SlideShare une entreprise Scribd logo

Federation Lab and OpenID Connect

Télécharger en tant que KEY, PDF
Andreas Åkre Solberg
Andreas Åkre Solberg

OpenID Connect test fascility Federation Lab. Presented at NorduNet 2012 in Oslo, Norway.

Technologie
1  sur  17
Andreas Åkre Solberg Roland Hedberg UNINETT AS Univ. Umeå Federation Lab and OpenID Connect NorduNet Conference Oslo, Norway, September 2012
Federation Lab ✤ Identity toolkit for testing, validation and debugging of Identity Software. ✤ Automated testing tool for increasing interoperability between providers and consumers with SAML and OpenID Connect. ✤ A GÉANT project (GN3 JRA3T2) in collaboration with Kantara Initiative and the OpenID community. OpenID Testing Commercial (Kantara Intitive) <-> Research and HE (GEANT) Established (SAML) <-> Emerging (OIC) Nordic collaboration (UNINETT and umu.se) Involved in standardization A very important reference implementation
Complex End-to-end Systems Many implementations This is a good thing! Many deployments Variying spec interpretion Really difficult Sub-set implementations to avoid this Interop issues Things stop working for end users. Who to blame? Who can fix it? ! - difficult question Things continues to not work Unhappy users We MUST avoid this, but how?
What causes interop issues ✤ Flexibility, too many options. Sub-set implementations. ✤ Deployment options ✤ Yet to be discovered software bugs ✤ Unclear specification ✤ Poor error handling ✤ Lack of feature negotiation or limited language (metadata) of expressing supported features
Postel’s Law «Be strict in what you send, but generous in what you receive» Postel's Law,1981, RFC793: TCP ✤ Will this increase interop? ✤ Interop issues less likely to be detected, and may easily pass matrix testing.
Typical Matrix Testing Test 4-5 products against each other Validate that it is possible to configure the products to work with each other. Product is certified. Does not really ensure interop in an actual deployment.
Profiling By being very excplitit on how to use the protocols, interoperability increases. saml2int
Automated Testing of SAML and OpenID Connect This is what we did with Federation Lab An automated client, simulates one entity whiles test the other. Consumer <-> Provider Performs about 100 different test flows, and focus on discovering things that goes wrong, rather than verifying that things may work. Real time testing with detailed feedback Test each provider, and present results. for debugging.
Federation Lab contains a set of useful debugging tools for encoding and decoding messages.
Automated testing of SAML Service Providers performs approx 80 test runs with various legal and illegal message flows to verify behaviour of software.
Automated testing of OpenID Connect Providers tests providers, and involves an innovative engine for working with human user interaction with login screens.
OpenID Connect Roland Hedberg Univ. Umeå
How to find the ‘key’?
Different solutions • SAML • Metadata • OpenID Connect • Dynamic discovery and registration
Flow differencies IdP AS 4 5 3 3 2 4 UA 6 OP UA 2 1 7 1 9 8 SP RP SAML OpenID Connect
Returning attributes • SAML • Static • Response contains 1-n assertions • OIC • Dynamic • Aggregated/distributed claims
Thanks for listening. Federation Lab (beta) http://openidtest.uninett.no

Recommandé

Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 
Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Alexandre (Shura) Iline
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
Full stack security
Full stack securityFull stack security
Full stack securityDPC Consulting Ltd
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.Kellton Tech Solutions Ltd
 

Recommandé

Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 
Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Alexandre (Shura) Iline
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
Full stack security
Full stack securityFull stack security
Full stack securityDPC Consulting Ltd
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.Kellton Tech Solutions Ltd
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2Rodrigo Cândido da Silva
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
Blockchain and Big Data/IoT
Blockchain and Big Data/IoTBlockchain and Big Data/IoT
Blockchain and Big Data/IoTEiji Sasahara, Ph.D., MBA 笹原英司
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeApigee | Google Cloud
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0Hakim El Hattab
 
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance
 
Six Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsSix Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsDavid De Roure
 
Transport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFTransport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFDeborah Porchivina
 
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian MeyerA Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyermfrancis
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Applitools
 
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...IRJET Journal
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity Software Ireland
 
Unit Testing Fundamentals
Unit Testing FundamentalsUnit Testing Fundamentals
Unit Testing FundamentalsRichard Paul
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing WorkshopNaresh Jain
 
Software Development Lifecycle Presentation
Software Development Lifecycle PresentationSoftware Development Lifecycle Presentation
Software Development Lifecycle Presentationssuser645e24
 
Writting Better Software
Writting Better SoftwareWritting Better Software
Writting Better Softwaresvilen.ivanov
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Open Mobile Alliance
 
