SlideShare uma empresa Scribd logo
1 de 22
Baixar para ler offline
2013 Open Stack Identity Summit - France

Federation in practice
Applications and data within the firewall perimeter
Users within the enterprise
Difficult to roll out new services

OLD ACCESS CONTROL
Hanseatic League (Hansa)
Trade Confederation
Centuries 13th – 17th

Trading outside the walls
•  Secure
•  Membership agreement
•  Follow protocol
Customers
Outsourcing
Partners

Suppliers

Information, services and users
outside the fireWALL
The dictionary
Federalism is a political concept in which
a group of members are bound together
by covenant (Latin: foedus, covenant*)
with a governing representative head.
*Agreement
SChengen Area
It is a group of 26 European
countries that have abolished
passport and immigration
controls at their common
borders.

§  Present your security token at the entrance
§  Travel seamlessly within the area
Customers
Outsourcing
Databases

Directory

Active
Directory

Commercial
Applications
In-house dev
applications
Legacy
applications

FEDERATED
IDENTITY

Enterprise

Partners
Suppliers
Is the means of linking a person´s electronic identity and attributes,
stored across multiple distinct identity management systems
Benefits of Federated identity
•  Provides Single Sign On for an enhanced user
experience
•  Share information across partners securely and
privately
•  Promote adoption of new services
•  Reduces costs
•  Cloud friendly
•  Mobile friendly
Identity Federation Standards

ID-FF

Ws-federation

SAML 2.0
Federation support

OpenID

Connect!

OAUTH 2.0!
REST/JSON

ID-FF"
Shibboleth
1.0/1.1"

SAML 1.0"

SAML 1.x"

Shibboleth 2

(SAML2)"

OpenAM"

SAML 2.0!
ADFS2

(SAML 2)"

WS-Federation
1.0"

WS-Federation
1.1"
ADFS"
SOAP/XML
10
Identity Federation Actors
Circle of Trust

Identity Provider,
Asserting PARTY, IdP

Authenticate
Obtain Token

Agreements

Service Provider,
Relaying party,
Consumer, SP

principal

Service Provider,
Relaying party,
Consumer, SP

Present token
Access resource
Use Cases
§  Enterprise connected to Cloud SaaS, partners, suppliers, etc

Social

§  Customers using social authentication

Databases

Directory

Active
Directory

Commercial
Applications

SaaS

In-house dev
applications
Legacy
applications

Private Cloud
Partners
Outsourcing
Suppliers
Use Cases
§  SaaS/IDaas Providing services to Enterprises
§  Social authentication to SaaS and IDaaS

Databases

Directory

Active
Directory

Commercial
Applications
In-house dev
applications
Legacy
applications

Social

SaaS

Multi-tenant
IdP

Private Cloud

Multi-tenant
SP
Mobile IAM for the Modern Web

Web
App

Web
App

Login
App

OAuth2

Native
App

REST

Native
App

OpenID Connect

OpenAM
Authentication
Authorization
Attribute Delivery

Cloud

Federation
SSO
Token Persistence
Session Mgmt
OAuth2 Provider

Enterprise
14
SP to IdP Mesh
IdP
SP
IdP
SP
IdP
SP
IdP
IdP Proxy
IdP
SP
IdP
SP
SP

IdP
Proxy

IdP
IdP
Federation is more than SSO
SAML 2.0
IdP, SP, IdP Proxy, Attribute Query Provider, Attribute
Authority, Authentication Authority, XACML PEP, XACML
PDP

WS-Federation
IdP, SP

ID-FF
IdP, SP

OAuth 2.0
RESTful Authorization protocol

OpenID Connect
Uses OAUTH2 tokens, adds services
OpenAM + family
OpenAM
Full blown Federation

OpenAM Fedlet
Lightweight SAML 2.0 SP

OpenIG and Fedlet
Powerful combination of integration and SAML 2.0

Bridge SPE/SalesForce Bridge
SAAS oriented federation/sync bridge, includes SAML 2.0
and OAUTH2.
Custom federation
Reverse
Proxy

1

3

Custom
AuthN Module
State 1

Policy
Agent

“Custom IDP”

OpenAM

Application

6

Policy
Agent

Application

Application

Application

2

SP

IDP

Fedlet

Custom
AuthN Module
State 2

Custom
Post
Authentication
Module

4

5

19
Walkthrough configure OpenAM
to achieve SSO to
Google Apps
WordPress
Office365
using SAML2
Federated Single Sign-On
demo.openam.org

