SlideShare une entreprise Scribd logo

Patterns to Bring Enterprise and Social Identity to the Cloud

CA API Management
CA API Management

In this session, we will look at strategies to incorporate identity into cloud applications. Enterprise identity or social login can both be a part of your go-to-cloud strategy, but you must plan for this upfront, rather than try to retrofit identity and access control at a later date.

Technologie
1  sur  38
Télécharger pour lire hors ligne
Pa#erns  to  Bring   Enterprise  and  Social   Iden5ty  to  the  Cloud   SVP  and  Dis5nguished  Engineer   K.  Sco'  Morrison  
2         Copyright © 2013 CA. All rights reserved. How many passwords do you have?
3         Copyright © 2013 CA. All rights reserved. The Italian Solution
4         Copyright © 2013 CA. All rights reserved. Secure Internal Network Firewall Our  Basic  Problem  
7         Copyright © 2013 CA. All rights reserved. Trading Partner Secure Internal Network Firewall Suppose  We  Recast  the  Problem?  
8         Copyright © 2013 CA. All rights reserved. Secure Internal Network This  is  Just  Federa@on   Trading Partner IdP Principal
9         Copyright © 2013 CA. All rights reserved. Secure Internal Network Admin  Sets  Up  Trust  Rela@onship   IdP Admin
11         Copyright © 2013 CA. All rights reserved. Let’s  Call  This  Pa'ern  #1:  SAML-­‐based  Federa5on   IdP Service Provider Message + SAML Principal Authenticate Acquire SAML token Data 1) 2) Note that this demonstrates SAML browser POST profile. The artifact profile is harder to do through corporate firewalls
12         Copyright © 2013 CA. All rights reserved. Can  We  Declare  Victory?   ü Basic Federation
13         Copyright © 2013 CA. All rights reserved. What  Does  It  Mean  To  Have  An  Account?   Directory Objects Some Cloud Service App Server
15         Copyright © 2013 CA. All rights reserved. Firewall What  We  Really  Have  A     Synchroniza@on  Problem   Objects Identities Enterprise Directory
16         Copyright © 2013 CA. All rights reserved. And  What  About  Small  Business?   Travels Mostly Works from home Works from Starbucks
17         Copyright © 2013 CA. All rights reserved. Look  To  Social  Networking  For  Inspira@on  
18         Copyright © 2013 CA. All rights reserved. Conceptually  Here  Is  What  Happens   1. User posts new tweet 2. Twitter posts tweet to Facebook on user’s behalf User Scott Twitter Facebook
19         Copyright © 2013 CA. All rights reserved. This  is  the  “password  an5-­‐pa#ern”   A  Bad  First  A'empt:  Stored  Passwords   User Scott Send in Facebook Password Twitter uses Facebook Password
20         Copyright © 2013 CA. All rights reserved. OK,  So  Let’s  Try  SAML   User Scott Scott authenticates using his Twitter Password Twitter vouches it authenticated Scott
21         Copyright © 2013 CA. All rights reserved. But  There  Are  Problems…   User Scott How can we associate these different representations of Scott? Where are the limits on what Twitter can do?
22         Copyright © 2013 CA. All rights reserved. Here’s  A  Smarter  Approach  
23         Copyright © 2013 CA. All rights reserved. Here’s  What  It  Looks  Like  When  We’re  Done   User Scott Scott authenticates using his Twitter Password Tweet plus access token authorizing Twitter to post for Scott OAuth Client OAuth Authorization & Resource Servers
24         Copyright © 2013 CA. All rights reserved. But  OAuth  Also  Enables  NASCAR-­‐style  Sign  On   Taken from sears.com
25         Copyright © 2013 CA. All rights reserved. Data Let’s  Call  This  Pa'ern  #2:  Social  Sign-­‐On   OAuth Authorization Server OAuth Client User Authenticate Get Code Validate Code Get Access Token 1) 3) Pass code to client2) This demonstrates: grant-type=authorization_code! ! Note the user never sees the access token, only the client sees it. The user’s session must be managed using other means (eg: session cookie, etc)
26         Copyright © 2013 CA. All rights reserved. This  Is  Actually  A  Profound  ShiZ  In  Iden@ty  Mgmt   The Old Enterprise The New Hybrid Enterprise This is the secret to achieving scale and agile federation
27         Copyright © 2013 CA. All rights reserved. What  is  Really  Different  Here?   •  Integra@on  with  simple  RESTful  APIs   •  Very  loose  coupling   •  Very  low  ceremony   •  Very  loose  rela@onships  driven  by  caller   •  Client  to  authoriza5on  server   •  User  to  client   This all adds up to a distribution of responsibility that scales with no. of users
