SlideShare a Scribd company logo

What exactly is identity federation

Download as PPTX, PDF
G
Gluu

There is a triangle of authentication consisting of price, usability and security. Not all triangles are equal. New technologies are arising that are more convenient, more secure and less expensive than passwords.

Technology
1 of 4
WHAT EXACTLY IS IDENTITY FEDERATION These days, most websites and mobile apps don’t know how to authenticate you. Instead, they call the APIs of services offered by popular “Identity Providers” or “IDPs”, like Google and Facebook. This enables a person’s “user” information to be utilized at many different websites on the Internet, and information about a person can be shared with websites and apps on an “as needed” basis. Of course web site developers don’t want to learn a different authentication API for each IDP. And many organizations don’t trust a third party to authenticate its people. So the Internet has moved to standards. The most widely used standard for Web authentication is SAML. Perhaps the most promising standard for authentication is OpenID Connect, which is a profile of OAuth2. The explosion of Two-Factor Authentication technology… One of the most important new technologies that is driving infrastructure changes is the explosion of strong factor authentication technology. There is a triangle of authentication consisting of price, usability and security. Not all triangles are equal. New technologies are arising that are more convenient, more secure and less expensive than passwords.
Once a company makes an investment in strong authentication, they want to use that authentication technology across the maximum number of apps. For this reason, it makes sense to support open standards, so all applications can benefit from the availability of these new organizational authentication capabilities. The Problem of Client Management It’s not only people that need to be authenticated and authorized. There is a proliferation of agents that act on behalf of the person, or are independent entities. How are these authenticated and authorized by the organization… ? Sesimic Shift: LDAP or WAM? I think the seismic shift is from WAM (web access management) –> Federation, not from LDAP –> Federation. LDAP is still entrenched as a robust persistence infrastructure for user claims and password credentials. The problem with WAM products (i.e. Siteminder, OAM, TAM…) is that the cost has been high, customers are locked in (why else did CA buy Netgrity…), and integrations have been slow. Companies realize that whether they are integrating authentication with internal apps, external apps, or off-the-shelf products, open federation standards enable consolidation, which saves money, and improves security.
In the large companies I’ve worked with, the security department did not have control over the applications, so even though they were “internal”, a top-down approach was inefficient. It’s better to publish your standards, and let the internal app developers “help themselves” than to push a WAM architecture on them. In this sense, the fact that there are external apps just provides further evidence to a trend that had already clearly emerged. IAM, not IDM Often times, clients and consultants put too much emphasis on IDM, and not enough emphasis on organizational trust management. It’s not just that I need to provision my users for external websites, but I need to understand with which websites I have shared which attributes. Also, organizations need to trust users who authenticated outside the organization. Most large organizations participate in an ecosystem of autonomous parties, and publish websites that are used by many outside the organization. This is the old problem of extranet user management. Trust management, IMHO, is one of the biggest challenges… Where does XACML fit? If you talk to organizations, you’ll find that the is no clear trend for XACML’s adoption. Proprietary and custom solutions are the rule in authorization right now, with most authorization actually taking place in the app.
To what extent centralized authorization will be achieved is totally uncertain, and I would argue that this is the “adjacent possible,” as described in Stephen Johnson’s book “Where Good Ideas Come From” — you can’t have authorization before we have clear standards for authentication. In terms of adoption of technology, I’m bullish about UMA, and in fact I think UMA and XACML are complimentary… app developers want JSON/REST… and it would be more suitable for the PDP to form a XACML request to a XACML PDP, then for the app developer to learn XACML. In any case, I’m a fan of XACML as a standard for expressing authorization rules, but I do think that the technology is better suited for server side developers. Who will Outsource IDaaS? I disagree with the common assumption that the majority of “IDaaS” will be outsourced. Perhaps for SMB market, this might be true. But many large organizations maintain core TCP/IP services, and AAA has traditionally been managed within the organizational perimeter. In fact, many organizations simply cannot outsource this function for security reasons. With standards, we will drive down the costs of the software and the resources, and AAA will be simply another linux or windows service that can be configured. Article Resource:-http://gluu.jimdo.com/gluu-blog/what-exactly-is-identity-federation/

