Will open standards increase ecommerce?
|
|
- Mark Lynch
- 5 years ago
- Views:
Transcription
1 Liberty Alliance Project Open Standards for Network Identity Will open standards increase ecommerce? Bill Smith Director, Liberty Alliance Technology Sun Microsystems
2 Permissions The author has graciously given permission to reproduce his presentation at the XML 2002 Conference in Baltimore, Maryland. If copied, changes should not be made and appropriate citation of the author s work should be given. Instructional media + magic, inc., December 2002
3 Brief Intro to Liberty Alliance Business Needs and Uses Technical Overview Scenario Q&A
4 Identity Physical Height, Weight, Gender Experiential Education, Travel, Dining Preferential Food, Clothing, Shelter
5 Identity Physical Height, Weight, Gender Blood Type, Fingerprint, DNA Experiential Education, Travel, Dining Stock Purchases, Mortgage Balance, Drug Use Preferential Food, Clothing, Shelter Religion, Political affiliation, Club Memberships
6 Identity Some information needed to determine who I am is widely available I distribute it A larger set of information is unavailable I restrict access to trusted relationships Most of this information is in digital form
7 Identity Control who has access to what information Choose who to trust, what to give, when to change Trust relationships take time to establish
8 Digital Identity Much of the information about me is in digital form, accessible via the Web It is kept by trusted brokers High-quality services are provided I can access and update
9 Digital Identity Much of the information about me is in digital form, accessible via the Web It is kept by trusted brokers High-quality services are provided I can access and update What's the problem?...
10 Digital Islands I have multiple Digital IDs Information is duplicated and difficult to synchronize Better services are possible
11 Digital Islands Multiple, disconnected identities scattered across isolated Internet sites User Name: Bill Smith PIN: Credit card number Social security number Drivers license Passport Entertainment preferences Notification preferences Employee authorization Business calendar Dining preferences Education history Medical history Financial assets
12 Digital Islands the problem Multiple, disconnected identities scattered across isolated Internet sites Inconvenient and frustrating for users Distributed identityservices are difficult to develop and deploy Continual reauthentication to disparate systems
13 Network Identity the solution A method to link the Digital Islands Provide a logical single identity Preserve and enhance existing trust relationships Provide choice and opportunity for better services
14 Why is Liberty Alliance the Solution? Increase consumer confidence and usage in electronic transactions! Easier! Available! As! Targeted! Enable Simplify B2B e-commerce offerings! Simplify! Make! Allow the ability for businesses to collaborate online it easier to offer new services to customers organizations to maintain ownership of their customer bases and to maintain operational autonomy Simplify and expand employee use of enterprise Intranets! Enable employees to move seamlessly from one application to another Facilitate interoperability! With and more convenient to use via any digital device secure as possible and more personalized offerings that allow consumers to maintain control over their information existing systems, standards, and protocols
15 Network Identity it s simple A Network Identity is a user s overall global set of attributes constituted from their various accounts
16 Network Identity not so fast Digital Islands Disparate Systems Lack of communication, interoperability Conflicting Interests Technology suppliers, Technology consumers Service providers, fixed vs. mobile Consumer Demands Better services, Improved convenience Respect Privacy
17 Network Identity practical solutions Broad scope Web itself Fixed, wireless, desktop, cell phone, PDA, car... Complexity Technology, Business, Consumer Service providers Reality Digital Islands exist Trust relationships well-established
18 A Business Consortium Solving A Business Problem Over 30 for-profit, not-for-profit and government organizations, representing a billion customers, are currently Alliance members * Only a sample of Liberty members
19 Liberty s commercial investment in network identity and the collaboration of its diverse array of member companies can bring a lot to this space. The group s combined experience, their collective ability to drive usage and the fact that they re not trying to promote a product but a solution to a problem will help in their success. Dan Blum Burton Group
20 Mission of the Liberty Alliance Establish an open standard for federated network identity through open technical specifications that will: Support a broad range of identity-based products and services Allow for consumer choice of identity provider(s) and the ability to link accounts through account federation Provide the convenience of simplified sign-on, when using any network of connected services and devices Enable organizations to realize new revenue and cost saving opportunities Allow organizations to economically leverage relationships with customers, business partners, and employees Improve ease of use for e-commerce
