Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Similar documents
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

SAP Security in a Hybrid World. Kiran Kola

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Identity-Enabled Web Services

SAML-Based SSO Solution

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

SAML-Based SSO Solution

Mohit Saxena Senior Technical Lead Microsoft Corporation

SAP Single Sign-On 2.0 Overview Presentation

Architecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World

Cloud Access Manager Overview

Vishal Shirodkar Technology Specialist Microsoft India Session Code:

Access Management Handbook

Single Secure Credential to Access Facilities and IT Resources

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Mashing Up, Wiring Up, Gearing Up: Solving Multi-Protocol Problems in Identity

Novell Access Manager 3.1

PKI is Alive and Well: The Symantec Managed PKI Service

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Microsoft Office 365. Identity Beta Service Description. Published: March 2011

AIM Enterprise Platform Software IBM z/transaction Processing Facility Enterprise Edition 1.1.0

Dell One Identity Cloud Access Manager 8.0. Overview

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Authlogics for Azure and Office 365

Crash course in Azure Active Directory

Office 365 and Azure Active Directory Identities In-depth

Microsoft Windows Server 2008 R2 Remote Desktop Services Session Virtualization and VDI Microsoft RemoteFX

Security Enhancements

SafeNet Authentication Client

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Identity Management as a Service

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

Business White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise

Tivoli Federated Identity Manager. Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic

THE SECURITY LEADER S GUIDE TO SSO

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Virtual Machine Encryption Security & Compliance in the Cloud

Centrify for Dropbox Deployment Guide

Design and deliver cloud-based apps and data for flexible, on-demand IT

U-Prove Technology Overview

APPLICATION ACCESS MANAGEMENT (AAM)

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

Configuration Guide - Single-Sign On for OneDesk

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Microsoft SharePoint Server 2013 Plan, Configure & Manage

SharePoint 2019 and Extranet User Manager

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Introduction to.net FX 3.0 (+ sneak preview of.net FX 3.5)

Sentinet for BizTalk Server SENTINET

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Anywhere Access to the People and Information You Need Every Day. Name Title Microsoft Corporation

Five9 Plus Adapter for Agent Desktop Toolkit

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Managing Identity Lifecycles at Scale

CLB379 SharePoint 2010 Extranets and Authentication. Peter Carson President Envision IT

Warm Up to Identity Protocol Soup

SafeNet Authentication Client

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

The Device Has Left the Building

Advanced Solutions of Microsoft SharePoint Server 2013

Frequently Asked Questions

1 Introduction to Identity Management. 2 Access needs evolve. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Advanced Solutions of Microsoft SharePoint Server 2013 Course Contact Hours

A comprehensive security solution for enhanced mobility and productivity

Advanced Solutions of Microsoft SharePoint 2013

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: June 2014

Orange Liberty-enabled solution for 71 million subscribers. Aude Pichelin Orange Group Standardisation Manager

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Extranet Identity Management and Authentication for SharePoint On Premise, Office 365 and Beyond

TECHNICAL GUIDE SSO SAML. At 360Learning, we don t make promises about technical solutions, we make commitments.

Interagency Advisory Board Meeting Agenda, August 25, 2009

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

App Gateway Deployment Guide

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Authentication. Katarina

Identität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Maximize your move to Microsoft in the cloud

Cloud Secure Integration with ADFS. Deployment Guide

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: May 2015

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Designing Workspace of the Future for the Mobile Worker

Major SAML 2.0 Changes. Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007

MaaS360 Secure Productivity Suite

DDS Identity Federation Service

Endpoint Protection with DigitalPersona Pro

The Modern Web Access Management Platform from on-premises to the Cloud

CA SiteMinder. Federation in Your Enterprise 12.51

PKI Enhancements in Windows 7 and Windows Server 2008 R2

Single Sign-On Showdown

Oracle Utilities Opower Solution Extension Partner SSO

Simplify Application Access with Azure Active Directory

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

How to Use ADFS to Implement Single Sign-On for an ASP.NET MVC Application

OATH : An Initiative for Open AuTHentication

USING PRODUCT PROVISIONING TO DELIVER FILES TO WINDOWS 10: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Transcription:

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Agenda Microsoft s Identity and Access Strategy Geneva Claims Based Access User access challenges Identity Metasystem and claims solution Introducing Geneva claims based access platform

Identity & Access Customer Challenges Compliance with regulatory requirements Auditable processes for granting access to resources Reducing help desk burden for end users Managing the complexity of distributed identity information Compliance Operational Efficiency Enabling new high business value scenarios Supporting mergers, acquisitions & reorganizations Business Agility IT Security Integrated user provisioning & credential management Ensuring that only authorized users can access resources

Customers Identity & Access Requirements Identity & Access Management Compliance and Audit: Monitoring, reporting, auditing of identity-based access activity Policy Management: Identity policy, user/role-based access policy, federation policy, Delegation Access Management: Group Management, Federation/Trust Management, Entitlements, RBAC Identity & Credential Management: User provisioning, Certificate & Smartcard Management, User self-service Identity-Based Access Remote Access Access resources remotely e.g. SSL VPN Network Access Identity-oriented edge access - e.g. NAP App Access SSO, Web/Ent/Host Access, Federation Info Access Drive Encryption, ILP, Rights Management Identity Infrastructure Identity & Credentials Infrastructure: Directory Identity/Credentials, InfoCards, Meta/Virtual Directory, Basic Policy

Microsoft s Identity & Access Strategy Comprehensive Solutions User Centric Open & Extensible Best TCO Turnkey Offerings Rich Office Integration Service oriented Simplified Licensing On Premises and Cloud Consistent User Experience Application Platform Integration Easiest to Deploy Physical and Virtual Privacy Enabled Open and Interoperable Broadest Ecosystem

Introducing

Identity & Access Silos Block Business Needs Business Needs Flexible Collaboration: Enable collaboration within the enterprise, across organizational boundaries, and on the Web while satisfying security requirements Business Agility: Improve ability to react to changing business needs by enabling existing systems to interoperate with new systems such as cloud services and SOA User Access Challenges Lack of System Interoperability: Difficult for users to gain access across diverse applications and systems to collaborate seamlessly with other users Hard to Extend User Access: Complex to extend user access from existing applications and systems to new applications and systems, and cloud services and SOA could multiply these challenges What s Needed to Solve the Challenges Single Identity Model: A single simplified user access model that works across different applications and systems to enable collaboration while helping to maintain security Interoperability: An open and adaptable user access model that enables identities to interoperate with applications and systems regardless of location or architecture

Shared Industry Solution: Identity Metasystem and Claims The industry has created a vision and architecture to address the challenges of identity interoperability What is the Identity Metasystem? A shared industry vision for interoperable identity Single identity model that works in enterprises, federation and consumer Web Works with existing IT infrastructures Interoperability based on open protocols Architecture based on claims What are Claims? Claims describe identity attributes within the Identity Metasystem Used to drive application behavior Can disclose identity information selectively Delivered inside security tokens produced by a security token service (STS) Learn more about the Identity Metasystem Overview: http://www.identityblog.com/?p=355 A public policy perspective: http://www.ipc.on.ca/images/resources/up-7laws_whitepaper.pdf OASIS standards body: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=imi An industry association: http://informationcard.net/ An open source project: http://www.eclipse.org/org/press-release/20080221_higgins.php