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Susumu Tokumoto
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasKJR
 

Contenu connexe

En vedette

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2Rodrigo Cândido da Silva
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeApigee | Google Cloud
 

En vedette (7)

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID Connect
 
Blockchain and Big Data/IoT
Blockchain and Big Data/IoTBlockchain and Big Data/IoT
Blockchain and Big Data/IoT
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital Age
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0
 

Similaire à Federation Lab and OpenID Connect

Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance
 
Six Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsSix Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsDavid De Roure
 
Transport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFTransport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFDeborah Porchivina
 
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian MeyerA Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyermfrancis
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Applitools
 
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...IRJET Journal
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity Software Ireland
 
Unit Testing Fundamentals
Unit Testing FundamentalsUnit Testing Fundamentals
Unit Testing FundamentalsRichard Paul
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing WorkshopNaresh Jain
 
Software Development Lifecycle Presentation
Software Development Lifecycle PresentationSoftware Development Lifecycle Presentation
Software Development Lifecycle Presentationssuser645e24
 
Writting Better Software
Writting Better SoftwareWritting Better Software
Writting Better Softwaresvilen.ivanov
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Open Mobile Alliance
 
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Susumu Tokumoto
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasKJR
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3Ian McDonald
 
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...IRJET Journal
 
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)Takashi Torii
 
UNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing ServicesUNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing ServicesUNH InterOperability Lab
 
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringA Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringRaffi Khatchadourian
 

Similaire à Federation Lab and OpenID Connect (20)

Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
Pistoia Alliance European Conference 2015 - Gerhard Noelken / Allotrope Found...
 
Six Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower ScientistsSix Principles of Software Design to Empower Scientists
Six Principles of Software Design to Empower Scientists
 
Transport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIFTransport SDN Interoperability Program with OIF
Transport SDN Interoperability Program with OIF
 
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian MeyerA Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
A Fault Tolerance Concept for Distributed OSGi Applications - Fabian Meyer
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
 
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
Overview and Analysis of Automated Testing Tools: Ranorex, Test Complete, Se...
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and you
 
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
Curiosity and Sauce Labs present - When to stop testing: 3 dimensions of test...
 
Unit Testing Fundamentals
Unit Testing FundamentalsUnit Testing Fundamentals
Unit Testing Fundamentals
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing Workshop
 
Software Development Lifecycle Presentation
Software Development Lifecycle PresentationSoftware Development Lifecycle Presentation
Software Development Lifecycle Presentation
 
Writting Better Software
Writting Better SoftwareWritting Better Software
Writting Better Software
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
 
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
Semi-automatic Incompatibility Localization for Re-engineered Industrial Soft...
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael Palotas
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3
 
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
IRJET - A Valuable and Speculative Approach to Manage the Item Testing by usi...
 
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
Introduction of Okinawa Open Laboratory and it's activities (iPOP2015)
 
UNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing ServicesUNH-IOL Software Defined Netwokring (SDN) Testing Services
UNH-IOL Software Defined Netwokring (SDN) Testing Services
 
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated RefactoringA Tool for Optimizing Java 8 Stream Software via Automated Refactoring
A Tool for Optimizing Java 8 Stream Software via Automated Refactoring
 

Plus de Andreas Åkre Solberg

Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Andreas Åkre Solberg
 
Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Andreas Åkre Solberg
 
UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)Andreas Åkre Solberg
 
Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Andreas Åkre Solberg
 
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenNorsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenAndreas Åkre Solberg
 
Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Andreas Åkre Solberg
 

Plus de Andreas Åkre Solberg (20)

OpenID Connect Federation
OpenID Connect FederationOpenID Connect Federation
OpenID Connect Federation
 
Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017Dataporten for grunnopplæringa - Workshop September 2017
Dataporten for grunnopplæringa - Workshop September 2017
 
Dataporten Workshop
Dataporten WorkshopDataporten Workshop
Dataporten Workshop
 
Dataporten
DataportenDataporten
Dataporten
 
Dataporten for Sigma2, Hell
Dataporten for Sigma2, HellDataporten for Sigma2, Hell
Dataporten for Sigma2, Hell
 
Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)Dataporten intro (workshop with Difi)
Dataporten intro (workshop with Difi)
 
UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)UNINETT Feide Connect (Feide fagdag)
UNINETT Feide Connect (Feide fagdag)
 
Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)Connect (UNINETT-konferansen, Tromsø)
Connect (UNINETT-konferansen, Tromsø)
 
Connect (USIT)
Connect (USIT)Connect (USIT)
Connect (USIT)
 
