SlideShare uma empresa Scribd logo

Access Management for Cloud and Mobile

ForgeRock
ForgeRock

Presented by Bert Van Beeck, Technical Enablement Lead, ForgeRock at ForgeRock Open Identity Stack Summit, France 2013 Learn more about ForgeRock Access Management: https://www.forgerock.com/platform/access-management/ Learn more about ForgeRock Identity Management: https://www.forgerock.com/platform/identity-management/

Tecnologia
1 de 23
Baixar para ler offline
2013 Open Stack Identity Summit - France Access Management for Cloud and Mobile
Single Sign On web gateway Session Lifecycle Management Web Application Fat Client Application Stateful Session SP IDP Stateless Session Session Store (Memory or Persisted) with option to enable Session Failover/replication Create, Leverage & Upgrade Session Authentication Federation Leverage session Authorization Attributes
The Good, The Bad and The Ugly “You see, in this world there's two kinds of APIs, my friend: Those that are lightweight and those that make you dig”
On-Premise vs Cloud/Social/Mobile SOAP XML REST JSON
OAuth2, OpenID Connect, REST Mobile Social Cloud Enterprise Things HTTP(s) JSON REST Endpoints AuthN AuthZ Session Validation Identity Management Realm Mgmt OpenAM Core OAuth2 OpenID Connect Logging
Mobile IAM for the Modern Web Web App Web App Login App OAuth2 Native App REST Native App OpenID Connect OpenAM Authentication Authorization Attribute Delivery Cloud Federation SSO Token Persistence Session Mgmt OAuth2 Provider Enterprise
“You see, in this world there's two kinds of APIs, my friend: Those that are lightweight and those that make you dig” Demo
2 Native apps in iPhone OAuth2 Demo •  Obtains an OAuth2 Refresh and Access Token using the Authorization Code Grant and then stores it locally in the iPhone keyring •  Access User Profile info with the Access Token •  Refreshes the Access Token when it expires using the refresh token SSO Demo •  Retrieves the Access Token from the iPhone keyring •  Access User Profile info with the Access Token
OAuth2 •  Authorization protocol •  Grant access to third parties •  Parties do not share sensitive user information, i.e. no credentials are shared •  Used to grant limited access during limited time to specific resources •  Developed by the IETF Working group
Who is using OAuth2
OAuth2 Tokens ACCESS Token •  Used to access a protected resource •  Obtained through one of the grant flow •  Life time short (minutes, hours REFRESH Token •  Used to obtain a new access token •  Obtained through one of the grant flows •  Life time long (days, weeks, months)
Possible flow Protected Resource leveraging access token 1 7 2 3 Client retrieve refresh token 4 5 retrieve access token 6 Provider
Resource Owner Password Flow 2 application provides userid/password credentials Provider retrieve access token Client 3 1 << 4 leveraging access token Protected Resource
Supported grants Use Case: For Web Applications §  Authorization Code Flow Grant §  Implicit Flow Grant Use Case: For Mobile Applications §  Resource Owner Password Use Case: For Application to Application §  Client Credentials Flow §  SAMLv2 Token Insertion Presenter’s Logo Here Use Case : Implicit flow Grant
Cheat sheet http://www.cheatography.com/kayalshri/cheatsheets/oauth-end-points/
What is it not •  OpenID Connect is not OpenID •  OpenID is old social protocol, without a mandatory contract between client and provider •  OpenID is unsecure
What is OAUTH2 again ? •  OAuth2 is an AUTHORIZATION protocol •  Access/Refresh token represents access to resource for anybody who has that token •  There is not system in place to restrict resource usage to a user identity
OpenID Connect •  OpenID Connect uses TWO access/refresh tokens •  One to authorize the resource (see OAUTH2 before) •  One to authorize the user identity accessing that resource Protected Resource OAUTH2 Access Token User identity OAUTH2 Access Token •  OpenID Connect maintains the relationship between the resource and the user •  User can only access the resource with its access token provided the user access token is entitled to it
2013 Open Stack Identity Summit - France Coming from a different angle
OpenAM Authentication •  MSISDN •  HOTP (Text Messages via cell phone) •  OATH (3rd party Token generators)
Banking grade authentication Thomas Bostrøm Jørgensen - CEO, Encap

Recomendados

Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2Sang Shin
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2axykim00
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDGasperi Jerome
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 

Recomendados

Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2Sang Shin
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2axykim00
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDGasperi Jerome
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)Artur Barseghyan
 
Microservice with OAuth2
Microservice with OAuth2Microservice with OAuth2
Microservice with OAuth2◄ vaquar khan ► ★✔
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An IntroductionSteve Ivy
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2scotttomilson
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesAndrew Petro
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowManish Pandit
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 IntroductionArpit Suthar
 
OAuth2 Presentaion
OAuth2 PresentaionOAuth2 Presentaion
OAuth2 PresentaionBhargav Surimenu
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID ConnectMarcin Wolnik
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
cloud
cloudcloud
cloudcarlos1208
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCloudIDSummit
 
