SlideShare uma empresa Scribd logo

CIS 2013 Ping Identity Chalktalk

Transferir como PPTX, PDF
C
Craig Wu

Learn about upcoming product features from Ping Identity product management, view demonstrations of new functionality direct from the engineering team, and participate in a lively discussion about the latest technology advancements and their business applications.

Tecnologia
1 de 20
PingFederate 7 ChalkTalk Demo Craig Wu July 8, 2013 1 Copyright ©2012 Ping Identity Corporation. All rights reserved.
Craig Wu • • • • • • 2 Director, Product Development With Ping Identity since Feb 2007 Started with Integration Kits PF STS integration PingFederate Fall 2009 PF 6.2 – 6.10 2013 - Expand Ping Product Portfolio Copyright ©2012 Ping Identity Corporation. All rights reserved.
PingFederate Engineering Team January 2013 Denver, CO - Vancouver, BC - American Fork, UT Halifax, Nova Scotia - Moscow, Russia - Dublin, Ireland 3 Copyright ©2012 Ping Identity Corporation. All rights reserved.
[Features] [PINGFEDERATE 7] 4 Copyright ©2012 Ping Identity Corporation. All rights reserved.
PingFederate 7 Highlights • SCIM – Outbound – Inbound • OpenID Connect – Provider (OP) • Password Management • Adaptive Federation – Selector Trees – New selectors • Localization 5 Copyright ©2012 Ping Identity Corporation. All rights reserved.
Administration Console Enhancements Admin UI Refresh • Usability improvements – Friendlier form fields – Simpler presentation • Customer requested improvements: – Visual cues for cluster replication – Configurable console title – Configurable session timeout 6 Copyright ©2012 Ping Identity Corporation. All rights reserved.
SCIM Provisioning – Why? • Federation introduces a strong desire to solve user provisioning the right way. • Accounts need to be synchronized across organizations to enable SSO. • Today's provisioning approaches: – Manual – Just-In-Time Provisioning – Automated – based on a proprietary protocol 7 Copyright ©2012 Ping Identity Corporation. All rights reserved.
SCIM Provisioning – Why? (cont'd) Pro's Manual No additional configuration. Con's Doesn't scale. Tedious for administrators. Simple when only a handful of users to a SCIM (System for Cross-domain Identity Management) single app are involved. Error prone. offers simple, standards based automated provisioning. Just-In-Time Single protocol for both SSO and Provisioning Doesn't handle deprovisioning use case. Automated Covers both provisioning Implemented differently (proprietary) and de-provisioning for every partner. 8 Copyright ©2012 Ping Identity Corporation. All rights reserved.
SCIM – Outbound Provisioning (formerly SaaS Provisioning) IdP Features • User provisioning & deprovisioning to partners supporting SCIM 1.1 Identity Provider SaaS Provider SCIM Identity Store Create? Update? Delete? Identity Store • Synchronize local corporate directory accounts with SCIM supporting partners • Monitors directory for user account changes: – Create – Update – Membership Update – Delete / Disable 9 Copyright ©2012 Ping Identity Corporation. All rights reserved.
SCIM – Inbound Provisioning SP Features SaaS Provider Identity Provider Identity Store 10 • Handle inbound user provisioning requests • Commit operations to a local identity store (Active Directory) SCIM Identity Store • Enables Service Providers with a standard SCIM protocol runtime • SCIM 1.1 – JSON – HTTP Basic and TLS Client Authentication Copyright ©2012 Ping Identity Corporation. All rights reserved.
SCIM Provisioning Interop @ CIS 2013 • • • • • • • 11 Technology Nexus Cisco PingIdentity SailPoint Salesforce UnboundID WSO2 Copyright ©2012 Ping Identity Corporation. All rights reserved.
OpenID Connect ? 12 Copyright ©2012 Ping Identity Corporation. All rights reserved.
OpenID Connect - Next Gen SSO SAML • Separate protocols for SSO and API security • Build on top of XMLstandards • Profiles and bindings with lots of flexibility • Manual trust bootstrapping & certificate management 13 OpenID Connect • SSO and API security in one • REST based interactions ideal for mobile • Fewer, more focused profiles • Auto client registration and key management Copyright ©2012 Ping Identity Corporation. All rights reserved.
OpenID Connect Identity Provider Mobile Apps ID API Access Web Apps 14 Features • OpenID Connect Provider (IdP) • Leverages built-in OAuth AS for API security • User Info Endpoint serves as a REST-based directory service for identity data • Proxy SAML IdP Connections via OIC Benefits • Consistent framework for identity enabling both Web and Mobile applications • Lighter weight, simpler standard for Relying Parties to adopt compared to SAML Copyright ©2012 Ping Identity Corporation. All rights reserved.
OpenID Connect – OAuth Playground 3.0 Features • Interactive utility for developers exploring OpenID Connect and OAuth • Includes source code – JSON Web Token library for ID Token validation (jose4j) Supported Profiles – Basic - mobile and traditional web apps – Implicit - in-browser (JavaScript) apps 15 Copyright ©2012 Ping Identity Corporation. All rights reserved.
Adaptive Federation Enhancements SSO Authn HTML Form HTML Form Browser speaks IWA? Kerberos Authn Policy Inside the Firewall? Active Directory 16 SaaS App Features • Decision Trees to define complex Authn Method policies • Additional criteria: • HTTP Headers (e.g.: User-Agent) • SP Connection • Node Index • OAuth Scope • Prioritized default selection Example Use Case • IWA on/off network with supported browser • Partner applications with varied authn req's Copyright ©2012 Ping Identity Corporation. All rights reserved.
Password Management Features Directory • End user (LDAP) password management features for end users: – Forced Password Update (at login) Authn Update Password – User Initiated Change Password Example Use Case • Medium sized Enterprise with Remote Users always off the domain 17 Copyright ©2012 Ping Identity Corporation. All rights reserved.
[PingFederate 7] [DEMO] 18 Copyright ©2012 Ping Identity Corporation. All rights reserved.
Demo • Provision user to AD using SCIM • Password Management – HTML Form Adapter • Adaptive Federation Enhancements – Selector Trees – HTTP Header Selector – Connection Selector • Token Authorization – Control when tokens are issued during attribute fulfillment • Localization • OpenID Connect Basic Client Profile 19 Copyright ©2012 Ping Identity Corporation. All rights reserved.
Q&A 20 Copyright ©2012 Ping Identity Corporation. All rights reserved.

