Set-up of the Testbed for Authentication, Authorization, Accounting
|
|
- Sarah Park
- 5 years ago
- Views:
Transcription
1 Set-up of the Testbed for Authentication, Authorization, Accounting AAA Workshop, 17 March 2014 Andreas Matheus Serving society Stimulating innovation Supporting legislation
2 Short Definition of the Term AAA AAA = Authentication, Authorization, Accounting Authentication = Means of providing proof that a claimed identity is correct Authorization = Means of verifying rights / constraints to permit / deny access to / execution of protected resources / services Accounting = Means of tracking the access to protected (network) resources / services by users
3 Goal of the AAA Project Provide comprehensive overview of standards and technologies to achieve AAA across organizations distributed over Europe Evaluate the proposed concept of an Access Management in a Testbed Involve different organizations of different European member states and their INSPIRE compliant services to demonstrate the approach Stakeholders and testbed participants to gain a better understanding of the advantages / implications of the approach for productive use
4 Proposed Approach Establish an Access Management Source: SWITCH.ch
5 SWOT Analysis for OpenId Internal origin External origin Helpful to achieve the objective Strengths Simple Single-Sign-On Opportunities Simple to integrate into Web-based offering Self-organized (open) user registration Harmful to achieve the objective Weaknesses Missing method to model trust between parties and user attributes should not be trusted Simple Single-Sign-On not always sufficient for all kinds of clients using protected services Threats Phishing Spoof of attributes, e.g. address Not a standard of an accredited standardization body
6 SWOT Analysis for SAML Internal origin External origin Helpful to achieve the objective Strengths Model trust between participating parties using SAML metadata Single-Sign-On Scalability Opportunities Flexible to support solutions in different environments Harmful to achieve the objective Weaknesses Complexity of the SAML protocol Threats Single-Logout Missing user education that Single-Sign-On is in place and its implications
7 Access Management s in the Academia based on SAML Map of productive and pilot federations in the academia Source: refdes.org
8 Access Management s in the Academia based on SAML List of productive federations in the academia (selection) Source:
9 Access Management s in the Academia Resume for ARE3NA and AAA AAA architecture concept identical to Access Management in the academia AAA: We propose to use SAML (V2) It is a main stream IT Standard (OASIS) with existing implementations Based on Open Standards and Open Source Software AAA: We propose to use XACML (V2) or GeoXACML (V1) It is a main stream IT Standard (OASIS / OGC) with existing implementations Based on Open Standards and Closed Source Software AAA: We propose to use Web Server logging capabilities SAML attributes can be trusted (because we use SAML) and be used for associating a user with a request Apache CustomLog directive can be leveraged to create use metrics
10 Access Management Simplistic Example Max (JRC) wants to access protected resource at (GDI-DE) Max (JRC) Give me resource X Resource X Please authen3cate subject ( Max ) and give me his set of a?ributes Service (GDI-DE) Policy Is Max allowed to get X? The subject is (Max) from JRC and he has the role EO Division Expert un3l 31/12/2016 Authentication Identity (JRC) Authorization
11 The Separation of Duty Identity (authentication) is the asserting party Service (authorization) is the relying party Trusted rela3onship between relying and asser3ng party SAML metadata Service (BKG) Identity (JRC) XACML / GeoXACML Policy The subject is (Max) from JRC and he has the role EO Division Expert un3l 31/12/2016 SAML assertion (Geo)XACML request / response User attributes (plus other information) determine access rights The assertions about the user (attributes) must be known and trusted
12 The Implementation Approach (Testbed) Security as add-on: Web Services Endpoints for an IdP Where does this get deployed? Organizational User Management Testbed with other participants Endpoints for an SP IdP Proxy SP Proxy Organizational INSPIRE SERVICE(S) to be protected
13 Testbed Deployment Options In the PRODUCTION Network Most realistic approach but most difficult. Is it feasible in the context of the testbed? In the SANDBOX Network Realistic implications. Does each testbed participant have that? In another Network Least realistic approach but minimum impact to production network of participating organization. Conclusions and recommendations are still meaningful!
14 Deployment outside the Production Network Endpoints for an IdP Firewall Organizational User Management Testbed with other participants Endpoints for an SP IdP Proxy SP Proxy Testbed Network Organization Production Network Organizational INSPIRE SERVICE(S) to be proetected
15 Deployment inside the Production Network Endpoints for an IdP Firewall Organizational User Management Testbed with other participants Endpoints for an SP IdP Proxy SP Proxy Organization Production Network Organizational INSPIRE SERVICE(S) to be proetected
16 Deployment inside the Sandbox Network Endpoints for an IdP External Firewall Internal Firewall Organizational User Management Testbed with other participants Endpoints for an SP IdP Proxy SP Proxy Organization DMZ Network Organization Production Network Organizational INSPIRE SERVICE(S) to be proetected
17 Harvesting Use Case - Interactions Harvesting Application discover protected service interact with protected service
18 Harvesting Use Case - Details SP (GDI-DE) and IdP (JRC) must have trust rel. Harvester must understand service metadata MD_RestrictionCode = otherrestrictions authncodelist that indicate SAML2 (e.g. ECP) Harvester must indicate when invoking service (GetCapabilities() request) to accept SAML2 ECP Results in session with SP (GDI-DE) Harvester can execute GetMap() SP receives user attributes from IdP (JRC): id=harvester@jrc.ec.europa.eu SP determines access rights for harvester@jrc.ec.europa.eu SP returns Map (access granted) Access Denied (access no authorized)
19 Access Management How can the Harvester determine it has required access rights for executing protected GDI-DE (including GetMap() operation)? SP can advertise the access rights on the protected service by hosting an (Geo)XACML policy Publically, or Protected (can be obtained by harvester after login) Policy used with GDI-DE must consist access rights for harvester@jrc.ec.europa.eu Permit := {harvester@jrc.ec.europa.eu, /service/wms/1, getmap, Harvesting_Layer} Deny := {harvester@jrc.ec.europa.eu, /service/wms/1, getmap, HighRes_Layer} Permit := {staff@gdi-de.org, /service/wms/1, getmap, LowRes_Layer HighRes_Layer}
20 The Testbed To Do Catalogue metadata for protected services Which authentication protocol is supported by the service Set of Attributes IdP (JRC, GDI-DE, etc.) must provide attribute ID Access Rights SP (GDI-DE), SP (DOV), SP (Bavaria) must include access right(s) for Accounting / Accountability SP can log the user attributes (e.g. ID) with the request T10:45:32Z sp.gdi-de.org/service/wms/1 harvester@jrc.ec.europa.eu - PERMIT => Implications on the definition of additional user attributes, e.g. organization, name, role, etc.
21 Testbed (JRC Harvester) GDI-BY (Bavaria, Germany) SD (Germany) Identity Identity Service JRC Harvester Geosparc (Belgium) DOV (Belgium) JRC (EC) Service Identity Service Province of Limburg (The Netherlands) Identity Identity Service
22 Testbed Optional Extension (Citizen) SD (Germany) eid (Germany) Service Service Citizen Identity eid Service DOV (Belgium) eid (Belgium) Service Identity eid Service Service
23 Thank You It is important, not to stop being innovative... Secure Dimensions GmbH Holistic Geosecurity Dr. Andreas Matheus Waxensteinstr. 28 D München, Germany Web
ISA Action 1.17: A Reusable INSPIRE Reference Platform (ARE3NA)
ISA Action 1.17: A Reusable INSPIRE Reference Platform (ARE3NA) Authentication, Authorization & Accounting for Data and Services in EU Public Administrations D4.1.5 Final technical report Danny Vandenbroucke
More informationISA Action 1.17: A Reusable INSPIRE Reference Platform (ARE3NA)
1 ISA Action 1.17: A Reusable INSPIRE Reference Platform (ARE3NA) Authentication, Authorization and Accounting for Data and Services in EU Public Administrations D3.3a Testbed technical follow-up Pieter
More informationConfiguration Guide - Single-Sign On for OneDesk
Configuration Guide - Single-Sign On for OneDesk Introduction Single Sign On (SSO) is a user authentication process that allows a user to access different services and applications across IT systems and
More informationNew trends in Identity Management
New trends in Identity Management Peter Gietz, DAASI International GmbH peter.gietz@daasi.de Track on Research and Education Networking in South East Europe, Yu Info 2007, Kopaionik, Serbia 14 March 2007
More informationMajor SAML 2.0 Changes. Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007
Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007 Tokens, Protocols, Bindings, and Profiles Tokens are requests and assertions Protocols bindings are communication
More informationEvolution of INSPIRE interoperability solutions for e-government
Evolution of INSPIRE interoperability solutions for e-government INSPIRE Implementation State-of-Play 26/05/2015 Robin S. Smith www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation
More informationDeliverable D3.5 Harmonised e-authentication architecture in collaboration with STORK platform (M40) ATTPS. Achieving The Trust Paradigm Shift
Deliverable D3.5 Harmonised e-authentication architecture in collaboration with STORK platform (M40) Version 1.0 Author: Bharadwaj Pulugundla (Verizon) 25.10.2015 Table of content 1. Introduction... 3
More informationFederated Authentication with Web Services Clients
Federated Authentication with Web Services Clients in the context of SAML based AAI federations Thomas Lenggenhager thomas.lenggenhager@switch.ch Mannheim, 8. March 2011 Overview SAML n-tier Delegation
More informationEUDAT. Towards a pan-european Collaborative Data Infrastructure
EUDAT Towards a pan-european Collaborative Data Infrastructure Giuseppe Fiameni (g.fiameni@cineca.it) Claudio Cacciari SuperComputing, Application and Innovation CINECA Johannes Reatz RZG, Germany Damien
More informationUsing Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee
Using Your Own Authentication System with ArcGIS Online Cameron Kroeker and Gary Lee Agenda ArcGIS Platform Structure What is SAML? Meet the Players Relationships Are All About Trust What Happens During
More informationSECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS
WHITE PAPER SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS The Challenges Of Securing AWS Access and How To Address Them In The Modern Enterprise Executive Summary When operating in Amazon Web Services
More informationCall for Participation in AIP-6
Call for Participation in AIP-6 GEOSS Architecture Implementation Pilot (AIP) Issue Date of CFP: 9 February 2013 Due Date for CFP Responses: 15 March 2013 Introduction GEOSS Architecture Implementation
More informationSingle Sign-On (SSO)Technical Specification
Single Sign-On (SSO)Technical Specification Audience: Business Stakeholders IT/HRIS Table of Contents Document Version Control:... 3 1. Overview... 4 Summary:... 4 Acronyms and Definitions:... 4 Who Should
More informationRealMe. SAML v2.0 Messaging Introduction. Richard Bergquist Datacom Systems (Wellington) Ltd. Date: 15 November 2012
RealMe Version: Author: 1.0 APPROVED Richard Bergquist Datacom Systems (Wellington) Ltd Date: 15 November 2012 CROWN COPYRIGHT This work is licensed under the Creative Commons Attribution 3.0 New Zealand
More informationUser Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, April 2018
User Management Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, April 2018 Agenda Introduction User Management Roadmap Related Activities 1 Introduction NextGEOSS High-Level Architecture DataHub harvest and
More informationThe AAF - Supporting Greener Collaboration
SPUSC 2008 SOUTH PACIFIC USER SERVICES CONFERENCE The AAF - Supporting Greener Collaboration Stuart Allen MAMS MELCOE Macquarie University sallen@melcoe.mq.edu.au What is the AAF? The Australian Access
More informationIPv6 deployment, European Commission involvement. RIPE 60 Prague 4May Per Blixt
IPv6 deployment, European Commission involvement RIPE 60 Prague 4May 2010 Per Blixt European Commission - DG INFSO Head of Unit, New Infrastructure Paradigms and Experimental Facilities 1 50 Millions left
More informationFrom UseCases to Specifications
From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect, Global Software Practice Sun Microsystems Why Identity Related Services? Identity-enabling: Exposes identity
More informationeid Interoperability for PEGS WS-Federation
eid Interoperability for PEGS WS-Federation Workshop Brussels 10 May 2007 Agenda 1 Scope 2 Category 3 Approach and description 4 Relevance for eid Interoperability 5 Pro s and Con s 6 Relationship with
More informationeidas Regulation eid and assurance levels Outcome of eias study
eidas Regulation eid and assurance levels Outcome of eias study Dr. Marijke De Soete Security4Biz (Belgium) ETSI eidas Workshop 24 June 2015 Sophia Antipolis eidas Regulation Regulation on electronic identification
More informationNATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Standardization of Entity Authentication Assurance 5th ETSI Security Workshop 20-2222 January 2010 ETSI, Sophia Antipolis, France Erika McCallister, Esq.,
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationOman Research & Education Network (OMREN)
Oman Research & Education Network (OMREN) Presented By: Said Al-Mandhari The Research Council Sultanate of Oman said.mandhari@trc.gov.om http://www.trc.gov.om 1 Table of Content OMREN Definition OMREN
More informationFacilitating the Attribute Economy. David W Chadwick George Inman, Kristy Siu 2011 University of Kent
Facilitating the Attribute Economy David W Chadwick George Inman, Kristy Siu University of Kent 2011 University of Kent Internet 2 Fall 2011 Member Meeting 1 (Some) Attribute AuthzRequirements Attributes
More informationeidas cross-sector interoperability
eidas cross-sector interoperability Christos Kanellopoulos GRNET edugain SG October 13 th, 2016 Background information 2013 - STORK-2 collaboration (GN3Plus) 2014-07 Adoption of the eidas Regulation 2014-09
More information2. HDF AAI Meeting -- Demo Slides
2. HDF AAI Meeting -- Demo Slides Steinbuch Centre for Computing Marcus Hardt KIT University of the State of Baden-Wuerttemberg and National Research Center of the Helmholtz Association www.kit.edu Introduction
More informationThe Trusted Attribute Aggregation Service (TAAS)
The Trusted Attribute Aggregation Service (TAAS) Privacy Protected Identity Management with User Consent, Minimum Dislosure and Unlinkability George Inman, David Chadwick, Kristy Siu What problems does
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationIBM InfoSphere Information Server Single Sign-On (SSO) by using SAML 2.0 and Tivoli Federated Identity Manager (TFIM)
IBM InfoSphere Information Server IBM InfoSphere Information Server Single Sign-On (SSO) by using SAML 2.0 and Tivoli Federated Identity Manager (TFIM) Installation and Configuration Guide Copyright International
More informationEGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti
EGI-InSPIRE GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies Sergio Maffioletti Grid Computing Competence Centre, University of Zurich http://www.gc3.uzh.ch/
More informationBECOMING A DATA-DRIVEN BROADCASTER AND DELIVERING A UNIFIED AND PERSONALISED BROADCAST USER EXPERIENCE
BECOMING A DATA-DRIVEN BROADCASTER AND DELIVERING A UNIFIED AND PERSONALISED BROADCAST USER EXPERIENCE M. Barroco EBU Technology & Innovation, Switzerland ABSTRACT Meeting audience expectations is becoming
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More informationEUDAT. Towards a Collaborative Data Infrastructure. Ari Lukkarinen CSC-IT Center for Science, Finland NORDUnet 2012 Oslo, 18 August 2012
EUDAT Towards a Collaborative Data Infrastructure Ari Lukkarinen CSC-IT Center for Science, Finland NORDUnet 2012 Oslo, 18 August 2012 Big (Chaotic) Data DATA GENERATORS 1) Measurement technology. 2) Cheap
More informationIdentity management. Tuomas Aura T Information security technology. Aalto University, autumn 2011
Identity management Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline 1. Single sign-on 2. OpenId 3. SAML and Shibboleth 4. Corporate IAM 5. Strong identity 2
More informationISA Action 1.17: A Reusable INSPIRE Reference Platform (ARE3NA)
ISA Action 1.17: A Reusable INSPIRE Reference Platform (ARE3NA) Authentication, Authorization and Accounting for Data and Services in EU Public Administrations D3.3c Deployment of a Shibboleth Service
More informationElectronic ID at work: issues and perspective
Electronic ID at work: issues and perspective Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dip. Automatica e Informatica Why should I have/use an (e-) ID? to prove my identity to an "authority":
More informationAuthentication. Katarina
Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková
More informationGoal. TeraGrid. Challenges. Federated Login to TeraGrid
Goal Federated Login to Jim Basney Terry Fleury Von Welch Enable researchers to use the authentication method of their home organization for access to Researchers don t need to use -specific credentials
More information1. Publishable Summary
1. Publishable Summary 1.1Project objectives and context Identity management (IdM) has emerged as a promising technology to distribute identity information across security domains. In e-business scenarios,
