SlideShare uma empresa Scribd logo

Federation Lab and OpenID Connect

Transferir como KEY, PDF
Andreas Åkre Solberg
Andreas Åkre Solberg

OpenID Connect test fascility Federation Lab. Presented at NorduNet 2012 in Oslo, Norway.

Tecnologia
1 de 17
Andreas Åkre Solberg Roland Hedberg UNINETT AS Univ. Umeå Federation Lab and OpenID Connect NorduNet Conference Oslo, Norway, September 2012
Federation Lab ✤ Identity toolkit for testing, validation and debugging of Identity Software. ✤ Automated testing tool for increasing interoperability between providers and consumers with SAML and OpenID Connect. ✤ A GÉANT project (GN3 JRA3T2) in collaboration with Kantara Initiative and the OpenID community. OpenID Testing Commercial (Kantara Intitive) <-> Research and HE (GEANT) Established (SAML) <-> Emerging (OIC) Nordic collaboration (UNINETT and umu.se) Involved in standardization A very important reference implementation
Complex End-to-end Systems Many implementations This is a good thing! Many deployments Variying spec interpretion Really difficult Sub-set implementations to avoid this Interop issues Things stop working for end users. Who to blame? Who can fix it? ! - difficult question Things continues to not work Unhappy users We MUST avoid this, but how?
What causes interop issues ✤ Flexibility, too many options. Sub-set implementations. ✤ Deployment options ✤ Yet to be discovered software bugs ✤ Unclear specification ✤ Poor error handling ✤ Lack of feature negotiation or limited language (metadata) of expressing supported features
Postel’s Law «Be strict in what you send, but generous in what you receive» Postel's Law,1981, RFC793: TCP ✤ Will this increase interop? ✤ Interop issues less likely to be detected, and may easily pass matrix testing.
Typical Matrix Testing Test 4-5 products against each other Validate that it is possible to configure the products to work with each other. Product is certified. Does not really ensure interop in an actual deployment.
Profiling By being very excplitit on how to use the protocols, interoperability increases. saml2int
Automated Testing of SAML and OpenID Connect This is what we did with Federation Lab An automated client, simulates one entity whiles test the other. Consumer <-> Provider Performs about 100 different test flows, and focus on discovering things that goes wrong, rather than verifying that things may work. Real time testing with detailed feedback Test each provider, and present results. for debugging.
Federation Lab contains a set of useful debugging tools for encoding and decoding messages.
Automated testing of SAML Service Providers performs approx 80 test runs with various legal and illegal message flows to verify behaviour of software.
Automated testing of OpenID Connect Providers tests providers, and involves an innovative engine for working with human user interaction with login screens.
OpenID Connect Roland Hedberg Univ. Umeå
How to find the ‘key’?
Different solutions • SAML • Metadata • OpenID Connect • Dynamic discovery and registration
Flow differencies IdP AS 4 5 3 3 2 4 UA 6 OP UA 2 1 7 1 9 8 SP RP SAML OpenID Connect
Returning attributes • SAML • Static • Response contains 1-n assertions • OIC • Dynamic • Aggregated/distributed claims
Thanks for listening. Federation Lab (beta) http://openidtest.uninett.no

Recomendados

Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 
Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Alexandre (Shura) Iline
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
Full stack security
Full stack securityFull stack security
Full stack securityDPC Consulting Ltd
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.Kellton Tech Solutions Ltd
 

Recomendados

Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 
Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Alexandre (Shura) Iline
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
Full stack security
Full stack securityFull stack security
Full stack securityDPC Consulting Ltd
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.Kellton Tech Solutions Ltd
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2Rodrigo Cândido da Silva
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
Blockchain and Big Data/IoT
Blockchain and Big Data/IoTBlockchain and Big Data/IoT
Blockchain and Big Data/IoTEiji Sasahara, Ph.D., MBA 笹原英司
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeApigee | Google Cloud
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0Hakim El Hattab
 
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance
 
Six Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsSix Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsDavid De Roure
 
Transport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFTransport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFDeborah Porchivina
 