21 Advise Liaison Consists Responsible Final Develops Develops Develops Responsible Management Structure Management Board of 6 founding sponsors for overall governance and maintenance voting authority for specifications and other output Public Policy Expert Group Technology Expert Group Marketing Expert Group on privacy, security, and other public policy issues to privacy groups and government agencies technical architecture and engineering requirements technical specifications Interoperability marketing requirements and use cases for membership, press relations, and marketing communications Adoption
22 Brief Intro to Liberty Alliance Business Needs and Uses Technical Overview Scenario Q&A
23 Why is Federated Important? Centralized Model Open Federated Model Network Centralized Single Links identity and user information in single repository control point of failure similar systems Network No No Links identity and user information in various locations centralized control single point of failure similar and disparate systems Central Provider Provider Provider Provider Provider Provider Provider
24 Solution Analogous to ATM Networks Separate Cards with Each Bank Linked Cards within Bank Networks Seamless Access Across all Networks Bank A ATM Card Bank B ATM Card Bank ATM Network A Bank ATM Network B Bank A ATM Card Bank B ATM Card Bank ATM Network A Bank ATM Network B Bank C ATM Card Bank ATM Network C Bank C ATM Card Bank ATM Network C
25 Solution Analogous to ATM Networks Separate Cards with Each Bank Linked Cards within Bank Networks Seamless Access Across all Networks Bank A ATM Card Bank B ATM Card Bank ATM Network A Bank ATM Network B Bank A ATM Card Bank B ATM Card Bank ATM Network A Bank ATM Network B Bank C ATM Card Bank ATM Network C Bank C ATM Card Bank ATM Network C Individual Accounts with Many Web Sites Federated Accounts within Trust Domain Linkage of Trust Domains.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com.com
26 Examples of Trust Domains B2C Travel Industry Car Rental Hotel B2E Employee Intranet 40k 3d Party Providers Airline Partner Airlines Company Intranet Employee Purchase Plans Cruise Line Livery Health Insurance Dental Insurance B2B Financial Services B2B - Automotive Treasury Debt Suppliers Dealers Commercial Banking Equity Manufacturers Transport Agencies Clearing House Credit Fleet Financing
27 Federated Opt-in Security Permissions-based Schema/protocols Simplified Delegation Approach Drivers Specifications: A Phased Approach Support rapid acceptance and deployment Phases build on each other Enable incremental adoption Version.0 (Released 5 July 2002) Future Versions network identity attribute sharing account linking and simplified sign-on within an authentication domain created by business agreements built across all the features and specifications for core identity profile service sign-on across authentication domains created in version.0 by business agreements of authority to federate identities/accounts
28 Business Benefits for Version.0 Specifications Enhance Affinity Relationships More Easily Offer Value Add Services to Customers Simplify Customer Experience Improve Customer Confidence Enhance Intra-Enterprise Relationships Offers Accelerated Time to Market for Identity Based Services
29 Brief Intro to Liberty Alliance Business Needs and Uses Technical Overview Scenario Q&A
30 Enabling the Federated Identity Liberty Alliance Defines protocol specifications for federated identity built on SAML to provide additional privacy and security Liberty is not an identity network or authentication authority -- it defines specs that can be used to create identity networks Security Assertion Markup Language (SAML) An XML-based framework for exchanging security information (e.g. authentication) A committee specification in the OASIS security services technical committee
31 Version.0 Specifications Builds on top of SAML to provide additional privacy and functionality! Opt-in account linking Users can link their accounts with different service providers within circles of trust! Enhanced single sign-on for linked accounts Once users accounts are federated, they log-in, authenticate at one linked account and navigate to another linked account, without having to log-in again! Authentication context Companies linking accounts communicate the type of authentication that should be used when the user logs-in! Global log-out Users can be automatically logged-out of all sites to which they have active sessions! Multiple Client Support browser, mobile device, and proxy
32 ! An XML-based framework for exchanging security information. XML schema and definition for security assertions 2. XML schema and definition for a request/response protocol 3. Rules on using assertions with standard transport and messaging frameworks (SOAP, Web Browsers). Bindings and Profiles! An OASIS standard Vendors and users are both involved SAML in a Nutshell Codifies current system outputs rather than inventing new technology! Excellent traction in the marketplace
