SlideShare une entreprise Scribd logo

Taking Identity from the Enterprise to the Cloud

Télécharger en tant que PPTX, PDF
Pat Patterson
Pat Patterson

Presented at The Experts Conference, Las Vegas, April 2011

TechnologieDesign
1  sur  41
Taking Identity from the Enterprise to the Cloud Pat Patterson Principal Developer Evangelist salesforce.com
Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward- looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K filed on February 24, 2011 and in other filings with the Securities and Exchange Commission. These documents are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Enterprise vs Cloud • Users authenticate to the enterprise, but resources are increasingly moving to the cloud – sites and APIs • How do we allow users to securely access resources spread across multiple providers without spreading user credentials too?
Use Cases • Log in to Windows Desktop 1. Browse to external web sites, access protected resources without further authentication 2. Browse to web site, site accesses external, protected API, on behalf of the user without further authentication 3. Run desktop application, access external, protected API without further authentication
Technologies • Single sign-on – Integrated Windows Authentication • (Kerberos/SPNEGO) – SAML 2.0 • Web services – OAuth 2.0 – WS-Trust
Use Case 1: Single Sign-On to External Web Sites • Example.com has subscribed to Salesforce CRM • Each Example.com salesperson has their own salesforce.com account • How do we avoid them having to remember another password?
SAML 2.0 • Single sign-on across domains/enterprises • OASIS standard (March 2005) • Widely supported – Google Apps since October 2006 – salesforce.com since Winter ’09 (October 2008) – Active Directory Federation Services (AD FS) since version 2.0 (May 2010)
SAML 2.0 Roles
SAML 2.0 Protocol Browser Identity Provider Service Provider GET /something HTTP/1.1 302 Found Location: http://idp.ex.com/saml?SAMLrequest=hf7893b… &RelayState=HKFDhh383 GET http://idp.ex.com/saml?SAMLrequest=hf78 93b…&RelayState=HKFDhh383 200 OK SAML Assertion in HTML FORM POST /acs SAML Assertion HTTP/1.1 302 Found Location: http://sp.ex.net/something Set-Cookie: token=value; Domain=.ex.net Authenticate
SAML 2.0 Assertion <Assertion> <Issuer/> <Signature/> <Subject/> <Conditions/> <AttributeStatement/> <AuthnStatement/> </Assertion>
SAML 2.0 Assertion - Issuer <Assertion ID="_20f7…" IssueInstant="2011-03-28T18:23:25.539Z" Version="2.0"> <Issuer> http://adfs- dc.my.example.com/adfs/services/trust </Issuer> <Signature/> <Subject/> <Conditions/> <AttributeStatement/> <AuthnStatement/> </Assertion>
SAML 2.0 Assertion - Signature <Assertion> <Issuer/> <Signature> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="#_20f7fb27-6bb1-4801-aaab-25b4ff862d2f"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>UrcVwqLcdqMvtJUkxiIw9CBN1h8=</DigestValue> </Reference> </SignedInfo> <SignatureValue>ITY8KT…</SignatureValue> <KeyInfoxmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIC6D…</X509Certificate> </X509Data> </KeyInfo> </Signature> <Subject/> <Conditions/> <AttributeStatement/> <AuthnStatement/> </Assertion>
SAML 2.0 Assertion - Subject <Assertion> <Issuer/> <Signature/> <Subject> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <SubjectConfirmationData InResponseTo="_2Qwip…" NotOnOrAfter="2011-03-28T18:28:25.539Z" Recipient="https://login.sf.com/?saml=…" /> </SubjectConfirmation> </Subject> <Conditions/> <AttributeStatement/> <AuthnStatement/> </Assertion>
SAML 2.0 Assertion - Conditions <Assertion> <Issuer/> <Signature/> <Subject/> <Conditions NotBefore="2011-03-28T18:23:25.537Z" NotOnOrAfter="2011-03-28T19:23:25.537Z"> <AudienceRestriction> <Audience> https://superpat.my.salesforce.com </Audience> </AudienceRestriction> </Conditions> <AttributeStatement/> <AuthnStatement/> </Assertion>
SAML 2.0 Assertion – AttributeStatement <Assertion> <Issuer/> <Signature/> <Subject/> <Conditions/> <AttributeStatement> <Attribute Name="mail"> <AttributeValue> pat@superpat.com </AttributeValue> </Attribute> </AttributeStatement> <AuthnStatement/> </Assertion>
SAML 2.0 Assertion - AuthnStatement <Assertion> <Issuer/> <Signature/> <Subject/> <Conditions/> <AttributeStatement/> <AuthnStatement AuthnInstant="2011-03-28T18:23:25.501Z"> <AuthnContext> <AuthnContextClassRef> urn:federation:authentication:windows </AuthnContextClassRef> </AuthnContext> </AuthnStatement> </Assertion>
SAML 2.0 Example • Authenticate to example.com (identity provider) with username/password • Access salesforce.com (service provider)
SAML 2.0 Limitations • User is authenticating to the enterprise, but still being prompted for username/password.
