SlideShare ist ein Scribd-Unternehmen logo

2010 - Fédération des identités et OpenID

Cyber Security Alliance
Cyber Security Alliance

OpenID: comment ça marche ? Comment intégrer votre application Web avec OpenID ? C'est quoi SAML ? Cloud Application (Googles Docs, Sales Forces) OpenID vs SAML La fédération d'identités SuisseID: Le point sur le projet de la confédération Authentication as a service (AaaS) OpenID en Suisse avec l'IDP Clavid

Technologie
1 von 43
Downloaden Sie, um offline zu lesen
OpenID & SAML, OpenID & SAML OpenID & SAML, SAML OpenID & Identity Federation, SuisseID Identity Federation, SuisseID Strong Authentication ServiceZukunft StrongSign-On Konzepte mit Single Authentication Service Single-Sign-on Concepts with Future & Geneva Application Security Forum 2010 March 4th 2010 Robert Ott, Master of Science (Honors), CFO Robert Ott Fredi Weideli, Master of Computer Science, CTO clavidOpenID Representative Switzerland - ag, Zug 5180 CFO, Clavid AG, Switzerland -
Agenda • SECTION 1 OpenID - What is it? How does it work? Integration? • SECTION 2 SAML - What is it? How does it work? • SECTION 3 Identity Federation • SECTION 4 A Word on SuisseID • SECTION 5 Strong Authentication as a Service • SECTION 6 Further Links / Conclusion / Q&A Geneva Application Security Forum 2010, March 4th 2010 Page 2
SECTION 1 SECTION 1 OpenID > What is it? > How does it work? > How to integrate? Geneva Application Security Forum 2010, March 4th 2010 Page 3
OpenID - What is it? > Internet SingleSignOn > Free Choice of Identity Provider > Relatively Simple Protocol > No License Fee > User-Centric Identity Management > Independent of Identification Methods > Internet Scalable > Non-Profit Organization Geneva Application Security Forum 2010, March 4th 2010 Page 4
OpenID - How does it work? User Hans Muster (Domain: www.iid.ch) AUTHENTICATION Identity Provider e.g. clavid.ch hans.muster.iid.ch Identity URL OpenID=hans.muster.iid.ch e.g. hans.muster.iid.ch Enabled Service Geneva Application Security Forum 2010, March 4th 2010 Page 5
OpenID - How does it work? User Hans Muster 3 4, 4a Identity Provider e.g. clavid.com hans.muster.clavid.com 5 6 1 2 Identity URL Caption https://hans.muster.clavid.com 1. User enters OpenID 2. Discovery 3. Authentication 4. Approval 4a. Change Attributes 5. Send Attributes 6. Validation Enabled Service Geneva Application Security Forum 2010, March 4th 2010 Page 6
OpenID - How does it work? Step 1: A user decides to use a personalized Internet Service supporting OpenID (e.g. local.ch). The user clicks on „Login using OpenID“ and enters its OpenID (e.g. hans.muster.iid.ch). Step 2: The requested Internet Service converts the OpenID into an URL (http://hans.muster.iid.ch) and requests this URL in order to receive the Identity Provider of the user. Step 2a: In this example, the user has delegated its OpenID to the Identity Provider clavid.ch. Step 3: The Identity Provider provides possible authentication methods for that specific user (in this case “Password”). Having successfully authenticated, the next step (approval) is initiated. Step 4: The user decides on the values of the requested attributes to be provided to the Internet Service. The Identity Provider usually provides user specific Personas (attribute templates) to assist the user in this approval process. Step 4a: At this point, the user may decide to change attribute values and store them on the Identity Provider for future approvals for that specific service. Thus, a user can automate future approvals for specific Internet Services. Step 5, 6: The attribute values are then signed and communicated from the Identity Provider to the Internet Service. The Internet Service validates the signature of the provided attributes and finally accepts the user to be authenticated. Geneva Application Security Forum 2010, March 4th 2010 Page 7
OpenID - How does it work? Geneva Application Security Forum 2010, March 4th 2010 Page 8
OpenID - How does it work? Geneva Application Security Forum 2010, March 4th 2010 Page 9
OpenID - User Centric Identity Management TOMORROW ? FUTURE ? TODAY OpenID Provider Username Username Password Password Username Username Password Password Geneva Application Security Forum 2010, March 4th 2010 Page 10