33 XML Related Security Standards Work! XML Signature SAML uses this for signing assertions! XML Encryption Important for flexibly managing security and privacy risks, e.g., encrypting just the credit card number! Other XKMS can be used for key management XACML can be used for an access control policy language
34 SAML Assertions! An assertion is a declaration of fact, according to some authority! Assertions are produced by an asserting party (aka authority) and consumed by a relying party! An assertion contains a set of statements about a subject (human or program): Authentication statement Attribute statement Authorization decision statement! An assertion can be digitally signed by the asserting party! You can extend SAML to make your own kinds of assertions and statements
35 SAML Assertions and Statements Assertion IssuerID IssueInstant AssertionID <Conditions> <Advice> Signature Authentication Statement Attribute Statement Authorization Statement <Subject> <Subject> <Subject>
36 SAML Producer/Consumer Model Policy Policy Policy Credentials Collector Authentication Authority Attribute Authority Policy Decision Point SAML Authentication Assertion Attribute Assertion Authorization Decision Assertion System Entity Application Request Policy Enforcement Point
37 SAML is Cafeteria Style! SAML can be used ala-carte: it s a composable architecture, making it very flexible.! In practice, multiple kinds of authorities may reside in a single system! The arrows may not reflect information flow in real life The order of assertion types is insignificant Information can be pulled or pushed Not all assertions are always produced Not all potential consumers (clients) are shown! SAML must be profiled to specify actual usage (e.g. browser-based single-sign-on)
38 Browser-based SSO Login Excite.com Authentication Authority Be recognized Pets.com Relying Party
39 SAML Browser-based SSO Excite.com Authentication Authority. Relying Party uses HTTP redirect or Form Post to Authentication Authority Pets.com Relying Party
40 SAML Browser-based SSO 2. User redirected to Authentication Authority and logs in Excite.com Authentication Authority. Relying Party uses HTTP redirect or Form Post to Authentication Authority Pets.com Relying Party
41 SAML Browser-based SSO 2. User redirected to Authentication Authority and logs in Excite.com Authentication Authority 3. User is authenticated. Relying Party uses HTTP redirect or Form Post to Authentication Authority Pets.com Relying Party
42 SAML Browser-based SSO 4. Redirect back to Relying Party with a nonce embedded in the URI Excite.com Authentication Authority Pets.com Relying Party
43 SAML Browser-based SSO 4. Redirect back to Relying Party with a nonce embedded in the URI Excite.com Authentication Authority 5. Relying Party receives nonce in the redirect process. Pets.com Relying Party
44 SAML Browser-based SSO 4. Redirect back to Relying Party with a nonce embedded in the URI Excite.com Authentication Authority 6. Relying Party invokes SAMLbased web service to obtain an Authentication Assertion 5. Relying Party receives nonce in the redirect process. Pets.com Relying Party
45 Liberty Federation/ Account Linking Pre-existing accounts at various sites can be linked Excite.com Identity Provider Joe23 Pets.com Service Provider JoeSmith Books.com Service Provider Joe
46 Liberty Federation/ Account Linking Upon linking those accounts, the sites need to be able to have a frame of reference for the user Excite.com Identity Provider Joe23 Pets.com Service Provider JoeSmith Books.com Service Provider Joe
47 Liberty Federation/ Account Linking If account names are exchanged, sites can talk to each other without the user s approval Excite.com Identity Provider Joe23 JoeSmith@pets.com Joe@books.com Pets.com Service Provider JoeSmith Joe23@excite.com Books.com Service Provider Joe Joe23@excite.com
48 Liberty Federation/ Account Linking If account names are exchanged, sites can talk to each other without the user s approval Excite.com Identity Provider Joe23 JoeSmith@pets.com Joe@books.com Pets.com Service Provider JoeSmith Joe23@excite.com Books.com Service Provider Joe Joe23@excite.com
49 Liberty Federation/ Account Linking Instead, unique opaque handles resolvable only by the issuer should be exchanged Excite.com Identity Provider Joe23 Pets.com Service Provider JoeSmith <alias="dtviircmlpcqv6xx" SecurityDomain="excite.com" Name="mr3tTJ340ImN2ED" /> <alias="mr3ttj340imn2ed" SecurityDomain= Pets.com" Name="dTvIiRcMlpCqV6xX" /> <alias= xyrvds+xg0/pzsgx" SecurityDomain= Books.com" Name="pfk9uzUN9JcWmk4RF" /> Books.com Service Provider Joe <alias="pfk9uzun9jcwmk4rf" SecurityDomain="excite.com" Name="xyrVdS+xg0/pzSgx" />
50 Liberty Enhanced SSO! Extends an authentication assertion to include the context How did the user log in? Password? Smartcard? Etc. When should the user be re-authenticated? How did account registration occur? (in person, via web page)! Extends the authentication request to allow for requesting a strength of authentication! Necessary for real-world scenarios: not all services require the same level of authentication.