Recomendados

Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Ping Identity
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
Paul Madsen
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
Ping Identity
 
Managing Mobile Business Insecurities
Managing Mobile Business InsecuritiesManaging Mobile Business Insecurities
Managing Mobile Business Insecurities
Ping Identity
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
Ping Identity
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present Danger
Ping Identity
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
Ping Identity
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
Ping Identity
 

Recomendados

Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Ping Identity
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
Paul Madsen
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
Ping Identity
 
Managing Mobile Business Insecurities
Managing Mobile Business InsecuritiesManaging Mobile Business Insecurities
Managing Mobile Business Insecurities
Ping Identity
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
Ping Identity
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present Danger
Ping Identity
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
Ping Identity
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
Ping Identity
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
Ping Identity
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Ping Identity
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
Patrick Harding
 
Device Management for Connected Devices
Device Management for Connected Devices Device Management for Connected Devices
Device Management for Connected Devices
WSO2
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Ping Identity
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
OracleIDM
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?
CloudIDSummit
 
OOW13: Developing secure mobile applications (CON8902)
OOW13: Developing secure mobile applications (CON8902)OOW13: Developing secure mobile applications (CON8902)
OOW13: Developing secure mobile applications (CON8902)
GregOracle
 
UL TS - CSA NL SUMMIT
UL TS - CSA NL SUMMITUL TS - CSA NL SUMMIT
UL TS - CSA NL SUMMIT
Angelo D'Amato
 
Providing Internet Access via WSO2 Enterprise Mobility Manager
Providing Internet Access via WSO2 Enterprise Mobility Manager Providing Internet Access via WSO2 Enterprise Mobility Manager
Providing Internet Access via WSO2 Enterprise Mobility Manager
WSO2
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
Ping Identity
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Ping Identity
 
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
CA API Management
 
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
CA API Management
 
How BYOD Will Shape Wireless Network Security in 2012
How BYOD Will Shape Wireless Network Security in 2012How BYOD Will Shape Wireless Network Security in 2012
How BYOD Will Shape Wireless Network Security in 2012
hemantchaskar
 