OpenID - How to Integrate? Assumptions concerning your current Site • Users sign in with their username and password • There is a form, where new users have to register • Each user is identified by a unique ID in your database • A settings page let users manage their account info Recipe • Extend the database to map the OpenIDs to the user IDs • Extend the registration page with an OpenID input field • Extend the sign in page with an OpenID input field • Extend the settings page to attach and detach openIDs Geneva Application Security Forum 2010, March 4th 2010 Page 11
OpenID - How to Integrate? Ingredients • A OpenID Consumer Library • The Standard OpenID Logos • An OpenID Provider to test your site with Geneva Application Security Forum 2010, March 4th 2010 Page 12
OpenID - How to Integrate? OpenID Libraries Language Library C# DotNetOpenId, ExtremeSwank C++ Libopkele Java NetMesh InfoGrid LID, OpenID4Java, joid Perl Net::OpenID, OpenID4Perl Python JanRain Ruby JanRain, Heraldry PHP Jan Rain, Zend Framework OpenID Component, Saeven.net's JanRain Service Utility Class, Taral, Simple Class, sfOpenIDPlugin, CakePHP, EasyOpenID, OpenID For PHP, AuthOpenID Snippet Coldfusion CFKit OpenID, CFOpenID, OpenID CFC Apache 2 mod_auth_openid Geneva Application Security Forum 2010, March 4th 2010 Page 13
SECTION 2 SECTION 2 SAML >What is it? >How does it work? Geneva Application Security Forum 2010, March 4th 2010 Page 14
SAML – What is it? SAML (Security Assertion Markup Language): > Defined by the Oasis Group > Well and Academically Designed Specification > Uses XML Syntax > Used for Authentication & Authorization > SAML Assertions > Statements: Authentication, Attribute, Authorization > SAML Protocols > Queries: Authentication, Artifact, Name Identifier Mapping, etc. > SAML Bindings > SOAP, Reverse-SOAP, HTTP-Get, HTTP-Post, HTTP-Artifact > SAML Profiles > Web Browser SingleSignOn Profile, Identity Provider Discovery Profile, Assertion Query / Request Profile, Attribute Profile Geneva Application Security Forum 2010, March 4th 2010 Page 15
SAML – How does it work? User Hans Muster AUTHENTICATION Redirect with Identity Provider <Response> Redirect with e.g. clavid.ch (signed Assertion) <AuthnRequest> Access Resource Enabled Service e.g. Google Apps for Business Geneva Application Security Forum 2010, March 4th 2010 Page 16
SAML – How does it work? User Hans Muster 3 2 4 Identity Provider e.g. clavid.ch 4 2 1 6 Enabled Service e.g. Google Apps for Business Geneva Application Security Forum 2010, March 4th 2010 Page 17
SAML – How does it work? Step 1: A user decides to use a personalized Internet Service connected to a SAML based Identity provider (e.g. Google Business Application Calendar). Step 2: The Internet Service recognizes that the user is not logged in yet. A SAML <AuthnRequest> is created and sent via redirect to the Identity Provider. Step 3: The Identity Provider provides possible authentication methods for that specific user (in this case “YubiKey” OTP). Having successfully authenticated, the next step is initiated. Step 4: The Identity Provider creates a SAML <Response> containing the user’s identifier for the specific target application. Then it signs the SAML <Response> and sends it via a Post- Redirect to the Internet Services (e.g. Google Calendar) Step 5: The Internet Service (e.g. Google Apps) verifies the signature of the SAML <Response> and now knows the user’s identifier provided by the Identity Provider. Step 6: The Internet Service can now be used by the user. Geneva Application Security Forum 2010, March 4th 2010 Page 18
SAML – How does it work? 1) Call Application URL 3) Application Usage 2) Login Geneva Application Security Forum 2010, March 4th 2010 Page 19
SECTION 3 SECTION 3 Identity Federation Geneva Application Security Forum 2010, March 4th 2010 Page 20
B2B Identity Federation - The Protocol Problem Company A Intranet Internet Service A Travel Proprietary Token Ticket Shop https Internet Service B OpenID Document Management SAML 1.0 Internet Service C Personal Recruting SAML 2.0 SaaS Applications Geneva Application Security Forum 2010, March 4th 2010 Page 21
B2B Identity Federation - The Protocol Mess Company A Intranet Internet Service A Proprietary Token OpenID Travel Ticket Shop SAML 1.0 https Internet Service B SAML 2.0 Company B Document Management Intranet Proprietary Token OpenID Internet Service C SAML 1.0 Personal https SAML 2.0 Recruting Company C Proprietary Token SaaS Applications Intranet OpenID SAML 1.0 https SAML 2.0 Geneva Application Security Forum 2010, March 4th 2010 Page 22
