SlideShare une entreprise Scribd logo

Using Federation to Simplify Access to SharePoint, SaaS and Partner Applications

Novell
Novell

Identity federation has become the standard method for delivering access to services across organizational boundaries. More recently, federation has become the preferred method for managing user access within Microsoft SharePoint environments. In this session, you will get an overview of the federation capabilities in Novell Access Manager. Specifically, the presenters will provide an introduction to identity federation, cover basic setup and configuration, and show you how to enable federated access to Microsoft SharePoint and Google applications. No previous knowledge of federation standards is required for this session.

1  sur  40
Télécharger pour lire hors ligne
Simplify Access to Microsoft SharePoint and SaaS Applications with Novell Access Manager ® ™ Lloyd Burch Distinguished Engineer Novell/lburch@novell.com Eduardo Barragan Senior Engineer Novacoast/ebarragan@novacoast.com
Novell Access Manager ® ™ Federation Overview • What does Novell Access Manager Do? – Access Control to Protected Resources – Authentication > Name Password, X509, Smart Cards, Kerberos, Others – Federation > Liberty, SAML 1.x SAML 2.0, WS-Fed, CardSpace > Identity Provider (Builds Tokens) > Relying Party / Service Provider (Uses Tokens) > Manages Trust – SSL-VPN > Secure external access 2 © Novell, Inc. All rights reserved.
Novell Access Manager ® ™ Federation Overview • What is Federation? – Established trust between two parties (IDP/SP) > How will IDP authenticate? > What claims/attributes can be exchanged? > What identifier will be used to identify user account at SP? > Is automatic provisioning of an account needed? – How does it work? > Administrator defined – IDP sends transparent authentication > User links accounts – Requests authentication > Open standards define the rules for how this is done > There can be many trusted providers or consumers of Identity 3 © Novell, Inc. All rights reserved.
Simple Federated Identity ZZYZX Car Rental Identity Provider 2– Ge tA tte ste d Ide nti ty T oke n 3 – Set Token and Receive Service 1 – Request Service and Get Requirements ABC Travel Service 4 © Novell, Inc. All rights reserved.
User-Driven Identity My Employer Identity My Hobby My Family Identity Identity - Novell claims this is LBurch - My Hobby Group claims this is Lloyd - My Family claims this is “Son of Dad” - Lloyd claims this is Me My Local Identity Login Request Web Service 5 © Novell, Inc. All rights reserved.
Open Standards allow Interoperability Open Standard Open Standard Open Standard Open Standard 6 © Novell, Inc. All rights reserved.
Achieving Cost Savings • Industry trends enabling Identity Federation – Open Standards support for identity – Multiple vendor support – Oasis and other standards bodies – Open Source reference code – Interoperability testing and certification – Lower cost – Partners can be added and removed quickly – Single store front from multiple vendors – Cost saving by sharing resources 7 © Novell, Inc. All rights reserved.
The Cost of Interoperability as Partners Increase $25 $20 $15 $10 $5 $- 1 2 Openstandards 3 4 ProprietaryCode 8 © Novell, Inc. All rights reserved.
Achieving the Vision • Industry trends enabling Identity Federation – The role of the firewall is changing – Outside partners, customers and employees have access – Applications must be protected from inside attacks – Firewalls are becoming identity aware – Increasing bandwidth for devices – Most devices are connected (work, home, mobile) 9 © Novell, Inc. All rights reserved.
SharePoint and Novell Access Manager ® ™ • What are the components? • How do they work? • What is the value to the customer? 10 © Novell, Inc. All rights reserved.
SharePoint and Novell Access Manager ® ™ • WS-Federation is used as the binding protocol to share identities • ADFS is the connecting point to Microsoft SharePoint • Access Manager is the connection point to multiple identity stores • Together single sign-on and shared identity works 11 © Novell, Inc. All rights reserved.