28         Copyright © 2013 CA. All rights reserved. Let’s  drive  home  how  this  enables  self-­‐provisioning  of  clients  &  users   Delega@on  of  Responsibility   Auth Server Client User Authenticate Get Code TBD
29         Copyright © 2013 CA. All rights reserved. But  We’re  Not  Quite  At  Federa@on   •  We  have  simple  Single  Sign-­‐On   •  But  what  about  a'ributes?   <saml:AttributeStatement> ! <saml:Attribute FriendlyName="fooAttrib" Name="SFDC_USERNAME" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> ! <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"> user101@salesforce.com </saml:AttributeValue> ! </saml:Attribute> ! </saml:AttributeStatement>! From: http://login.salesforce.com/help/doc/en/sso_saml_assertion_examples.htm
30         Copyright © 2013 CA. All rights reserved. This  Is  The  Job  Of  OpenID  Connect   OpenID Connect Endpoint OAuth Client User Call to UserInfo endpoint for specific scope JSON structured attribute list of claims Eg: User’s email, First name, Last name, etc
31         Copyright © 2013 CA. All rights reserved. Scopes  Define  Collec@ons  of  Claims   •  Profile   –  name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at •  Email   –  email •  Address   –  address •  Phone   –  phone_number, phone_number_verified •  etc   JSON Example:! { "sub": "248289761001", ! "name": "Jane Doe", ! "given_name": "Jane",! "family_name": "Doe",! "preferred_username": "j.doe”,! "email": "janedoe@example.com",! "picture": "http://example.com/ janedoe/me.jpg" ! }! From: http://openid.net/specs/openid-connect-basic-1_0.html Claims are associated with an access token
32         Copyright © 2013 CA. All rights reserved. But  we  s5ll  have  a  registra5on  problem   We’re  Almost  There   Authorization Server Client Provisioning of new users This is obviously an enterprise problem, not an individual problem They may already exist here Remember our earlier point about what constitutes an “account”
33         Copyright © 2013 CA. All rights reserved. API  for  user  management   This  Is  The  What  SCIM  Is  For   Authorization Server Client Create New Users SCIM defines user/group schema and REST endpoints for CRUD SCIM stands for: System for Cross-domain Identity Management Enterprise Administrator
34         Copyright © 2013 CA. All rights reserved. Secure Internal Network Firewall First,  on-­‐premise  iden5ty  stores   We’re  Now  LeZ  With  Two  Deployment  Op@ons   Leverages Existing Infrastructure IdP
35         Copyright © 2013 CA. All rights reserved. Secure Internal Network Or  Cloud-­‐based   We’re  Now  LeZ  With  Two  Deployment  Op@ons   Identity-as- a-Service
36         Copyright © 2013 CA. All rights reserved. Choose  SAML  or  OAuth  based  on  opera5onal  goals   The  Deployment  Is  Independent  Authoriza@on  Technology   •  SAML  support  is  widespread   •  Dominant  for  enterprise  SSO  and  federa5on   •  Strong  in  passive  (browser)  profiles   •  Less  strong  in  ac5ve  (classic  SOAP  or  newer  RESTful  APIs)  profiles   •  Lots  of  central  administra5on  and  federa5on  ceremony   •  OAuth/OpenID  Connect  is  growing  very  fast   •  OAuth  owns  RESTful  APIs   •  The  world  is  not  just  about  browsers  any  longer   •  Think  about  rise  of  mobile  apps   •  Fast  to  integrate,  with  no  need  to  engage  par5es   •  Irresis5ble  delega5on  model   •  Poten5al  brand,  regulatory,  or  organiza5onal  issues  with  social  login      
37         Copyright © 2013 CA. All rights reserved. Summary   •  SAML  is  not  going  away   •  Your  exis5ng  investment  is  safe   •  It  will  con5nue  to  play  a  huge  role  in  web-­‐based  federa5on     •  But  OAuth+OpenID  Connect+SCIM  is  coming  on  very  strong   •  Driven  by  rise  of  APIs  and  mobile  devices     •  Don’t  let  anyone  tell  you  OAuth  is  just  another  auth  token   scheme   •  It  really  represents  a  shiW  in  authority  
Ques5ons   K.  Sco'  Morrison   Senior  Vice  President  &  Dis5nguished  Engineer   CA  Technologies     405-­‐1100  Melville,   Vancouver,  BC  V6E  4B5   Canada   +1  (604)  681-­‐9377   sco#@layer7.com   h#p://KSco#Morrison.com    

