SlideShare uma empresa Scribd logo

TrustBearer - CTST 2009 - OpenID & Strong Authentication

TrustBearer
TrustBearer

This presentation was given at the Card Tech Secure Tech (CTST) Conference on May 5, 2009 in New Orleans, LA. Brian Kelly was on a panel with Gilles Lisimaque, Siddharth Bajaj and Michael Poitner to discuss emerging technologies in Smart Cards, Tokens & Digital Identity

Tecnologia
1 de 15
OpenID & Strong Authentication CTST 2009: Emerging Technology D14: Smart Cards,Tokens & Digital Identity May 5, 2009 Brian Kelly Vice President TrustBearer Labs
Simplify Multi-factor authentication can be made easier to use and implement by utilizing Web Single Sign On (SSO) standards SAML 2
SAML • Consumer focused • Enterprise focused • On-the-fly- • Bulk-provisioning (on- provisioning the-fly supported) • Many identity • Identity Provider is providers available internal to online for consumers organization to choose (typically) • Mostly open-source, • Commercial and OS and COTS services products available 3
How does SAML work? verifies signed assertions User is logged-in to creates signed App 1 web app Login Web Page assertions user SAML ID App 2 user Provider user authenticates users App 3 Other SAML Service Providers LDAP (consumers) Auth. 4
How does OpenID work? Consumer Web App Web app User is logged-in Page Login verifies previously to web app user enrolled OpenID Consumer user Web App OpenID user Relying Party (consumer) User authenticates to IDP and enables account to be used with consumer site 5
End-point authentication is agnostic of SSO standard All methods can be supported by SAML or OpenID • username / password • one time password (OTP) tokens • smart cards (e.g. PIV, CAC, FRAC) • TPM • client digital certificates • information cards • biometrics • image verification 6
Identity Provider offers end- point authentication options • Google,Yahoo, AOL: password • myOpenID: password, phone verify, client certificate, info card • VeriSign PIP: OTP, client certificate, info card, EV SSL • TrustBearer: smart cards (CAC, PIV, etc.), biometrics • Vidoop: Image recognition (CAPTCHA) The IdP can specify authentication methods used to the RP, which can even request preferences. 7
What authentication method to choose? 8
Required Protections for OMB’s E-Auth Assurance Levels Level 1 Level 2 Level 3 Level 4 Protect against ✓ ✓ ✓ ✓ On-line guessing Replay ✓ ✓ ✓ ✓ Eavesdropper ✓ ✓ ✓ Verifier impersonation ✓ ✓ ✓ Man-in-the-middle ✓ ✓ Session hijacking ✓ From NIST SP 800-63 p. 39 9
Token Types Allowed At Each Assurance Level Level 1 Level 2 Level 3 Level 4 Token Type Hard Crypto Token ✓ ✓ ✓ ✓ ✓ ✓ ✓ One-time password device Soft crypto token ✓ ✓ ✓ Passwords & PINs ✓ ✓ From NIST SP 800-63 p. 39 10
OpenID Provider Authentication Policy Extension (PAPE) • Provides a way for Relying Parties to request / view authentication policies of Identity Provider • Policies: Phishing-resistant, Multi-Factor, and Physical Multi-Factor • Preferred authentication levels e.g. NIST: 1, 2, 3, 4 SAML also allows authentication attributes to be added to a message 11
TrustBearer OpenID What we do What we could do • Challenge/response with • Path validation & PIN or Bio verification revocation checking • Allow multiple tokens • Use SReg to transmit per account data on card • Implement PAPE • Allow RPs to request certain smart cards or • No username / password tokens be used option • More SAML Support • Some SAML support 12
How Government OpenID with smart card auth could work Citizen Web App OpenID + Sreg + PAPE Citizen is logged-in Page Login Data sent to Gov’t Web app, to web app user Info is verified U.S. Gov’t Gov’t Web user App OpenID user Relying Party Web app (RP) includes (consumer) U.S. Gov’t OpenID Provider on it’s trusted list Path Validation & User is directed to government Certificate Revocation OpenID provider, which uses CAC / PIV Checking Smart card to authenticate user 13
“In-the-cloud” strong-auth benefits over traditional Client Auth with SSL • Less infrastructure / less coding • Path validation & revocation checking work is offloaded to Identity Provider • Authentication methods can scale up and down depending on application needs • Non-cert data on smart card becomes useful (e.g. healthcare) 14
Questions? https://openid.trustbearer.com Brian Kelly brian.kelly@trustbearer.com twitter.com/TrustBearer Vice President TrustBearer Labs

Recomendados

TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Agile Set, LLC
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望FIDO Alliance
 
