TLS-Federation. Dr. Bud P. Bruegger. Dr. Detlef HühnleinH. Prof. Guido Marinelli. U.Rome Tor Vergata (Italy) Comune di Grosseto (Italy)
|
|
- Andrew Snow
- 5 years ago
- Views:
Transcription
1 TLS-Federation Dr. Bud P. Bruegger Dr. Detlef HühnleinH Prof. Guido Marinelli Comune di Grosseto (Italy) Secunet (Germany) U.Rome Tor Vergata (Italy)
2 Scope full eid IOP framework for EU MSs any eid technology (Manchester Declaration) full I local token, remote IdP X.509 (smartcard, soft),, non-x.509 (ACC),, uname/pwd,... full Idenfitifcation Authentication Signature initial focus: Basic service access like Belgium Reverse Proxy A + I (consistent person identifier) base excluded/complementary: Trust Mgmt, BridgeCA.. support ignature support
3 Category Base functionality: Mature Technology: existing and very mature IETF standards (TLS 1.0 stable since 1999) uses off-the-shelf, ubiquitous technology Advanced functionality: Privacy enhancements Access to identity data on eids (authentic src) Technology (and legal) Research
4 Problems Targeted (1) Federation (any eid technology) Strong Authentication high security (ident. theft) IOP framework weakest link eid IOP framewrk SP Access to Identity Data on eids (authentic src) standard protocol for remote access (IdP or Service Provider) manage diversity of formats (current eids: parsing, validation) map to standard format(s) (SAML, ICAO LDS?) privacy enahance (partial identities) under user-control (integrate with Cardspace/Higgins?)
5 Problems Targeted (2) Privacy enhancement Gradual migration strategy from todays eids to privacy enhanced credential system Austrian sector identifiers adapted to X.509 (linkability) Partial identities (minimal disclosure) Ease of Rollout very conservative technology choice (TLS 1.0 since 1999) existing PKI/eID infrastructure normally sufficient User-centric approach Large Scale Pilot middleware approach
6 SSL/TLS = workhorse of strong auth Mature, stable, secure, ubiquitous Google: Google: strong auth + SSL: 220,000 eids: BE: strong auth + Liberty: 21,900 reverse proxy (TLS) techn annex of law (TLS handshake) TLS is THE way TLS is THE way IT: EE: IS:.. other X.509/PKI eid countries
7 TLS eid IOP: Demonstrated Porvoo Group: Open Source eid IOP Demonstrator Autentication with: BE, EE, FI, IT (client and server) Demos: World eid 2005, Porvoo 8; Presented: 2 nd Modinis-IDM WS Easy to extend: X.509 eids (smartcard or soft) Internationally unique identifier namespace Extension of proven Belgium reverse proxy Limitations: Non X.509 credentials (Austrian ACC, username/pwd, etc.) Solution: TLS-Federation Privacy enhancement (AT-style sector-specific IDs, partial ident.)
8 TLS-Federation Concepts Browser middleware interfaces to eid X.509 eid uses existing middleware Non-X.509 eid: Middleware interfaces to IdP (on the fly CA) IdP converts natl. credential to X.509 cert Comparable to SAML assertion, WS-* claim supports any national credential technology compatible with privacy enhancement
9 Auth. Architecture Identity Provider Convert natl. credential to X.509 Privacy enh. standard cert. sign. request u/pwd credential Browser Middleware Austrian ACC X.509 cert TLS client-cert-auth challenge/response X.509 eid Service Provider interface to national choice of eid creates keypair (if necessary) auth. credential identity data (authentic src)
10 Standards and SW Standard X.509 CA Identity Provider Functionality of German ELSTER tax app: 80 Mio. trans/yr IETF RFC 2510 Cert Mngmt Protocols u/pwd credential Browser Middleware Austrian ACC CSP PKCS#11 IETF RFC 2246 TLS X.509 eid Service Provider Standard HTTPd: Apache mod-ssl IOP handler Existing middleware for plain X.509 eids new middlew. based on existing library for others
11 Privacy Enhancement (1) Best Practices: Linkability AT: sector-specific dynamic IDs BE: legislation that prevents large scale linkability IT: zero-disclosure X.509 certificates (CIE eid) Migration Steps: Service Provider derives sector IDs (inexpensive, immediate) IdP derives reusable sector IDs (managed by user-agent -agent) IdP derives fully dynamic one-use IDs
12 Identity Provider validate parse partial identity reformat to standard (SAML?) Privacy Enhancement (2) minimal disclosure standard protocol for remote access (UPI) eid Middleware propr. format identity data (authentic source) Browser files Service Provider Mult. Protocols? UPI Cardspace/WS-* Liberty (local IdP) reusable partial identities user choice identity agent?