SharePoint and Novell Access Manager ® ™ Novell Simplified Access to MS SharePoint Access eDirectory Manager “Employees” • User authenticates to Access Manager (Direct or Federated) • Access Manager can validate Identities across multiple Identity Stores as well as Active Directory federated authentication from partners “Business Units” using SAML, WS-Fed or Alliance • User access SharePoint Acess Manager transforms • Access Manager transforms LDAP and LDAP and Federated Identity into claims that are Federated forwarded to Active Directory Federation Identity into Sun One Services (ADFS) ADFS Claims “Customers” • SharePoint Administrator – Mr. Happy • Associates claim to SharePoint Groups • No need to manage individual identities for all users that need to SharePoint • Improved user experience • Single Sign-On to SharePoint and other web resources protected by Access Manager Microsoft Active Directory SharePoint “SharePoint” 12 © Novell, Inc. All rights reserved.
SharePoint and Novell Access Manager ® ™ LDAP Novell Access Manager ADFS SharePoint Server Identity Server Windows Windows Legacy Novell Access Manager Webserver Gateway Internal User 13 © Novell, Inc. All rights reserved.
SharePoint and Novell Access Manager ® ™ LDAP Novell Access Manager ADFS SharePoint Server Identity Server Windows Windows Step Step A B Legacy Novell Access Manager Webserver Gateway Internal User 14 © Novell, Inc. All rights reserved.
SharePoint and Novell Access Manager ® ™ 15 © Novell, Inc. All rights reserved.
SharePoint and Novell Access Manager ® ™ • Benefits to the customer – Novell Access Manager can validate identities across multiple identity stores as well as federated authentication from partners using SAML, WS-Federation or Liberty Alliance – Non Active Directory user can use SharePoint – SharePoint administrator does not need to manage individual identities for all users that need access to SharePoint – Single sign-on to SharePoint and other web resources protected by Novell Access Manager – Novell Access Manager policy can control SharePoint access via roles 16 © Novell, Inc. All rights reserved.
Demonstration SharePoint and Novell Access Manager ® ™
Force.com CRM and Novell Access Manager ® ™ • Just an example of SaaS vendors embracing industry standards like SAML 2.0 – Salesforce.com offers Federated and Delegated SSO > Federated is simple, based on SAML 2.0 HTTP-POST profile » You define NameID » You create Metadata » Easy with Access Manager > Delegated requires Web services to be setup and uses SOAP to authenticate » You host Web Service » SOAP call back – Delegated is not in scope of this presentation 18 © Novell, Inc. All rights reserved.
SAML Terms (Security Assertion Markup Language) • Identity Provider (IDP) – Producer of assertions – Novell Access Manager ® ™ – Usually verifies credentials against LDAP • Service Provider (SP) – Consumer of assertions – Provides the application – SalesforceCRM is a cloud SP 19 © Novell, Inc. All rights reserved.
SAML Terms (Security Assertion Markup Language) • Metadata “SAML profiles require agreements between system entities regarding identifiers, binding support and endpoints, certificates and keys, and so forth. A metadata specification is useful for describing this information in a standardized way” - http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf • Assertion (response) – Synonym to Claim – A trusted authentication – replaces password with COT • Name Identifier – NameID – How to refer to the subject – Many supported formats 20 © Novell, Inc. All rights reserved.
SAML References Novell - http://www.novell.com/documentation/novellaccessmanager/index.html Wikipedia - http://en.wikipedia.org/wiki/SAML_2.0 – this is a good overview OASIS - http://saml.xml.org/saml-specifications and http://docs.oasis- open.org/security/saml/v2.0/– saml.xml.org – is the wiki for the OASIS group which maintains the SAML specifications. The link is to the specifications page. 21 © Novell, Inc. All rights reserved.