Recommended

Applications web hautement évolutives sur Azure
Applications web hautement évolutives sur AzureApplications web hautement évolutives sur Azure
Applications web hautement évolutives sur AzureMicrosoft
 
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...e-Xpert Solutions SA
 
Windows Azure Multi-Factor Authentication, presentation et cas d'usage
Windows Azure Multi-Factor Authentication, presentation et cas d'usageWindows Azure Multi-Factor Authentication, presentation et cas d'usage
Windows Azure Multi-Factor Authentication, presentation et cas d'usagePhilippe Beraud
 
Active Directory et la Sécurité
Active Directory et la SécuritéActive Directory et la Sécurité
Active Directory et la SécuritéMicrosoft
 
Active Directory en 2012 : les meilleures pratiques en design, sécurité et ad...
Active Directory en 2012 : les meilleures pratiques en design, sécurité et ad...Active Directory en 2012 : les meilleures pratiques en design, sécurité et ad...
Active Directory en 2012 : les meilleures pratiques en design, sécurité et ad...Microsoft Technet France
 
Petit déjeuner Octo - L'infra au service de ses projets
Petit déjeuner Octo - L'infra au service de ses projetsPetit déjeuner Octo - L'infra au service de ses projets
Petit déjeuner Octo - L'infra au service de ses projetsAdrien Blind
 
Vous avez dit Identité hybride ?
Vous avez dit Identité hybride ?Vous avez dit Identité hybride ?
Vous avez dit Identité hybride ?Microsoft Décideurs IT
 
Windows Azure, plongée en eaux profondes (300)
Windows Azure, plongée en eaux profondes (300)Windows Azure, plongée en eaux profondes (300)
Windows Azure, plongée en eaux profondes (300)Microsoft Décideurs IT
 

Recommended

Applications web hautement évolutives sur Azure
Applications web hautement évolutives sur AzureApplications web hautement évolutives sur Azure
Applications web hautement évolutives sur AzureMicrosoft
 
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...e-Xpert Solutions SA
 
Windows Azure Multi-Factor Authentication, presentation et cas d'usage
Windows Azure Multi-Factor Authentication, presentation et cas d'usageWindows Azure Multi-Factor Authentication, presentation et cas d'usage
Windows Azure Multi-Factor Authentication, presentation et cas d'usagePhilippe Beraud
 
Active Directory et la Sécurité
Active Directory et la SécuritéActive Directory et la Sécurité
Active Directory et la SécuritéMicrosoft
 
Active Directory en 2012 : les meilleures pratiques en design, sécurité et ad...
Active Directory en 2012 : les meilleures pratiques en design, sécurité et ad...Active Directory en 2012 : les meilleures pratiques en design, sécurité et ad...
Active Directory en 2012 : les meilleures pratiques en design, sécurité et ad...Microsoft Technet France
 
Petit déjeuner Octo - L'infra au service de ses projets
Petit déjeuner Octo - L'infra au service de ses projetsPetit déjeuner Octo - L'infra au service de ses projets
Petit déjeuner Octo - L'infra au service de ses projetsAdrien Blind
 
Vous avez dit Identité hybride ?
Vous avez dit Identité hybride ?Vous avez dit Identité hybride ?
Vous avez dit Identité hybride ?Microsoft Décideurs IT
 
Windows Azure, plongée en eaux profondes (300)
Windows Azure, plongée en eaux profondes (300)Windows Azure, plongée en eaux profondes (300)
Windows Azure, plongée en eaux profondes (300)Microsoft Décideurs IT
 
Gluu server for educational institutions
Gluu server for educational institutionsGluu server for educational institutions
Gluu server for educational institutionsGluu
 
Pr from our recent nstic pilot award
Pr from our recent nstic pilot awardPr from our recent nstic pilot award
Pr from our recent nstic pilot awardGluu
 