13 Status So far: unfunded, informal project Basic service access: almost ready for use German ELSTER: high-vol gov app uses same approach SMILE FP7 proposal: federation demo for ACC, u/pwd Basic privacy enh (service prov): almost ready Advanced privacy enh: research Draft paper (Grosseto, indept. Center for Privacy Prot. Schleswig-Holstein, KU Leuven, TU Graz) SMILE FP7 proposal Access to eid identity data: research Need, Concept ratified : BE, AT, EE, IS, IT,.. (PPP eid WG) SMILE FP 7 proposal
14 Relevance for eid IOP Cheap and simple solution for eid-enabling services on web (all sectors) Strategy to avoid large-scale linkability due to X.509 eids with unique identifier non-intrusive way of harmonizing identity data formats Migration strategy to gradually improve privacy of existing X.509 eids when need is perceived by MSs
15 Pro's Based on stable and mature standards by IETF Ubiquitous, conservative technology (SSL/TLS/X.509) Simple, straight forward, Secure PKI/X.509 countries: works out of box (easiest rollout, most likely replication) Strong auth: also in IOP framework (high security) non-intrusive retrofit of privacy enh. to existing eids
16 Con's Unfunded, informal project: Incompletely documented Little dissemination/awareness (gov./ind.) Slow progress (SMILE FP7 proposal) User-centric but not (yet) integrated with Cardspace/Higgins (Microsoft Gov. Security Program Italy?)
17 Relationship with other models Alternative to Liberty Alliance and WS-* Access to identity data on eids needed also by these other frameworks BridgeCA is complementary SAML, ICAO LDS as possible standard formats for identity data User-centric: : intergrates well with Cardspace/Higgins? Middleware-centric plays well with standards (CEN ECC, ISO 24727) LSP middleware approach
CEN TC 224 WG15. European Citizen Card. Brussels May 10th CEN/TC 224 WG15 European Citizen Card
CEN TC 224 WG15 European Citizen Card Brussels May 10th 2007 1CEN/TC 224 WG15 European Citizen Card European Citizen Card Scope Smart-Card based model for e-id management User-centric: Card under control
More informationEuropean Citizen Card Going ahead
1 European Citizen Card Going ahead Lorenzo Gaston CEN TC224 WG15 European Citizen Card Scope Smart-Card based model for e-id management User-centric: Card under control of the citizen only Interoperability
More information1. Publishable Summary
1. Publishable Summary 1.1Project objectives and context Identity management (IdM) has emerged as a promising technology to distribute identity information across security domains. In e-business scenarios,
More informationSTORK Secure Identity Across Borders Linked
STORK Secure Identity Across Borders Linked Projekt STORK Status und Ausblick 2011 BITKOM FA eid 20. Januar 2011 / Berlin Volker Reible / T-Systems Stork is an EU co-funded project INFSO-ICT-PSP-224993
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationElectronic ID at work: issues and perspective
Electronic ID at work: issues and perspective Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dip. Automatica e Informatica Why should I have/use an (e-) ID? to prove my identity to an "authority":
More informationeid Interoperability for PEGS WS-Federation
eid Interoperability for PEGS WS-Federation Workshop Brussels 10 May 2007 Agenda 1 Scope 2 Category 3 Approach and description 4 Relevance for eid Interoperability 5 Pro s and Con s 6 Relationship with
More informationTrusted identities for the cloud using open source technologies where Open ecard App meets SkIDentity
Trusted identities for the cloud using open source technologies where Open ecard App meets SkIDentity Tobias Wich Dr. Detlef Hühnlein Moritz Horsch Johannes Schmölz} Berlin, 23.5.2012 Agenda Introduction
More informationAuthentication in the Cloud. Stefan Seelmann
Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources
More informationDIX BOF Digital Identity exchange. 65 th IETF, Dallas March 21 st 2006
DIX BOF Digital Identity exchange 65 th IETF, Dallas March 21 st 2006 Welcome and Introductions Chair Scott Hollenbeck, shollenbeck@verisign.com Chair John Merrells, merrells@sxip.com Wiki http://dixs.org
More informationEvolution in cross-border interoperability of esignatures and eid. Tarvi Martens SK, Estonia