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian MeyerA Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyermfrancis
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Applitools
 
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...IRJET Journal
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity Software Ireland
 
Unit Testing Fundamentals
Unit Testing FundamentalsUnit Testing Fundamentals
Unit Testing FundamentalsRichard Paul
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing WorkshopNaresh Jain
 
Writting Better Software
Writting Better SoftwareWritting Better Software
Writting Better Softwaresvilen.ivanov
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Open Mobile Alliance
 
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Susumu Tokumoto
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasKJR
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3Ian McDonald
 

Mais conteúdo relacionado

Destaque

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2Rodrigo Cândido da Silva
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeApigee | Google Cloud
 

Destaque (7)

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID Connect
 
Blockchain and Big Data/IoT
Blockchain and Big Data/IoTBlockchain and Big Data/IoT
Blockchain and Big Data/IoT
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital Age
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0
 

Semelhante a Federation Lab and OpenID Connect

Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance
 
Six Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsSix Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsDavid De Roure
 
Transport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFTransport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFDeborah Porchivina
 
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian MeyerA Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyermfrancis
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Applitools
 
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...IRJET Journal
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity Software Ireland
 
Unit Testing Fundamentals
Unit Testing FundamentalsUnit Testing Fundamentals
Unit Testing FundamentalsRichard Paul
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing WorkshopNaresh Jain
 
Writting Better Software
Writting Better SoftwareWritting Better Software
Writting Better Softwaresvilen.ivanov
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Open Mobile Alliance
 
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Susumu Tokumoto
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasKJR
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3Ian McDonald
 
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...IRJET Journal
 
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)Takashi Torii
 
UNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing ServicesUNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing ServicesUNH InterOperability Lab
 
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringA Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringRaffi Khatchadourian
 
ElasTest: quality for cloud native applications
ElasTest: quality for cloud native applicationsElasTest: quality for cloud native applications
ElasTest: quality for cloud native applicationsElasTest Project
 

Semelhante a Federation Lab and OpenID Connect (20)

Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
 
Six Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsSix Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower Scientists
 
Transport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFTransport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIF
 
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian MeyerA Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
 
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and you
 
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
 
Unit Testing Fundamentals
Unit Testing FundamentalsUnit Testing Fundamentals
Unit Testing Fundamentals
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing Workshop
 
Writting Better Software
Writting Better SoftwareWritting Better Software
Writting Better Software
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
 
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael Palotas
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3
 
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
 
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
 
UNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing ServicesUNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing Services
 
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringA Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
 
ElasTest: quality for cloud native applications
ElasTest: quality for cloud native applicationsElasTest: quality for cloud native applications
ElasTest: quality for cloud native applications
 

Mais de Andreas Åkre Solberg

Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Andreas Åkre Solberg
 
Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Andreas Åkre Solberg
 
UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)Andreas Åkre Solberg
 
Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Andreas Åkre Solberg
 
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenNorsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenAndreas Åkre Solberg
 
Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Andreas Åkre Solberg
 

Mais de Andreas Åkre Solberg (20)

OpenID Connect Federation
OpenID Connect FederationOpenID Connect Federation
OpenID Connect Federation
 
Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017
 
Dataporten Workshop
Dataporten WorkshopDataporten Workshop
Dataporten Workshop
 
Dataporten
DataportenDataporten
Dataporten
 
Dataporten for Sigma2, Hell
Dataporten for Sigma2, HellDataporten for Sigma2, Hell
Dataporten for Sigma2, Hell
 
Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)
 
UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)
 
Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)
 
Connect (USIT)
Connect (USIT)Connect (USIT)
Connect (USIT)
 
Connect (Feide fagdag, Gardemoen)
Connect (Feide fagdag, Gardemoen)Connect (Feide fagdag, Gardemoen)
Connect (Feide fagdag, Gardemoen)
 
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenNorsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
 
Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015
 
Feide Connect SUHS 2014
Feide Connect SUHS 2014Feide Connect SUHS 2014
Feide Connect SUHS 2014
 