51 Liberty Additional Features! Simple session management Provides single-logout functionality! Identity federation management Ability to terminate the federation Ability to modify the opaque handle shared between authentication authority and relying party! Identity network support Specifies a protocol by which a website can discover what Identity Provider a user is using
52 Liberty Enabled-Products Coming Soon!
53 Liberty Version 2.0! Permissions-Based Attribute Sharing Enable businesses to share a principal's attributes according to their corporate policies, business agreements and local regulations, all while adhering to the principal's preferences and permissions! Interoperability Specs for Core Identity Profile Service Enables users to obtain secure, personalized services that are interoperable across different service providers! Federation of Authentication Domains Enables users to conveniently navigate and use SSO and share attributes with service providers who may be in different authentication domains. Version 2.0 specifications expected early 2003
54 Possible Interactions ActionWatch.com Service Provider. User registers to watch an auction 2. Service provider requests SMS ticket Identity Provider doesn t see message text Excite.com Identity Provider 4. Mobile operator sends SMS message to user 3. Service provider sends SMS message to mobile operator PacBell.com Service Provider
55 Policy Enforcement Concepts User s data is only released with the user s consent and based on the user-defined policies 3. user accepts or rejects exceptions to existing policies and preferences Excite.com Identity Provider. service provider requests user attributes from identity provider 2. attributes released per user s policies and preferences Pets.com Service Provider
56 Liberty & Passport Comparison How do Liberty Alliance and Microsoft Passport Contrast and Compare?! Microsoft Passport is a product/service supported by one company! Uses a global PUID (Passport User ID) for authentication! Limited flexibility in authentication methods (I.e. user name/password)! Microsoft has committed to Kerberos and to support SAML! Liberty Alliance is providing specifications supported by many companies! Offers a non-repeating unique identifier for authentication! Does not dictate authentication method (I.e. biometrics, smartcard, etc.)! Liberty Alliance has committed to use SAML, and can also support Kerberos
57 Passport & Liberty Co-existence Scenario 3. User redirected to Passport.com for log-in Passport. User attempts to access Service.com 2. User redirected to Liberty IDP Identity.com Identity.com Service.com Identity.com sits in both Passport & Liberty communities acts as a bridge
58 Passport & Liberty Co-existence Scenario Passport 4. After Passport log-in, User gets redirected to Identity.com, which issues a Liberty SAML assertion 5. SAML assertion delivered to Service.com which grants access to User Identity.com Service.com Identity.com sits in both Passport & Liberty communities acts as a bridge
59 Passport & Liberty Co-existence Scenario 2 3b. User redirected to Passport.com for log-in for low-value transactions Passport 3a. User redirected to Identity.com requesting strong authentication for high-value transaction. User attempts to access Service.com 2. Service.com determines to which SSO infrastructure to redirect User based on transaction Service.com Identity.com Service.com sits in both Passport & Liberty communities uses them appropriately
60 Brief Intro to Liberty Alliance Business Needs and Uses Technical Overview Scenario Q&A
61 Enterprise Use Case! Many enterprises outsource various business functions, e.g.: Corporate intranet 40(k) management Stock option management Others (expense vouching, payroll statements, etc.)! Liberty facilitates better integration of the outsourced services to decrease administration cost and enhance user experience! Liberty-enabled enterprise will play a role of a Liberty Identity Provider to manage identities and authentications of their employees, who will access their accounts on the outsourced Liberty Services Providers without additional prompts for authentication! Enterprise-issued identities will cross application, division and corporate boundaries
62 Brief Intro to Liberty Alliance Business Needs and Uses Technical Overview Scenario Q&A
63 Liberty the Initiative Established to address real business and technology issues Recognized as the focal point for Network Identity discussions and solutions Produced well-received specification Proceeding with phased approach to deliver on vision and mission
ISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationSecurity Assertions Markup Language (SAML)
Security Assertions Markup Language (SAML) The standard XML framework for secure information exchange Netegrity White Paper PUBLISHED: MAY 20, 2001 Copyright 2001 Netegrity, Inc. All Rights Reserved. Netegrity
More informationManaging Trust in e-health with Federated Identity Management
ehealth Workshop Konolfingen (CH) Dec 4--5, 2007 Managing Trust in e-health with Federated Identity Management Dr. rer. nat. Hellmuth Broda Distinguished Director and CTO, Global Government Strategy, Sun
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationThe Business of Identity: Business Drivers and Use Cases of Identity Web Services
The Business of Identity: Business Drivers and Use Cases of Identity Web Services Roger Sullivan, Vice President, Liberty Alliance Vice President, Oracle Corporation Liberty s Architecture Liberty Identity
More informationIdentity Federation: security for multiple services in a trusted environment.