Evolution in cross-border interoperability of esignatures and eid Tarvi Martens SK, Estonia Let s read the title again! Evolution in cross-border interoperability of esignatures and eid Prerequisites:
More informationOlli Jussila Adaptive R&D TeliaSonera
Olli Jussila Adaptive R&D TeliaSonera Agenda TeliaSonera at a glance Project presentation Technical results Business model and actor benefits End user experience Dissemination activities Conclusion 23/02/07
More informationRamnish Singh IT Advisor Microsoft Corporation Session Code:
Ramnish Singh IT Advisor Microsoft Corporation Session Code: Agenda Microsoft s Identity and Access Strategy Geneva Claims Based Access User access challenges Identity Metasystem and claims solution Introducing
More informationUsing Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee
Using Your Own Authentication System with ArcGIS Online Cameron Kroeker and Gary Lee Agenda ArcGIS Platform Structure What is SAML? Meet the Players Relationships Are All About Trust What Happens During
More informationIdentity management. Tuomas Aura T Information security technology. Aalto University, autumn 2011
Identity management Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline 1. Single sign-on 2. OpenId 3. SAML and Shibboleth 4. Corporate IAM 5. Strong identity 2
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationeid Interoperability for PEGS Report on interoperable eid Management technical solutions
Report on interoperable eid Management technical solutions This report / paper was prepared for the IDABC programme by: Author s name: Jarkko Majava, Siemens; Andrea Biasiol, Siemens; Anthony van der Maren,
More informationGSI Online Credential Retrieval Requirements. Jim Basney
GSI Online Credential Retrieval Requirements Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Online Credential Retrieval Defined Client Server Authenticate Request Credential Verify
More informationEstablishing Trust Across International Communities
Establishing Trust Across International Communities 6 Feb 2013 info@federatedbusiness.org www.federatedbusiness.org Proprietary - British Business Federation Authority 1 Strategic Drivers - Industry 1.
More informationKerberos for the Web Current State and Leverage Points
Kerberos for the Web Current State and Leverage Points Executive Advisory Board Meeting and Financial Services Security Summit New York, 3-4 November 2008. Towards Kerberizing Web Identity and Services
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationOwner of the content within this article is Written by Marc Grote
Owner of the content within this article is www.msexchange.org Written by Marc Grote www.it-training-grote.de Securing E-Mails with S/MIME and Smartcards in Exchange 2003 Written by Marc Grote - mailto:grotem@it-training-grote.de
More informationeidas cross-sector interoperability
eidas cross-sector interoperability Christos Kanellopoulos GRNET edugain SG October 13 th, 2016 Background information 2013 - STORK-2 collaboration (GN3Plus) 2014-07 Adoption of the eidas Regulation 2014-09
More informationIdentity and capability management and federation
Identity and capability management and federation The need to manage identities - 1 Increment of digital identity complexity Password, dynamic password, one-time password, based on portable secure devices
More informationTrusted National Identity Schemes. Coralie MESNARD
Trusted National Identity Schemes Coralie MESNARD Worldwide digital transactions are booming Digitization The number of G2C digital transactions is said to grow 30% by 2020 Privacy - Convenience Citizens
More informationIdentity Mixer: From papers to pilots and beyond. Gregory Neven, IBM Research Zurich IBM Corporation
Identity Mixer: From papers to pilots and beyond Gregory Neven, IBM Research Zurich Motivation Online security & trust today: SSL/TLS for encryption and server authentication Username/password for client
More informationInteragency Advisory Board Meeting Agenda, August 25, 2009
Interagency Advisory Board Meeting Agenda, August 25, 2009 1. Opening Remarks 2. Policy, process, regulations, technology, and infrastructure to employ HSPD-12 in USDA (Owen Unangst, USDA) 3. Policy and
More informationIdentity Management. Identity Management Bart Preneel. Finse, Norway, April Outline. What is Identity Management (IDM)?