B2B Identity Federation - The Protocol Solution Company A Intranet Internet Service A Travel Ticket Shop https Internet Service B Internet Identity Provider Proprietary Token Company B Proprietary Token Document Identity Mapping Management Intranet OpenID One Time Passw. (OTP) Internet SSO Internet Service C Biometric (AXSioncs) Mobile Phone (SMS) eID (Identity Card) OpenID SAML 1.0 Personal https SSL Certificates Recruting Internet SSO Company C SAML 2.0 SAML 2.0 SaaS Applications https Intranet https Geneva Application Security Forum 2010, March 4th 2010 Page 23
B2B Identity Federation - The Protocol Solution Company A Company B Intranet Intranet https https Internet Identity Provider Proprietary Token SAML 1.0 Company C Identity Federation Intranet One Time Passw. (OTP) Internet SSO Internet SSO Biometric (AXSioncs) Mobile Phone (SMS) eID (Identity Card) SAML 2.0 https SSL Certificates https https Geneva Application Security Forum 2010, March 4th 2010 Page 24
SECTION 4 SECTION 4 A Word on SuisseID Geneva Application Security Forum 2010, March 4th 2010 Page 25
A Word On SuisseID • SuisseID is currently in Early Draft Specification Phase • SuisseID should be available for public in spring 2010 • SuisseID cost will be refunded by the Government in 2010 • SuisseID will most probably be: – A signature certificate – An authentication certificate – All certificates conform to ZertES – Certificates contain a unique SuisseID number – An Identity Provider Services for attribute exchange • Eligible SuisseID certificate service providers will be: – Swiss Post (SwissSign), Swisscom, QuiVadis, Swiss Government Geneva Application Security Forum 2010, March 4th 2010 Page 26
A Word On SuisseID Geneva Application Security Forum 2010, March 4th 2010 Page 27
SECTION 5 SECTION 5 Strong Authentication as a Service Geneva Application Security Forum 2010, March 4th 2010 Page 28
OpenID - International Identity Providers Username/Password Certificates Biometric OTP Geneva Application Security Forum 2010, March 4th 2010 Page 29
Clavid Portal for Strong Authentication Geneva Application Security Forum 2010, March 4th 2010 Page 30
Clavid Portal - AXSionics Geneva Application Security Forum 2010, March 4th 2010 Page 31
Clavid Portal - Yubikey Geneva Application Security Forum 2010, March 4th 2010 Page 32
Clavid Portal - Certificates Geneva Application Security Forum 2010, March 4th 2010 Page 33
Clavid Portal - One Time Password OTP Methods: • OATH HOTP (RFC4226) • Challenge/Response (RFC2289) • Mobile OTP (OpenSource Project) • SMS • ... others ... Geneva Application Security Forum 2010, March 4th 2010 Page 34
Clavid Portal - Personas Geneva Application Security Forum 2010, March 4th 2010 Page 35
Clavid Portal - Login Settings Geneva Application Security Forum 2010, March 4th 2010 Page 36
Clavid Login Dialog Geneva Application Security Forum 2010, March 4th 2010 Page 37
SECTION 6 SECTION 6 Conclusion >Further References >Questions & Answers >Contact Information Geneva Application Security Forum 2010, March 4th 2010 Page 38
Further Links: on OpenID OpenID Identity Providers can be found at: > http://en.wikipedia.org/wiki/OpenID > http://en.wikipedia.org/wiki/List_of_OpenID_providers > http://www.openiddirectory.com/openid-providers-c-1.html > http://www.clavid.com/ (Strong Authentication in Europe) Geneva Application Security Forum 2010, March 4th 2010 Page 39
Conclusion > OpenID: An open, well documented specification allowing Internet Single Sign-On (SSO) for individual “Public Services” (B2C) > SAML: Trust based Internet and Intranet Single Sign-On for Business Services (B2B) > Professional Identity Providers already in place > User Centric Identity Management already integrated > Join OpenID Switzerland in order to increase the OpenID momentum > Enable your Internet Services to support OpenID or SAML !!! Geneva Application Security Forum 2010, March 4th 2010 Page 40
Demo > SAML-Login to Google Business Apps using AXSionics Fingerprint > SAML-Login to Salesforce.com using YubiKey OTP > OpenID login to local.ch using Swiss PostZertifikat > Online Identity Administration (Clavid Portal) Geneva Application Security Forum 2010, March 4th 2010 Page 41
Questions & Answers Geneva Application Security Forum 2010, March 4th 2010 Page 42
Contact Information Geneva Application Security Forum 2010, March 4th 2010 Page 43