Authentication Flow 22 © Novell, Inc. All rights reserved.
Typical Three Step Process - COT 1. Circle or Trust • Metadata – Need to create SP metadata – Access Manager provides metadata • X.509 Certificates – SP does not provide certificate (you can create a self-signed cert) – IDP should always use SSL especially since this is HTTP-POST profile • End points which resolve via DNS 23 © Novell, Inc. All rights reserved.
Typical Three Step Process - SP 2. Setup SP side first • Why? – The login URL contains specific data to handle NameID and Attribute names – e.q. https://login.salesforce.com/? saml=MgoTx78aEPXRoZ2hRrHg2wwl5GLiR0qVpDJYXG4e5wzM83LxYv4TgrzVZsOpNK76 ItidNdsqihgDsiG2horV_wCGmSN.N1pVNrfRKMIW0QwpMQyrV_QZw94y_TvXB08Jyhi9l32 PLM_RH3LQ== • Have your IDP certificate handy – Export the signing certificate public key, save in .der format 24 © Novell, Inc. All rights reserved.
Typical Three Step Process – SP • Login to salesforce.com – ebarragan@novacoast.com - Admin user – Go to Setup > under Administration Setup – Select Security Controls > Single Sign-On Settings • Issuer – https://idpsrv.novacoast.com/nidp/saml2/metadata • Name ID format – urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified 25 © Novell, Inc. All rights reserved.
SP Details Good Help Reference 26 © Novell, Inc. All rights reserved.
SP Details 27 © Novell, Inc. All rights reserved.
Typical Three Step Process - IDP 3. Setup IDP – Novell Access Manager ® ™ • Create Attribute Map 28 © Novell, Inc. All rights reserved.
IDP Details • SP Metadata: <EntityDescriptor entityID="https://saml.salesforce.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"><SPSSODes criptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2. 0:protocol"><NameIDFormat>urn:oasis:names:tc:SAML:2.0: nameid- format:transient</NameIDFormat><AssertionConsumerServi ce index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP- POST" Location="https://login.salesforce.com/? saml=MgoTx78aEPXToZ2hRrHg2wwl5GLiR0qVpDJYXG4e5wzM83LxY v4TgrzVZsOpNK76ItidNdsqIhgDsi2horU_wCGmSM.N1pVNrfRKMIW 0QwpMQyrV_QZw94y_TvXB08Oyhi9l32PLM_RH3LQ=="/></SPSSODe scriptor></EntityDescriptor> 29 © Novell, Inc. All rights reserved.
IDP Details Create Trusted Service Provider 30 © Novell, Inc. All rights reserved.
IDP Details Configure Response 31 © Novell, Inc. All rights reserved.
IDP Details Configure Target (Inter-site Transfer URL) https://idpsrv.novacoast.com/nidp/saml2/idpsend?PID=https://saml.salesforce.com TARGET=https://na7.salesforce.com/home/home.jsp 32 © Novell, Inc. All rights reserved.
Demonstration Salesforce.com CRM and Novell Access Manager ® ™
Google Apps and Novell Access Manager ® ™ • Very similar to force.com SSO setup – Have a look at Neil Cashell's Cool solution on the subject for details – http://www.novell.com/communities/node/8645/integrating- google-apps-and-novell-access-manager-using-saml2 34 © Novell, Inc. All rights reserved.
Google Apps and Novell Access Manager ® ™ Same three step process 1 - Create COT – In this case, it's the same as previous process, the public key of the IDP's signing and encryption certificate is all that's required 2 - Configure SP – Everything you need for this page is in the IDP metadata > Login URL > Logout URL > Password management URL 3 - Configure IDP (Novell Access Manager) 35 © Novell, Inc. All rights reserved.
Google Apps and Novell Access Manager ® ™ Main Points Use this metadata, but replace the “Location” attribute. It must contain your domain <EntityDescriptor entityID="google.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress </NameIDFormat> <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.google.com/a/domain/acs" /> </SPSSODescriptor> </EntityDescriptor> 36 © Novell, Inc. All rights reserved.
Google Apps and Novell Access Manager ® ™ Main Points The Authentication Response is slightly different than force.com 37 © Novell, Inc. All rights reserved.
Demonstration Google Apps and Novell Access Manager ® ™
Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Recommandé

Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1
Novell
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CloudIDSummit
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
Justin Richer
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
Pat Patterson
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers
 
SAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseSAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your Enterprise
Denis Gundarev
 

Recommandé

Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1
Novell
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CloudIDSummit
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
Justin Richer
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
Pat Patterson
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers
 
SAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseSAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your Enterprise
Denis Gundarev
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Hitachi, Ltd. OSS Solution Center.
 
ざっくり解説 LINE ログイン
ざっくり解説 LINE ログインざっくり解説 LINE ログイン
ざっくり解説 LINE ログイン
Naohiro Fujie
 
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appIncorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile app
Nordic APIs
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Nov Matake
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
Gasperi Jerome
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Hitachi, Ltd. OSS Solution Center.
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
Torsten Lodderstedt
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
Shiu-Fun Poon
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...
Mike Schwartz
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Hitachi, Ltd. OSS Solution Center.
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
Torsten Lodderstedt
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
Yuichi Nakamura
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
Mike Schwartz
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
Eugene Siow
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
Dan Usher
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CloudIDSummit
 
eFolder Lunch, Three Secrets to Pricing and Packaging Your BDR Service
eFolder Lunch, Three Secrets to Pricing and Packaging Your BDR ServiceeFolder Lunch, Three Secrets to Pricing and Packaging Your BDR Service
eFolder Lunch, Three Secrets to Pricing and Packaging Your BDR Service
Dropbox
 
10 fn s15
10 fn s1510 fn s15
10 fn s15
Scott Foster
 

Contenu connexe

Tendances

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Nov Matake
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...
Mike Schwartz
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
Dan Usher
 

Tendances (20)

Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
 
ざっくり解説 LINE ログイン
ざっくり解説 LINE ログインざっくり解説 LINE ログイン
ざっくり解説 LINE ログイン
 
Incorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile appIncorporating OAuth: How to integrate OAuth into your mobile app
Incorporating OAuth: How to integrate OAuth into your mobile app
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
 

Similaire à Using Federation to Simplify Access to SharePoint, SaaS and Partner Applications

Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
Novell
 
Human Resources & IT: A Marriage Made in Heaven?
Human Resources & IT: A Marriage Made in Heaven?Human Resources & IT: A Marriage Made in Heaven?
Human Resources & IT: A Marriage Made in Heaven?
C/D/H Technology Consultants
 
Association Program Overview
Association Program OverviewAssociation Program Overview
Association Program Overview
sholcombe
 
Delivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made EasyDelivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made Easy
WSO2
 

Similaire à Using Federation to Simplify Access to SharePoint, SaaS and Partner Applications (20)

eFolder Lunch, Three Secrets to Pricing and Packaging Your BDR Service
eFolder Lunch, Three Secrets to Pricing and Packaging Your BDR ServiceeFolder Lunch, Three Secrets to Pricing and Packaging Your BDR Service
eFolder Lunch, Three Secrets to Pricing and Packaging Your BDR Service
 
10 fn s15
10 fn s1510 fn s15
10 fn s15
 
10 fn s15
10 fn s1510 fn s15
10 fn s15
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
 
Human Resources & IT: A Marriage Made in Heaven?
Human Resources & IT: A Marriage Made in Heaven?Human Resources & IT: A Marriage Made in Heaven?
Human Resources & IT: A Marriage Made in Heaven?
 
Lessons Learned: Novell Open Enterprise Server Upgrades Made Easy
Lessons Learned: Novell Open Enterprise Server Upgrades Made EasyLessons Learned: Novell Open Enterprise Server Upgrades Made Easy
Lessons Learned: Novell Open Enterprise Server Upgrades Made Easy
 
Association Program Overview
Association Program OverviewAssociation Program Overview
Association Program Overview
 
eFolder Corporate Overview
eFolder Corporate OvervieweFolder Corporate Overview
eFolder Corporate Overview
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
 
eFolder Webinar, Continuity Cloud Demo
eFolder Webinar, Continuity Cloud DemoeFolder Webinar, Continuity Cloud Demo
eFolder Webinar, Continuity Cloud Demo
 
Identity soup
Identity soupIdentity soup
Identity soup
 
Delivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made EasyDelivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made Easy
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identity
 
eFolder Lunch, Three Secrets to Pricing and Packaging Your BDR Service
eFolder Lunch, Three Secrets to Pricing and Packaging Your BDR ServiceeFolder Lunch, Three Secrets to Pricing and Packaging Your BDR Service
eFolder Lunch, Three Secrets to Pricing and Packaging Your BDR Service
 
SharePoint 2010 Managed Metadata vs SQL 2012 Master Data Services
SharePoint 2010 Managed Metadata vs SQL 2012 Master Data ServicesSharePoint 2010 Managed Metadata vs SQL 2012 Master Data Services
SharePoint 2010 Managed Metadata vs SQL 2012 Master Data Services
 
Sa202 Sn
Sa202 SnSa202 Sn
Sa202 Sn
 
eFolder Webinar: a Deep Dive Into Deduplication
eFolder Webinar: a Deep Dive Into DeduplicationeFolder Webinar: a Deep Dive Into Deduplication
eFolder Webinar: a Deep Dive Into Deduplication
 
