Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

Published byGeorgia Snow Modified over 8 years ago

Similar presentations

Presentation on theme: "General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen."— Presentation transcript:

1 General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen

2 Single Sign-On (SSO) “The ability to allow multiple actions to take place on behalf of a user, without requiring multiple authentications by that user.” (Anchan and Pegah, 2003) ”A method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems.” (Wikipedia, 2008)

3 Using services without SSO

4 Using services with SSO

5 Active Directory (AD) Active Directory (AD) is an implementation of LDAP (Lightweight Directory Access Protocol) directory services by Microsoft Contains resources, services and users of the network Client authenticates to AD and receives a ticket (presenting rights to use services)  Applications can impersonate client

6

7 Google SSO Uses SAML (Security Assertion Markup Language) technique Basically Google is the only service provider The user logs in Gmail  is able to use e.g. Google Calendar or Google Docs

8

9 Facebook “Facebook is a social utility that connects people with friends and others who work, study and live around them” (Facebook 2008 - About Facebook) “Provides a framework for software developers to create applications that interact with core Facebook features” (Wikipedia 2008 – Facebook)

10 Facebook

11 Facebook SSO Uses sessions between Facebook and external applications Facebook offers linking for applications but it doesn’t take responsibility of them Session is established only once between application and Facebook

12 Facebook SSO If session does not exist  User gets an auth_token which is then exchanged, with api_key, to session_key Session is now established and application can make calls to Facebook API

13 Why SSO? Saves time Reduces authentication problems (lost passwords etc.) Enhances security Application makers don’t have to think about security and authentication in their applications BUT may create bottlenecks

14 Comparison of SSOs AD vs. Facebook & Google: AD is designed for more local environments and is intended for more administrative tasks Facebook vs. Google: Google uses a third party identity provider, Facebook doesn’t Facebook vs. Google: trust issues related to applications that are not created by their host

15 Thank you! Any questions?!

Download ppt "General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.
Eric Raff. Usergroup up

Eric Raff. Usergroup up
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Identity and Access Management

Identity and Access Management
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13, 2014 1.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I.

Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Survey of Identity Repository Security Models JSR 351, Sep 2012.

Survey of Identity Repository Security Models JSR 351, Sep 2012.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Similar presentations

Ads by Google