Diners Club Management Outline Management Prof. COSIC Katholieke Universiteit Leuven, Belgium Bart.Preneel(at)esat.kuleuven.be http://homes.esat.kuleuven.be/~preneel April 2010 What is management? ID management
More informationAdvanced Client Conor P. Cahill Systems Technology Lab Intel Corporation
Advanced Client Conor P. Cahill Systems Technology Lab Intel Corporation Disclaimer This presentation discusses work-in-progress within the Liberty Alliance Technology Expert Group. The end result of the
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationDigitalisation and electronic signatures
Digitalisation and electronic signatures eidas - a game changer Cryptomathic 2017 - All rights reserved Agenda Digitalisation - a global trend Key challenges in the implementation of digital Signatures
More informationCloud Computing. Rainer Zimmermann
Cloud Computing Standardisation Rainer Zimmermann European Commission Information Society and Media Directorate General Software & Service Architectures and Infrastructures Unit cloud: a definition Cloud
More informationSTORK PRESENTATION. STORK Overview STePS workshop, 17 June Herbert Leitold. Stork is an EU co funded project INFSO ICT PSP
STORK PRESENTATION STORK Overview STePS workshop, 17 June 2009 Herbert Leitold Stork is an EU co funded project INFSO ICT PSP 224993 Contents Overview Members and Work Packages Interoperability Models
More informationNew trends in Identity Management
New trends in Identity Management Peter Gietz, DAASI International GmbH peter.gietz@daasi.de Track on Research and Education Networking in South East Europe, Yu Info 2007, Kopaionik, Serbia 14 March 2007
More informationStrong Authentication for Web Services using Smartcards
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2009 Strong Authentication for Web Services using Smartcards D S. Stienne
More informationSecureAuth IdP Realm Guide
SecureAuth IdP Realm Guide What is a Realm? A realm is a configured workflow that leads end-users to a target resource (application, IdM page, certificate enrollment page, etc.). Each SecureAuth IdP realm
More informationIntegration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)
Integration Guide PingFederate SAML Integration Guide (SP-Initiated Workflow) Copyright Information 2018. SecureAuth is a registered trademark of SecureAuth Corporation. SecureAuth s IdP software, appliances,
More informationIntroduction to Identity Management Systems
Introduction to Identity Management Systems Ajay Daryanani Middleware Engineer, RedIRIS / Red.es Kopaonik, 13th March 2007 1 1 Outline 1. Reasons for IdM 2. IdM Roadmap 3. Definitions 4. Components and
More informationArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT
ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication
More informationU-Prove Technology Overview
U-Prove Technology Overview November 2010 TOC Introduction Community Technology Preview Additional Capabilities RSA Demo Conclusion 2 Introduction History U-Prove well established in academia Patent portfolio
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationeidas Interoperability Architecture Version November 2015
eidas Interoperability Architecture Version 1.00 6. November 2015 1 Introduction This document specifies the interoperability components of the eidas-network, i.e. the components necessary to achieve interoperability
More informationThe Trusted Attribute Aggregation Service (TAAS)
The Trusted Attribute Aggregation Service (TAAS) Privacy Protected Identity Management with User Consent, Minimum Dislosure and Unlinkability George Inman, David Chadwick, Kristy Siu What problems does
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationSLCS and VASH Service Interoperability of Shibboleth and glite
SLCS and VASH Service Interoperability of Shibboleth and glite Christoph Witzig, SWITCH (witzig@switch.ch) www.eu-egee.org NREN Grid Workshop Nov 30th, 2007 - Malaga EGEE and glite are registered trademarks
More informationcryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH
cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 cryptovision cryptovision Gelsenkirchen
More informationAn Overview of Secure and Authenticated Remote Access to Central Sites
Workshop on Data Access to Micro-Data (WDA) Nuernberg, August 20-21 An Overview of Secure and Authenticated Remote Access to Central Sites Dr Milan Marković Banca Intesa ad Beograd, Serbia milan.markovic@bancaintesabeograd.com
More informationeidas Standardisation What are the Issues and Concerns? Overview from CEN TC 224 WG 16 ESIGN Gisela Meister
eidas Standardisation What are the Issues and Concerns? Overview from CEN TC 224 WG 16 ESIGN Gisela Meister Table of contents 1 2 3 4 5 Status eidas Regulation and CEN TC 224 in the contect of the Cyber
More informationFederated Web Services with Mobile Devices
Federated Web Services with Mobile Devices Rajeev Angal Architect Sun Microsystems Pat Patterson Architect Sun Microsystems Session TS-6673 Copyright 2006, Sun Microsystems, Inc., All rights reserved.