WSO2Con USA 2015: Connected Device Management for Enterprise Mobility and Beyond
WSO2Con USA 2015: Connected Device Management for Enterprise Mobility and BeyondWSO2Con USA 2015: Connected Device Management for Enterprise Mobility and Beyond
WSO2Con USA 2015: Connected Device Management for Enterprise Mobility and Beyond
WSO2
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Ping Identity
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
CA API Management
 
Internet of everything #IoE
Internet of everything #IoEInternet of everything #IoE
Internet of everything #IoE
Matteo Masi
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSO
WSO2
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
CloudIDSummit
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
scotttomilson
 

Mais conteúdo relacionado

Mais procurados

Device Management for Connected Devices
Device Management for Connected Devices Device Management for Connected Devices
Device Management for Connected Devices
WSO2
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Ping Identity
 
Providing Internet Access via WSO2 Enterprise Mobility Manager
Providing Internet Access via WSO2 Enterprise Mobility Manager Providing Internet Access via WSO2 Enterprise Mobility Manager
Providing Internet Access via WSO2 Enterprise Mobility Manager
WSO2
 
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
CA API Management
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Ping Identity
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
CA API Management
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSO
WSO2
 

Mais procurados (20)

Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
 
Device Management for Connected Devices
Device Management for Connected Devices Device Management for Connected Devices
Device Management for Connected Devices
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?
 
OOW13: Developing secure mobile applications (CON8902)
OOW13: Developing secure mobile applications (CON8902)OOW13: Developing secure mobile applications (CON8902)
OOW13: Developing secure mobile applications (CON8902)
 
UL TS - CSA NL SUMMIT
UL TS - CSA NL SUMMITUL TS - CSA NL SUMMIT
UL TS - CSA NL SUMMIT
 
Providing Internet Access via WSO2 Enterprise Mobility Manager
Providing Internet Access via WSO2 Enterprise Mobility Manager Providing Internet Access via WSO2 Enterprise Mobility Manager
Providing Internet Access via WSO2 Enterprise Mobility Manager
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
 
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
 
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
 
How BYOD Will Shape Wireless Network Security in 2012
How BYOD Will Shape Wireless Network Security in 2012How BYOD Will Shape Wireless Network Security in 2012
How BYOD Will Shape Wireless Network Security in 2012
 
WSO2Con USA 2015: Connected Device Management for Enterprise Mobility and Beyond
WSO2Con USA 2015: Connected Device Management for Enterprise Mobility and BeyondWSO2Con USA 2015: Connected Device Management for Enterprise Mobility and Beyond
WSO2Con USA 2015: Connected Device Management for Enterprise Mobility and Beyond
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
 
Internet of everything #IoE
Internet of everything #IoEInternet of everything #IoE
Internet of everything #IoE
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSO
 

Destaque

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CloudIDSummit
 
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
Jasmin Hami
 
OpenID TechNight - Ping Identity 製品紹介
OpenID TechNight - Ping Identity 製品紹介OpenID TechNight - Ping Identity 製品紹介
OpenID TechNight - Ping Identity 製品紹介
Daisuke Fuke
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
Jason Luttrell, CISSP, CISM
 
Social Engineering Team Talk 1 PhishMe Leader Guide Final
Social Engineering Team Talk 1 PhishMe Leader Guide FinalSocial Engineering Team Talk 1 PhishMe Leader Guide Final
Social Engineering Team Talk 1 PhishMe Leader Guide Final
Steve Gavora
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
CrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 

Destaque (20)

CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
CIS14: Early Peek at PingFederate Administrative REST API
CIS14: Early Peek at PingFederate Administrative REST APICIS14: Early Peek at PingFederate Administrative REST API
CIS14: Early Peek at PingFederate Administrative REST API
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
Stopping threats with Votiro's Advanced Content Disarm and Reconstruction tec...
 
02 Easy Solutions
02 Easy Solutions02 Easy Solutions
02 Easy Solutions
 
IBM and BeyondTrust Presents: Protecting Your Sensitive Data in the Cloud
IBM and BeyondTrust Presents: Protecting Your Sensitive Data in the CloudIBM and BeyondTrust Presents: Protecting Your Sensitive Data in the Cloud
IBM and BeyondTrust Presents: Protecting Your Sensitive Data in the Cloud
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security?
 