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationA Simplified Access to Grid Resources for Virtual Research Communities
Consorzio COMETA - Progetto PI2S2 UNIONE EUROPEA A Simplified Access to Grid Resources for Virtual Research Communities Roberto BARBERA (1-3), Marco FARGETTA (3,*) and Riccardo ROTONDO (2) (1) Department
More informationTest Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0
1 2 3 4 5 6 7 8 9 10 11 Test Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0 Version 3.1 Editor: Kyle Meadors, Drummond Group Inc. Abstract: This document describes the test steps to achieve
More informationGerman Research Strategy in the Area of Civil Security Research
8th Interdisciplinary Workshop on Global Security WISG 2014 German Research Strategy in the Area of Civil Security Research Eckhart Curtius Federal Ministry of Education and Research Division Security
More informationQualys SAML & Microsoft Active Directory Federation Services Integration
Qualys SAML & Microsoft Active Directory Federation Services Integration Microsoft Active Directory Federation Services (ADFS) is currently supported for authentication. The Qualys ADFS integration must
More informationConfiguring Alfresco Cloud with ADFS 3.0
Configuring Alfresco Cloud with ADFS 3.0 Prerequisites: You have a working domain on your Windows Server 2012 and successfully installed ADFS. For these instructions, I created: alfresco.me as a domain
More informationilight/gigapop eduroam Discussion Campus Network Engineering
ilight/gigapop eduroam Discussion Campus Network Engineering By: James W. Dickerson Jr. May 10, 2017 What is eduroam?» eduroam (education roaming) is an international roaming service for users in research,
More informationService-based Access Control in Spatial Data Infrastructures
Service-based Access Control in Spatial Data Infrastructures Jan Drewnak con terra GmbH, Münster Roadmap»Security in SOA Architecture and Standards»Existing Solution and Implementations»Open Geospatial
More informationAdvanced Configuration for SAML Authentication
The advanced configuration for SAML authentication includes: Configuring Multiple Identity Providers Multiple Identity Providers can be configured to a SAML authentication service on the Barracuda Web
More informationbwsync&share: A cloud solution for academia in the state of Baden-Württemberg
bwsync&share: A cloud solution for academia in the state of Baden-Württemberg Nico Schlitter, Alexander Yasnogor Steinbuch Centre for Computing Karlsruhe Institute of Technology 76128 Karlsruhe Nico.Schlitter@kit.edu
More informationAbout This Document 3. Overview 3. System Requirements 3. Installation & Setup 4
About This Document 3 Overview 3 System Requirements 3 Installation & Setup 4 Step By Step Instructions 5 1. Login to Admin Console 6 2. Show Node Structure 7 3. Create SSO Node 8 4. Create SAML IdP 10
More informationINDIGO AAI An overview and status update!
RIA-653549 INDIGO DataCloud INDIGO AAI An overview and status update! Andrea Ceccanti (INFN) on behalf of the INDIGO AAI Task Force! indigo-aai-tf@lists.indigo-datacloud.org INDIGO Datacloud An H2020 project
More informationSecuring your Standards Based Services. Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri)
Securing your Standards Based Services Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri) Agenda What are your security goals? Access control Standards and interoperability User management and authentication
More informationMorningstar ByAllAccounts SAML Connectivity Guide
Morningstar ByAllAccounts SAML Connectivity Guide 2018 Morningstar. All Rights Reserved. AccountView Version: 1.55 Document Version: 1 Document Issue Date: May 25, 2018 Technical Support: (866) 856-4951
More informationDARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,
DARIAH-AAI DASISH AAI Meeting Nijmegen, March 9th, 2014 www.dariah.eu What is DARIAH? DARIAH: Digital Research Infrastructure for the Arts and Humanities One of the few ESFRI research infrastructures for
More informationOkta Integration Guide for Web Access Management with F5 BIG-IP
Okta Integration Guide for Web Access Management with F5 BIG-IP Contents Introduction... 3 Publishing SAMPLE Web Application VIA F5 BIG-IP... 5 Configuring Okta as SAML 2.0 Identity Provider for F5 BIG-IP...
