Anúncio
Check these out next
Authentication and strong authentication for Web Application
7 de Oct de 2010•0 gostou•825 visualizações
3 gostaram
Seja o primeiro a gostar disto
mostrar mais
visualizações
Vistos totais
0
No Slideshare
0
De incorporações
0
Número de incorporações
0
Baixar para ler offline
Denunciar
Tecnologia
WebCast: Authentication and Strong Authentication in Web Applications WebCast
Sylvain MaretSeguir
Security Architect em MARET ConsultingAnúncio
Anúncio
Anúncio
Recomendados
Identiverse - Microservices SecurityBertrand Carlier
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Mike Schwartz
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!Mike Schwartz
CIS 2017 - So you want to use standards to secure your APIs?Bertrand Carlier
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
Authentication and strong authentication for Web Application
- Sylvain Maret / Digital Security Expert @ MARET Consulting BrightTALK - October 7th 2010 Authentication and Strong Authentication in Web Application
- Protection of digital identities: a topical issue…
- threats on the authentication
- Definition of strong authentication Strong Authentication on Wikipedia
- «Digital identity is the cornerstone of trust» More information on the subject
- Strong Authentication A new paradigm !
- Which strong authentication technology? (Legacy Token …..)
- * * Biometry type Fingerprinting OTP PKI (HW) Biometry Strong authentication Encryption Digital signature Non repudiation Strong link with the user
- Authentication Server must be agnostic
- New Standards & Open Source
- Integration with web application
- Web applications: basic authentication model
- Web application: strong authentication model
- “ Shielding" approach: perimetric authentication
- Module/Agent-based approach
- API/SDK based approach
- SSL PKI: how does it work? Web Server Alice Validation Authority Valid Invalid Unknown OCSP request SSL / TLS Mutual Authentication
- Federated identities: a changing paradigm on authentication
- Federation of identity approach a change of paradigm: using IDP for Authentication and Strong Authentication Web App X Web App Y Identity Provider
- Using SAML for Authentication and Strong Authentication (Assertion Consumer Service)
- SAML – How does it work? Identity Provider e.g. clavid.ch User Hans Muster Enabled Service e.g. Google Apps for Business 1 2 2 6 3 4 4
- Example with HTTP POST Binding
- SAML AuthN & ACS integration in Web Application
- OpenID - How does it work? 1 3 5 Enabled Service 6 4, 4a User Hans Muster Caption 1. User enters OpenID 2. Discovery 3. Authentication 4. Approval 4a. Change Attributes 5. Send Attributes 6. Validation 2 Identity URL https://hans.muster.clavid.com Identity Provider e.g. clavid.com hans.muster.clavid.com
- Architecture IPD Authentication Server
- Unique Interface Agnostic / Easy SAML
- "Le conseil et l'expertise pour le choix et la mise en oeuvre des technologies innovantes dans la sécurité des systèmes d'information et de l'identité numérique"
Anúncio