Tripwire Adaptive Threat Protection
Tripwire Adaptive Threat ProtectionTripwire Adaptive Threat Protection
Tripwire Adaptive Threat Protection
 
OpenID TechNight - Ping Identity 製品紹介
OpenID TechNight - Ping Identity 製品紹介OpenID TechNight - Ping Identity 製品紹介
OpenID TechNight - Ping Identity 製品紹介
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
Social Engineering Team Talk 1 PhishMe Leader Guide Final
Social Engineering Team Talk 1 PhishMe Leader Guide FinalSocial Engineering Team Talk 1 PhishMe Leader Guide Final
Social Engineering Team Talk 1 PhishMe Leader Guide Final
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems Presentation
 
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
 
ECS and Docker at Okta
ECS and Docker at OktaECS and Docker at Okta
ECS and Docker at Okta
 
Venom
Venom Venom
Venom
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Days of Zscaler
Days of ZscalerDays of Zscaler
Days of Zscaler
 
Data breach at Target, demystified.
Data breach at Target, demystified.Data breach at Target, demystified.
Data breach at Target, demystified.
 

Semelhante a CIS 2013 Ping Identity Chalktalk

CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-OnCIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CloudIDSummit
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
Openstack identity protocols unconference
Openstack identity protocols unconferenceOpenstack identity protocols unconference
Openstack identity protocols unconference
David Waite
 
Kaltura Inspire Webinar: API Driven Video Platform - The Key to Scalability a...
Kaltura Inspire Webinar: API Driven Video Platform - The Key to Scalability a...Kaltura Inspire Webinar: API Driven Video Platform - The Key to Scalability a...
Kaltura Inspire Webinar: API Driven Video Platform - The Key to Scalability a...
Zohar Babin
 
A Designer's Intro to Oracle JET
A Designer's Intro to Oracle JETA Designer's Intro to Oracle JET
A Designer's Intro to Oracle JET
Lauren Beatty
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans Zandbelt
CloudIDSummit
 

Semelhante a CIS 2013 Ping Identity Chalktalk (20)

Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 
CIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity ServiceCIS13: Bootcamp: PingOne as a Simple Identity Service
CIS13: Bootcamp: PingOne as a Simple Identity Service
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
 
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-OnCIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
CIS13: Bootcamp: Ping Identity SAML in Action with PingFederate Hands-On
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
Openstack identity protocols unconference
Openstack identity protocols unconferenceOpenstack identity protocols unconference
Openstack identity protocols unconference
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIs
 
CIS14: PingOne IDaaS: What You Need to Know
CIS14: PingOne IDaaS: What You Need to KnowCIS14: PingOne IDaaS: What You Need to Know
CIS14: PingOne IDaaS: What You Need to Know
 
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowPingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to Know
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
Kaltura Inspire Webinar: API Driven Video Platform - The Key to Scalability a...
Kaltura Inspire Webinar: API Driven Video Platform - The Key to Scalability a...Kaltura Inspire Webinar: API Driven Video Platform - The Key to Scalability a...
Kaltura Inspire Webinar: API Driven Video Platform - The Key to Scalability a...
 
A Designer's Intro to Oracle JET
A Designer's Intro to Oracle JETA Designer's Intro to Oracle JET
A Designer's Intro to Oracle JET
 
Identity soup
Identity soupIdentity soup
Identity soup
 
Satya_Prakash
Satya_PrakashSatya_Prakash
Satya_Prakash
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans Zandbelt
 
Integrated Services for Web Applications
Integrated Services for Web ApplicationsIntegrated Services for Web Applications
Integrated Services for Web Applications
 
Applying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday ProblemsApplying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday Problems
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Último (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

