All Contents © 2008 Burton Group. All rights reserved. Current State of Federated Identity OASIS Open Standards Forum 2008 Friday, 3 October 2008 Gerry.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Identity Network Ideals – Heterogeneity & Co-existence
Ray Ozzie Chief Software Architect. Applications and Solutions Cloud Infrastructure Services Live Platform Services Global Foundation Services Services.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
All Contents © 2003 Burton Group. All rights reserved. Identity Management Market Update Prepared for Cal State Universities Mike Neuenschwander senior.
Kim Cameron Integration Imperative Cloud Computing Compliance++ Compliance++ Mergers, Supply Chain, Outsourcing, Partnering, Globalization, …
DRAGOLJUB NESIC 08/12/2013 DOES IDENTITY MANAGENT REALLY HAVE TO BE DIFFICULT?
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Kantara: From IRM to Context. The World of Access Keeps Expanding App sourcing and hosting User populations App access channels SasS apps Apps in public.
Eric Raff. Usergroup up
Securing Insecure Prabath Siriwardena, WSO2 Twitter
WSO2 Identity Server Road Map
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
Understanding Active Directory
Sharepoint 2007  An integrated suite of server capabilities can help improve organizational effectiveness by providing various processes.  Provides.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
SaaS, PaaS & TaaS By: Raza Usmani
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The Cloud Identity Security Leader. © 2012 Ping Identity Corporation Nair the twain shall meet Enterprise Social Mobile.
All Contents © 2007 Burton Group. All rights reserved. Addressing Interoperability Challenges June 12 & 13, 2007 Gerry Gebel VP & Service Director
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.
Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian.
Copyright © 2002 Intel Corporation. Intel Labs Towards Balanced Computing Weaving Peer-to-Peer Technologies into the Fabric of Computing over the Net Presented.
Ian Bailey Director Application Architecture Office of CIO, Province of BC A User Centric and Claims Based Architecture for British Columbia.
PRESENTATION | OBLIX CORPORATE OVERVIEW Oblix Introduction Securely Managing Business in a Connected World.
Shibboleth: An Introduction
Conferencing & Enterprise ROI Randy Knaub Director of Marketing.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Scenario w/ WS-Federation to SAML 2.0 interop challenge for Danish public sector The following slides illustrates in a basic manner the technical/security.
Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.
Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.
ON YOUR TERMS Business needs * Enhanced by upcoming Azure IAAS features GoodBetterBest * * GoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBest.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
With ADFS and Azure Active Directory
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Michael Miller Senior Director Real-Time Collaboration Products Oracle Collaboration Suite 10g Oracle Corporation.
Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Alex Thissen | Achmea Designing and implementing a claims-based architecture Alex Thissen | Achmea Claim typeValue
Illinois Health Network The 14th Global Grid Forum Chicago, Illinois June 27, 2005.
F5 APM & Security Assertion Markup Language ‘sam-el’
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Lecture 6: Cloud Computing
Stop Those Prying Eyes Getting to Your Data
Azure Active Directory - Business 2 Consumer
By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani
Experiences to Date Faculty of Engineering April 2017
Data and Applications Security Developments and Directions
SaaS Application Deep Dive
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Building "One Size Fits All" Identity Systems Possible or Fantasy
Windows Azure Hybrid Architectures and Patterns
Presentation transcript:

All Contents © 2008 Burton Group. All rights reserved. Current State of Federated Identity OASIS Open Standards Forum 2008 Friday, 3 October 2008 Gerry Gebel VP & Service Director – IdPS–

A Few Points to Ponder State of federation is strong – but the game is changing Business models are driving up demand for federation technology – and forcing still other changes Federation and SSO services – an emerging trend to watch 2

After this presentation, you will… … stop federating Because business people don’t know what you are talking about 3 … realize that protocols do not equal a business process You need services and capabilities, in addition to protocols and technologies … discover that the Internet doesn’t need an identity layer Rather, it needs a relationship layer!

Business Trends Drive IT Trends Same as it ever was Global economy, cost-effective communications driving fundamental change to the business environment The more global things get, the more pressure to decompose big orgs Need to integrate business process across many boundaries Must interoperate, connect with security and low friction 4

Business Trends Drive IT Trends What a difference a year (and a financial crisis) makes Do more with less, or do less with less Plate tectonics: Business transformation, IT transformation collide SaaS gaining favor... the times they are a-changing Outsource, offshore, buy it as a service 5

Current Technologies and Methodologies The Expanding Identity Universe Dynamics are driving requirements where CIOs have no control 6 Scale Control Focus Small Large Massive Centralized Distributed BusinessIndividual SMB, SaaS Consumers, Social Networks Deperimeterization Outsourcing Compliance Privacy The CIO and the budget

Where does federation fit in here? 7

8 Federation and Distributed Control

Examine the Problem SSO: internal applications 9 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners

Examine the Problem SSO: hosted applications 10 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners WAM/Federation ? ?