Italian Chapter of Identity Federation: security for multiple services in a trusted environment. enabling a community of interest Elio Molteni President of AIPSI info@aipsi.org Agenda Introduction to AIPSI
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More informationIDENTITY MANAGEMENT AND FEDERATION BC.Net Conference April 25, 2006
IDENTITY MANAGEMENT AND FEDERATION BC.Net Conference April 25, 2006 Lauren Wood Senior Technical Program Manager Business Alliances, CTO Office Sun Microsystems Alex Acton Software Specialist Client Solutions
More informationIdentity management. Tuomas Aura T Information security technology. Aalto University, autumn 2011
Identity management Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline 1. Single sign-on 2. OpenId 3. SAML and Shibboleth 4. Corporate IAM 5. Strong identity 2
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationIdentity Systems and Liberty Specification Version 1.1 Interoperability
Identity Systems and Liberty Specification Version 1.1 Interoperability A Liberty Alliance Technical Whitepaper 14 th February, 2003 Document Description: Liberty and 3rd Party Identity Systems White Paper-07.doc.
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationOATH : An Initiative for Open AuTHentication
OATH : An Initiative for Open AuTHentication Who Are You Really Doing Business With? 2 Oath Proprietary Confidential The New York Magazine, July 5, 1993, Peter Steiner, The Economic Promise of e-business
More informationIdentität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist
Identität und Autorisierung als Grundlage für sichere Web-Services Dr. Hannes P. Lubich IT Security Strategist The Web Services Temptation For every $1 spent on software $3 to $5 is spent on integration
More informationCA SiteMinder. Federation in Your Enterprise 12.51
CA SiteMinder Federation in Your Enterprise 12.51 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation ), is for
More informationRSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief
Providing Secure Access to Corporate Resources from BlackBerry Devices Leveraging Two-factor Authentication Augmenting the BlackBerry Enterprise Solution BlackBerry devices are becoming ubiquitous throughout
More informationA RESTful Approach to Identity-based Web Services
A RESTful Approach to Identity-based Web Services Marc J. Hadley Hubert A. Le Van Gong Sun Microsystems, Inc. 1 Outline > Identity-based web services intro > RESTful ID-WSF > OAuth Extensions > Permissioned
More informationINTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD
INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD Jeffy Mwakalinga, Prof Louise Yngström Department of Computer and System Sciences Royal Institute of Technology / Stockholm University
More informationOracle Utilities Opower Solution Extension Partner SSO
Oracle Utilities Opower Solution Extension Partner SSO Integration Guide E84763-01 Last Updated: Friday, January 05, 2018 Oracle Utilities Opower Solution Extension Partner SSO Integration Guide Copyright
More informationFederated Web Services with Mobile Devices
Federated Web Services with Mobile Devices Rajeev Angal Architect Sun Microsystems Pat Patterson Architect Sun Microsystems Session TS-6673 Copyright 2006, Sun Microsystems, Inc., All rights reserved.