CIS 2013 Ping Identity Chalktalk

  • 1. PingFederate 7 ChalkTalk Demo Craig Wu July 8, 2013 1 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 2. Craig Wu • • • • • • 2 Director, Product Development With Ping Identity since Feb 2007 Started with Integration Kits PF STS integration PingFederate Fall 2009 PF 6.2 – 6.10 2013 - Expand Ping Product Portfolio Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 3. PingFederate Engineering Team January 2013 Denver, CO - Vancouver, BC - American Fork, UT Halifax, Nova Scotia - Moscow, Russia - Dublin, Ireland 3 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 4. [Features] [PINGFEDERATE 7] 4 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 5. PingFederate 7 Highlights • SCIM – Outbound – Inbound • OpenID Connect – Provider (OP) • Password Management • Adaptive Federation – Selector Trees – New selectors • Localization 5 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 6. Administration Console Enhancements Admin UI Refresh • Usability improvements – Friendlier form fields – Simpler presentation • Customer requested improvements: – Visual cues for cluster replication – Configurable console title – Configurable session timeout 6 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 7. SCIM Provisioning – Why? • Federation introduces a strong desire to solve user provisioning the right way. • Accounts need to be synchronized across organizations to enable SSO. • Today's provisioning approaches: – Manual – Just-In-Time Provisioning – Automated – based on a proprietary protocol 7 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 8. SCIM Provisioning – Why? (cont'd) Pro's Manual No additional configuration. Con's Doesn't scale. Tedious for administrators. Simple when only a handful of users to a SCIM (System for Cross-domain Identity Management) single app are involved. Error prone. offers simple, standards based automated provisioning. Just-In-Time Single protocol for both SSO and Provisioning Doesn't handle deprovisioning use case. Automated Covers both provisioning Implemented differently (proprietary) and de-provisioning for every partner. 8 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 9. SCIM – Outbound Provisioning (formerly SaaS Provisioning) IdP Features • User provisioning & deprovisioning to partners supporting SCIM 1.1 Identity Provider SaaS Provider SCIM Identity Store Create? Update? Delete? Identity Store • Synchronize local corporate directory accounts with SCIM supporting partners • Monitors directory for user account changes: – Create – Update – Membership Update – Delete / Disable 9 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 10. SCIM – Inbound Provisioning SP Features SaaS Provider Identity Provider Identity Store 10 • Handle inbound user provisioning requests • Commit operations to a local identity store (Active Directory) SCIM Identity Store • Enables Service Providers with a standard SCIM protocol runtime • SCIM 1.1 – JSON – HTTP Basic and TLS Client Authentication Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 11. SCIM Provisioning Interop @ CIS 2013 • • • • • • • 11 Technology Nexus Cisco PingIdentity SailPoint Salesforce UnboundID WSO2 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 12. OpenID Connect ? 12 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 13. OpenID Connect - Next Gen SSO SAML • Separate protocols for SSO and API security • Build on top of XMLstandards • Profiles and bindings with lots of flexibility • Manual trust bootstrapping & certificate management 13 OpenID Connect • SSO and API security in one • REST based interactions ideal for mobile • Fewer, more focused profiles • Auto client registration and key management Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 14. OpenID Connect Identity Provider Mobile Apps ID API Access Web Apps 14 Features • OpenID Connect Provider (IdP) • Leverages built-in OAuth AS for API security • User Info Endpoint serves as a REST-based directory service for identity data • Proxy SAML IdP Connections via OIC Benefits • Consistent framework for identity enabling both Web and Mobile applications • Lighter weight, simpler standard for Relying Parties to adopt compared to SAML Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 15. OpenID Connect – OAuth Playground 3.0 Features • Interactive utility for developers exploring OpenID Connect and OAuth • Includes source code – JSON Web Token library for ID Token validation (jose4j) Supported Profiles – Basic - mobile and traditional web apps – Implicit - in-browser (JavaScript) apps 15 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 16. Adaptive Federation Enhancements SSO Authn HTML Form HTML Form Browser speaks IWA? Kerberos Authn Policy Inside the Firewall? Active Directory 16 SaaS App Features • Decision Trees to define complex Authn Method policies • Additional criteria: • HTTP Headers (e.g.: User-Agent) • SP Connection • Node Index • OAuth Scope • Prioritized default selection Example Use Case • IWA on/off network with supported browser • Partner applications with varied authn req's Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 17. Password Management Features Directory • End user (LDAP) password management features for end users: – Forced Password Update (at login) Authn Update Password – User Initiated Change Password Example Use Case • Medium sized Enterprise with Remote Users always off the domain 17 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 18. [PingFederate 7] [DEMO] 18 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 19. Demo • Provision user to AD using SCIM • Password Management – HTML Form Adapter • Adaptive Federation Enhancements – Selector Trees – HTTP Header Selector – Connection Selector • Token Authorization – Control when tokens are issued during attribute fulfillment • Localization • OpenID Connect Basic Client Profile 19 Copyright ©2012 Ping Identity Corporation. All rights reserved.
  • 20. Q&A 20 Copyright ©2012 Ping Identity Corporation. All rights reserved.

Notas do Editor

  1. System for Cross-domain Identity Management
  2. Who speaks SCIM