More informationRegistry for identifiers assigned by the Swedish e-identification board
Registry for identifiers assigned by the Swedish e-identification board Version 1.5-2018-06-19 ELN-0603-v1.5 Table of Contents 1. Background 2. Structure 2.1. URI Identifiers 2.2. OID Identifiers 3. Assigned
More informationLegal Regulations and Vulnerability Analysis
Legal Regulations and Vulnerability Analysis Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security) Germany Introduction of the BSI National Authority for Information
More informationFuture Expansion for emrtd PKI Mark Joynes, Entrust
Future Expansion for emrtd PKI Mark Joynes, Entrust 2013 MRTD Symposium 1 What are we trying to achieve Prevent: Production of credible false documents Tampering with legitimate documents Breach of sovereignty
More informationKerberos on the Web Thomas Hardjono
Kerberos on the Web Thomas Hardjono MIT Kerberos Consortium MIT Kerberos Conference 2007-2009 The MIT Kerberos Consortium. All Rights Reserved. Kerberos Today Enterprise, B2B, B2C Kerberos & Identity Infrastructure
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationThe Business of Identity: Business Drivers and Use Cases of Identity Web Services
The Business of Identity: Business Drivers and Use Cases of Identity Web Services Roger Sullivan, Vice President, Liberty Alliance Vice President, Oracle Corporation Liberty s Architecture Liberty Identity
More informationThe Open Protocol for Access Control Identification and Ticketing with PrivacY
The Open Protocol for Access Control Identification and Ticketing with PrivacY For Secure Contactless Transactions and Enabling Logical and Physical Access Convergence October 2010 Actividentity 2 OPACITY
More informationDelegated authentication Electronic identity: delegated and federated authentication, policy-based access control
Delegated authentication Electronic identity: delegated and federated authentication, policy-based access control Antonio Lioy < lioy @ polito.it > several RPs (Replying Party) may decide to delegate authentication
More informationTECHNICAL GUIDE SSO SAML. At 360Learning, we don t make promises about technical solutions, we make commitments.
TECHNICAL GUIDE SSO SAML At 360Learning, we don t make promises about technical solutions, we make commitments. This technical guide is part of our Technical Documentation. 2 360Learning is a Leading European
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 000-575 Title : IBM Tivoli Federated Identity Manager V6.2.2 Implementation
More informationPublic Key Cryptography Options for Trusted Host Identities in HIP
Public Key Cryptography Options for Trusted Host Identities in HIP Harri Forsgren and Timo Karvi University of Helsinki, Department of Computer Science Kaj Grahn and Göran Pulkkis Arcada University of
More informationOATH : An Initiative for Open AuTHentication
OATH : An Initiative for Open AuTHentication Who Are You Really Doing Business With? 2 Oath Proprietary Confidential The New York Magazine, July 5, 1993, Peter Steiner, The Economic Promise of e-business
More informationA DNSSEC-based Trust Infrastructure
A DNSSEC-based Trust Infrastructure Bud P. Bruegger, Eray Özmü Fraunhofer IAO, Universität Stuttgart Nobelstr. 12, Allmandring 35 70569 Stuttgart bud.bruegger@iao.fraunhofer.de eray.oezmue@iat.uni-stuttgart.de
More informationSmartCards as electronic signature devices Progress of standardization. Helmut Scherzer, CEN TC224/WG16 (Editor) IBM Germany
SmartCards as electronic signature devices Progress of standardization Helmut Scherzer, CEN TC224/WG16 (Editor) IBM Germany scherzer@de.ibm.com Active CEN working groups(today) TC224 : "Machine readable
More informationChallenges in Authenticationand Identity Management
Sep 05 ISEC INFOSECURITY TOUR 2017 05.09.2017, Buenos Aires, Argentina Challenges in Authenticationand Identity Management CAMINANTE NO HAY CAMINO, SE HACE CAMINO AL ANDAR 2016 SecurIT Who is MerStar?