Identity and Access Management Provider
Identity and Access Management ProviderIdentity and Access Management Provider
Identity and Access Management ProviderPriyanka Agarwal
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装FIDO Alliance
 

Recomendados

TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Agile Set, LLC
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望FIDO Alliance
 
Identity and Access Management Provider
Identity and Access Management ProviderIdentity and Access Management Provider
Identity and Access Management ProviderPriyanka Agarwal
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装FIDO Alliance
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
FIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in GovernmentFIDO Alliance
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsOlivier Potonniée
 
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Alliance
 
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)TrustBearer
 
Developing Smart Card Web Server Applications
Developing Smart Card Web Server ApplicationsDeveloping Smart Card Web Server Applications
Developing Smart Card Web Server ApplicationsCellnetrix
 

Mais conteúdo relacionado

Mais procurados

FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
FIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in GovernmentFIDO Alliance
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsOlivier Potonniée
 
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Alliance
 

Mais procurados (20)

FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2F
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
 
FIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in Healthcare
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and Future
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
 
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
 

Destaque

Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)TrustBearer
 
Developing Smart Card Web Server Applications
Developing Smart Card Web Server ApplicationsDeveloping Smart Card Web Server Applications
Developing Smart Card Web Server ApplicationsCellnetrix
 
Введение в интернет вещей
Введение в интернет вещейВведение в интернет вещей
Введение в интернет вещейIoT Community
 
Интернет вещей в концепции умных городов
Интернет вещей в концепции умных городовИнтернет вещей в концепции умных городов
Интернет вещей в концепции умных городовIoT Community
 
Io t open_day_05_2016
Io t open_day_05_2016Io t open_day_05_2016
Io t open_day_05_2016Zenoviy Veres
 
«Центр керування М2М» від Київстар
«Центр керування М2М» від Київстар«Центр керування М2М» від Київстар
«Центр керування М2М» від КиївстарKyivstar
 
Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Sylvain Maret
 
Алексей Слепцов_"Интернет вещей. Что это и для чего"
Алексей Слепцов_"Интернет вещей. Что это и для чего"Алексей Слепцов_"Интернет вещей. Что это и для чего"
Алексей Слепцов_"Интернет вещей. Что это и для чего"GeeksLab Odessa
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnectClément OUDOT
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Sylvain Maret
 
Hacking Access Control Systems
Hacking Access Control SystemsHacking Access Control Systems
Hacking Access Control SystemsDennis Maldonado
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 

Destaque (13)

Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
 
Developing Smart Card Web Server Applications
Developing Smart Card Web Server ApplicationsDeveloping Smart Card Web Server Applications
Developing Smart Card Web Server Applications
 
Введение в интернет вещей
Введение в интернет вещейВведение в интернет вещей
Введение в интернет вещей
 
Интернет вещей в концепции умных городов
Интернет вещей в концепции умных городовИнтернет вещей в концепции умных городов
Интернет вещей в концепции умных городов
 
Io t open_day_05_2016
Io t open_day_05_2016Io t open_day_05_2016
Io t open_day_05_2016
 
АТС
АТСАТС
АТС
 
«Центр керування М2М» від Київстар
«Центр керування М2М» від Київстар«Центр керування М2М» від Київстар
«Центр керування М2М» від Київстар
 
Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011
 
Алексей Слепцов_"Интернет вещей. Что это и для чего"
Алексей Слепцов_"Интернет вещей. Что это и для чего"Алексей Слепцов_"Интернет вещей. Что это и для чего"
Алексей Слепцов_"Интернет вещей. Что это и для чего"
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011
 
Hacking Access Control Systems
Hacking Access Control SystemsHacking Access Control Systems
Hacking Access Control Systems
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
 

Semelhante a TrustBearer - CTST 2009 - OpenID & Strong Authentication

Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for GovernmentCarahsoft
 
kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...Sagara Gunathunga
 
Identiverse - Microservices Security
Identiverse - Microservices SecurityIdentiverse - Microservices Security
Identiverse - Microservices SecurityBertrand Carlier
 
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...WSO2
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
Cidway Byod Authentication
Cidway Byod AuthenticationCidway Byod Authentication
Cidway Byod Authenticationlfilliat
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01Paul Madsen
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
US Security for Cyber Security
US Security for Cyber SecurityUS Security for Cyber Security
US Security for Cyber SecurityArtanContracting
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMhackingtrialpay
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_IntroductionJohnson Wu
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusPrabath Siriwardena
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCloudIDSummit
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
 
Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudVMware Tanzu
 

Semelhante a TrustBearer - CTST 2009 - OpenID & Strong Authentication (20)

Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...
 
