active Directory Federation Services (ADFS) April 2015.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Identity Management Report By Jean Carreon and Marlon Gonzales.
Single Sign-On with Microsoft Azure
SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein
Shibboleth: An Introduction
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Scenario w/ WS-Federation to SAML 2.0 interop challenge for Danish public sector The following slides illustrates in a basic manner the technical/security.
Cloud federation Are we there yet? Marek Denis CERN openlab Major Review Geneva, Switzerland › October
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.
With ADFS and Azure Active Directory
SSO Challenge s Implementing Identity Management: ADFS and Azure AD Hugh Valentine Head of Business Development Cloud Point Steve Rastall Managing Director.
Identities and Azure AD Premium
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.
F5 APM & Security Assertion Markup Language ‘sam-el’
General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
11 | Managing User Info Jeremy Foster Michael Palermo
Web SSO with Cloud Resources using AD Federation Services
Access Policy - Federation March 23, 2016
Secure Single Sign-On Across Security Domains
Using Your Own Authentication System with ArcGIS Online
Analyn Policarpio Andrew Jazon Gupaal
Federation made simple
Federation Systems, ADFS, & Shibboleth 2.0
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
John O’Keefe Director of Academic Technology & Network Services
Shibboleth Implementation in EZproxy
ESA Single Sign On (SSO) and Federated Identity Management
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Office 365 Identity Management
Identity & Access Management
Matthew Levy Azure AD B2B vs B2C Matthew Levy
Device Registration and Multi-Factor Authentication
Shibboleth 2.0 IdP Training: Introduction
Presentation transcript:

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland

Arc of Authentication History Define Trusted 3 rd Party Authentication (TTPA) Place TTPA in current computing trend Advantages Challenges Technology Single Sign-On (SSO) & Identity Management (IdM) Security’s Stake Discussion Advanced topics o Multi-factor authentication o Identity acceptance from 3 rd parties Overview

Source: A Brief History of Authentication

Source: “The Cloud” This is where our romance gets rocky

An entity two parties, who may have no knowledge about each other, trust. In this case the 3 rd party is used to facilitate authentication and/or exchange of attributes What is a Trusted 3 rd Party

The rise of BUI and the “Cloud” are pushing more enterprise and workgroup solutions to to HTTP/S and off our networks. - Google Apps, Office365 - AWS, Google App Engine - Salesforce - DocuSign - Box.net, DropBox Trend in Enterprise IT

Service providers never have user authentication credentials Service providers do not need to manage accounts Single, uniformed login interface Signed assertions are difficult to forge Advantages

Not all IdP and SP get along Need to negotiate attribute release and formatting Single Sign-on can create an inconsistent user experience since SP can tune behavior Not getting cross eyed reading XML Challenges

Shibboleth Microsoft Active Directory Federation Services Central Authentication Service (CAS) Homegrown SAML generator/interrupter Security Assertion Markup Language How can we do this?

Signle Sign-on (SSO) Identity Management (IdM) Hitchhiker & a Dependency

Increases the value of a credential Access auditing Authorization Provisioning/deprovisioning become tied to roles and attributes Confidence in assertion exchange Security’s stake in all this.

What are you doing for centralized web authentication? Would you consider it trusted 3 rd party authentication and do you have any brief tips or lessons you can share? Discussion

Multi-factor authentication o Can be a vended solution o Phone, SMS, smartphone app, hardware Identity acceptance from 3 rd parties (Facebook, Google, Twitter, etc.) Advanced Topics

Google “MS ADFS” Resources

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.