More informationwhite paper SMS Authentication: 10 Things to Know Before You Buy
white paper SMS Authentication: 10 Things to Know Before You Buy SMS Authentication white paper Introduction Delivering instant remote access is no longer just about remote employees. It s about enabling
More informationTivoli Federated Identity Manager. Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic
Tivoli Federated Identity Manager Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic svest@dk.ibm.com IBM Software Day Vilnius 2009 Agenda IBM strategy on IAA What is a federation
More informationKerberos for the Web Current State and Leverage Points
Kerberos for the Web Current State and Leverage Points Executive Advisory Board Meeting and Financial Services Security Summit New York, 3-4 November 2008. Towards Kerberizing Web Identity and Services
More informationRamnish Singh IT Advisor Microsoft Corporation Session Code:
Ramnish Singh IT Advisor Microsoft Corporation Session Code: Agenda Microsoft s Identity and Access Strategy Geneva Claims Based Access User access challenges Identity Metasystem and claims solution Introducing
More informationEnterprise Identity Management 101. Phillip J. Windley Brigham Young University
Enterprise Identity Management 101 Phillip J. Windley Brigham Young University phil@windley.com www.windley.com 1 Digital Identity Matters Rifkin on service economy and what it portends for identity: commercial
More informationLiberty Alliance Project
Liberty Alliance Project Federated Identity solutions to real world issues 4 October 2006 Timo Skyttä, Nokia Corporation Director, Internet and Consumer Standardization What is the Liberty Alliance? The
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationSimplifying Federation Management with the Federation Router
Technical White Paper Simplifying Federation Management with the Federation Router HP Select Federation By: Jason L Rouault Introduction... 2 What is federation... 2 How does federation work... 3 Federation
More informationIdentity-Enabled Web Services
Identity-Enabled s Standards-based identity for 2.0 today Overview s are emerging as the preeminent method for program-toprogram communication across corporate networks as well as the Internet. Securing
More informationNimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]
Nimsoft Service Desk Single Sign-On Configuration Guide [assign the version number for your book] Legal Notices Copyright 2012, CA. All rights reserved. Warranty The material contained in this document
More informationQualys SAML 2.0 Single Sign-On (SSO) Technical Brief
Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief Qualys provides its customers the option to use SAML 2.0 Single SignOn (SSO) authentication with their Qualys subscription. When implemented, Qualys
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationShould You Use Liberty or Passport for Digital Identities?
Select Q&A, J. Pescatore, A. Litan Research Note 12 August 2003 Should You Use Liberty or Passport for Digital Identities? Federated digital identities, such as from the Liberty Alliance and Microsoft
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationFrom UseCases to Specifications
From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect, Global Software Practice Sun Microsystems Why Identity Related Services? Identity-enabling: Exposes identity
More informationOracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On
Oracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On Configuration Guide E84772-01 Last Update: Monday, October 09, 2017 Oracle Utilities Opower Energy Efficiency Web Portal -
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationTRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model
TRUST. assured reliance on the character, ability, strength, or truth of someone or something - Merriam-Webster TRUST AND IDENTITY July 2017 Trusted Relationships for Access Management: The InCommon Model
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationTest Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0
1 2 3 4 5 6 7 8 9 10 11 Test Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0 Version 3.1 Editor: Kyle Meadors, Drummond Group Inc. Abstract: This document describes the test steps to achieve
More informationAccess Management Handbook
Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)
More informationBusiness White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise
Business White Paper IDENTITY AND SECURITY Novell Access Manager Comprehensive Access Management for the Enterprise Simple, Secure Access to Network Resources Business Driver 1: Cost Novell Access Manager
More informationSecurity Information for SAP Asset Strategy and Performance Management
Master Guide SAP Asset Strategy and Performance Management Document Version: 2.0 2018-03-09 Security Information for SAP Asset Strategy and Performance Management Typographic Conventions Type Style Example
