Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.

Published byJane Jester Modified over 9 years ago

Similar presentations

Presentation on theme: "Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland."— Presentation transcript:

1 Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland

2 Arc of Authentication History Define Trusted 3 rd Party Authentication (TTPA) Place TTPA in current computing trend Advantages Challenges Technology Single Sign-On (SSO) & Identity Management (IdM) Security’s Stake Discussion Advanced topics o Multi-factor authentication o Identity acceptance from 3 rd parties Overview

3 Source: http://www.guardian.co.uk/technology/2008/mar/06/computing.googlehttp://www.guardian.co.uk/technology/2008/mar/06/computing.google http://infomotions.com/musings/waves/media/client-server-illustration.gif A Brief History of Authentication

4 Source: http://files.softicons.com/download/application-icons/clouds-icons-by-studiotwentyeight/png/512x512/CloudApp.png “The Cloud” This is where our romance gets rocky

5 An entity two parties, who may have no knowledge about each other, trust. In this case the 3 rd party is used to facilitate authentication and/or exchange of attributes What is a Trusted 3 rd Party

6

7 The rise of BUI and the “Cloud” are pushing more enterprise and workgroup solutions to to HTTP/S and off our networks. - Google Apps, Office365 - AWS, Google App Engine - Salesforce - DocuSign - Box.net, DropBox Trend in Enterprise IT

8

9 Service providers never have user authentication credentials Service providers do not need to manage accounts Single, uniformed login interface Signed assertions are difficult to forge Advantages

10 Not all IdP and SP get along Need to negotiate attribute release and formatting Single Sign-on can create an inconsistent user experience since SP can tune behavior Not getting cross eyed reading XML Challenges

11 Shibboleth Microsoft Active Directory Federation Services Central Authentication Service (CAS) Homegrown SAML generator/interrupter Security Assertion Markup Language How can we do this?

12 Signle Sign-on (SSO) Identity Management (IdM) Hitchhiker & a Dependency

13 Increases the value of a credential Access auditing Authorization Provisioning/deprovisioning become tied to roles and attributes Confidence in assertion exchange Security’s stake in all this.

14 What are you doing for centralized web authentication? Would you consider it trusted 3 rd party authentication and do you have any brief tips or lessons you can share? Discussion

15 Multi-factor authentication o Can be a vended solution o Phone, SMS, smartphone app, hardware Identity acceptance from 3 rd parties (Facebook, Google, Twitter, etc.) Advanced Topics

16 http://shibboleth.net/ https://incommon.org/ http://www.jasig.org/cas Google “MS ADFS” Resources

17 Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland nathan.zierfuss@alaska.edu

Download ppt "Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5, 2013 www.secureauth.com.

© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5,
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Virtualization and Cloud Computing

Virtualization and Cloud Computing
Eric Raff. Usergroup up

Eric Raff. Usergroup up
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar.

Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Authentication via campus single sign-on 2012 VIVO Implementation Fest.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13, 2014 1.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

Similar presentations

Ads by Google