Identiverse - Microservices Security
Identiverse - Microservices SecurityIdentiverse - Microservices Security
Identiverse - Microservices Security
 
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
 
Cidway Byod Authentication
Cidway Byod AuthenticationCidway Byod Authentication
Cidway Byod Authentication
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
US Security for Cyber Security
US Security for Cyber SecurityUS Security for Cyber Security
US Security for Cyber Security
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACM
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_Introduction
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
 
Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid Cloud
 

Último

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Último (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

TrustBearer - CTST 2009 - OpenID & Strong Authentication

  • 1. OpenID & Strong Authentication CTST 2009: Emerging Technology D14: Smart Cards,Tokens & Digital Identity May 5, 2009 Brian Kelly Vice President TrustBearer Labs
  • 2. Simplify Multi-factor authentication can be made easier to use and implement by utilizing Web Single Sign On (SSO) standards SAML 2
  • 3. SAML • Consumer focused • Enterprise focused • On-the-fly- • Bulk-provisioning (on- provisioning the-fly supported) • Many identity • Identity Provider is providers available internal to online for consumers organization to choose (typically) • Mostly open-source, • Commercial and OS and COTS services products available 3
  • 4. How does SAML work? verifies signed assertions User is logged-in to creates signed App 1 web app Login Web Page assertions user SAML ID App 2 user Provider user authenticates users App 3 Other SAML Service Providers LDAP (consumers) Auth. 4
  • 5. How does OpenID work? Consumer Web App Web app User is logged-in Page Login verifies previously to web app user enrolled OpenID Consumer user Web App OpenID user Relying Party (consumer) User authenticates to IDP and enables account to be used with consumer site 5
  • 6. End-point authentication is agnostic of SSO standard All methods can be supported by SAML or OpenID • username / password • one time password (OTP) tokens • smart cards (e.g. PIV, CAC, FRAC) • TPM • client digital certificates • information cards • biometrics • image verification 6
  • 7. Identity Provider offers end- point authentication options • Google,Yahoo, AOL: password • myOpenID: password, phone verify, client certificate, info card • VeriSign PIP: OTP, client certificate, info card, EV SSL • TrustBearer: smart cards (CAC, PIV, etc.), biometrics • Vidoop: Image recognition (CAPTCHA) The IdP can specify authentication methods used to the RP, which can even request preferences. 7
  • 9. Required Protections for OMB’s E-Auth Assurance Levels Level 1 Level 2 Level 3 Level 4 Protect against ✓ ✓ ✓ ✓ On-line guessing Replay ✓ ✓ ✓ ✓ Eavesdropper ✓ ✓ ✓ Verifier impersonation ✓ ✓ ✓ Man-in-the-middle ✓ ✓ Session hijacking ✓ From NIST SP 800-63 p. 39 9
  • 10. Token Types Allowed At Each Assurance Level Level 1 Level 2 Level 3 Level 4 Token Type Hard Crypto Token ✓ ✓ ✓ ✓ ✓ ✓ ✓ One-time password device Soft crypto token ✓ ✓ ✓ Passwords & PINs ✓ ✓ From NIST SP 800-63 p. 39 10
  • 11. OpenID Provider Authentication Policy Extension (PAPE) • Provides a way for Relying Parties to request / view authentication policies of Identity Provider • Policies: Phishing-resistant, Multi-Factor, and Physical Multi-Factor • Preferred authentication levels e.g. NIST: 1, 2, 3, 4 SAML also allows authentication attributes to be added to a message 11
  • 12. TrustBearer OpenID What we do What we could do • Challenge/response with • Path validation & PIN or Bio verification revocation checking • Allow multiple tokens • Use SReg to transmit per account data on card • Implement PAPE • Allow RPs to request certain smart cards or • No username / password tokens be used option • More SAML Support • Some SAML support 12
  • 13. How Government OpenID with smart card auth could work Citizen Web App OpenID + Sreg + PAPE Citizen is logged-in Page Login Data sent to Gov’t Web app, to web app user Info is verified U.S. Gov’t Gov’t Web user App OpenID user Relying Party Web app (RP) includes (consumer) U.S. Gov’t OpenID Provider on it’s trusted list Path Validation & User is directed to government Certificate Revocation OpenID provider, which uses CAC / PIV Checking Smart card to authenticate user 13
  • 14. “In-the-cloud” strong-auth benefits over traditional Client Auth with SSL • Less infrastructure / less coding • Path validation & revocation checking work is offloaded to Identity Provider • Authentication methods can scale up and down depending on application needs • Non-cert data on smart card becomes useful (e.g. healthcare) 14
  • 15. Questions? https://openid.trustbearer.com Brian Kelly brian.kelly@trustbearer.com twitter.com/TrustBearer Vice President TrustBearer Labs