More informationADP Federated Single Sign On. Integration Guide
ADP Federated Single Sign On Integration Guide September 2017 Version 4.4 ADP and the ADP logo are registered trademarks of ADP, LLC. Contents Overview of Federation with ADP... 3 Security Information...
More informationeid building block Introduction to the Connecting Europe Facility DIGIT Directorate-General for Informatics
Introduction to the Connecting Europe Facility eid building block DIGIT Directorate-General for Informatics DG CONNECT Directorate-General for Communications Networks, Content and Technology March 2016
More informationData Sheet NCP Secure Enterprise Management
Centrally Managed VPN Fully Automatic Operation of a Remote Access VPN via a Single Console Administration and license management system for NCP Exclusive Remote Access Clients Enables easy rollout and
More informationIndex. NOTE: Boldface indicates illustrations; t indicates a table. 209
A access control, 21, 23, 67-72, 89-100 Extensible Access Control Markup (XACML) and, 70, 72 fine-grained (entitlement management) and, 71-72, 71 identities and, 68 identity stores (multiple) and, 70 (LDAP)
More informationToken-based Payment in Dynamic SAML-based Federations
Token-based Payment in Dynamic SAML-based Federations David J. Lutz 1 and Burkhard Stiller 2 1 Rechenzentrum Universitaet Stuttgart Allmandring 30; 70550 Stuttgart; Germany David.Lutz@rus.uni-stuttgart.de
More informationFederated Identity Management and Network Virtualization
Federated Identity Management and Network Virtualization Yang Cui and Kostas Pentikousis 3rd ETSI Future Networks Workshop 10 April 2013 Sophia Antipolis, France The opinions expressed in this presentation
More informationNCP Secure Enterprise Management for Linux Release Notes
Major Release: 5.00 r39572 Date: May 2018 Prerequisites The following distributions and databases with the associated Connector/C drivers are supported with this release: Linux distribution Database Driver
More informationNovell Access Manager
Setup Guide AUTHORIZED DOCUMENTATION Novell Access Manager 3.0 SP4 IR2 January 30, 2009 www.novell.com Novell Access Manager 3.0 SP4 Setup Guide Legal Notices Novell, Inc., makes no representations or
More informationMoonshot. Workshop on Federated Identity and (OpenStack) Cloud Services - SWITCH
Moonshot Workshop on Federated Identity and (OpenStack) Cloud Services - SWITCH 2 ABFAB - Federated access beyond web Why?» You ve heard of eduroam Federated network access» You ve heard of Shibboleth,
More informationAuthentication Context Extension
Authentication Context Extension MAPPING CERTIFICATE IDENTITY TO A SAML AUTHENTICATED IDENTITY STEFAN SANTESSON Draft: Authentication Context Certificate Extension draft-santesson-auth-context-extension-04
More informationElectronic ID in Germany. Dr. Stephan Klein Managing Director Governikus GmbH & Co. KG Logius Event
Electronic ID in Germany Dr. Stephan Klein Managing Director Governikus GmbH & Co. KG Logius Event Table of Contents Authentication in Germany Infrastructure (Client, Hardware, Participants) Authentication
More informationGateway Certification Authority pilot project
Results of the IDABC Bridge / Gateway Certification Authority pilot project Gzim Ocakoglu Commission Enterprise and Industry Directorate General ITAPA Congress Bratislava, 22 November 2005 1 Outline Introduction
More informationToday s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps
Today s workforce is Mobile Most applications are Web-based apps Cloud and SaaSbased applications are being deployed and used faster than ever Hybrid Cloud is the new normal. % plan to migrate >50% of
More informationKantara Identity Assurance Framework Catalyzing an Identity Services Marketplace
Kantara Identity Assurance Framework Catalyzing an Identity Services Marketplace Matthew Gardiner President, Kantara Initiative Director, CA Technologies Agenda What is the Kantara Initiative Kantara Identity
More informationISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationCA SiteMinder. Federation Manager Guide: Legacy Federation. r12.5
CA SiteMinder Federation Manager Guide: Legacy Federation r12.5 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationFrom UseCases to Specifications
From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect, Global Software Practice Sun Microsystems Why Identity Related Services? Identity-enabling: Exposes identity
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to Trumba
Configuring Single Sign-on from the VMware Identity Manager Service to Trumba VMware Identity Manager JULY 2016 V1 Table of Contents Overview... 2 Adding Trumba to VMware Identity Manager Catalog... 2
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationeid edocs the next possible steps Interoperability BE-AT-NL-PT
edocs the next possible steps Interoperability BE-AT-NL-PT building a demonstrator to experience in the cross-border reality to identify needs along with processes of the praxis including different styles
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation June 2014 Public Legal disclaimer This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue
More informationClient Certificates Are Going Away
Client Certificates Are Going Away What now? Garrett Wollman, TIG May 2, 2016 1 Overview of this talk 1. Review of the current situation and how we got here 2. Our response to the deprecation of client
More informationCA SiteMinder. Agent for SharePoint Release Notes
CA SiteMinder Agent for SharePoint Release Notes 12.52 SP1 for SharePoint 2010 and 2013 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred
More informationeidas-node Error Codes
eidas-node Error Codes Version 2.0 Copyright European Commission DIGIT Unit B1 Document history Version Date Modification reason Modified by Origination 08/06/2017 Extracted from the eidas-node Installation,
More informationOpen Source in the Corporate World. Open Source. Single Sign On. Erin Mulder
Open Source in the Corporate World Open Source Single Sign On Erin Mulder Agenda Introduction Single Sign On for Multiple s Shared directory (e.g. OpenLDAP) Proxy systems (e.g. Yale CAS) X.509 certificates
More informationElectronic signature framework
R E P U B L I C O F S E R B I A Negotation Team for the Accession of Republic of Serbia to the European Union Working Group for Chapter 10 Information society and media Electronic signature framework Contents
More informationNovell Access Manager
Setup Guide AUTHORIZED DOCUMENTATION Novell Access Manager 3.1 SP3 February 02, 2011 www.novell.com Novell Access Manager 3.1 SP3 Setup Guide Legal Notices Novell, Inc., makes no representations or warranties
More informationTest Plan for Kantara Initiative Test Event Test Criteria SAML 2.0
1 2 3 4 5 6 7 8 9 10 11 Test Plan for Kantara Initiative Test Event Test Criteria SAML 2.0 Version: 3.3 Date: 2010-07-21 12 13 14 Editor: Kyle Meadors, Drummond Group Inc. Scott Cantor, Internet2 John
More informationIntegrating User Identity Management Systems with the Host Identity Protocol
Integrating User Identity Management Systems with the Host Identity Protocol Marc Barisch Institute of Communication Networks and Computer Engineering Universität Stuttgart marc.barisch@ikr.uni-stuttgart.de
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationCA SiteMinder Federation
CA SiteMinder Federation Partnership Federation Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationeidas Regulation eid and assurance levels Outcome of eias study
eidas Regulation eid and assurance levels Outcome of eias study Dr. Marijke De Soete Security4Biz (Belgium) ETSI eidas Workshop 24 June 2015 Sophia Antipolis eidas Regulation Regulation on electronic identification
More informationNational Identity Exchange Federation. Terminology Reference. Version 1.0
National Identity Exchange Federation Terminology Reference Version 1.0 August 18, 2014 Table of Contents 1. INTRODUCTION AND PURPOSE... 2 2. REFERENCES... 2 3. BASIC NIEF TERMS AND DEFINITIONS... 5 4.
More information