The currency of identifiers
The currency of identifiersThe currency of identifiers
The currency of identifiersGluu
 
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...Gluu
 
Gluu sxsw 2015 interactive picks
Gluu sxsw 2015 interactive picksGluu sxsw 2015 interactive picks
Gluu sxsw 2015 interactive picksGluu
 
17 recommended requirements for an identity and access management poc
17 recommended requirements for an identity and access management poc17 recommended requirements for an identity and access management poc
17 recommended requirements for an identity and access management pocGluu
 
Top 10 applications for multi factor authentication in higher education
Top 10 applications for multi factor authentication in higher educationTop 10 applications for multi factor authentication in higher education
Top 10 applications for multi factor authentication in higher educationGluu
 
First o auth 2.0 and saml identity federation platform to be shown by gluu
First o auth 2.0 and saml identity federation platform to be shown by gluuFirst o auth 2.0 and saml identity federation platform to be shown by gluu
First o auth 2.0 and saml identity federation platform to be shown by gluuGluu
 
How & why gluu’s open source authorization and authentication platform was ch...
How & why gluu’s open source authorization and authentication platform was ch...How & why gluu’s open source authorization and authentication platform was ch...
How & why gluu’s open source authorization and authentication platform was ch...Gluu
 
East hackathon api’s for art
East hackathon api’s for artEast hackathon api’s for art
East hackathon api’s for artGluu
 
Gluu’s vision
Gluu’s visionGluu’s vision
Gluu’s visionGluu
 
Gluu and canonical to demonstrate instant application security using ubuntu j...
Gluu and canonical to demonstrate instant application security using ubuntu j...Gluu and canonical to demonstrate instant application security using ubuntu j...
Gluu and canonical to demonstrate instant application security using ubuntu j...Gluu
 
Currency of identifiers ii
Currency of identifiers iiCurrency of identifiers ii
Currency of identifiers iiGluu
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Gluu
 
Federated identity and open id connect why higher ed needs ox
Federated identity and open id connect why higher ed needs oxFederated identity and open id connect why higher ed needs ox
Federated identity and open id connect why higher ed needs oxGluu
 
Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0Gluu
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementGluu
 
Gluu oscon submission
Gluu oscon submissionGluu oscon submission
Gluu oscon submissionGluu
 
Go west young federation
Go west young federationGo west young federation
Go west young federationGluu
 
 Use case for asimba as saml proxy
 Use case for asimba as saml proxy Use case for asimba as saml proxy
 Use case for asimba as saml proxyGluu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

More Related Content

More from Gluu

Gluu server for educational institutions
Gluu server for educational institutionsGluu server for educational institutions
Gluu server for educational institutionsGluu
 
Pr from our recent nstic pilot award
Pr from our recent nstic pilot awardPr from our recent nstic pilot award
Pr from our recent nstic pilot awardGluu
 
The currency of identifiers
The currency of identifiersThe currency of identifiers
The currency of identifiersGluu
 
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...Gluu
 
Gluu sxsw 2015 interactive picks
Gluu sxsw 2015 interactive picksGluu sxsw 2015 interactive picks
Gluu sxsw 2015 interactive picksGluu
 
17 recommended requirements for an identity and access management poc
17 recommended requirements for an identity and access management poc17 recommended requirements for an identity and access management poc
17 recommended requirements for an identity and access management pocGluu
 
Top 10 applications for multi factor authentication in higher education
Top 10 applications for multi factor authentication in higher educationTop 10 applications for multi factor authentication in higher education
Top 10 applications for multi factor authentication in higher educationGluu
 
First o auth 2.0 and saml identity federation platform to be shown by gluu
First o auth 2.0 and saml identity federation platform to be shown by gluuFirst o auth 2.0 and saml identity federation platform to be shown by gluu
First o auth 2.0 and saml identity federation platform to be shown by gluuGluu
 
How & why gluu’s open source authorization and authentication platform was ch...
How & why gluu’s open source authorization and authentication platform was ch...How & why gluu’s open source authorization and authentication platform was ch...
How & why gluu’s open source authorization and authentication platform was ch...Gluu
 