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCA Adapter. CA Adapter Installation Guide for Windows 8.0
CA Adapter CA Adapter Installation Guide for Windows 8.0 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation
More informationSingle Sign-On Best Practices
AUGUST 2018 WHITE PAPER Single Sign-On Best Practices Protecting Access in the Cloud Table of Contents Executive Summary... 3 Objectives... 3 Security Challenges... 4 Standards... 5 Conclusion... 6 Additional
More informationGestión dinámica de configuraciones en dispositivos móviles en un entorno Liberty/OMA-DM
Gestión dinámica de configuraciones en dispositivos móviles en un entorno Liberty/OMA-DM 1 Device Independence Liberty and Identity in a Nutshell The Importance of Identity Principles Liberty Value Proposition
More informationSystem Administrator s Guide Login. Updated: May 2018 Version: 2.4
System Administrator s Guide Login Updated: May 2018 Version: 2.4 Contents CONTENTS... 2 WHAT S NEW IN THIS VERSION 2018R1 RELEASE... 4 Password Retrieval via Email (GDPR Alignment)... 4 Self-Registration
More informationYOUR PRIVACY RIGHTS Privacy Policy General Col ection and Use voluntarily
YOUR PRIVACY RIGHTS Privacy Policy The Travel Society (DBA The Travel Society, LLC ) (AKA: Company ) in addition to the Members (AKA: Affiliates ) of The Travel Society values your privacy. This Privacy
More informationEfficient, broad-based solution for a Swiss digital ID
Press release November 21, 2017 Government and private sector produce joint solution Efficient, broad-based solution for a Swiss digital ID The people of this country should have a simple, secure and unambiguous
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationInCommon Federation: Participant Operational Practices
InCommon Federation: Participant Operational Practices Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationMobile: Purely a Powerful Platform; Or Panacea?
EBT: The Next Generation 2017 Mobile: Purely a Powerful Platform; Or Panacea? Evan O Regan, Director of Product Management Authentication & Fraud Solutions Entrust Datacard POWERFUL PLATFORM OR PANACEA
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationAssuring Identity. The Identity Assurance Framework CTST Conference, New Orleans, May-09
Assuring Identity The Identity Assurance Framework CTST Conference, New Orleans, May-09 Brett McDowell, Executive Director, Liberty Alliance email@brettmcdowell +1-413-652-1248 1 150+ Liberty Alliance
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationSafaricom Data Privacy Statement
Safaricom Data Privacy Statement Page 1 of 7 Table of Content 1.0 Introduction... 3 2.0 Definitions... 3 3.0 Statement Details... 3 3.1 Collection of Information... 3 3.2 What Customer Information is Collected?...
More informationGlobal Reference Architecture: Overview of National Standards. Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants
Global Reference Architecture: Overview of National Standards Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants Goals for this Presentation Define the Global Reference Architecture
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationWeb Services, ebxml and XML Security
Web Services, ebxml and XML Security Dr David Cheung Director Center for E-Commerce E Infrastructure Development Electronic Commerce Models Business to Customer (B2C) Convenient access to services Business
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationIntegrated Security Context Management of Web Components and Services in Federated Identity Environments
Integrated Security Context Management of Web Components and Services in Federated Identity Environments Apurva Kumar IBM India Research Lab. 4, Block C Vasant Kunj Institutional Area, New Delhi, India-110070
More informationUdemy for Business SSO. Single Sign-On (SSO) capability for the UFB portal
Single Sign-On (SSO) capability for the UFB portal Table of contents Overview SSO and SAML PingOne and Ping Federate Data Flow FAQ What is the End User Experience With SSO? Can users access the Udemy app
More informationOrange Liberty-enabled solution for 71 million subscribers. Aude Pichelin Orange Group Standardisation Manager
Orange Liberty-enabled solution for 71 million subscribers Aude Pichelin Orange Group Standardisation Manager Aude.pichelin@orangefrance.com Orange, Orange, 3GSM 3GSM Barcelona, Barcelona, February 15,
More informationITU-T SG 17 Q10/17. Trust Elevation Frameworks
ITU-T SG 17 Q10/17 Trust Elevation Frameworks Abbie Barbir, Ph.D. ITU-T SG 17 Q10 Rapporteur Martin Euchner SG 17 Advisor ITU Workshop on "Future Trust and Knowledge Infrastructure July 1 2016 Contents
More informationOur Commitment To Privacy PRIVACY POLICY. Last Modified July 26, 2018