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 000-575 Title : IBM Tivoli Federated Identity Manager V6.2.2 Implementation
More informationThe emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18
The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18 European Union Agency for Network and Information Security
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationEnterprise Adoption Best Practices
Enterprise Adoption Best Practices Integrating FIDO & Federation Protocols December 2017 Copyright 2013-2017 FIDO Alliance All Rights Reserved. Audience This white paper is aimed at enterprises deploying
More informationHealth Professional & ADFS Integration Guide
Health Professional & ADFS Integration Guide Martyn Bradshaw, Sitekit Ltd 01/10/2014 09:48:23 Registered Office Company Department Author Document Type Document Title Version Number 1.1 Approved By Sitekit
More information[GSoC Proposal] Securing Airavata API
[GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationAuthentication, authorisation and accounting in distributed multimedia content delivery system.
Authentication, authorisation and accounting in distributed multimedia content delivery system. Mirosław Czyrnek, Marcin Luboński, Cezary Mazurek Poznań Supercomputing and Networking Center (PSNC), ul.
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Royal Society of Chemistry Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationToward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization
Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation The Mission of the Joint Research
More informationINSPIRE & Environment Data in the EU
INSPIRE & Environment Data in the EU Andrea Perego Research Data infrastructures for Environmental related Societal Challenges Workshop @ pre-rda P6 Workshops, Paris 22 September 2015 INSPIRE in a nutshell
More informationSLCS and VASH Service Interoperability of Shibboleth and glite
SLCS and VASH Service Interoperability of Shibboleth and glite Christoph Witzig, SWITCH (witzig@switch.ch) www.eu-egee.org NREN Grid Workshop Nov 30th, 2007 - Malaga EGEE and glite are registered trademarks
More informationNow SAML takes it all:
Now SAML takes it all: Federation of non Web-based Services in the State of Baden-Württemberg Sebastian Labitzke Karlsruhe Institute of Technology (KIT) Steinbuch Centre for Computing (SCC) labitzke@kit.edu
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to Marketo
Configuring Single Sign-on from the VMware Identity Manager Service to Marketo VMware Identity Manager JANUARY 2016 V1 Configuring Single Sign-On from VMware Identity Manager to Marketo Table of Contents
More informationDDS Identity Federation Service
DDS Identity Federation Service Sharing Identity across Organisational Boundaries Executive Overview for UK Government Company Profile Daemon Directory Services Ltd. (DDS) is an application service provider
More informationINSPIRE overview and possible applications for IED and E-PRTR e- Reporting Alexander Kotsev
INSPIRE overview and possible applications for IED and E-PRTR e- Reporting Alexander Kotsev www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation The European data puzzle 24
More informationSWAMID Person-Proofed Multi-Factor Profile
Document SWAMID Person-Proofed Multi-Factor Profile Identifier http://www.swamid.se/policy/assurance/al2mfa Version V1.0 Last modified 2018-09-12 Pages 10 Status FINAL License Creative Commons BY-SA 3.0
More informationINTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE
GUIDE AUGUST 2018 PRINTED 4 MARCH 2019 INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE Table of Contents Overview Introduction Purpose Audience Integrating Okta with VMware
More informationDeveloping the ICSU World Data System (WDS)
Developing the ICSU World Data System (WDS) 2009-2010 Mustapha Mokrane ICSU Secretariat Science and Information Technology Officer ICSU s Vision (A world where) universal and equitable access to high quality
More informationIntroducing Shibboleth. Sebastian Rieger
Introducing Shibboleth Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford eresearch Center
More informationOptions for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013
Options for Joining edugain Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013 Outline 1. GE ANT and the Enabling Users task 2. Options to Join edugain 3. Discussion 2 GÉANT (GN3plus) - vital
More informationMashing Up, Wiring Up, Gearing Up: Solving Multi-Protocol Problems in Identity