Integrated Windows Authentication • Single sign-on within an AD domain/forest • Browser requests Kerberos token from desktop OS, wraps according to SPNEGO and includes in HTTP request • Relying Party must register a service principal name (SPN) in AD
IWA Protocol BrowserDesktop O/S Server GET /something HTTP/1.1 401 Unauthorized WWW-Authenticate: Negotiate InitializeSecurityContext() NegTokenInit GET /something Authorization: Negotiate b64(NegTokenInit) HTTP/1.1 200 OK Requested Content HTTP/1.1 401 Unauthorized WWW-Authenticate: Negotiate b64(responseToken) InitializeSecurityContext(responseToken) NegTokenTarg GET /something Authorization: Negotiate b64(NegTokenTarg)
IWA Example • Simple intranet web site showing identity of authenticated user
IWA Limitations • Scope is limited to Windows Infrastructure – Server must be Kerberized • What about partners/vendors/customers?
Making SSO Seamless • With SAML 2.0, our Example.com salespeople can access salesforce.com without a salesforce.com password • If we add IWA to the mix, if they are logged in to the example.com AD domain, they don’t need to log in to salesforce.com at all!
SAML 2.0 + IWA • Compose the two protocols • AD FS acts as a broker between the AD domain and the outside world
SAML 2.0 + IWA Protocols BrowserIdentity Provider Service Provider GET /something HTTP/1.1 302 Found Location: https://idp.ex.com/saml?... GET https://idp.ex.com/saml?... 200 OK SAML Assertion in HTML FORM POST /acs SAML Assertion HTTP/1.1 302 Found Location: https://sp.ex.net/something Set-Cookie: token=value; Domain=.ex.net WWW-Authenticate: Negotiate Authorization: Negotiate a874… WWW-Authenticate: Negotiate he83… Authorization: Negotiate k83g…
SAML 2.0 + IWA Example • Set AD FS config file to use integrated rather than form-based authentication • Access salesforce.com based on Windows desktop session
Use Case 2: Authorizing Third-Party Access to APIs • Third-party web site provides value on top of customer data • Accesses salesforce.com via SOAP or REST APIs • Need to be able to access API in the context of the end user
OAuth 2.0 • Authorization for RESTful APIs • Evolution of Google AuthSub, Yahoo BBAuth, AOL OpenAuth etc • ‘Valet key’ for the web • Emphasis on simplicity, ease of implementation
OAuth Roles
OAuth 2.0 Protocol Browser Authorization Server Client App GET /something 302 Found Location: https://login.ex.com/?response_ty pe=code&client_id=…&redirect_uri =…GET /?response_type=... 302 Found Location: https://app.cl.com?code=… GET /app.cl.com?code=… Resource Server Authenticate POST /token code=…&grant_type=authorization_code&client_id=…&client_secret=…&r edirect_uri=… GET /data Authorization: OAuth 00D5… 200 OK { “access_token”: “00D5…”} 200 OK Data200 OK Some Content
OAuth 2.0 + SAML 2.0 + IWA • Can use SAML 2.0 for the authentication step of OAuth • Instead of redirecting to central salesforce.com authorization server, use custom domain (‘My Domain’ feature) • Triggers SP-initiated SAML 2.0 flow • Use IWA to avoid manual login
OAuth 2.0 + SAML 2.0 + IWA Protocols Browser Authorization Server Client App Resource Server
OAuth 2.0 + SAML 2.0 + IWA Example • Service Provider web site retrieves customer’s data from salesforce.com via REST API • OAuth triggers SAML, which triggers IWA
Use Case 3: What About Desktop Apps? • Desktop applications can access web APIs, but how do we authenticate the user? – Invoke browser for authentication? – Collect username/password? – Use PingFederate STS to broker enterprise credentials for an OAuth token!
Security Token Service • WS-Trust protocol • Token in – Username/password – Kerberos – SAML – Custom • Token out – SAML – Custom • No protocol diagram required!
WS-Trust + SAML 2.0 + OAuth • Exchange Kerberos Token for SAML 2.0 Assertion - PingFederate – WS-Trust • Exchange SAML 2.0 Assertion for OAuth 2.0 Access Token – Salesforce.com – OAuth
High Level Protocol Flow Desktop AppDesktop O/S STS Resource Server Get Kerberos Token Kerberos Token Kerberos Token Authorization Server SAML Assertion OAuth Token GET /data Authorization: OAuth 00D5… 200 OK Data OAuth Token
WS-Trust + SAML 2.0 + Oauth Example • Desktop Chatter client, accessing salesforce.com REST APIs • Accessing API in context of end user (rather than ‘API user’) is essential!
Parting Thoughts • Building blocks exist for satisfying most single sign-on and web services use cases • AD FS 2.0 SAML 2.0 support was a watershed • Third-party tools are still essential for a truly seamless experience
Please Complete the Survey! www.theexpertsconference.com
Questions & Answers • Pat Patterson – Email - ppatterson@salesforce.com – Blog - blog.sforce.com – Twitter - @metadaddy