冇得輸
冇得輸冇得輸
冇得輸carlos1208
 
Cloud identity management meetup 150108
Cloud identity management meetup 150108Cloud identity management meetup 150108
Cloud identity management meetup 150108Morteza Ansari
 
Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0Gluu
 

Mais conteúdo relacionado

Mais procurados

SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)Artur Barseghyan
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An IntroductionSteve Ivy
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2scotttomilson
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesAndrew Petro
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowManish Pandit
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 IntroductionArpit Suthar
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID ConnectMarcin Wolnik
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCloudIDSummit
 

Mais procurados (20)

SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
 
Microservice with OAuth2
Microservice with OAuth2Microservice with OAuth2
Microservice with OAuth2
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An Introduction
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten Minutes
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Silicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and HowSilicon Valley Code Camp 2009: OAuth: What, Why and How
Silicon Valley Code Camp 2009: OAuth: What, Why and How
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 Introduction
 
OAuth2 Presentaion
OAuth2 PresentaionOAuth2 Presentaion
OAuth2 Presentaion
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID Connect
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
 
cloud
cloudcloud
cloud
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
 
冇得輸
冇得輸冇得輸
冇得輸
 

Destaque

Cloud identity management meetup 150108
Cloud identity management meetup 150108Cloud identity management meetup 150108
Cloud identity management meetup 150108Morteza Ansari
 
Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0Gluu
 
OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007David Recordon
 
Ahmed Al Barrak - Staff information security practices - a latent threat
Ahmed Al Barrak - Staff information security practices - a latent threatAhmed Al Barrak - Staff information security practices - a latent threat
Ahmed Al Barrak - Staff information security practices - a latent threatnooralmousa
 
Ndh group+intacct cloud-financial-management-you-can-count-on
Ndh group+intacct cloud-financial-management-you-can-count-onNdh group+intacct cloud-financial-management-you-can-count-on
Ndh group+intacct cloud-financial-management-you-can-count-onndhsshare1
 
APIs, Identity, and Analytics To Fuel Digital Business Innovation
APIs, Identity, and Analytics To Fuel Digital Business InnovationAPIs, Identity, and Analytics To Fuel Digital Business Innovation
APIs, Identity, and Analytics To Fuel Digital Business InnovationWSO2
 
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015Gigya
 
Digital Fuel & Forrester Cloud Computing IT Financial Management
Digital Fuel & Forrester Cloud Computing IT Financial ManagementDigital Fuel & Forrester Cloud Computing IT Financial Management
Digital Fuel & Forrester Cloud Computing IT Financial Managementyisbat
 
Introduction to Research Methods
Introduction to Research MethodsIntroduction to Research Methods
Introduction to Research MethodsMolly Knapp
 
Web Access Management
Web Access ManagementWeb Access Management
Web Access ManagementMolly Knapp
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebRichard Metzler
 
White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management Gigya
 
CIS14: PingAccess 101
CIS14: PingAccess 101CIS14: PingAccess 101
CIS14: PingAccess 101CloudIDSummit
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesPing Identity
 
OpenID Bootcamp Tutorial
OpenID Bootcamp TutorialOpenID Bootcamp Tutorial
OpenID Bootcamp TutorialDavid Recordon
 
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud - Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud - Infosecurity2010
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in ActionCloudIDSummit
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementJulie Beuselinck
 
White Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementWhite Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementGigya
 

Destaque (19)

Cloud identity management meetup 150108
Cloud identity management meetup 150108Cloud identity management meetup 150108
Cloud identity management meetup 150108
 
Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0
 
OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007OpenID Overview - Seoul July 2007
OpenID Overview - Seoul July 2007
 
Ahmed Al Barrak - Staff information security practices - a latent threat
Ahmed Al Barrak - Staff information security practices - a latent threatAhmed Al Barrak - Staff information security practices - a latent threat
Ahmed Al Barrak - Staff information security practices - a latent threat
 
Ndh group+intacct cloud-financial-management-you-can-count-on
Ndh group+intacct cloud-financial-management-you-can-count-onNdh group+intacct cloud-financial-management-you-can-count-on
Ndh group+intacct cloud-financial-management-you-can-count-on
 
APIs, Identity, and Analytics To Fuel Digital Business Innovation
APIs, Identity, and Analytics To Fuel Digital Business InnovationAPIs, Identity, and Analytics To Fuel Digital Business Innovation
APIs, Identity, and Analytics To Fuel Digital Business Innovation
 
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
 
Digital Fuel & Forrester Cloud Computing IT Financial Management
Digital Fuel & Forrester Cloud Computing IT Financial ManagementDigital Fuel & Forrester Cloud Computing IT Financial Management
Digital Fuel & Forrester Cloud Computing IT Financial Management
 
Introduction to Research Methods
Introduction to Research MethodsIntroduction to Research Methods
Introduction to Research Methods
 
Web Access Management
Web Access ManagementWeb Access Management
Web Access Management
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the Web
 
White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management
 
CIS14: PingAccess 101
CIS14: PingAccess 101CIS14: PingAccess 101
CIS14: PingAccess 101
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
 