Recommandé

Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Techsylvania
 
Casual Dining Restaurants - Iterable User Engagement Teardown
Casual Dining Restaurants - Iterable User Engagement TeardownCasual Dining Restaurants - Iterable User Engagement Teardown
Casual Dining Restaurants - Iterable User Engagement TeardownIterable
 
Implementing Hypermedia Clients: It's Not Rocket Science – Mike Amundsen, Pri...
Implementing Hypermedia Clients: It's Not Rocket Science – Mike Amundsen, Pri...Implementing Hypermedia Clients: It's Not Rocket Science – Mike Amundsen, Pri...
Implementing Hypermedia Clients: It's Not Rocket Science – Mike Amundsen, Pri...CA API Management
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataCA API Management
 
API Workshop Amsterdam presented by API Architect Ronnie Mitra
API Workshop Amsterdam presented by API Architect Ronnie MitraAPI Workshop Amsterdam presented by API Architect Ronnie Mitra
API Workshop Amsterdam presented by API Architect Ronnie MitraCA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 

Recommandé

Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Techsylvania
 
Casual Dining Restaurants - Iterable User Engagement Teardown
Casual Dining Restaurants - Iterable User Engagement TeardownCasual Dining Restaurants - Iterable User Engagement Teardown
Casual Dining Restaurants - Iterable User Engagement TeardownIterable
 
Implementing Hypermedia Clients: It's Not Rocket Science – Mike Amundsen, Pri...
Implementing Hypermedia Clients: It's Not Rocket Science – Mike Amundsen, Pri...Implementing Hypermedia Clients: It's Not Rocket Science – Mike Amundsen, Pri...
Implementing Hypermedia Clients: It's Not Rocket Science – Mike Amundsen, Pri...CA API Management
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataCA API Management
 
API Workshop Amsterdam presented by API Architect Ronnie Mitra
API Workshop Amsterdam presented by API Architect Ronnie MitraAPI Workshop Amsterdam presented by API Architect Ronnie Mitra
API Workshop Amsterdam presented by API Architect Ronnie MitraCA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilitiesOWASP
 
Open Id, O Auth And Webservices
Open Id, O Auth And WebservicesOpen Id, O Auth And Webservices
Open Id, O Auth And WebservicesMyles Eftos
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at ScaleCloudIDSummit
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119lior mazor
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...CA API Management
 
Federation Services
Federation ServicesFederation Services
Federation ServicesEmpowerID
 
SSO Manager
SSO ManagerSSO Manager
SSO ManagerEmpowerID
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 
CIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCloudIDSummit
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public SafetyAdam Lewis
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CloudIDSummit
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceKasun Indrasiri
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01Nordic APIs
 
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...Matt Raible
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 

Contenu connexe

Similaire à Patterns to Bring Enterprise and Social Identity to the Cloud

Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilitiesOWASP
 
Open Id, O Auth And Webservices
Open Id, O Auth And WebservicesOpen Id, O Auth And Webservices
Open Id, O Auth And WebservicesMyles Eftos
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at ScaleCloudIDSummit
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119lior mazor
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...CA API Management
 
Federation Services
Federation ServicesFederation Services
Federation ServicesEmpowerID
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 
CIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCloudIDSummit
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public SafetyAdam Lewis
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CloudIDSummit
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceKasun Indrasiri
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01Nordic APIs
 
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...Matt Raible
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 

Similaire à Patterns to Bring Enterprise and Social Identity to the Cloud (20)

Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
 
Open Id, O Auth And Webservices
Open Id, O Auth And WebservicesOpen Id, O Auth And Webservices
Open Id, O Auth And Webservices
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAML
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
 
Federation Services
Federation ServicesFederation Services
Federation Services
 
SSO Manager
SSO ManagerSSO Manager
SSO Manager
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
CIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-Section
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01
 
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
 

Plus de CA API Management

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer appsCA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
 
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ... Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...CA API Management
 
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014CA API Management
 
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...CA API Management
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?CA API Management
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...CA API Management
 

Plus de CA API Management (20)

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ... Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
 
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
 
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
 

Dernier

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Dernier (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Patterns to Bring Enterprise and Social Identity to the Cloud

