Presentation is loading. Please wait.

Presentation is loading. Please wait.

OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007.

Published byKian Ingle Modified over 9 years ago

Similar presentations

Presentation on theme: "OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007."— Presentation transcript:

1 OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007

2 OOI-CI–Ragouzis–2007.10.15 Core Interaction Patterns of an Identity Federation Framework OASIS SAMLv2.0 Liberty Alliance ID-WSF2.0

3 OOI-CI–Ragouzis–2007.10.15 Core Interaction Patterns of an Identity Federation Framework Explore general interaction aspects Using Interactions to integrate an architecture –By example

4 OOI-CI–Ragouzis–2007.10.15 OASIS SAML v2.0

5 OOI-CI–Ragouzis–2007.10.15 OASIS SAML v2.0

6 OOI-CI–Ragouzis–2007.10.15 COI-Core Connectivities –Data Network Messages from & about interactions –Control Network Realizes interactions for Observations –Process Network Plays and constrains interactions to plan

7 OOI-CI–Ragouzis–2007.10.15 Interaction: Messages of Authn The Message “Object” Evolution of semantic richness

8 OOI-CI–Ragouzis–2007.10.15 Interaction: Exchanges of Authn The art of the coddle: –Bootstrapping –Referrals –Proxy –Hiding

9 OOI-CI–Ragouzis–2007.10.15 Identity Federation Framework Identity-enabled … Privacy-respecting … Regulatory/Governance-tractable … Composable … Domain-cognizant … Dynamically-configurable … Resource-aware … Deployment-time extensible … Process-instantiating … Network services … Framework

10 OOI-CI–Ragouzis–2007.10.15 Key Characteristics Identity as organizing principle Subject identification +[transient | persistent, opaque] Sharing identifiers across trust domains Confirming rights to authenticate Authentication context Discovery Interaction Attributed as first class objects Privacy preferences, and policies General application-level services framework Extensible metadata for description & verification

11 OOI-CI–Ragouzis–2007.10.15 Liberty ID-WSF v2.0 http://projectliberty.org/liberty/specifications__1

12 OOI-CI–Ragouzis–2007.10.15 OASIS SAML v2.0 Stylized from: http://projectliberty.org/liberty/specifications__1

13 OOI-CI–Ragouzis–2007.10.15 Subject Subject’s Identifier | implied SubjectConfirmation –Who are you to talk to me about this subject? … now? –You know what I want to hear –Encryption options Extensible The Subject SAML v2.0 context: assertion

14 OOI-CI–Ragouzis–2007.10.15 Name Identifiers Abstract and Concrete types –Extend your own Pair-wise semantics –Peering-mechanics Extensible Typing (Format) Privacy-preserving –EncryptedID –Pseudonyms The Principal SAML v2.0

15 OOI-CI–Ragouzis–2007.10.15 SAML v2.0 Assertions Statements From SAML authority About the Subject (or application-implied Subject(s)) And other coordination (conditions, advice, encrypt) Extensible Kinds of Statements from SAMLAuthority about Subject: –Authentication Statement –Attribute Statement –Authorization Decision Statement –Statement (Extension point) SAML v2.0

16 OOI-CI–Ragouzis–2007.10.15 Authentication Context Context Class or Specific Context Declarations Data Model: –Identification –Technical Protection –Operational Protection –Authentication Method –Governing Agreements Authentication Contexts, before your extensions: –IP, IP password, Kerberos, time sync token, XML Signature, X.509 –mobile [one|two]-factor [contract|unregistered] –[authenticated] telephony, nomadic telephony, personal telephony –password-protected transport, SSL certificate, [secure remote] password –previous session, PGP, software PKI, SPKI, smartcard [PKI] SAML v2.0

17 OOI-CI–Ragouzis–2007.10.15 SAML v2.0 Protocols* Statements From SAML authority About the Subject (or application-implied Subject(s)) And other coordination (conditions, advice, encrypt) Extensible Kinds of Statements from SAMLAuthority about Subject: –Authentication Statement –Attribute Statement –Authorization Decision Statement –Statement (Extension point) SAML v2.0 * and Bindings, and Profiles

18 OOI-CI–Ragouzis–2007.10.15 OASIS SAML v2.0

19 OOI-CI–Ragouzis–2007.10.15 OASIS SAML v2.0

20 OOI-CI–Ragouzis–2007.10.15 Liberty ID-WSF v2.0 http://projectliberty.org/liberty/specifications__1

21 OOI-CI–Ragouzis–2007.10.15 Modern Authentication Architectures General interaction architectures Decorated for identity Attractive for specialization At level of message exchange, and At level of message object

22 OOI-CI–Ragouzis–2007.10.15 Core Interaction Patterns of an Identity Federation Framework Explore general interaction aspects Using Interactions to integrate an architecture –By example

Download ppt "OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007."

Similar presentations

0 McLean, VA August 8, 2006 SOA, Semantics and Security.

0 McLean, VA August 8, 2006 SOA, Semantics and Security.
Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.

A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.
Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.

Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
1 OOI Cyberinfrastructure Overview of the Governance Architecture 09 Jan 2014.

1 OOI Cyberinfrastructure Overview of the Governance Architecture 09 Jan 2014.
Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The ICAR Federated Identity Model Massimiliano Pianciamore, CEFRIEL Francesco Meschia, CSI-Piemonte

The ICAR Federated Identity Model Massimiliano Pianciamore, CEFRIEL Francesco Meschia, CSI-Piemonte
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Web services security I

Web services security I

Similar presentations

Ads by Google