Our Commitment To Privacy PRIVACY POLICY Last Modified July 26, 2018 Please read this Privacy Policy carefully before using this online entertainment service. Access to and use of this online entertainment
More informationIdentity, Authentication and Authorization. John Slankas
Identity, Authentication and Authorization John Slankas jbslanka@ncsu.edu Identity Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others;
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationExtending Services with Federated Identity Management
Extending Services with Federated Identity Management Wes Hubert Information Technology Analyst Overview General Concepts Higher Education Federations eduroam InCommon Federation Infrastructure Trust Agreements
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Guelph Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationA Mechanism for Federated Identification Services for Public Access Portals Using Access-Cards
A Mechanism for Federated Identification Services for Public Access Portals Using Access-Cards Sylvia Encheva Stord/Haugesund University College Bjørnsonsg. 45 5528 Haugesund, Norway sbe@hsh.no Sharil
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationChapter 17 Web Services Additional Topics
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 17 Web Services Additional Topics Prof. Dr.-Ing. Stefan Deßloch
More informationAuthentication. Katarina
Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationUniversity of Cincinnati Federated Identity Strategy
University of Cincinnati Federated Identity Strategy Federated identity management (FIM) allows for two or more organizations to link their networks allowing for greater security and access to appropriate
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationBring Your Own Device. Peter Silva Technical Marketing Manager
Bring Your Own Device Peter Silva Technical Marketing Manager Bring-Your-Own-Device (BYOD) Personal devices for business apps Why implement BYOD? Increase employee satisfaction, productivity Reduce mobile
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation June 2014 Public Legal disclaimer This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationEnhanced OpenID Protocol in Identity Management
Enhanced OpenID Protocol in Identity Management Ronak R. Patel 1, Bhavesh Oza 2 1 PG Student, Department of Computer Engg, L.D.College of Engineering, Gujarat Technological University, Ahmedabad 2 Associate
More informationPrivacy Policy- Introduction part Personal Information
Privacy policy The Privacy Policy is applicable to the website www.mypitcrew.in registered as MyPitCrew. This privacy statement also does not apply to the websites of our business partners, corporate affiliates
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Task Flow, page 5 Reconfigure OpenAM SSO to SAML SSO Following an Upgrade, page 9 SAML SSO Deployment Interactions and Restrictions, page 9 Prerequisites NTP
More informationThis regulation outlines the policy and procedures for the implementation of wireless networking for the University Campus.
UAR NUMBER: 400.01 TITLE: Wireless Network Policy and Procedure INITIAL ADOPTION: 11/6/2003 REVISION DATES: PURPOSE: Set forth the policy for using wireless data technologies and assigns responsibilities
More informationMoving Digital Identity to the Cloud, a Fundamental Shift in rethinking the enterprise collaborative model.
TEG Progress Update Moving Digital Identity to the Cloud, a Fundamental Shift in rethinking the enterprise collaborative model. Fulup Ar Foll Master Architect Sun Microsystems Fulup@sun.com 1 What is the
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationThe Identity Web An Overview of XNS and the OASIS XRI TC
The Identity Web An Overview of XNS and the OASIS XRI TC XML WG December 17, 2002 Marc LeMaitre VP Technology Strategy OneName Corporation Goals of this presentation Introduce the idea of the Identity
More informationSINGLE SIGN ON SOLUTIONS FOR ICS PRODUCTS
SINGLE SIGN ON SOLUTIONS FOR ICS PRODUCTS Gabriella Davis - gabriella@turtlepartnership.com IBM Lifetime Champion for Social Business The Turtle Partnership 1 Admin of all things and especially quite complicated
More informationDESIGN OF WEB SERVICE SINGLE SIGN-ON BASED ON TICKET AND ASSERTION
DESIGN OF WEB SERVICE SINGLE SIGN-ON BASED ON TICKET AND ASSERTION Abstract: 1 K.Maithili, 2 R.Ruhin Kouser, 3 K.Suganya, 1,2,3 Assistant Professor, Department of Computer Science Engineering Kingston
More informationIdentity Management: Setting Context
Identity Management: Setting Context Joseph Pato Trusted Systems Lab Hewlett-Packard Laboratories One Cambridge Center Cambridge, MA 02412, USA joe.pato@hp.com Identity Management is the set of processes,
More informationCA SiteMinder. Federation Manager Guide: Legacy Federation. r12.5
CA SiteMinder Federation Manager Guide: Legacy Federation r12.5 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More information