Mobile Development Meets Semantic Technology
Mobile Development Meets Semantic TechnologyMobile Development Meets Semantic Technology
Mobile Development Meets Semantic Technology
 

Plus de Novell

Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2
Novell
 
Social media class 3
Social media class 3Social media class 3
Social media class 3
Novell
 
Social media class 2
Social media class 2Social media class 2
Social media class 2
Novell
 
Social media class 1
Social media class 1Social media class 1
Social media class 1
Novell
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2
Novell
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq final
Novell
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of Social
Novell
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding business
Novell
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Novell
 

Plus de Novell (20)

Filr white paper
Filr white paperFilr white paper
Filr white paper
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2
 
Social media class 3
Social media class 3Social media class 3
Social media class 3
 
Social media class 2
Social media class 2Social media class 2
Social media class 2
 
Social media class 1
Social media class 1Social media class 1
Social media class 1
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentation
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentation
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social media
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social media
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq final
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of Social
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the Cloud
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration Trends
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding business
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated Approach
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
 

Using Federation to Simplify Access to SharePoint, SaaS and Partner Applications

  • 1. Simplify Access to Microsoft SharePoint and SaaS Applications with Novell Access Manager ® ™ Lloyd Burch Distinguished Engineer Novell/lburch@novell.com Eduardo Barragan Senior Engineer Novacoast/ebarragan@novacoast.com
  • 2. Novell Access Manager ® ™ Federation Overview • What does Novell Access Manager Do? – Access Control to Protected Resources – Authentication > Name Password, X509, Smart Cards, Kerberos, Others – Federation > Liberty, SAML 1.x SAML 2.0, WS-Fed, CardSpace > Identity Provider (Builds Tokens) > Relying Party / Service Provider (Uses Tokens) > Manages Trust – SSL-VPN > Secure external access 2 © Novell, Inc. All rights reserved.
  • 3. Novell Access Manager ® ™ Federation Overview • What is Federation? – Established trust between two parties (IDP/SP) > How will IDP authenticate? > What claims/attributes can be exchanged? > What identifier will be used to identify user account at SP? > Is automatic provisioning of an account needed? – How does it work? > Administrator defined – IDP sends transparent authentication > User links accounts – Requests authentication > Open standards define the rules for how this is done > There can be many trusted providers or consumers of Identity 3 © Novell, Inc. All rights reserved.
  • 4. Simple Federated Identity ZZYZX Car Rental Identity Provider 2– Ge tA tte ste d Ide nti ty T oke n 3 – Set Token and Receive Service 1 – Request Service and Get Requirements ABC Travel Service 4 © Novell, Inc. All rights reserved.
  • 5. User-Driven Identity My Employer Identity My Hobby My Family Identity Identity - Novell claims this is LBurch - My Hobby Group claims this is Lloyd - My Family claims this is “Son of Dad” - Lloyd claims this is Me My Local Identity Login Request Web Service 5 © Novell, Inc. All rights reserved.
  • 6. Open Standards allow Interoperability Open Standard Open Standard Open Standard Open Standard 6 © Novell, Inc. All rights reserved.
  • 7. Achieving Cost Savings • Industry trends enabling Identity Federation – Open Standards support for identity – Multiple vendor support – Oasis and other standards bodies – Open Source reference code – Interoperability testing and certification – Lower cost – Partners can be added and removed quickly – Single store front from multiple vendors – Cost saving by sharing resources 7 © Novell, Inc. All rights reserved.
  • 8. The Cost of Interoperability as Partners Increase $25 $20 $15 $10 $5 $- 1 2 Openstandards 3 4 ProprietaryCode 8 © Novell, Inc. All rights reserved.