Introducing Geneva What is Geneva? Microsoft s open platform for simplified and security-enhanced user access based on claims Based on the shared industry vision for an interoperable Identity Metasystem via claims What does Geneva include? Geneva includes three components for enabling claims-based access: For Developers: Geneva Framework for building.net applications that use claims to make user access decisions For IT: Geneva Server security token service (STS) for issuing and transforming claims and managing user access For Users: Windows CardSpace Geneva helps users navigate access decisions Why should I adopt Geneva? Simplifies User Access Simplifies application development by externalizing user access from applications via claims Reduces development effort with pre-built security logic and.net tools Helps users navigate multiple logins, manage different personas, and control information sharing Streamlines Access Management & Security Helps speed deployment of applications and enhances security via reduced custom implementation work Simplifies user access management with authentication externalized from applications Enables easier collaboration between organizations with automated federation tools Enhances Interoperability & Adaptability More quickly adapt user access control methods to meet changing business needs Enables users, applications and systems to work better together regardless of location or architecture Includes built-in interoperability via open industry standards including WS-* and SAML

Illustration of the Full System One example of how Geneva components might be used together 1. A user wants to access an application User Windows CardSpace Geneva 2. Gets claims? 3. Sends claims Identity Provider Relying Party App or Service Geneva Server Trust Built with Geneva Framework Interoperable via industry standard protocols

Geneva Interoperates with Other Claims Infrastructure 1. User wants to access an application User Mix and match Geneva components with 3 rd party claims-based STS s, frameworks, and clients Windows CardSpace Geneva - OR - Browser or Third Party Identity Selector 2. Gets claims 3. Sends claims Identity Provider Relying Party App or Service Microsoft Services Connector (MSC) and.net Access Control Service (ACS) are both built on Geneva technology and claims architecture Geneva Server, MSC, or ACS - OR - Third Party STS Trust Built with Geneva Framework - OR - Third Party Framework Interoperable via industry standard protocols

Example Scenarios Benefits Scenarios Simplifies Application Access Step-Up Authentication: Build an application that requires users to step up to a higher level of authentication to approve sensitive transactions Cloud SSO: Extend SSO from on-premises Active Directory to Microsoft cloud services with Microsoft Services Connector or.net Access Control Service (built on Geneva technology) Streamlines Access Management & Security Federated Document Collaboration: Enable employees and partners to collaborate with Office documents and SharePoint via federation Managed Info Cards: Issue managed information cards to employees to reduce the need to remember multiple logins Enhances Interoperability & Adaptability Legacy Interoperability: Implement Geneva to help disparate existing applications achieve seamless user access while laying a foundation to add claims-based apps Flexible Authentication: Change authentication methods across multiple applications from username/password to smart cards

Features Features Details Developer Experiences Pre-built user access logic based on claims Developer framework and ASP.NET controls Externalize authentication from applications and support multiple authentication types Federation provider STS with simple administration tools to quickly set up federations Federation Federation between on-premises directories and cloud services Multi-protocol federation, including WS-* and SAML 2.0 protocols Authentication Flexibility Identity provider STS to issue claims and managed CardSpace identities Applications can be built to prompt users for stronger credentials for scenarios requiring higher security Switch authentication types with minimal application re-coding Interoperability Built-in interoperability via open industry protocols including WS-* and SAML 2.0 STS translates between claims and other protocols to enable claims and non-claims interoperability Implements the industry Identity Metasystem vision for interoperable identity via claims User Experiences Next generation CardSpace helps users navigate between multiple logons Streamlined download and installation delivers efficient Web and client experience with CardSpace User control and transparency for how information is shared

Geneva Schedule Beta 1 October 2008 Beta 2 1 st Half 2009 RTM 2 nd Half 2009 Licensing: All three components will be available under Windows license Ship Vehicle: All three components will be available as separate web downloads Version Support: Beta 1 supports Windows Server 2008 and Windows Vista. Support at RTM will be announced at a later date

Summary Single Simplified Identity Model Externalizes user access from applications via claims Reduces application development effort Helps users make identity decisions Streamlines Access Management and Security Speeds deployment of applications Consolidates user access management in hands of IT Automates federation Interoperable and Adaptable Flexible to change authentication methods Works independent of location or architecture Interoperable via claims, WS-* and SAML 2.0 protocol