IDP
Circle of Trust

SP

SP

SP
2013 Open Stack Identity Summit - France

Federation in practice

Mais conteúdo relacionado

Mais procurados

OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
ForgeRock
 
Single sign on using WSO2 identity server
Single sign on using WSO2 identity serverSingle sign on using WSO2 identity server
Single sign on using WSO2 identity server
WSO2
 
WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server
WSO2
 
Bring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerBring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity Server
WSO2
 

Mais procurados (20)

THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURE
 
OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An Introduction
 
Implementing eGov
Implementing eGovImplementing eGov
Implementing eGov
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration Component
 
Webinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursWebinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New Featurs
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
 
OpenAM Survival Tips
OpenAM Survival TipsOpenAM Survival Tips
OpenAM Survival Tips
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
 
Single sign on using WSO2 identity server
Single sign on using WSO2 identity serverSingle sign on using WSO2 identity server
Single sign on using WSO2 identity server
 
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital ServicesCustomer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
 
WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
 
Bring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerBring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity Server
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
 

Semelhante a Federation in Practice

Open am and_radiantone
Open am and_radiantoneOpen am and_radiantone
Open am and_radiantone
Jose R
 
Zarafa SummerCamp 2012 - Keynote Peter Ganten
Zarafa SummerCamp 2012 - Keynote Peter GantenZarafa SummerCamp 2012 - Keynote Peter Ganten
Zarafa SummerCamp 2012 - Keynote Peter Ganten
Zarafa
 
Wsdl Bahankuliah
Wsdl BahankuliahWsdl Bahankuliah
Wsdl Bahankuliah
Eri Alam
 
Radisys Keynote, Gamifying the User’s Journey, Adnan Saleem
Radisys Keynote, Gamifying the User’s Journey, Adnan SaleemRadisys Keynote, Gamifying the User’s Journey, Adnan Saleem
Radisys Keynote, Gamifying the User’s Journey, Adnan Saleem
Alan Quayle
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
 

Semelhante a Federation in Practice (20)

Federation in Practice
Federation in PracticeFederation in Practice
Federation in Practice
 
DEVNET-1132 Create B2B Exchanges with Cisco Connected Processes
DEVNET-1132	Create B2B Exchanges with Cisco Connected ProcessesDEVNET-1132	Create B2B Exchanges with Cisco Connected Processes
DEVNET-1132 Create B2B Exchanges with Cisco Connected Processes
 
Open am and_radiantone
Open am and_radiantoneOpen am and_radiantone
Open am and_radiantone
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a Service
 
Zarafa SummerCamp 2012 - Keynote Peter Ganten
Zarafa SummerCamp 2012 - Keynote Peter GantenZarafa SummerCamp 2012 - Keynote Peter Ganten
Zarafa SummerCamp 2012 - Keynote Peter Ganten
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
 
Synergies across APIs and IAM
Synergies across APIs and IAMSynergies across APIs and IAM
Synergies across APIs and IAM
 
FIWARE Global Summit - International Data Spaces - A New Idea for Sharing Data
FIWARE Global Summit - International Data Spaces - A New Idea for Sharing DataFIWARE Global Summit - International Data Spaces - A New Idea for Sharing Data
FIWARE Global Summit - International Data Spaces - A New Idea for Sharing Data
 
WSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to StratosWSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to Stratos
 
WSO2con 2011: Introduction to Stratos
WSO2con 2011:  Introduction to StratosWSO2con 2011:  Introduction to Stratos
WSO2con 2011: Introduction to Stratos
 
Wsdl Bahankuliah
Wsdl BahankuliahWsdl Bahankuliah
Wsdl Bahankuliah
 
Radisys Keynote, Gamifying the User’s Journey, Adnan Saleem
Radisys Keynote, Gamifying the User’s Journey, Adnan SaleemRadisys Keynote, Gamifying the User’s Journey, Adnan Saleem
Radisys Keynote, Gamifying the User’s Journey, Adnan Saleem
 
Cloud Mashup
Cloud MashupCloud Mashup
Cloud Mashup
 
Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practice
 
Feide Connect
Feide ConnectFeide Connect
Feide Connect
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
 
Web Services
Web ServicesWeb Services
Web Services
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
Application platform and integration platform strategy and roadmap
Application platform and integration platform strategy and roadmapApplication platform and integration platform strategy and roadmap
Application platform and integration platform strategy and roadmap
 

Mais de ForgeRock

Mais de ForgeRock (20)

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management  - A Strategic OpportunityIdentity Live Sydney: Identity Management  - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live  Sydney:  Building Trust and Privacy in a Connected SocietyIdentity Live  Sydney:  Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years..  (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years..  (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication  (Identity Live Berlin 2018)Intelligent Authentication  (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 

Último

Último (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Federation in Practice