  • 9. Achieving the Vision • Industry trends enabling Identity Federation – The role of the firewall is changing – Outside partners, customers and employees have access – Applications must be protected from inside attacks – Firewalls are becoming identity aware – Increasing bandwidth for devices – Most devices are connected (work, home, mobile) 9 © Novell, Inc. All rights reserved.
  • 10. SharePoint and Novell Access Manager ® ™ • What are the components? • How do they work? • What is the value to the customer? 10 © Novell, Inc. All rights reserved.
  • 11. SharePoint and Novell Access Manager ® ™ • WS-Federation is used as the binding protocol to share identities • ADFS is the connecting point to Microsoft SharePoint • Access Manager is the connection point to multiple identity stores • Together single sign-on and shared identity works 11 © Novell, Inc. All rights reserved.
  • 12. SharePoint and Novell Access Manager ® ™ Novell Simplified Access to MS SharePoint Access eDirectory Manager “Employees” • User authenticates to Access Manager (Direct or Federated) • Access Manager can validate Identities across multiple Identity Stores as well as Active Directory federated authentication from partners “Business Units” using SAML, WS-Fed or Alliance • User access SharePoint Acess Manager transforms • Access Manager transforms LDAP and LDAP and Federated Identity into claims that are Federated forwarded to Active Directory Federation Identity into Sun One Services (ADFS) ADFS Claims “Customers” • SharePoint Administrator – Mr. Happy • Associates claim to SharePoint Groups • No need to manage individual identities for all users that need to SharePoint • Improved user experience • Single Sign-On to SharePoint and other web resources protected by Access Manager Microsoft Active Directory SharePoint “SharePoint” 12 © Novell, Inc. All rights reserved.
  • 13. SharePoint and Novell Access Manager ® ™ LDAP Novell Access Manager ADFS SharePoint Server Identity Server Windows Windows Legacy Novell Access Manager Webserver Gateway Internal User 13 © Novell, Inc. All rights reserved.
  • 14. SharePoint and Novell Access Manager ® ™ LDAP Novell Access Manager ADFS SharePoint Server Identity Server Windows Windows Step Step A B Legacy Novell Access Manager Webserver Gateway Internal User 14 © Novell, Inc. All rights reserved.
  • 15. SharePoint and Novell Access Manager ® ™ 15 © Novell, Inc. All rights reserved.
  • 16. SharePoint and Novell Access Manager ® ™ • Benefits to the customer – Novell Access Manager can validate identities across multiple identity stores as well as federated authentication from partners using SAML, WS-Federation or Liberty Alliance – Non Active Directory user can use SharePoint – SharePoint administrator does not need to manage individual identities for all users that need access to SharePoint – Single sign-on to SharePoint and other web resources protected by Novell Access Manager – Novell Access Manager policy can control SharePoint access via roles 16 © Novell, Inc. All rights reserved.
  • 17. Demonstration SharePoint and Novell Access Manager ® ™
  • 18. Force.com CRM and Novell Access Manager ® ™ • Just an example of SaaS vendors embracing industry standards like SAML 2.0 – Salesforce.com offers Federated and Delegated SSO > Federated is simple, based on SAML 2.0 HTTP-POST profile » You define NameID » You create Metadata » Easy with Access Manager > Delegated requires Web services to be setup and uses SOAP to authenticate » You host Web Service » SOAP call back – Delegated is not in scope of this presentation 18 © Novell, Inc. All rights reserved.
  • 19. SAML Terms (Security Assertion Markup Language) • Identity Provider (IDP) – Producer of assertions – Novell Access Manager ® ™ – Usually verifies credentials against LDAP • Service Provider (SP) – Consumer of assertions – Provides the application – SalesforceCRM is a cloud SP 19 © Novell, Inc. All rights reserved.
  • 20. SAML Terms (Security Assertion Markup Language) • Metadata “SAML profiles require agreements between system entities regarding identifiers, binding support and endpoints, certificates and keys, and so forth. A metadata specification is useful for describing this information in a standardized way” - http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf • Assertion (response) – Synonym to Claim – A trusted authentication – replaces password with COT • Name Identifier – NameID – How to refer to the subject – Many supported formats 20 © Novell, Inc. All rights reserved.