East hackathon api’s for art
East hackathon api’s for artEast hackathon api’s for art
East hackathon api’s for artGluu
 
Gluu’s vision
Gluu’s visionGluu’s vision
Gluu’s visionGluu
 
Gluu and canonical to demonstrate instant application security using ubuntu j...
Gluu and canonical to demonstrate instant application security using ubuntu j...Gluu and canonical to demonstrate instant application security using ubuntu j...
Gluu and canonical to demonstrate instant application security using ubuntu j...Gluu
 
Currency of identifiers ii
Currency of identifiers iiCurrency of identifiers ii
Currency of identifiers iiGluu
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Gluu
 
Federated identity and open id connect why higher ed needs ox
Federated identity and open id connect why higher ed needs oxFederated identity and open id connect why higher ed needs ox
Federated identity and open id connect why higher ed needs oxGluu
 
Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0Gluu
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementGluu
 
Gluu oscon submission
Gluu oscon submissionGluu oscon submission
Gluu oscon submissionGluu
 
Go west young federation
Go west young federationGo west young federation
Go west young federationGluu
 
 Use case for asimba as saml proxy
 Use case for asimba as saml proxy Use case for asimba as saml proxy
 Use case for asimba as saml proxyGluu
 

More from Gluu (20)

Gluu server for educational institutions
Gluu server for educational institutionsGluu server for educational institutions
Gluu server for educational institutions
 
Pr from our recent nstic pilot award
Pr from our recent nstic pilot awardPr from our recent nstic pilot award
Pr from our recent nstic pilot award
 
The currency of identifiers
The currency of identifiersThe currency of identifiers
The currency of identifiers
 
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
 
Gluu sxsw 2015 interactive picks
Gluu sxsw 2015 interactive picksGluu sxsw 2015 interactive picks
Gluu sxsw 2015 interactive picks
 
17 recommended requirements for an identity and access management poc
17 recommended requirements for an identity and access management poc17 recommended requirements for an identity and access management poc
17 recommended requirements for an identity and access management poc
 
Top 10 applications for multi factor authentication in higher education
Top 10 applications for multi factor authentication in higher educationTop 10 applications for multi factor authentication in higher education
Top 10 applications for multi factor authentication in higher education
 
First o auth 2.0 and saml identity federation platform to be shown by gluu
First o auth 2.0 and saml identity federation platform to be shown by gluuFirst o auth 2.0 and saml identity federation platform to be shown by gluu
First o auth 2.0 and saml identity federation platform to be shown by gluu
 
How & why gluu’s open source authorization and authentication platform was ch...
How & why gluu’s open source authorization and authentication platform was ch...How & why gluu’s open source authorization and authentication platform was ch...
How & why gluu’s open source authorization and authentication platform was ch...
 
East hackathon api’s for art
East hackathon api’s for artEast hackathon api’s for art
East hackathon api’s for art
 
Gluu’s vision
Gluu’s visionGluu’s vision
Gluu’s vision
 
Gluu and canonical to demonstrate instant application security using ubuntu j...
Gluu and canonical to demonstrate instant application security using ubuntu j...Gluu and canonical to demonstrate instant application security using ubuntu j...
Gluu and canonical to demonstrate instant application security using ubuntu j...
 
Currency of identifiers ii
Currency of identifiers iiCurrency of identifiers ii
Currency of identifiers ii
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...
 