Empfohlen

An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenIDMax Manders
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
Dependency injection
Dependency injectionDependency injection
Dependency injectionChester Hartin
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
Erp
ErpErp
ErpAndrew Baird
 
JUCUM Urbano PR - marzo - julio 2015 / Urban YWAM PR - march - july 2015
JUCUM Urbano PR - marzo - julio 2015 / Urban YWAM PR - march - july 2015JUCUM Urbano PR - marzo - julio 2015 / Urban YWAM PR - march - july 2015
JUCUM Urbano PR - marzo - julio 2015 / Urban YWAM PR - march - july 2015Yeidy Fonseca
 
Integracion Sistemas 9000 166002
Integracion Sistemas 9000 166002Integracion Sistemas 9000 166002
Integracion Sistemas 9000 166002Victor Gomez Romero
 

Empfohlen

An Introduction to OpenID
An Introduction to OpenIDAn Introduction to OpenID
An Introduction to OpenIDMax Manders
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
Dependency injection
Dependency injectionDependency injection
Dependency injectionChester Hartin
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
Erp
ErpErp
ErpAndrew Baird
 
JUCUM Urbano PR - marzo - julio 2015 / Urban YWAM PR - march - july 2015
JUCUM Urbano PR - marzo - julio 2015 / Urban YWAM PR - march - july 2015JUCUM Urbano PR - marzo - julio 2015 / Urban YWAM PR - march - july 2015
JUCUM Urbano PR - marzo - julio 2015 / Urban YWAM PR - march - july 2015Yeidy Fonseca
 
Integracion Sistemas 9000 166002
Integracion Sistemas 9000 166002Integracion Sistemas 9000 166002
Integracion Sistemas 9000 166002Victor Gomez Romero
 
Instalación de una plataforma educativa en redes sociales Ning (docentes)
Instalación de una plataforma educativa en redes sociales Ning (docentes)Instalación de una plataforma educativa en redes sociales Ning (docentes)
Instalación de una plataforma educativa en redes sociales Ning (docentes)talleres_ning
 
Gary EFSI Reg Perm
Gary EFSI Reg PermGary EFSI Reg Perm
Gary EFSI Reg PermKaren Crampton
 
Khmer
KhmerKhmer
KhmerDivesh Kumar Bhatt
 
Olivos 50º aniversario
Olivos 50º aniversarioOlivos 50º aniversario
Olivos 50º aniversarioCentroCulturaleItaliano
 
Magno Wooden Radio Persentation
Magno Wooden Radio PersentationMagno Wooden Radio Persentation
Magno Wooden Radio PersentationYusuf Habibi
 
Recursos de la red
Recursos de la redRecursos de la red
Recursos de la redlupe245
 
CV_Nov 2014
CV_Nov 2014CV_Nov 2014
CV_Nov 2014John Letchford
 
Reflexiones en torno a la imagen problemática de un hombre negro en una insti...
Reflexiones en torno a la imagen problemática de un hombre negro en una insti...Reflexiones en torno a la imagen problemática de un hombre negro en una insti...
Reflexiones en torno a la imagen problemática de un hombre negro en una insti...Álex Hincapié
 
Istanbul power point endversion
Istanbul power point endversionIstanbul power point endversion
Istanbul power point endversionManuela Pregesbauer
 
job and career at IAA Nutzfahrzeuge preview
job and career at IAA Nutzfahrzeuge previewjob and career at IAA Nutzfahrzeuge preview
job and career at IAA Nutzfahrzeuge previewspring Messe Management GmbH
 
Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...
Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...
Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...Swiss Academy for Development
 
Ecocert Productos Órganicos
Ecocert Productos ÓrganicosEcocert Productos Órganicos
Ecocert Productos ÓrganicosVanessa G. Barragán
 
La Metrología 11-1
La Metrología 11-1La Metrología 11-1
La Metrología 11-1Johan Ardila
 