  • 21. SAML References Novell - http://www.novell.com/documentation/novellaccessmanager/index.html Wikipedia - http://en.wikipedia.org/wiki/SAML_2.0 – this is a good overview OASIS - http://saml.xml.org/saml-specifications and http://docs.oasis- open.org/security/saml/v2.0/– saml.xml.org – is the wiki for the OASIS group which maintains the SAML specifications. The link is to the specifications page. 21 © Novell, Inc. All rights reserved.
  • 22. Authentication Flow 22 © Novell, Inc. All rights reserved.
  • 23. Typical Three Step Process - COT 1. Circle or Trust • Metadata – Need to create SP metadata – Access Manager provides metadata • X.509 Certificates – SP does not provide certificate (you can create a self-signed cert) – IDP should always use SSL especially since this is HTTP-POST profile • End points which resolve via DNS 23 © Novell, Inc. All rights reserved.
  • 24. Typical Three Step Process - SP 2. Setup SP side first • Why? – The login URL contains specific data to handle NameID and Attribute names – e.q. https://login.salesforce.com/? saml=MgoTx78aEPXRoZ2hRrHg2wwl5GLiR0qVpDJYXG4e5wzM83LxYv4TgrzVZsOpNK76 ItidNdsqihgDsiG2horV_wCGmSN.N1pVNrfRKMIW0QwpMQyrV_QZw94y_TvXB08Jyhi9l32 PLM_RH3LQ== • Have your IDP certificate handy – Export the signing certificate public key, save in .der format 24 © Novell, Inc. All rights reserved.
  • 25. Typical Three Step Process – SP • Login to salesforce.com – ebarragan@novacoast.com - Admin user – Go to Setup > under Administration Setup – Select Security Controls > Single Sign-On Settings • Issuer – https://idpsrv.novacoast.com/nidp/saml2/metadata • Name ID format – urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified 25 © Novell, Inc. All rights reserved.
  • 26. SP Details Good Help Reference 26 © Novell, Inc. All rights reserved.
  • 27. SP Details 27 © Novell, Inc. All rights reserved.
  • 28. Typical Three Step Process - IDP 3. Setup IDP – Novell Access Manager ® ™ • Create Attribute Map 28 © Novell, Inc. All rights reserved.
  • 29. IDP Details • SP Metadata: <EntityDescriptor entityID="https://saml.salesforce.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"><SPSSODes criptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2. 0:protocol"><NameIDFormat>urn:oasis:names:tc:SAML:2.0: nameid- format:transient</NameIDFormat><AssertionConsumerServi ce index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP- POST" Location="https://login.salesforce.com/? saml=MgoTx78aEPXToZ2hRrHg2wwl5GLiR0qVpDJYXG4e5wzM83LxY v4TgrzVZsOpNK76ItidNdsqIhgDsi2horU_wCGmSM.N1pVNrfRKMIW 0QwpMQyrV_QZw94y_TvXB08Oyhi9l32PLM_RH3LQ=="/></SPSSODe scriptor></EntityDescriptor> 29 © Novell, Inc. All rights reserved.
  • 30. IDP Details Create Trusted Service Provider 30 © Novell, Inc. All rights reserved.
  • 31. IDP Details Configure Response 31 © Novell, Inc. All rights reserved.
  • 32. IDP Details Configure Target (Inter-site Transfer URL) https://idpsrv.novacoast.com/nidp/saml2/idpsend?PID=https://saml.salesforce.com TARGET=https://na7.salesforce.com/home/home.jsp 32 © Novell, Inc. All rights reserved.
  • 34. Google Apps and Novell Access Manager ® ™ • Very similar to force.com SSO setup – Have a look at Neil Cashell's Cool solution on the subject for details – http://www.novell.com/communities/node/8645/integrating- google-apps-and-novell-access-manager-using-saml2 34 © Novell, Inc. All rights reserved.
  • 35. Google Apps and Novell Access Manager ® ™ Same three step process 1 - Create COT – In this case, it's the same as previous process, the public key of the IDP's signing and encryption certificate is all that's required 2 - Configure SP – Everything you need for this page is in the IDP metadata > Login URL > Logout URL > Password management URL 3 - Configure IDP (Novell Access Manager) 35 © Novell, Inc. All rights reserved.
  • 36. Google Apps and Novell Access Manager ® ™ Main Points Use this metadata, but replace the “Location” attribute. It must contain your domain <EntityDescriptor entityID="google.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress </NameIDFormat> <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.google.com/a/domain/acs" /> </SPSSODescriptor> </EntityDescriptor> 36 © Novell, Inc. All rights reserved.
  • 37. Google Apps and Novell Access Manager ® ™ Main Points The Authentication Response is slightly different than force.com 37 © Novell, Inc. All rights reserved.
  • 38. Demonstration Google Apps and Novell Access Manager ® ™
  • 39.
  • 40. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.