Recommandé

Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best PracticesSalesforce Developers
 
Single Sign-On and User Provisioning with Salesforce Identity
Single Sign-On and User Provisioning with Salesforce IdentitySingle Sign-On and User Provisioning with Salesforce Identity
Single Sign-On and User Provisioning with Salesforce IdentitySalesforce Developers
 
Introducing Salesforce Identity
Introducing Salesforce IdentityIntroducing Salesforce Identity
Introducing Salesforce IdentitySalesforce Developers
 
Integrating Active Directory With Salesforce Using Identity Connect
Integrating Active Directory With Salesforce Using Identity ConnectIntegrating Active Directory With Salesforce Using Identity Connect
Integrating Active Directory With Salesforce Using Identity ConnectSalesforce Developers
 
Social Sign-On with Authentication Providers
Social Sign-On with Authentication ProvidersSocial Sign-On with Authentication Providers
Social Sign-On with Authentication ProvidersDeveloper Force - Force.com Community
 
Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforceMark Adcock
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Mark Adcock
 
Hands-on with OAuth, Facebook and the Force.com Platform
Hands-on with OAuth, Facebook and the Force.com PlatformHands-on with OAuth, Facebook and the Force.com Platform
Hands-on with OAuth, Facebook and the Force.com PlatformPat Patterson
 

Recommandé

Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best PracticesSalesforce Developers
 
Single Sign-On and User Provisioning with Salesforce Identity
Single Sign-On and User Provisioning with Salesforce IdentitySingle Sign-On and User Provisioning with Salesforce Identity
Single Sign-On and User Provisioning with Salesforce IdentitySalesforce Developers
 
Introducing Salesforce Identity
Introducing Salesforce IdentityIntroducing Salesforce Identity
Introducing Salesforce IdentitySalesforce Developers
 
Integrating Active Directory With Salesforce Using Identity Connect
Integrating Active Directory With Salesforce Using Identity ConnectIntegrating Active Directory With Salesforce Using Identity Connect
Integrating Active Directory With Salesforce Using Identity ConnectSalesforce Developers
 
Social Sign-On with Authentication Providers
Social Sign-On with Authentication ProvidersSocial Sign-On with Authentication Providers
Social Sign-On with Authentication ProvidersDeveloper Force - Force.com Community
 
Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforceMark Adcock
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Mark Adcock
 
Hands-on with OAuth, Facebook and the Force.com Platform
Hands-on with OAuth, Facebook and the Force.com PlatformHands-on with OAuth, Facebook and the Force.com Platform
Hands-on with OAuth, Facebook and the Force.com PlatformPat Patterson
 
Salesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Identity: Don't Treat Your Customers Like Your EmployeesSalesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Identity: Don't Treat Your Customers Like Your EmployeesSalesforce Developers
 
Elevate workshop programmatic_2014
Elevate workshop programmatic_2014Elevate workshop programmatic_2014
Elevate workshop programmatic_2014David Scruggs
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with SalesforceSalesforce Developers
 
Salesforce Security Best Practices for Every Admin
Salesforce Security Best Practices for Every AdminSalesforce Security Best Practices for Every Admin
Salesforce Security Best Practices for Every AdminCloud Analogy
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
Hca advanced developer workshop
Hca advanced developer workshopHca advanced developer workshop
Hca advanced developer workshopDavid Scruggs
 
Salesforce Identity: Identity Management Made Easy
Salesforce Identity: Identity Management Made EasySalesforce Identity: Identity Management Made Easy
Salesforce Identity: Identity Management Made EasySalesforce Developers
 
Salesforce Platform Encryption Developer Strategy
Salesforce Platform Encryption Developer StrategySalesforce Platform Encryption Developer Strategy
Salesforce Platform Encryption Developer StrategyPeter Chittum
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
Navi Mumbai Salesforce DUG meetup on integration
Navi Mumbai Salesforce DUG meetup on integrationNavi Mumbai Salesforce DUG meetup on integration
Navi Mumbai Salesforce DUG meetup on integrationRakesh Gupta
 
Salesforce Shield: How to Deliver a New Level of Trust and Security in the Cloud
Salesforce Shield: How to Deliver a New Level of Trust and Security in the CloudSalesforce Shield: How to Deliver a New Level of Trust and Security in the Cloud
Salesforce Shield: How to Deliver a New Level of Trust and Security in the CloudDreamforce
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Steve Sofian
 
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...Perficient, Inc.
 
Build Amazing Website without coding using Salesforce SiteForce
Build Amazing Website without coding using Salesforce SiteForceBuild Amazing Website without coding using Salesforce SiteForce
Build Amazing Website without coding using Salesforce SiteForcevraopolisetti
 
Coding in the App Cloud
Coding in the App CloudCoding in the App Cloud
Coding in the App CloudSalesforce Developers
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelSalesforce Developers
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentationwebhostingguy
 
Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Michael Noel
 
Secure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSecure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSalesforce Developers
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsSalesforce Developers
 
2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers again2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers againEuroCloud
 

Contenu connexe

Tendances

Salesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Identity: Don't Treat Your Customers Like Your EmployeesSalesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Identity: Don't Treat Your Customers Like Your EmployeesSalesforce Developers
 
Elevate workshop programmatic_2014
Elevate workshop programmatic_2014Elevate workshop programmatic_2014
Elevate workshop programmatic_2014David Scruggs
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with SalesforceSalesforce Developers
 
Salesforce Security Best Practices for Every Admin
Salesforce Security Best Practices for Every AdminSalesforce Security Best Practices for Every Admin
Salesforce Security Best Practices for Every AdminCloud Analogy
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
Hca advanced developer workshop
Hca advanced developer workshopHca advanced developer workshop
Hca advanced developer workshopDavid Scruggs
 
Salesforce Identity: Identity Management Made Easy
Salesforce Identity: Identity Management Made EasySalesforce Identity: Identity Management Made Easy
Salesforce Identity: Identity Management Made EasySalesforce Developers
 
Salesforce Platform Encryption Developer Strategy
Salesforce Platform Encryption Developer StrategySalesforce Platform Encryption Developer Strategy
Salesforce Platform Encryption Developer StrategyPeter Chittum
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
Navi Mumbai Salesforce DUG meetup on integration
Navi Mumbai Salesforce DUG meetup on integrationNavi Mumbai Salesforce DUG meetup on integration
Navi Mumbai Salesforce DUG meetup on integrationRakesh Gupta
 
Salesforce Shield: How to Deliver a New Level of Trust and Security in the Cloud
Salesforce Shield: How to Deliver a New Level of Trust and Security in the CloudSalesforce Shield: How to Deliver a New Level of Trust and Security in the Cloud
Salesforce Shield: How to Deliver a New Level of Trust and Security in the CloudDreamforce
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Steve Sofian
 
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...Perficient, Inc.
 