Connect (Feide fagdag, Gardemoen)
Connect (Feide fagdag, Gardemoen)Connect (Feide fagdag, Gardemoen)
Connect (Feide fagdag, Gardemoen)
 
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyenNorsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
Norsk UH-sektor og økosystemer for identitet og integrasjoner i skyen
 
Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015Feide Connect – Standard Norge February 2015
Feide Connect – Standard Norge February 2015
 
Feide Connect SUHS 2014
Feide Connect SUHS 2014Feide Connect SUHS 2014
Feide Connect SUHS 2014
 
Feide Connect (NOKIOS 2014)
Feide Connect (NOKIOS 2014)Feide Connect (NOKIOS 2014)
Feide Connect (NOKIOS 2014)
 
Feide Connect TNC2014
Feide Connect TNC2014Feide Connect TNC2014
Feide Connect TNC2014
 
Feide connect tnc2014
Feide connect tnc2014Feide connect tnc2014
Feide connect tnc2014
 
SCIM and VOOT
SCIM and VOOTSCIM and VOOT
SCIM and VOOT
 
Feide Connect (IoU Fagdag)
Feide Connect (IoU Fagdag)Feide Connect (IoU Fagdag)
Feide Connect (IoU Fagdag)
 
Feide Connect
Feide ConnectFeide Connect
Feide Connect
 
Feide Connect
Feide ConnectFeide Connect
Feide Connect
 

Dernier

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 

Dernier (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

Federation Lab and OpenID Connect

  • 1. Andreas Åkre Solberg Roland Hedberg UNINETT AS Univ. Umeå Federation Lab and OpenID Connect NorduNet Conference Oslo, Norway, September 2012
  • 2. Federation Lab ✤ Identity toolkit for testing, validation and debugging of Identity Software. ✤ Automated testing tool for increasing interoperability between providers and consumers with SAML and OpenID Connect. ✤ A GÉANT project (GN3 JRA3T2) in collaboration with Kantara Initiative and the OpenID community. OpenID Testing Commercial (Kantara Intitive) <-> Research and HE (GEANT) Established (SAML) <-> Emerging (OIC) Nordic collaboration (UNINETT and umu.se) Involved in standardization A very important reference implementation
  • 3. Complex End-to-end Systems Many implementations This is a good thing! Many deployments Variying spec interpretion Really difficult Sub-set implementations to avoid this Interop issues Things stop working for end users. Who to blame? Who can fix it? ! - difficult question Things continues to not work Unhappy users We MUST avoid this, but how?
  • 4. What causes interop issues ✤ Flexibility, too many options. Sub-set implementations. ✤ Deployment options ✤ Yet to be discovered software bugs ✤ Unclear specification ✤ Poor error handling ✤ Lack of feature negotiation or limited language (metadata) of expressing supported features
  • 5. Postel’s Law «Be strict in what you send, but generous in what you receive» Postel's Law,1981, RFC793: TCP ✤ Will this increase interop? ✤ Interop issues less likely to be detected, and may easily pass matrix testing.
  • 6. Typical Matrix Testing Test 4-5 products against each other Validate that it is possible to configure the products to work with each other. Product is certified. Does not really ensure interop in an actual deployment.
  • 7. Profiling By being very excplitit on how to use the protocols, interoperability increases. saml2int
  • 8. Automated Testing of SAML and OpenID Connect This is what we did with Federation Lab An automated client, simulates one entity whiles test the other. Consumer <-> Provider Performs about 100 different test flows, and focus on discovering things that goes wrong, rather than verifying that things may work. Real time testing with detailed feedback Test each provider, and present results. for debugging.
  • 9. Federation Lab contains a set of useful debugging tools for encoding and decoding messages.
  • 10. Automated testing of SAML Service Providers performs approx 80 test runs with various legal and illegal message flows to verify behaviour of software.
  • 11. Automated testing of OpenID Connect Providers tests providers, and involves an innovative engine for working with human user interaction with login screens.
  • 12. OpenID Connect Roland Hedberg Univ. Umeå
  • 13. How to find the ‘key’?
  • 14. Different solutions • SAML • Metadata • OpenID Connect • Dynamic discovery and registration
  • 15. Flow differencies IdP AS 4 5 3 3 2 4 UA 6 OP UA 2 1 7 1 9 8 SP RP SAML OpenID Connect
  • 16. Returning attributes • SAML • Static • Response contains 1-n assertions • OIC • Dynamic • Aggregated/distributed claims
  • 17. Thanks for listening. Federation Lab (beta) http://openidtest.uninett.no

Notes de l'éditeur

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n