Feide Connect (NOKIOS 2014)
Feide Connect (NOKIOS 2014)Feide Connect (NOKIOS 2014)
Feide Connect (NOKIOS 2014)
 
Feide Connect TNC2014
Feide Connect TNC2014Feide Connect TNC2014
Feide Connect TNC2014
 
Feide connect tnc2014
Feide connect tnc2014Feide connect tnc2014
Feide connect tnc2014
 
SCIM and VOOT
SCIM and VOOTSCIM and VOOT
SCIM and VOOT
 
Feide Connect (IoU Fagdag)
Feide Connect (IoU Fagdag)Feide Connect (IoU Fagdag)
Feide Connect (IoU Fagdag)
 
Feide Connect
Feide ConnectFeide Connect
Feide Connect
 
Feide Connect
Feide ConnectFeide Connect
Feide Connect
 

Último

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Último (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Federation Lab and OpenID Connect

  • 1. Andreas Åkre Solberg Roland Hedberg UNINETT AS Univ. Umeå Federation Lab and OpenID Connect NorduNet Conference Oslo, Norway, September 2012
  • 2. Federation Lab ✤ Identity toolkit for testing, validation and debugging of Identity Software. ✤ Automated testing tool for increasing interoperability between providers and consumers with SAML and OpenID Connect. ✤ A GÉANT project (GN3 JRA3T2) in collaboration with Kantara Initiative and the OpenID community. OpenID Testing Commercial (Kantara Intitive) <-> Research and HE (GEANT) Established (SAML) <-> Emerging (OIC) Nordic collaboration (UNINETT and umu.se) Involved in standardization A very important reference implementation
  • 3. Complex End-to-end Systems Many implementations This is a good thing! Many deployments Variying spec interpretion Really difficult Sub-set implementations to avoid this Interop issues Things stop working for end users. Who to blame? Who can fix it? ! - difficult question Things continues to not work Unhappy users We MUST avoid this, but how?
  • 4. What causes interop issues ✤ Flexibility, too many options. Sub-set implementations. ✤ Deployment options ✤ Yet to be discovered software bugs ✤ Unclear specification ✤ Poor error handling ✤ Lack of feature negotiation or limited language (metadata) of expressing supported features
  • 5. Postel’s Law «Be strict in what you send, but generous in what you receive» Postel's Law,1981, RFC793: TCP ✤ Will this increase interop? ✤ Interop issues less likely to be detected, and may easily pass matrix testing.
  • 6. Typical Matrix Testing Test 4-5 products against each other Validate that it is possible to configure the products to work with each other. Product is certified. Does not really ensure interop in an actual deployment.
  • 7. Profiling By being very excplitit on how to use the protocols, interoperability increases. saml2int
  • 8. Automated Testing of SAML and OpenID Connect This is what we did with Federation Lab An automated client, simulates one entity whiles test the other. Consumer <-> Provider Performs about 100 different test flows, and focus on discovering things that goes wrong, rather than verifying that things may work. Real time testing with detailed feedback Test each provider, and present results. for debugging.
  • 9. Federation Lab contains a set of useful debugging tools for encoding and decoding messages.
  • 10. Automated testing of SAML Service Providers performs approx 80 test runs with various legal and illegal message flows to verify behaviour of software.
  • 11. Automated testing of OpenID Connect Providers tests providers, and involves an innovative engine for working with human user interaction with login screens.
  • 12. OpenID Connect Roland Hedberg Univ. Umeå
  • 13. How to find the ‘key’?
  • 14. Different solutions • SAML • Metadata • OpenID Connect • Dynamic discovery and registration
  • 15. Flow differencies IdP AS 4 5 3 3 2 4 UA 6 OP UA 2 1 7 1 9 8 SP RP SAML OpenID Connect
  • 16. Returning attributes • SAML • Static • Response contains 1-n assertions • OIC • Dynamic • Aggregated/distributed claims
  • 17. Thanks for listening. Federation Lab (beta) http://openidtest.uninett.no

Notas do Editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n