OpenID Bootcamp Tutorial
OpenID Bootcamp TutorialOpenID Bootcamp Tutorial
OpenID Bootcamp Tutorial
 
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud - Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in Action
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access Management
 
White Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementWhite Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity Management
 

Semelhante a Access Management for Cloud and Mobile

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCloudIDSummit
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformIan Foster
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootGeert Pante
 
Building an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfBuilding an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfJorge Alvarez
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfNordic APIs
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringVMware Tanzu
 

Semelhante a Access Management for Cloud and Mobile (20)

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management Platform
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring Boot
 
Building an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfBuilding an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdf
 
O auth2.0 guide
O auth2.0 guideO auth2.0 guide
O auth2.0 guide
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
 
Iam f42 a
Iam f42 aIam f42 a
Iam f42 a
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
 
Presentation
PresentationPresentation
Presentation
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
Api security
Api security Api security
Api security
 

Mais de ForgeRock

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationForgeRock
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyForgeRock
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication ForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyForgeRock
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)ForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...ForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)ForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...ForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...ForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
 

Mais de ForgeRock (20)

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 

Último

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Último (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Access Management for Cloud and Mobile

  • 1. 2013 Open Stack Identity Summit - France Access Management for Cloud and Mobile
  • 2. Single Sign On web gateway Session Lifecycle Management Web Application Fat Client Application Stateful Session SP IDP Stateless Session Session Store (Memory or Persisted) with option to enable Session Failover/replication Create, Leverage & Upgrade Session Authentication Federation Leverage session Authorization Attributes
  • 3. The Good, The Bad and The Ugly “You see, in this world there's two kinds of APIs, my friend: Those that are lightweight and those that make you dig”
  • 5. OAuth2, OpenID Connect, REST Mobile Social Cloud Enterprise Things HTTP(s) JSON REST Endpoints AuthN AuthZ Session Validation Identity Management Realm Mgmt OpenAM Core OAuth2 OpenID Connect Logging
  • 6. Mobile IAM for the Modern Web Web App Web App Login App OAuth2 Native App REST Native App OpenID Connect OpenAM Authentication Authorization Attribute Delivery Cloud Federation SSO Token Persistence Session Mgmt OAuth2 Provider Enterprise
  • 7. “You see, in this world there's two kinds of APIs, my friend: Those that are lightweight and those that make you dig” Demo
  • 8. 2 Native apps in iPhone OAuth2 Demo •  Obtains an OAuth2 Refresh and Access Token using the Authorization Code Grant and then stores it locally in the iPhone keyring •  Access User Profile info with the Access Token •  Refreshes the Access Token when it expires using the refresh token SSO Demo •  Retrieves the Access Token from the iPhone keyring •  Access User Profile info with the Access Token
  • 9.
  • 10. OAuth2 •  Authorization protocol •  Grant access to third parties •  Parties do not share sensitive user information, i.e. no credentials are shared •  Used to grant limited access during limited time to specific resources •  Developed by the IETF Working group
  • 11. Who is using OAuth2
  • 12. OAuth2 Tokens ACCESS Token •  Used to access a protected resource •  Obtained through one of the grant flow •  Life time short (minutes, hours REFRESH Token •  Used to obtain a new access token •  Obtained through one of the grant flows •  Life time long (days, weeks, months)
  • 13. Possible flow Protected Resource leveraging access token 1 7 2 3 Client retrieve refresh token 4 5 retrieve access token 6 Provider
  • 14. Resource Owner Password Flow 2 application provides userid/password credentials Provider retrieve access token Client 3 1 << 4 leveraging access token Protected Resource
  • 15. Supported grants Use Case: For Web Applications §  Authorization Code Flow Grant §  Implicit Flow Grant Use Case: For Mobile Applications §  Resource Owner Password Use Case: For Application to Application §  Client Credentials Flow §  SAMLv2 Token Insertion Presenter’s Logo Here Use Case : Implicit flow Grant
  • 17.
  • 18. What is it not •  OpenID Connect is not OpenID •  OpenID is old social protocol, without a mandatory contract between client and provider •  OpenID is unsecure
  • 19. What is OAUTH2 again ? •  OAuth2 is an AUTHORIZATION protocol •  Access/Refresh token represents access to resource for anybody who has that token •  There is not system in place to restrict resource usage to a user identity
  • 20. OpenID Connect •  OpenID Connect uses TWO access/refresh tokens •  One to authorize the resource (see OAUTH2 before) •  One to authorize the user identity accessing that resource Protected Resource OAUTH2 Access Token User identity OAUTH2 Access Token •  OpenID Connect maintains the relationship between the resource and the user •  User can only access the resource with its access token provided the user access token is entitled to it
  • 21. 2013 Open Stack Identity Summit - France Coming from a different angle
  • 22. OpenAM Authentication •  MSISDN •  HOTP (Text Messages via cell phone) •  OATH (3rd party Token generators)
  • 23. Banking grade authentication Thomas Bostrøm Jørgensen - CEO, Encap