Examine the Problem SSO: external users 11 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Contractors Partners AD/Kerberos?

Examine the Problem SSO: external users 12 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Contractors Partners Federation?

Examine the Problem SSO: employee off site 13 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners AD/Kerberos?

Examine the Problem SSO: employee off site, hosted applications 14 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners Federation?

Examine the Problem SSO: new options 15 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners Federation service

Examine the Problem Why don’t we have SSO? Architecture limitations don’t accommodate new application types: Software as a Service Product and technology selection process failure Used RFP checklist instead of usage scenario analysis Vendor implementations limit your options Kerberos exhibits its weakness when external users are involved Microsoft Office products do not handle HTTP redirects New products or technologies may be required Hosted SSO/federation service is one possibility New approaches may be required Identity intermediaries can limit inherent friction 16

17 Enterprise AD forest LDAP directory services XML gateways Federation servers WAM servers Applications App servers Applications Partner sites ESSO SSL VPN Bulk feed Examine the Problem Maybe it is time to look at the business problem, instead of the technology possibilities

Too Much Science, Not Enough Art 18 The “science project”: connectivity is rarely straightforward Enterprise AD forest SAML assertion SAML-enabled proxy Federation product ADFS agent SharePoint 2003 Web SSO token LDAP directory ADFS Collaborator SID Attribute and group memberships Mapping info and claims WS-Federation Web SSO server Home authentication

19 Growth Rates for Federation Has anyone spotted the elephant in the federation room? All right, but what if deployment rate increases? Assume enterprises can deploy 500 connections per year One customer has 34,000 point-of-sale operations And that’s just for SSO No authorization Not hub-to-hub "How long has THAT been there?" > 1, connections / year = 42 years!! = 68 years!!

20 The Aesthetics of Ubiquity Your technology might be mediocre if: Adding a connection requires a project manager Adding a connection requires lab time Each connection requires a custom contract You have to coordinate your deployment with others The solution only works for the latest-and-greatest infrastructure Upgrading a server has ripple effects from end-to-end It seems reasonable to measure “connections per year”

21 What about that glass ceiling?

Interoperability 22 What if there was a similar program for XACML? Just asking…

Products BMC CA Entrust Evidian IBM Microsoft Novell Oracle Ping Identity RSA Siemens Sun Symlabs Edge Federation Cisco Forum Sys IBM Layer 7 Vordel Fed Services Covisint FuGen Solutions Symplified TriCipher EduServ Federation Marketplace

Open Source Options 24

Working on that scalability problem… 25

Expanding Federations 26

Federating Federations 27

SaaS Federations 28

SSO+ as a Service 29

Identity Aggregators 30  Single point of integration for all Nordic e-ID systems  Expanding into other regions…

Looking Ahead What is the impact of: User centric identity approaches Of course, this is in name only User centric becomes a reality when business models support it OpenID First party identity systems are not very interesting from a business perspective… Information Cards Unlike OpenID, info cards have a real security model But the market is not responding OSIS, Information Card Foundation, Identity Commons, Higgins, Identity Metasystem Interop TC, etc Can someone please explain this to me? 31

In Review State of federation is strong – but the game is changing Business models are driving up demand for federation technology – and forcing still other changes Federation and SSO services – an emerging trend to watch 32

33 Current State of Federated Identity References Burton Group’s Identity and Privacy Strategies In Search of the Internet Identity System: Contrasting the Federation Approaches of SAML, WS-SX, and OpenID Federation’s Future in the Balance: Teetering Between Ubiquity and Mediocrity Business and Legal issues in Federations A Relationship Layer for the Web… and Enterprises, Too

34 Current State of Federation Technology References Burton Group’s Identity and Privacy Strategies In Search of the Internet Identity System: Contrasting the Federation Approaches of SAML, WS-SX, and OpenID Federation’s Future in the Balance: Teetering Between Ubiquity and Mediocrity Business and Legal issues in Federations Information Card Landscape A Relationship Layer for the Web… And Enterprises, Too

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.