Build Amazing Website without coding using Salesforce SiteForce
Build Amazing Website without coding using Salesforce SiteForceBuild Amazing Website without coding using Salesforce SiteForce
Build Amazing Website without coding using Salesforce SiteForcevraopolisetti
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelSalesforce Developers
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentationwebhostingguy
 
Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Michael Noel
 
Secure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSecure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSalesforce Developers
 

Tendances (20)

Salesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Identity: Don't Treat Your Customers Like Your EmployeesSalesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Identity: Don't Treat Your Customers Like Your Employees
 
Elevate workshop programmatic_2014
Elevate workshop programmatic_2014Elevate workshop programmatic_2014
Elevate workshop programmatic_2014
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with Salesforce
 
Salesforce Security Best Practices for Every Admin
Salesforce Security Best Practices for Every AdminSalesforce Security Best Practices for Every Admin
Salesforce Security Best Practices for Every Admin
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 
Hca advanced developer workshop
Hca advanced developer workshopHca advanced developer workshop
Hca advanced developer workshop
 
Salesforce Identity: Identity Management Made Easy
Salesforce Identity: Identity Management Made EasySalesforce Identity: Identity Management Made Easy
Salesforce Identity: Identity Management Made Easy
 
Salesforce Platform Encryption Developer Strategy
Salesforce Platform Encryption Developer StrategySalesforce Platform Encryption Developer Strategy
Salesforce Platform Encryption Developer Strategy
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
Navi Mumbai Salesforce DUG meetup on integration
Navi Mumbai Salesforce DUG meetup on integrationNavi Mumbai Salesforce DUG meetup on integration
Navi Mumbai Salesforce DUG meetup on integration
 
Salesforce Shield: How to Deliver a New Level of Trust and Security in the Cloud
Salesforce Shield: How to Deliver a New Level of Trust and Security in the CloudSalesforce Shield: How to Deliver a New Level of Trust and Security in the Cloud
Salesforce Shield: How to Deliver a New Level of Trust and Security in the Cloud
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010
 
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
 
Build Amazing Website without coding using Salesforce SiteForce
Build Amazing Website without coding using Salesforce SiteForceBuild Amazing Website without coding using Salesforce SiteForce
Build Amazing Website without coding using Salesforce SiteForce
 
Coding in the App Cloud
Coding in the App CloudCoding in the App Cloud
Coding in the App Cloud
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security Model
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
 
Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010
 
Secure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSecure Salesforce: Org Access Controls
Secure Salesforce: Org Access Controls
 

Similaire à Taking Identity from the Enterprise to the Cloud

Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsSalesforce Developers
 
2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers again2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers againEuroCloud
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsSalesforce Developers
 
Force.com Integration Using Web Services With .NET & PHP Apps
Force.com Integration Using Web Services With .NET & PHP AppsForce.com Integration Using Web Services With .NET & PHP Apps
Force.com Integration Using Web Services With .NET & PHP AppsSalesforce Developers
 
Enterprise and Social Integration Using Force.com
Enterprise and Social Integration Using Force.comEnterprise and Social Integration Using Force.com
Enterprise and Social Integration Using Force.comSalesforce Developers
 
What’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceWhat’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceShesh Kondi
 
What’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceWhat’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceShesh Kondi
 
Boxcars and Cabooses: When One More XHR Is Too Much
Boxcars and Cabooses: When One More XHR Is Too MuchBoxcars and Cabooses: When One More XHR Is Too Much
Boxcars and Cabooses: When One More XHR Is Too MuchPeter Chittum
 
Lightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldLightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldSalesforce Developers
 
CRM Science - Dreamforce '14: Using the Google SOAP API
CRM Science - Dreamforce '14: Using the Google SOAP APICRM Science - Dreamforce '14: Using the Google SOAP API
CRM Science - Dreamforce '14: Using the Google SOAP APICRMScienceKirk
 
Dreamforce'12 - Making the Complex Simple - Magic Behind Back-end Integrations
Dreamforce'12 - Making the Complex Simple - Magic Behind Back-end IntegrationsDreamforce'12 - Making the Complex Simple - Magic Behind Back-end Integrations
Dreamforce'12 - Making the Complex Simple - Magic Behind Back-end IntegrationsMudit Agarwal
 
Enterprise IoT: Data in Context
Enterprise IoT: Data in ContextEnterprise IoT: Data in Context
Enterprise IoT: Data in ContextPat Patterson
 
The Power of Salesforce APIs World Tour Edition
The Power of Salesforce APIs World Tour EditionThe Power of Salesforce APIs World Tour Edition
The Power of Salesforce APIs World Tour EditionPeter Chittum
 
February 2020 Salesforce API Review
February 2020 Salesforce API ReviewFebruary 2020 Salesforce API Review
February 2020 Salesforce API ReviewLydon Bergin
 
Introduction to the Salesforce.com Mobile SDK for iOS
Introduction to the Salesforce.com Mobile SDK for iOSIntroduction to the Salesforce.com Mobile SDK for iOS
Introduction to the Salesforce.com Mobile SDK for iOSSalesforce Developers
 
Robin Daniels Presentation / CloudViews.Org - Cloud Computing Conference 2009
Robin Daniels Presentation / CloudViews.Org - Cloud Computing Conference 2009Robin Daniels Presentation / CloudViews.Org - Cloud Computing Conference 2009
Robin Daniels Presentation / CloudViews.Org - Cloud Computing Conference 2009EuroCloud
 
S-Controls for Dummies
S-Controls for DummiesS-Controls for Dummies
S-Controls for Dummiesdreamforce2006
 
S-Controls for Dummies
S-Controls for DummiesS-Controls for Dummies
S-Controls for Dummiesdreamforce2006
 
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStore
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStoreDeveloping Offline-Capable Apps with the Salesforce Mobile SDK and SmartStore
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStoreSalesforce Developers
 

Similaire à Taking Identity from the Enterprise to the Cloud (20)

Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected Apps
 
2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers again2. 8 things that will make your business love your developers again
2. 8 things that will make your business love your developers again
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration Methods
 
Streaming API with Java
Streaming API with JavaStreaming API with Java
Streaming API with Java
 
Force.com Integration Using Web Services With .NET & PHP Apps
Force.com Integration Using Web Services With .NET & PHP AppsForce.com Integration Using Web Services With .NET & PHP Apps
Force.com Integration Using Web Services With .NET & PHP Apps
 
Enterprise and Social Integration Using Force.com
Enterprise and Social Integration Using Force.comEnterprise and Social Integration Using Force.com
Enterprise and Social Integration Using Force.com
 
What’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceWhat’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & Compliance
 
What’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & ComplianceWhat’s new in summer’15 release - Security & Compliance
What’s new in summer’15 release - Security & Compliance
 
Boxcars and Cabooses: When One More XHR Is Too Much
Boxcars and Cabooses: When One More XHR Is Too MuchBoxcars and Cabooses: When One More XHR Is Too Much
Boxcars and Cabooses: When One More XHR Is Too Much
 
Lightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldLightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the World
 
CRM Science - Dreamforce '14: Using the Google SOAP API
CRM Science - Dreamforce '14: Using the Google SOAP APICRM Science - Dreamforce '14: Using the Google SOAP API
CRM Science - Dreamforce '14: Using the Google SOAP API
 
Dreamforce'12 - Making the Complex Simple - Magic Behind Back-end Integrations
Dreamforce'12 - Making the Complex Simple - Magic Behind Back-end IntegrationsDreamforce'12 - Making the Complex Simple - Magic Behind Back-end Integrations
Dreamforce'12 - Making the Complex Simple - Magic Behind Back-end Integrations
 
Enterprise IoT: Data in Context
Enterprise IoT: Data in ContextEnterprise IoT: Data in Context
Enterprise IoT: Data in Context
 
The Power of Salesforce APIs World Tour Edition
The Power of Salesforce APIs World Tour EditionThe Power of Salesforce APIs World Tour Edition
The Power of Salesforce APIs World Tour Edition
 
February 2020 Salesforce API Review
February 2020 Salesforce API ReviewFebruary 2020 Salesforce API Review
February 2020 Salesforce API Review
 
Introduction to the Salesforce.com Mobile SDK for iOS
Introduction to the Salesforce.com Mobile SDK for iOSIntroduction to the Salesforce.com Mobile SDK for iOS
Introduction to the Salesforce.com Mobile SDK for iOS
 
Robin Daniels Presentation / CloudViews.Org - Cloud Computing Conference 2009
Robin Daniels Presentation / CloudViews.Org - Cloud Computing Conference 2009Robin Daniels Presentation / CloudViews.Org - Cloud Computing Conference 2009
Robin Daniels Presentation / CloudViews.Org - Cloud Computing Conference 2009
 
S-Controls for Dummies
S-Controls for DummiesS-Controls for Dummies
S-Controls for Dummies
 
S-Controls for Dummies
S-Controls for DummiesS-Controls for Dummies
S-Controls for Dummies
 
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStore
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStoreDeveloping Offline-Capable Apps with the Salesforce Mobile SDK and SmartStore
Developing Offline-Capable Apps with the Salesforce Mobile SDK and SmartStore
 

Plus de Pat Patterson

DevOps from the Provider Perspective
DevOps from the Provider PerspectiveDevOps from the Provider Perspective
DevOps from the Provider PerspectivePat Patterson
 
How Imprivata Combines External Data Sources for Business Insights
How Imprivata Combines External Data Sources for Business InsightsHow Imprivata Combines External Data Sources for Business Insights
How Imprivata Combines External Data Sources for Business InsightsPat Patterson
 
Data Integration with Apache Kafka: What, Why, How
Data Integration with Apache Kafka: What, Why, HowData Integration with Apache Kafka: What, Why, How
Data Integration with Apache Kafka: What, Why, HowPat Patterson
 
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...Pat Patterson
 
Dealing with Drift: Building an Enterprise Data Lake
Dealing with Drift: Building an Enterprise Data LakeDealing with Drift: Building an Enterprise Data Lake
Dealing with Drift: Building an Enterprise Data LakePat Patterson
 
Integrating with Einstein Analytics
Integrating with Einstein AnalyticsIntegrating with Einstein Analytics
Integrating with Einstein AnalyticsPat Patterson
 
Efficient Schemas in Motion with Kafka and Schema Registry
Efficient Schemas in Motion with Kafka and Schema RegistryEfficient Schemas in Motion with Kafka and Schema Registry
Efficient Schemas in Motion with Kafka and Schema RegistryPat Patterson
 
Dealing With Drift - Building an Enterprise Data Lake
Dealing With Drift - Building an Enterprise Data LakeDealing With Drift - Building an Enterprise Data Lake
Dealing With Drift - Building an Enterprise Data LakePat Patterson
 
Building Data Pipelines with Spark and StreamSets
Building Data Pipelines with Spark and StreamSetsBuilding Data Pipelines with Spark and StreamSets
Building Data Pipelines with Spark and StreamSetsPat Patterson
 
Adaptive Data Cleansing with StreamSets and Cassandra
Adaptive Data Cleansing with StreamSets and CassandraAdaptive Data Cleansing with StreamSets and Cassandra
Adaptive Data Cleansing with StreamSets and CassandraPat Patterson
 
Building Custom Big Data Integrations
Building Custom Big Data IntegrationsBuilding Custom Big Data Integrations
Building Custom Big Data IntegrationsPat Patterson
 
Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Pat Patterson
 
Open Source Big Data Ingestion - Without the Heartburn!
Open Source Big Data Ingestion - Without the Heartburn!Open Source Big Data Ingestion - Without the Heartburn!
Open Source Big Data Ingestion - Without the Heartburn!Pat Patterson
 
Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Pat Patterson
 
All Aboard the Boxcar! Going Beyond the Basics of REST
All Aboard the Boxcar! Going Beyond the Basics of RESTAll Aboard the Boxcar! Going Beyond the Basics of REST
All Aboard the Boxcar! Going Beyond the Basics of RESTPat Patterson
 
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
Provisioning IDaaS - Using SCIM to Enable Cloud IdentityProvisioning IDaaS - Using SCIM to Enable Cloud Identity
Provisioning IDaaS - Using SCIM to Enable Cloud IdentityPat Patterson
 
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)Pat Patterson
 
OData: A Standard API for Data Access
OData: A Standard API for Data AccessOData: A Standard API for Data Access
OData: A Standard API for Data AccessPat Patterson
 
API-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the FutureAPI-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the FuturePat Patterson
 
Using Salesforce to Manage Your Developer Community
Using Salesforce to Manage Your Developer CommunityUsing Salesforce to Manage Your Developer Community
Using Salesforce to Manage Your Developer CommunityPat Patterson
 

Plus de Pat Patterson (20)

DevOps from the Provider Perspective
DevOps from the Provider PerspectiveDevOps from the Provider Perspective
DevOps from the Provider Perspective
 
How Imprivata Combines External Data Sources for Business Insights
How Imprivata Combines External Data Sources for Business InsightsHow Imprivata Combines External Data Sources for Business Insights
How Imprivata Combines External Data Sources for Business Insights
 
Data Integration with Apache Kafka: What, Why, How
Data Integration with Apache Kafka: What, Why, HowData Integration with Apache Kafka: What, Why, How
Data Integration with Apache Kafka: What, Why, How
 
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
 
Dealing with Drift: Building an Enterprise Data Lake
Dealing with Drift: Building an Enterprise Data LakeDealing with Drift: Building an Enterprise Data Lake
Dealing with Drift: Building an Enterprise Data Lake
 
Integrating with Einstein Analytics
Integrating with Einstein AnalyticsIntegrating with Einstein Analytics
Integrating with Einstein Analytics
 
Efficient Schemas in Motion with Kafka and Schema Registry
Efficient Schemas in Motion with Kafka and Schema RegistryEfficient Schemas in Motion with Kafka and Schema Registry
Efficient Schemas in Motion with Kafka and Schema Registry
 
Dealing With Drift - Building an Enterprise Data Lake
Dealing With Drift - Building an Enterprise Data LakeDealing With Drift - Building an Enterprise Data Lake
Dealing With Drift - Building an Enterprise Data Lake
 
Building Data Pipelines with Spark and StreamSets
Building Data Pipelines with Spark and StreamSetsBuilding Data Pipelines with Spark and StreamSets
Building Data Pipelines with Spark and StreamSets
 
Adaptive Data Cleansing with StreamSets and Cassandra
Adaptive Data Cleansing with StreamSets and CassandraAdaptive Data Cleansing with StreamSets and Cassandra
Adaptive Data Cleansing with StreamSets and Cassandra
 
Building Custom Big Data Integrations
Building Custom Big Data IntegrationsBuilding Custom Big Data Integrations
Building Custom Big Data Integrations
 
Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?
 
Open Source Big Data Ingestion - Without the Heartburn!
Open Source Big Data Ingestion - Without the Heartburn!Open Source Big Data Ingestion - Without the Heartburn!
Open Source Big Data Ingestion - Without the Heartburn!
 
Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?
 
All Aboard the Boxcar! Going Beyond the Basics of REST
All Aboard the Boxcar! Going Beyond the Basics of RESTAll Aboard the Boxcar! Going Beyond the Basics of REST
All Aboard the Boxcar! Going Beyond the Basics of REST
 
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
Provisioning IDaaS - Using SCIM to Enable Cloud IdentityProvisioning IDaaS - Using SCIM to Enable Cloud Identity
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
 
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
 
OData: A Standard API for Data Access
OData: A Standard API for Data AccessOData: A Standard API for Data Access
OData: A Standard API for Data Access
 
API-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the FutureAPI-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the Future
 
Using Salesforce to Manage Your Developer Community
Using Salesforce to Manage Your Developer CommunityUsing Salesforce to Manage Your Developer Community
Using Salesforce to Manage Your Developer Community
 

Dernier

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Dernier (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Taking Identity from the Enterprise to the Cloud

  • 1. Taking Identity from the Enterprise to the Cloud Pat Patterson Principal Developer Evangelist salesforce.com
  • 2. Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward- looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K filed on February 24, 2011 and in other filings with the Securities and Exchange Commission. These documents are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
  • 3. Enterprise vs Cloud • Users authenticate to the enterprise, but resources are increasingly moving to the cloud – sites and APIs • How do we allow users to securely access resources spread across multiple providers without spreading user credentials too?
  • 4. Use Cases • Log in to Windows Desktop 1. Browse to external web sites, access protected resources without further authentication 2. Browse to web site, site accesses external, protected API, on behalf of the user without further authentication 3. Run desktop application, access external, protected API without further authentication
  • 5. Technologies • Single sign-on – Integrated Windows Authentication • (Kerberos/SPNEGO) – SAML 2.0 • Web services – OAuth 2.0 – WS-Trust
  • 6. Use Case 1: Single Sign-On to External Web Sites • Example.com has subscribed to Salesforce CRM • Each Example.com salesperson has their own salesforce.com account • How do we avoid them having to remember another password?
  • 7. SAML 2.0 • Single sign-on across domains/enterprises • OASIS standard (March 2005) • Widely supported – Google Apps since October 2006 – salesforce.com since Winter ’09 (October 2008) – Active Directory Federation Services (AD FS) since version 2.0 (May 2010)
  • 9. SAML 2.0 Protocol Browser Identity Provider Service Provider GET /something HTTP/1.1 302 Found Location: http://idp.ex.com/saml?SAMLrequest=hf7893b… &RelayState=HKFDhh383 GET http://idp.ex.com/saml?SAMLrequest=hf78 93b…&RelayState=HKFDhh383 200 OK SAML Assertion in HTML FORM POST /acs SAML Assertion HTTP/1.1 302 Found Location: http://sp.ex.net/something Set-Cookie: token=value; Domain=.ex.net Authenticate
  • 11. SAML 2.0 Assertion - Issuer <Assertion ID="_20f7…" IssueInstant="2011-03-28T18:23:25.539Z" Version="2.0"> <Issuer> http://adfs- dc.my.example.com/adfs/services/trust </Issuer> <Signature/> <Subject/> <Conditions/> <AttributeStatement/> <AuthnStatement/> </Assertion>
  • 12. SAML 2.0 Assertion - Signature <Assertion> <Issuer/> <Signature> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="#_20f7fb27-6bb1-4801-aaab-25b4ff862d2f"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>UrcVwqLcdqMvtJUkxiIw9CBN1h8=</DigestValue> </Reference> </SignedInfo> <SignatureValue>ITY8KT…</SignatureValue> <KeyInfoxmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIC6D…</X509Certificate> </X509Data> </KeyInfo> </Signature> <Subject/> <Conditions/> <AttributeStatement/> <AuthnStatement/> </Assertion>
  • 13. SAML 2.0 Assertion - Subject <Assertion> <Issuer/> <Signature/> <Subject> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <SubjectConfirmationData InResponseTo="_2Qwip…" NotOnOrAfter="2011-03-28T18:28:25.539Z" Recipient="https://login.sf.com/?saml=…" /> </SubjectConfirmation> </Subject> <Conditions/> <AttributeStatement/> <AuthnStatement/> </Assertion>
  • 14. SAML 2.0 Assertion - Conditions <Assertion> <Issuer/> <Signature/> <Subject/> <Conditions NotBefore="2011-03-28T18:23:25.537Z" NotOnOrAfter="2011-03-28T19:23:25.537Z"> <AudienceRestriction> <Audience> https://superpat.my.salesforce.com </Audience> </AudienceRestriction> </Conditions> <AttributeStatement/> <AuthnStatement/> </Assertion>
  • 15. SAML 2.0 Assertion – AttributeStatement <Assertion> <Issuer/> <Signature/> <Subject/> <Conditions/> <AttributeStatement> <Attribute Name="mail"> <AttributeValue> pat@superpat.com </AttributeValue> </Attribute> </AttributeStatement> <AuthnStatement/> </Assertion>
  • 16. SAML 2.0 Assertion - AuthnStatement <Assertion> <Issuer/> <Signature/> <Subject/> <Conditions/> <AttributeStatement/> <AuthnStatement AuthnInstant="2011-03-28T18:23:25.501Z"> <AuthnContext> <AuthnContextClassRef> urn:federation:authentication:windows </AuthnContextClassRef> </AuthnContext> </AuthnStatement> </Assertion>