  • 1. Pa#erns  to  Bring   Enterprise  and  Social   Iden5ty  to  the  Cloud   SVP  and  Dis5nguished  Engineer   K.  Sco'  Morrison  
  • 2. 2         Copyright © 2013 CA. All rights reserved. How many passwords do you have?
  • 3. 3         Copyright © 2013 CA. All rights reserved. The Italian Solution
  • 4. 4         Copyright © 2013 CA. All rights reserved. Secure Internal Network Firewall Our  Basic  Problem  
  • 5.
  • 6.
  • 7. 7         Copyright © 2013 CA. All rights reserved. Trading Partner Secure Internal Network Firewall Suppose  We  Recast  the  Problem?  
  • 8. 8         Copyright © 2013 CA. All rights reserved. Secure Internal Network This  is  Just  Federa@on   Trading Partner IdP Principal
  • 9. 9         Copyright © 2013 CA. All rights reserved. Secure Internal Network Admin  Sets  Up  Trust  Rela@onship   IdP Admin
  • 10.
  • 11. 11         Copyright © 2013 CA. All rights reserved. Let’s  Call  This  Pa'ern  #1:  SAML-­‐based  Federa5on   IdP Service Provider Message + SAML Principal Authenticate Acquire SAML token Data 1) 2) Note that this demonstrates SAML browser POST profile. The artifact profile is harder to do through corporate firewalls
  • 12. 12         Copyright © 2013 CA. All rights reserved. Can  We  Declare  Victory?   ü Basic Federation
  • 13. 13         Copyright © 2013 CA. All rights reserved. What  Does  It  Mean  To  Have  An  Account?   Directory Objects Some Cloud Service App Server
  • 14.
  • 15. 15         Copyright © 2013 CA. All rights reserved. Firewall What  We  Really  Have  A     Synchroniza@on  Problem   Objects Identities Enterprise Directory
  • 16. 16         Copyright © 2013 CA. All rights reserved. And  What  About  Small  Business?   Travels Mostly Works from home Works from Starbucks
  • 17. 17         Copyright © 2013 CA. All rights reserved. Look  To  Social  Networking  For  Inspira@on  
  • 18. 18         Copyright © 2013 CA. All rights reserved. Conceptually  Here  Is  What  Happens   1. User posts new tweet 2. Twitter posts tweet to Facebook on user’s behalf User Scott Twitter Facebook
  • 19. 19         Copyright © 2013 CA. All rights reserved. This  is  the  “password  an5-­‐pa#ern”   A  Bad  First  A'empt:  Stored  Passwords   User Scott Send in Facebook Password Twitter uses Facebook Password
  • 20. 20         Copyright © 2013 CA. All rights reserved. OK,  So  Let’s  Try  SAML   User Scott Scott authenticates using his Twitter Password Twitter vouches it authenticated Scott
  • 21. 21         Copyright © 2013 CA. All rights reserved. But  There  Are  Problems…   User Scott How can we associate these different representations of Scott? Where are the limits on what Twitter can do?
  • 22. 22         Copyright © 2013 CA. All rights reserved. Here’s  A  Smarter  Approach  
  • 23. 23         Copyright © 2013 CA. All rights reserved. Here’s  What  It  Looks  Like  When  We’re  Done   User Scott Scott authenticates using his Twitter Password Tweet plus access token authorizing Twitter to post for Scott OAuth Client OAuth Authorization & Resource Servers
  • 24. 24         Copyright © 2013 CA. All rights reserved. But  OAuth  Also  Enables  NASCAR-­‐style  Sign  On   Taken from sears.com
  • 25. 25         Copyright © 2013 CA. All rights reserved. Data Let’s  Call  This  Pa'ern  #2:  Social  Sign-­‐On   OAuth Authorization Server OAuth Client User Authenticate Get Code Validate Code Get Access Token 1) 3) Pass code to client2) This demonstrates: grant-type=authorization_code! ! Note the user never sees the access token, only the client sees it. The user’s session must be managed using other means (eg: session cookie, etc)
  • 26. 26         Copyright © 2013 CA. All rights reserved. This  Is  Actually  A  Profound  ShiZ  In  Iden@ty  Mgmt   The Old Enterprise The New Hybrid Enterprise This is the secret to achieving scale and agile federation
  • 27. 27         Copyright © 2013 CA. All rights reserved. What  is  Really  Different  Here?   •  Integra@on  with  simple  RESTful  APIs   •  Very  loose  coupling   •  Very  low  ceremony   •  Very  loose  rela@onships  driven  by  caller   •  Client  to  authoriza5on  server   •  User  to  client   This all adds up to a distribution of responsibility that scales with no. of users