Federated identity and open id connect why higher ed needs ox
Federated identity and open id connect why higher ed needs oxFederated identity and open id connect why higher ed needs ox
Federated identity and open id connect why higher ed needs ox
 
Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0Web access management using o auth2 and saml – wam 2.0
Web access management using o auth2 and saml – wam 2.0
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access management
 
Gluu oscon submission
Gluu oscon submissionGluu oscon submission
Gluu oscon submission
 
Go west young federation
Go west young federationGo west young federation
Go west young federation
 
 Use case for asimba as saml proxy
 Use case for asimba as saml proxy Use case for asimba as saml proxy
 Use case for asimba as saml proxy
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

What exactly is identity federation

  • 1. WHAT EXACTLY IS IDENTITY FEDERATION These days, most websites and mobile apps don’t know how to authenticate you. Instead, they call the APIs of services offered by popular “Identity Providers” or “IDPs”, like Google and Facebook. This enables a person’s “user” information to be utilized at many different websites on the Internet, and information about a person can be shared with websites and apps on an “as needed” basis. Of course web site developers don’t want to learn a different authentication API for each IDP. And many organizations don’t trust a third party to authenticate its people. So the Internet has moved to standards. The most widely used standard for Web authentication is SAML. Perhaps the most promising standard for authentication is OpenID Connect, which is a profile of OAuth2. The explosion of Two-Factor Authentication technology… One of the most important new technologies that is driving infrastructure changes is the explosion of strong factor authentication technology. There is a triangle of authentication consisting of price, usability and security. Not all triangles are equal. New technologies are arising that are more convenient, more secure and less expensive than passwords.
  • 2. Once a company makes an investment in strong authentication, they want to use that authentication technology across the maximum number of apps. For this reason, it makes sense to support open standards, so all applications can benefit from the availability of these new organizational authentication capabilities. The Problem of Client Management It’s not only people that need to be authenticated and authorized. There is a proliferation of agents that act on behalf of the person, or are independent entities. How are these authenticated and authorized by the organization… ? Sesimic Shift: LDAP or WAM? I think the seismic shift is from WAM (web access management) –> Federation, not from LDAP –> Federation. LDAP is still entrenched as a robust persistence infrastructure for user claims and password credentials. The problem with WAM products (i.e. Siteminder, OAM, TAM…) is that the cost has been high, customers are locked in (why else did CA buy Netgrity…), and integrations have been slow. Companies realize that whether they are integrating authentication with internal apps, external apps, or off-the-shelf products, open federation standards enable consolidation, which saves money, and improves security.
  • 3. In the large companies I’ve worked with, the security department did not have control over the applications, so even though they were “internal”, a top-down approach was inefficient. It’s better to publish your standards, and let the internal app developers “help themselves” than to push a WAM architecture on them. In this sense, the fact that there are external apps just provides further evidence to a trend that had already clearly emerged. IAM, not IDM Often times, clients and consultants put too much emphasis on IDM, and not enough emphasis on organizational trust management. It’s not just that I need to provision my users for external websites, but I need to understand with which websites I have shared which attributes. Also, organizations need to trust users who authenticated outside the organization. Most large organizations participate in an ecosystem of autonomous parties, and publish websites that are used by many outside the organization. This is the old problem of extranet user management. Trust management, IMHO, is one of the biggest challenges… Where does XACML fit? If you talk to organizations, you’ll find that the is no clear trend for XACML’s adoption. Proprietary and custom solutions are the rule in authorization right now, with most authorization actually taking place in the app.
  • 4. To what extent centralized authorization will be achieved is totally uncertain, and I would argue that this is the “adjacent possible,” as described in Stephen Johnson’s book “Where Good Ideas Come From” — you can’t have authorization before we have clear standards for authentication. In terms of adoption of technology, I’m bullish about UMA, and in fact I think UMA and XACML are complimentary… app developers want JSON/REST… and it would be more suitable for the PDP to form a XACML request to a XACML PDP, then for the app developer to learn XACML. In any case, I’m a fan of XACML as a standard for expressing authorization rules, but I do think that the technology is better suited for server side developers. Who will Outsource IDaaS? I disagree with the common assumption that the majority of “IDaaS” will be outsourced. Perhaps for SMB market, this might be true. But many large organizations maintain core TCP/IP services, and AAA has traditionally been managed within the organizational perimeter. In fact, many organizations simply cannot outsource this function for security reasons. With standards, we will drive down the costs of the software and the resources, and AAA will be simply another linux or windows service that can be configured. Article Resource:-http://gluu.jimdo.com/gluu-blog/what-exactly-is-identity-federation/