This document discusses identity management and federated identity. It provides an overview of how identity management has evolved from stovepipe systems to standards-based identity portability. Federated identity allows securely linking identity information across security domains. Examples of use cases for federated identity include integrating hosted services, linking redundant accounts, secure collaboration, and attribute exchange between a business and customers. The document also discusses Ping Identity's federation gateway and deployment services that support multiple federation protocols.

1. Copyright 2004 Ping Identity Corporation
Identity Management BriefIdentity Management Brief
November 19, 2004November 19, 2004

2. 06/26/14
Slide 2
AgendaAgenda
Talking Points
Evolution of Identity Management
Ping Identity Snapshot
Federated Identity In Depth
Ping Products and Services
Federation Protocol Overview
Use Cases

3. 06/26/14
Slide 3
Identity Management EvolvesIdentity Management Evolves
Stovepipe Systems
Internal – Apps, Directories, Databases
External – Partner systems
Proprietary Identity Centralization
The Stack – Cookies, Agents, SSO
Identity Portability via Standards
(SAML, Liberty, WS-*, XACML, SPML)
Vendor Independent
System Independent

4. 06/26/14
Slide 4
Company OverviewCompany Overview
Customers & Partners
Investors
Management
SourceID Users

5. 06/26/14
Slide 5
What is “Federated Identity?”What is “Federated Identity?”
Federated Identity allows enterprises to securely link
and exchange identity information across
autonomous security domains
Federated Identity enables seamless access to
distributed resources and applications

6. 06/26/14
Slide 6
Federated Identity – An Enabling TechnologyFederated Identity – An Enabling Technology
 Networking of Identity Enables
 Tighter partner interaction
 Improved service and convenience to customers
 Improved security of outsourced services
 Lowered costs and complexity managing users and redundant directories
 Identity “Portability” Enables
 Reduced transactional friction
 Lower costs associated with SSO and password reset
 New revenue opportunities

7. 06/26/14
Slide 7
Who’s FederatingWho’s Federating

8. 06/26/14
Slide 8
Current Federation Protocol LandscapeCurrent Federation Protocol Landscape
Liberty
ID-WSF 1.0
SOAP, SSL/TLS,
HTTP, HTML, WAP
OASIS SAML 1.1
Liberty
ID-FF1.2
XML, WSDL, WS-Security, XML Dsig,
WS-*, SPML, XACML, XKMS
Binding,
Network, and
Transport
XML and Security
Federation
Shibboleth
1.2
Identity Services
WS-Federation

9. 06/26/14
Slide 9
Federated Identity Basic ModelFederated Identity Basic Model
Logon
User Attributes
Identity Provider
“Asserting Party”
Service Provider
“Relying Party”
Fed Server
App Server
Protected
Resources
Fed Server
Session Mgr
(e.g. AAA)
Identity Assertion
(Authentication &
Attributes)
Session Mgr
(e.g. AAA)
User Attributes

10. 06/26/14
Slide 10
Products & Services OverviewProducts & Services Overview

11. 06/26/14
Slide 11
Products & Services OverviewProducts & Services Overview
PingFederate – Multi-protocol Federation Gateway
PingDeploy – Accelerated Deployment Services
SourceID - Open Source Toolkits
Business & Legal Frameworks
Integration Services

12. 06/26/14
Slide 12
Use Case: Integrating Hosted ServicesUse Case: Integrating Hosted Services
User Store
Login
User Store
Global Travel Service
Service Provider
Company A
Identity Provider
John Smith
Login: john123
john123
jsmith
Travel Application
XML
GatewayGateway
Intranet
Federation
1
SSO Access 2
Protocol: Liberty
Federated ID
(linked accounts)

13. 06/26/14
Slide 13
Use Case: Integrating Hosted ServicesUse Case: Integrating Hosted Services
Login
User Store
Global Travel Service
Service Provider
Company A
Identity Provider
John Smith
Login: john123
john123
Travel Application
XML
GatewayGateway
Intranet
Federation
1
SSO Access 2
Protocol: SAML
No User Store Exists
Federated ID
(UserID & Role)

14. 06/26/14
Slide 14
Use Case: Link Redundant AccountsUse Case: Link Redundant Accounts (Internal)(Internal)
User Store
Login
User Store
Company A
John Smith
Login: john123
john123
jsmith
Security Domain B
XML
GatewayGateway
Security Domain A
Federation
1
SSO Access 2
Protocol: Liberty
Federated ID
(Linked Accounts)

15. 06/26/14
Slide 15
Use Case: Secure CollaborationUse Case: Secure Collaboration
User StoreUser Store
Airline Co.
Authentication Authority
Aircraft Mfg
Relying Party
John Smith
Login: john123
Role: 747 Mechanic
john123
Intranet
XML
GatewayGateway
Online Manuals
Federation
SSO Access
2
747 Manual
777 Manual
Protocol: SAML
Federated ID
(John123 &
747 Mechanic)
1

16. 06/26/14
Slide 16
Use Case: Attribute Exchange (B2C)Use Case: Attribute Exchange (B2C)
My Portal
(Identity Provider)
Books.com
Portal
XML
GatewayGateway
eCommerce Site
Federation
SSO Access2
Protocol: SAML
Get Attributes (address, cc # etc.)
1
3
Federated ID
(UserID & Role)
User Store
&
Attributes

17. 06/26/14
Slide 17
Multi-Protocol Federate GatewaysMulti-Protocol Federate Gateways
Company ACompany A
PingFederatePingFederate
A Multi-Protocol GatewayA Multi-Protocol Gateway
(Partner Specific Configuration)
SAML Liberty
Internet
WS-FedShibboleth
Partner UniversityPartner University Public & Private Sector - Enterprise & CarriersPublic & Private Sector - Enterprise & Carriers
Internal Federation
PingDeployPingDeploy
Interop. Service

18. 06/26/14
Slide 18
FREEFREE Ping ResourcesPing Resources
Federation Checklist
Federation Agreements
Federation Business Use-Cases
Federation Developer Use-Cases
Open Source Toolkits (Liberty, SAML, WS-Federation)
www.sourceid.org
www.pingidentity.com