  • 28. 28         Copyright © 2013 CA. All rights reserved. Let’s  drive  home  how  this  enables  self-­‐provisioning  of  clients  &  users   Delega@on  of  Responsibility   Auth Server Client User Authenticate Get Code TBD
  • 29. 29         Copyright © 2013 CA. All rights reserved. But  We’re  Not  Quite  At  Federa@on   •  We  have  simple  Single  Sign-­‐On   •  But  what  about  a'ributes?   <saml:AttributeStatement> ! <saml:Attribute FriendlyName="fooAttrib" Name="SFDC_USERNAME" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> ! <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"> user101@salesforce.com </saml:AttributeValue> ! </saml:Attribute> ! </saml:AttributeStatement>! From: http://login.salesforce.com/help/doc/en/sso_saml_assertion_examples.htm
  • 30. 30         Copyright © 2013 CA. All rights reserved. This  Is  The  Job  Of  OpenID  Connect   OpenID Connect Endpoint OAuth Client User Call to UserInfo endpoint for specific scope JSON structured attribute list of claims Eg: User’s email, First name, Last name, etc
  • 31. 31         Copyright © 2013 CA. All rights reserved. Scopes  Define  Collec@ons  of  Claims   •  Profile   –  name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at •  Email   –  email •  Address   –  address •  Phone   –  phone_number, phone_number_verified •  etc   JSON Example:! { "sub": "248289761001", ! "name": "Jane Doe", ! "given_name": "Jane",! "family_name": "Doe",! "preferred_username": "j.doe”,! "email": "janedoe@example.com",! "picture": "http://example.com/ janedoe/me.jpg" ! }! From: http://openid.net/specs/openid-connect-basic-1_0.html Claims are associated with an access token
  • 32. 32         Copyright © 2013 CA. All rights reserved. But  we  s5ll  have  a  registra5on  problem   We’re  Almost  There   Authorization Server Client Provisioning of new users This is obviously an enterprise problem, not an individual problem They may already exist here Remember our earlier point about what constitutes an “account”
  • 33. 33         Copyright © 2013 CA. All rights reserved. API  for  user  management   This  Is  The  What  SCIM  Is  For   Authorization Server Client Create New Users SCIM defines user/group schema and REST endpoints for CRUD SCIM stands for: System for Cross-domain Identity Management Enterprise Administrator
  • 34. 34         Copyright © 2013 CA. All rights reserved. Secure Internal Network Firewall First,  on-­‐premise  iden5ty  stores   We’re  Now  LeZ  With  Two  Deployment  Op@ons   Leverages Existing Infrastructure IdP
  • 35. 35         Copyright © 2013 CA. All rights reserved. Secure Internal Network Or  Cloud-­‐based   We’re  Now  LeZ  With  Two  Deployment  Op@ons   Identity-as- a-Service
  • 36. 36         Copyright © 2013 CA. All rights reserved. Choose  SAML  or  OAuth  based  on  opera5onal  goals   The  Deployment  Is  Independent  Authoriza@on  Technology   •  SAML  support  is  widespread   •  Dominant  for  enterprise  SSO  and  federa5on   •  Strong  in  passive  (browser)  profiles   •  Less  strong  in  ac5ve  (classic  SOAP  or  newer  RESTful  APIs)  profiles   •  Lots  of  central  administra5on  and  federa5on  ceremony   •  OAuth/OpenID  Connect  is  growing  very  fast   •  OAuth  owns  RESTful  APIs   •  The  world  is  not  just  about  browsers  any  longer   •  Think  about  rise  of  mobile  apps   •  Fast  to  integrate,  with  no  need  to  engage  par5es   •  Irresis5ble  delega5on  model   •  Poten5al  brand,  regulatory,  or  organiza5onal  issues  with  social  login      
  • 37. 37         Copyright © 2013 CA. All rights reserved. Summary   •  SAML  is  not  going  away   •  Your  exis5ng  investment  is  safe   •  It  will  con5nue  to  play  a  huge  role  in  web-­‐based  federa5on     •  But  OAuth+OpenID  Connect+SCIM  is  coming  on  very  strong   •  Driven  by  rise  of  APIs  and  mobile  devices     •  Don’t  let  anyone  tell  you  OAuth  is  just  another  auth  token   scheme   •  It  really  represents  a  shiW  in  authority  
  • 38. Ques5ons   K.  Sco'  Morrison   Senior  Vice  President  &  Dis5nguished  Engineer   CA  Technologies     405-­‐1100  Melville,   Vancouver,  BC  V6E  4B5   Canada   +1  (604)  681-­‐9377   sco#@layer7.com   h#p://KSco#Morrison.com