  • 17. SAML 2.0 Example • Authenticate to example.com (identity provider) with username/password • Access salesforce.com (service provider)
  • 18. SAML 2.0 Limitations • User is authenticating to the enterprise, but still being prompted for username/password.
  • 19. Integrated Windows Authentication • Single sign-on within an AD domain/forest • Browser requests Kerberos token from desktop OS, wraps according to SPNEGO and includes in HTTP request • Relying Party must register a service principal name (SPN) in AD
  • 20. IWA Protocol BrowserDesktop O/S Server GET /something HTTP/1.1 401 Unauthorized WWW-Authenticate: Negotiate InitializeSecurityContext() NegTokenInit GET /something Authorization: Negotiate b64(NegTokenInit) HTTP/1.1 200 OK Requested Content HTTP/1.1 401 Unauthorized WWW-Authenticate: Negotiate b64(responseToken) InitializeSecurityContext(responseToken) NegTokenTarg GET /something Authorization: Negotiate b64(NegTokenTarg)
  • 21. IWA Example • Simple intranet web site showing identity of authenticated user
  • 22. IWA Limitations • Scope is limited to Windows Infrastructure – Server must be Kerberized • What about partners/vendors/customers?
  • 23. Making SSO Seamless • With SAML 2.0, our Example.com salespeople can access salesforce.com without a salesforce.com password • If we add IWA to the mix, if they are logged in to the example.com AD domain, they don’t need to log in to salesforce.com at all!
  • 24. SAML 2.0 + IWA • Compose the two protocols • AD FS acts as a broker between the AD domain and the outside world
  • 25. SAML 2.0 + IWA Protocols BrowserIdentity Provider Service Provider GET /something HTTP/1.1 302 Found Location: https://idp.ex.com/saml?... GET https://idp.ex.com/saml?... 200 OK SAML Assertion in HTML FORM POST /acs SAML Assertion HTTP/1.1 302 Found Location: https://sp.ex.net/something Set-Cookie: token=value; Domain=.ex.net WWW-Authenticate: Negotiate Authorization: Negotiate a874… WWW-Authenticate: Negotiate he83… Authorization: Negotiate k83g…
  • 26. SAML 2.0 + IWA Example • Set AD FS config file to use integrated rather than form-based authentication • Access salesforce.com based on Windows desktop session
  • 27. Use Case 2: Authorizing Third-Party Access to APIs • Third-party web site provides value on top of customer data • Accesses salesforce.com via SOAP or REST APIs • Need to be able to access API in the context of the end user
  • 28. OAuth 2.0 • Authorization for RESTful APIs • Evolution of Google AuthSub, Yahoo BBAuth, AOL OpenAuth etc • ‘Valet key’ for the web • Emphasis on simplicity, ease of implementation
  • 30. OAuth 2.0 Protocol Browser Authorization Server Client App GET /something 302 Found Location: https://login.ex.com/?response_ty pe=code&client_id=…&redirect_uri =…GET /?response_type=... 302 Found Location: https://app.cl.com?code=… GET /app.cl.com?code=… Resource Server Authenticate POST /token code=…&grant_type=authorization_code&client_id=…&client_secret=…&r edirect_uri=… GET /data Authorization: OAuth 00D5… 200 OK { “access_token”: “00D5…”} 200 OK Data200 OK Some Content
  • 31. OAuth 2.0 + SAML 2.0 + IWA • Can use SAML 2.0 for the authentication step of OAuth • Instead of redirecting to central salesforce.com authorization server, use custom domain (‘My Domain’ feature) • Triggers SP-initiated SAML 2.0 flow • Use IWA to avoid manual login
  • 32. OAuth 2.0 + SAML 2.0 + IWA Protocols Browser Authorization Server Client App Resource Server
  • 33. OAuth 2.0 + SAML 2.0 + IWA Example • Service Provider web site retrieves customer’s data from salesforce.com via REST API • OAuth triggers SAML, which triggers IWA
  • 34. Use Case 3: What About Desktop Apps? • Desktop applications can access web APIs, but how do we authenticate the user? – Invoke browser for authentication? – Collect username/password? – Use PingFederate STS to broker enterprise credentials for an OAuth token!
  • 35. Security Token Service • WS-Trust protocol • Token in – Username/password – Kerberos – SAML – Custom • Token out – SAML – Custom • No protocol diagram required!
  • 36. WS-Trust + SAML 2.0 + OAuth • Exchange Kerberos Token for SAML 2.0 Assertion - PingFederate – WS-Trust • Exchange SAML 2.0 Assertion for OAuth 2.0 Access Token – Salesforce.com – OAuth
  • 37. High Level Protocol Flow Desktop AppDesktop O/S STS Resource Server Get Kerberos Token Kerberos Token Kerberos Token Authorization Server SAML Assertion OAuth Token GET /data Authorization: OAuth 00D5… 200 OK Data OAuth Token
  • 38. WS-Trust + SAML 2.0 + Oauth Example • Desktop Chatter client, accessing salesforce.com REST APIs • Accessing API in context of end user (rather than ‘API user’) is essential!
  • 39. Parting Thoughts • Building blocks exist for satisfying most single sign-on and web services use cases • AD FS 2.0 SAML 2.0 support was a watershed • Third-party tools are still essential for a truly seamless experience
  • 40. Please Complete the Survey! www.theexpertsconference.com
  • 41. Questions & Answers • Pat Patterson – Email - ppatterson@salesforce.com – Blog - blog.sforce.com – Twitter - @metadaddy