www.oasis-open.org Mashing Up, Wiring Up, Gearing Up: Solving Multi-Protocol Problems in Identity Eve Maler eve.maler@sun.com 1 A few notes about me and this talk Some relevant affiliations/perspectives:
More informationISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS
ShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS Joseph Olufemi Dada & Andrew McNab School of Physics and Astronomy,
More informationFederated Identity Management and Network Virtualization
Federated Identity Management and Network Virtualization Yang Cui and Kostas Pentikousis 3rd ETSI Future Networks Workshop 10 April 2013 Sophia Antipolis, France The opinions expressed in this presentation
More informationPrivacy Seals: A way forward for building trust. The EuroPriSe project. 1
Privacy Seals: A way forward for building trust. The EuroPriSe project. 1 31 October 2007 Florence Emilio Aced Félez Agencia de Protección de Datos de la Comunidad de Madrid emilio.aced@madrid.org www.apdcm.es
More informationBuilding an Assurance Foundation for 21 st Century Information Systems and Networks
Building an Assurance Foundation for 21 st Century Information Systems and Networks The Role of IT Security Standards, Metrics, and Assessment Programs Dr. Ron Ross National Information Assurance Partnership
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to Trumba
Configuring Single Sign-on from the VMware Identity Manager Service to Trumba VMware Identity Manager JULY 2016 V1 Table of Contents Overview... 2 Adding Trumba to VMware Identity Manager Catalog... 2
More informationFederated Authentication for E-Infrastructures
Federated Authentication for E-Infrastructures A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended
More informationAttribute Aggregation in Federated Identity Management. David Chadwick, George Inman, Stijn Lievens University of Kent
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent Acknowledgements Project originally funded by UK JISC, called Shintau http://sec.cs.kent.ac.uk/shintau/
More informationInteragency Advisory Board Meeting Agenda, August 25, 2009
Interagency Advisory Board Meeting Agenda, August 25, 2009 1. Opening Remarks 2. Policy, process, regulations, technology, and infrastructure to employ HSPD-12 in USDA (Owen Unangst, USDA) 3. Policy and
More informationUpland Qvidian Proposal Automation Single Sign-on Administrator's Guide
Upland Qvidian Proposal Automation Single Sign-on Administrator's Guide Version 12.0-4/17/2018 Copyright Copyright 2018 Upland Qvidian. All rights reserved. Information in this document is subject to change
More informationForgeRock Access Management Core Concepts AM-400 Course Description. Revision B
ForgeRock Access Management Core Concepts AM-400 Course Description Revision B ForgeRock Access Management Core Concepts AM-400 Description This structured course comprises a mix of instructor-led lessons
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationA QUICK INTRODUCTION TO THE NFV SEC WG. Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG
A QUICK INTRODUCTION TO THE NFV SEC WG Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG 1 The NFV SEC Working Group Misson The NFV SEC Working Group comprises computer. network, and Cloud security experts
More informationAdvanced Client Conor P. Cahill Systems Technology Lab Intel Corporation
Advanced Client Conor P. Cahill Systems Technology Lab Intel Corporation Disclaimer This presentation discusses work-in-progress within the Liberty Alliance Technology Expert Group. The end result of the
More informationFeduShare Update. AuthNZ the SAML way for VOs
FeduShare Update AuthNZ the SAML way for VOs FeduShare Goals: Provide transparent sharing of campus resources in support of (multiinstitutional) collaboration Support both HTTP and non-web access using
More informationManagement der Virtuellen Organisation DARIAH im Rahmen von Shibboleth- basierten Föderationen. 58. DFN- Betriebstagung, Berlin, 12.3.
Management der Virtuellen Organisation DARIAH im Rahmen von Shibboleth- basierten Föderationen 58. DFN- Betriebstagung, Berlin, 12.3.2013 Peter Gietz, DAASI International GmbH DARIAH EU VCC 1 e-infrastructure
More informationeidas-node Error Codes
eidas-node Error Codes Version 2.0 Copyright European Commission DIGIT Unit B1 Document history Version Date Modification reason Modified by Origination 08/06/2017 Extracted from the eidas-node Installation,
More informationKerberos for the Web Current State and Leverage Points
Kerberos for the Web Current State and Leverage Points Executive Advisory Board Meeting and Financial Services Security Summit New York, 3-4 November 2008. Towards Kerberizing Web Identity and Services
More information