Developer Benefits What does Geneva offer developers? Geneva Framework: SDK to build claims based applications Windows CardSpace Geneva : Identity client platform What can developers build with Geneva? Claims aware.net applications User authentication experience with CardSpace Geneva Custom security token services (STS) Why should developers use Geneva? Improves Developer Productivity Enhances Application Security Simplifies application development by externalizing user access from applications via claims Enables developers to code to a single simplified identity model based on claims Includes pre-built security logic with.net tools to free up time for more value-added work Helps provide consistent security with a single user access model externalized from applications Enhances consistency of security with pre-built user access logic Provides seamless user access to on-premises software and cloud services Interoperable and Extensible Offers built-in interoperability via industry protocols including WS-* and SAML 2.0 Implements the industry Identity Metasystem vision for interoperable identity Enables interoperability between users, applications, systems and other resources via claims

IT Professional Benefits What does Geneva offer IT pros? Geneva Server: Security token service (STS) with identity and federation provider roles plus user access management capabilities Windows CardSpace Geneva : Authentication client What can IT pros do with Geneva? Deploy an STS to enable user access to applications via claims Quickly establish federations with partners and customers Issue managed identity cards to users Why should developers use Geneva? Streamlines User Access Management Implements a single user access model with native single sign on and easier federation Builds on and interoperates with existing identity infrastructure investments Works with identity management infrastructure such as Active Directory and Identity Lifecycle Manager Enhances Application Security Helps provide consistent security with a single user access model externalized from applications Vests more complete control over user access decisions with IT instead of developers Provides seamless access between on-premises software and cloud services Interoperable & Adaptable Based on industry standard protocols including WS-* and SAML 2.0 for interoperability Meet new business needs faster by allowing applications and infrastructure to evolve independently Integrates new authentication methods with fewer application code changes

Comparing AD FS, CardSpace1, WCF with Geneva AD FS 1.1 CardSpace 1.0 WCF Passive browser federation WS-* protocols Self-issued information cards Federated SharePoint Federated rights management Geneva Adds Geneva Framework Geneva Server CardSpace Geneva End to end claims support Pre-built ASP.NET controls Federate Office documents SAML 2.0 protocol support Native SSO Active client federation Automated trust management Managed information cards Streamlined client UI

Geneva Beta 1 vs. Future Features Component Geneva Framework Beta 1 Features Externalize authentication from the app Multiple authentication types supported Identity delegation Step-up authentication Write apps to accept managed CardSpace identities SAML 2.0 token format Transform claims into Kerberos tokens Provision an STS in relying party apps Features We Will Add by RTM SAML 2.0 IDP and SP protocol support for SSO Geneva Server Identity provider integrated with Active Directory Issue managed CardSpace identities SAML 2.0 protocol for IDP for SSO SAML 2.0 token format Transform claims into Kerberos tokens Easy trust establishment Identity delegation management Automated trust management SAML 2.0 protocol for SP for SSO Support for alternate identity attribute stores Issue multiple CardSpace identities for multiple user roles Extranet access support Powershell support Interoperability of WS-Fed with mobile and other low-performance clients CardSpace Geneva Support for managed information card issuance Small download (less than 5mb) Streamlined UI Inline UI for websites User self-issued information cards Backward compatibility for Windows apps Challenge-response for authentication assurance Secure desktop

Geneva Beta 1 vs. Future Scenarios Beta 1 Scenarios Enable employees and partners to collaborate with Office documents and SharePoint via federation. Scenarios We Will Enable by Final Release Accept self-issued information cards on an e-commerce website to speed checkout and improve security. Extend single sign on from an on-premises directory such as Active Directory to cloud services such as those offered by Live. Build an application that asks users to step up to a higher level of authentication based on context Build an application that later allows IT to change authentication methods from username/password to smart cards without app code changes. Build a chain of applications and services that act on behalf of users while maintaining control of identity disclosure within claims. Issue managed information cards to employees to reduce the need to remember multiple logins. Implement Geneva to help an existing Kerberos application achieve seamless user access while laying a foundation to add claims-based apps. Implement federation with partners on heterogeneous infrastructures and maintain trusts automatically.

Demo Title Name Title Company

2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback