SlideShare une entreprise Scribd logo

TrustBearer - CTST 2009 - OpenID & Strong Authentication

TrustBearer
TrustBearer

This presentation was given at the Card Tech Secure Tech (CTST) Conference on May 5, 2009 in New Orleans, LA. Brian Kelly was on a panel with Gilles Lisimaque, Siddharth Bajaj and Michael Poitner to discuss emerging technologies in Smart Cards, Tokens & Digital Identity

Technologie
1  sur  15
OpenID & Strong Authentication CTST 2009: Emerging Technology D14: Smart Cards,Tokens & Digital Identity May 5, 2009 Brian Kelly Vice President TrustBearer Labs
Simplify Multi-factor authentication can be made easier to use and implement by utilizing Web Single Sign On (SSO) standards SAML 2
SAML • Consumer focused • Enterprise focused • On-the-fly- • Bulk-provisioning (on- provisioning the-fly supported) • Many identity • Identity Provider is providers available internal to online for consumers organization to choose (typically) • Mostly open-source, • Commercial and OS and COTS services products available 3
How does SAML work? verifies signed assertions User is logged-in to creates signed App 1 web app Login Web Page assertions user SAML ID App 2 user Provider user authenticates users App 3 Other SAML Service Providers LDAP (consumers) Auth. 4
How does OpenID work? Consumer Web App Web app User is logged-in Page Login verifies previously to web app user enrolled OpenID Consumer user Web App OpenID user Relying Party (consumer) User authenticates to IDP and enables account to be used with consumer site 5
End-point authentication is agnostic of SSO standard All methods can be supported by SAML or OpenID • username / password • one time password (OTP) tokens • smart cards (e.g. PIV, CAC, FRAC) • TPM • client digital certificates • information cards • biometrics • image verification 6
Identity Provider offers end- point authentication options • Google,Yahoo, AOL: password • myOpenID: password, phone verify, client certificate, info card • VeriSign PIP: OTP, client certificate, info card, EV SSL • TrustBearer: smart cards (CAC, PIV, etc.), biometrics • Vidoop: Image recognition (CAPTCHA) The IdP can specify authentication methods used to the RP, which can even request preferences. 7
What authentication method to choose? 8
Required Protections for OMB’s E-Auth Assurance Levels Level 1 Level 2 Level 3 Level 4 Protect against ✓ ✓ ✓ ✓ On-line guessing Replay ✓ ✓ ✓ ✓ Eavesdropper ✓ ✓ ✓ Verifier impersonation ✓ ✓ ✓ Man-in-the-middle ✓ ✓ Session hijacking ✓ From NIST SP 800-63 p. 39 9
Token Types Allowed At Each Assurance Level Level 1 Level 2 Level 3 Level 4 Token Type Hard Crypto Token ✓ ✓ ✓ ✓ ✓ ✓ ✓ One-time password device Soft crypto token ✓ ✓ ✓ Passwords & PINs ✓ ✓ From NIST SP 800-63 p. 39 10
OpenID Provider Authentication Policy Extension (PAPE) • Provides a way for Relying Parties to request / view authentication policies of Identity Provider • Policies: Phishing-resistant, Multi-Factor, and Physical Multi-Factor • Preferred authentication levels e.g. NIST: 1, 2, 3, 4 SAML also allows authentication attributes to be added to a message 11
TrustBearer OpenID What we do What we could do • Challenge/response with • Path validation & PIN or Bio verification revocation checking • Allow multiple tokens • Use SReg to transmit per account data on card • Implement PAPE • Allow RPs to request certain smart cards or • No username / password tokens be used option • More SAML Support • Some SAML support 12
How Government OpenID with smart card auth could work Citizen Web App OpenID + Sreg + PAPE Citizen is logged-in Page Login Data sent to Gov’t Web app, to web app user Info is verified U.S. Gov’t Gov’t Web user App OpenID user Relying Party Web app (RP) includes (consumer) U.S. Gov’t OpenID Provider on it’s trusted list Path Validation & User is directed to government Certificate Revocation OpenID provider, which uses CAC / PIV Checking Smart card to authenticate user 13
“In-the-cloud” strong-auth benefits over traditional Client Auth with SSL • Less infrastructure / less coding • Path validation & revocation checking work is offloaded to Identity Provider • Authentication methods can scale up and down depending on application needs • Non-cert data on smart card becomes useful (e.g. healthcare) 14
Questions? https://openid.trustbearer.com Brian Kelly brian.kelly@trustbearer.com twitter.com/TrustBearer Vice President TrustBearer Labs

Recommandé

TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Agile Set, LLC
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望FIDO Alliance
 
Identity and Access Management Provider
Identity and Access Management ProviderIdentity and Access Management Provider
Identity and Access Management ProviderPriyanka Agarwal
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装FIDO Alliance
 

Recommandé

TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Agile Set, LLC
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望FIDO Alliance
 
Identity and Access Management Provider
Identity and Access Management ProviderIdentity and Access Management Provider
Identity and Access Management ProviderPriyanka Agarwal
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装FIDO Alliance
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
FIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in GovernmentFIDO Alliance
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsOlivier Potonniée
 
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Alliance
 
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)TrustBearer
 
Developing Smart Card Web Server Applications
Developing Smart Card Web Server ApplicationsDeveloping Smart Card Web Server Applications
Developing Smart Card Web Server ApplicationsCellnetrix
 

Contenu connexe

Tendances

FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
FIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in GovernmentFIDO Alliance
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsOlivier Potonniée
 
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Alliance
 

Tendances (20)

FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2F
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
 
FIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in HealthcareFIDO Authentication Opportunities in Healthcare
FIDO Authentication Opportunities in Healthcare
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and Future
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
 
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
 

En vedette

Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)TrustBearer
 
Developing Smart Card Web Server Applications
Developing Smart Card Web Server ApplicationsDeveloping Smart Card Web Server Applications
Developing Smart Card Web Server ApplicationsCellnetrix
 
Введение в интернет вещей
Введение в интернет вещейВведение в интернет вещей
Введение в интернет вещейIoT Community
 
Интернет вещей в концепции умных городов
Интернет вещей в концепции умных городовИнтернет вещей в концепции умных городов
Интернет вещей в концепции умных городовIoT Community
 
Io t open_day_05_2016
Io t open_day_05_2016Io t open_day_05_2016
Io t open_day_05_2016Zenoviy Veres
 
«Центр керування М2М» від Київстар
«Центр керування М2М» від Київстар«Центр керування М2М» від Київстар
«Центр керування М2М» від КиївстарKyivstar
 
Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Sylvain Maret
 
Алексей Слепцов_"Интернет вещей. Что это и для чего"
Алексей Слепцов_"Интернет вещей. Что это и для чего"Алексей Слепцов_"Интернет вещей. Что это и для чего"
Алексей Слепцов_"Интернет вещей. Что это и для чего"GeeksLab Odessa
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnectClément OUDOT
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Sylvain Maret
 
Hacking Access Control Systems
Hacking Access Control SystemsHacking Access Control Systems
Hacking Access Control SystemsDennis Maldonado
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 

En vedette (13)

Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
 
Developing Smart Card Web Server Applications
Developing Smart Card Web Server ApplicationsDeveloping Smart Card Web Server Applications
Developing Smart Card Web Server Applications
 
Введение в интернет вещей
Введение в интернет вещейВведение в интернет вещей
Введение в интернет вещей
 
Интернет вещей в концепции умных городов
Интернет вещей в концепции умных городовИнтернет вещей в концепции умных городов
Интернет вещей в концепции умных городов
 
Io t open_day_05_2016
Io t open_day_05_2016Io t open_day_05_2016
Io t open_day_05_2016
 
АТС
АТСАТС
АТС
 
«Центр керування М2М» від Київстар
«Центр керування М2М» від Київстар«Центр керування М2М» від Київстар
«Центр керування М2М» від Київстар
 
Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011
 
Алексей Слепцов_"Интернет вещей. Что это и для чего"
Алексей Слепцов_"Интернет вещей. Что это и для чего"Алексей Слепцов_"Интернет вещей. Что это и для чего"
Алексей Слепцов_"Интернет вещей. Что это и для чего"
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011
 
Hacking Access Control Systems
Hacking Access Control SystemsHacking Access Control Systems
Hacking Access Control Systems
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
 

Similaire à TrustBearer - CTST 2009 - OpenID & Strong Authentication

Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for GovernmentCarahsoft
 
kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...Sagara Gunathunga
 
Identiverse - Microservices Security
Identiverse - Microservices SecurityIdentiverse - Microservices Security
Identiverse - Microservices SecurityBertrand Carlier
 
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...WSO2
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
Cidway Byod Authentication
Cidway Byod AuthenticationCidway Byod Authentication
Cidway Byod Authenticationlfilliat
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01Paul Madsen
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
US Security for Cyber Security
US Security for Cyber SecurityUS Security for Cyber Security
US Security for Cyber SecurityArtanContracting
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMhackingtrialpay
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_IntroductionJohnson Wu
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusPrabath Siriwardena
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCloudIDSummit
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
 
Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudVMware Tanzu
 

Similaire à TrustBearer - CTST 2009 - OpenID & Strong Authentication (20)

Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...
 
Identiverse - Microservices Security
Identiverse - Microservices SecurityIdentiverse - Microservices Security
Identiverse - Microservices Security
 
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
 
Cidway Byod Authentication
Cidway Byod AuthenticationCidway Byod Authentication
Cidway Byod Authentication
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
US Security for Cyber Security
US Security for Cyber SecurityUS Security for Cyber Security
US Security for Cyber Security
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACM
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_Introduction
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
 
Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid Cloud
 

Dernier

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Dernier (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

TrustBearer - CTST 2009 - OpenID & Strong Authentication

  • 1. OpenID & Strong Authentication CTST 2009: Emerging Technology D14: Smart Cards,Tokens & Digital Identity May 5, 2009 Brian Kelly Vice President TrustBearer Labs
  • 2. Simplify Multi-factor authentication can be made easier to use and implement by utilizing Web Single Sign On (SSO) standards SAML 2
  • 3. SAML • Consumer focused • Enterprise focused • On-the-fly- • Bulk-provisioning (on- provisioning the-fly supported) • Many identity • Identity Provider is providers available internal to online for consumers organization to choose (typically) • Mostly open-source, • Commercial and OS and COTS services products available 3
  • 4. How does SAML work? verifies signed assertions User is logged-in to creates signed App 1 web app Login Web Page assertions user SAML ID App 2 user Provider user authenticates users App 3 Other SAML Service Providers LDAP (consumers) Auth. 4
  • 5. How does OpenID work? Consumer Web App Web app User is logged-in Page Login verifies previously to web app user enrolled OpenID Consumer user Web App OpenID user Relying Party (consumer) User authenticates to IDP and enables account to be used with consumer site 5
  • 6. End-point authentication is agnostic of SSO standard All methods can be supported by SAML or OpenID • username / password • one time password (OTP) tokens • smart cards (e.g. PIV, CAC, FRAC) • TPM • client digital certificates • information cards • biometrics • image verification 6
  • 7. Identity Provider offers end- point authentication options • Google,Yahoo, AOL: password • myOpenID: password, phone verify, client certificate, info card • VeriSign PIP: OTP, client certificate, info card, EV SSL • TrustBearer: smart cards (CAC, PIV, etc.), biometrics • Vidoop: Image recognition (CAPTCHA) The IdP can specify authentication methods used to the RP, which can even request preferences. 7
  • 9. Required Protections for OMB’s E-Auth Assurance Levels Level 1 Level 2 Level 3 Level 4 Protect against ✓ ✓ ✓ ✓ On-line guessing Replay ✓ ✓ ✓ ✓ Eavesdropper ✓ ✓ ✓ Verifier impersonation ✓ ✓ ✓ Man-in-the-middle ✓ ✓ Session hijacking ✓ From NIST SP 800-63 p. 39 9
  • 10. Token Types Allowed At Each Assurance Level Level 1 Level 2 Level 3 Level 4 Token Type Hard Crypto Token ✓ ✓ ✓ ✓ ✓ ✓ ✓ One-time password device Soft crypto token ✓ ✓ ✓ Passwords & PINs ✓ ✓ From NIST SP 800-63 p. 39 10
  • 11. OpenID Provider Authentication Policy Extension (PAPE) • Provides a way for Relying Parties to request / view authentication policies of Identity Provider • Policies: Phishing-resistant, Multi-Factor, and Physical Multi-Factor • Preferred authentication levels e.g. NIST: 1, 2, 3, 4 SAML also allows authentication attributes to be added to a message 11
  • 12. TrustBearer OpenID What we do What we could do • Challenge/response with • Path validation & PIN or Bio verification revocation checking • Allow multiple tokens • Use SReg to transmit per account data on card • Implement PAPE • Allow RPs to request certain smart cards or • No username / password tokens be used option • More SAML Support • Some SAML support 12
  • 13. How Government OpenID with smart card auth could work Citizen Web App OpenID + Sreg + PAPE Citizen is logged-in Page Login Data sent to Gov’t Web app, to web app user Info is verified U.S. Gov’t Gov’t Web user App OpenID user Relying Party Web app (RP) includes (consumer) U.S. Gov’t OpenID Provider on it’s trusted list Path Validation & User is directed to government Certificate Revocation OpenID provider, which uses CAC / PIV Checking Smart card to authenticate user 13
  • 14. “In-the-cloud” strong-auth benefits over traditional Client Auth with SSL • Less infrastructure / less coding • Path validation & revocation checking work is offloaded to Identity Provider • Authentication methods can scale up and down depending on application needs • Non-cert data on smart card becomes useful (e.g. healthcare) 14
  • 15. Questions? https://openid.trustbearer.com Brian Kelly brian.kelly@trustbearer.com twitter.com/TrustBearer Vice President TrustBearer Labs