Webinar: Successfully manage processes
Webinar: Successfully manage processesWebinar: Successfully manage processes
Webinar: Successfully manage processesVigience_QuiXilver
 
Webjam Top Tipsheet
Webjam Top TipsheetWebjam Top Tipsheet
Webjam Top TipsheetWebjamMark2
 
Blacksmith Institute
Blacksmith InstituteBlacksmith Institute
Blacksmith InstituteESTHHUB
 
Tríptico Acción49
Tríptico Acción49Tríptico Acción49
Tríptico Acción49Paloma Lemonche
 
G3 sp
G3 spG3 sp
G3 spAlexis Oliveros Lozano
 
Plan de clase
Plan de clasePlan de clase
Plan de claselizm234
 
Review on OpenID Authentication Framework
Review on OpenID Authentication FrameworkReview on OpenID Authentication Framework
Review on OpenID Authentication Frameworkijsrd.com
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID TutorialsNao Haida
 
OpenID and OAuth
OpenID and OAuthOpenID and OAuth
OpenID and OAuthAndrea Chiodoni
 

Weitere ähnliche Inhalte

Andere mochten auch

Instalación de una plataforma educativa en redes sociales Ning (docentes)
Instalación de una plataforma educativa en redes sociales Ning (docentes)Instalación de una plataforma educativa en redes sociales Ning (docentes)
Instalación de una plataforma educativa en redes sociales Ning (docentes)talleres_ning
 
Magno Wooden Radio Persentation
Magno Wooden Radio PersentationMagno Wooden Radio Persentation
Magno Wooden Radio PersentationYusuf Habibi
 
Recursos de la red
Recursos de la redRecursos de la red
Recursos de la redlupe245
 
Reflexiones en torno a la imagen problemática de un hombre negro en una insti...
Reflexiones en torno a la imagen problemática de un hombre negro en una insti...Reflexiones en torno a la imagen problemática de un hombre negro en una insti...
Reflexiones en torno a la imagen problemática de un hombre negro en una insti...Álex Hincapié
 
Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...
Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...
Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...Swiss Academy for Development
 
La Metrología 11-1
La Metrología 11-1La Metrología 11-1
La Metrología 11-1Johan Ardila
 
Webinar: Successfully manage processes
Webinar: Successfully manage processesWebinar: Successfully manage processes
Webinar: Successfully manage processesVigience_QuiXilver
 
Webjam Top Tipsheet
Webjam Top TipsheetWebjam Top Tipsheet
Webjam Top TipsheetWebjamMark2
 
Blacksmith Institute
Blacksmith InstituteBlacksmith Institute
Blacksmith InstituteESTHHUB
 
Plan de clase
Plan de clasePlan de clase
Plan de claselizm234
 

Andere mochten auch (19)

Instalación de una plataforma educativa en redes sociales Ning (docentes)
Instalación de una plataforma educativa en redes sociales Ning (docentes)Instalación de una plataforma educativa en redes sociales Ning (docentes)
Instalación de una plataforma educativa en redes sociales Ning (docentes)
 
Gary EFSI Reg Perm
Gary EFSI Reg PermGary EFSI Reg Perm
Gary EFSI Reg Perm
 
Khmer
KhmerKhmer
Khmer
 
Olivos 50º aniversario
Olivos 50º aniversarioOlivos 50º aniversario
Olivos 50º aniversario
 
Magno Wooden Radio Persentation
Magno Wooden Radio PersentationMagno Wooden Radio Persentation
Magno Wooden Radio Persentation
 
Recursos de la red
Recursos de la redRecursos de la red
Recursos de la red
 
CV_Nov 2014
CV_Nov 2014CV_Nov 2014
CV_Nov 2014
 
Reflexiones en torno a la imagen problemática de un hombre negro en una insti...
Reflexiones en torno a la imagen problemática de un hombre negro en una insti...Reflexiones en torno a la imagen problemática de un hombre negro en una insti...
Reflexiones en torno a la imagen problemática de un hombre negro en una insti...
 
Istanbul power point endversion
Istanbul power point endversionIstanbul power point endversion
Istanbul power point endversion
 
job and career at IAA Nutzfahrzeuge preview
job and career at IAA Nutzfahrzeuge previewjob and career at IAA Nutzfahrzeuge preview
job and career at IAA Nutzfahrzeuge preview
 
Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...
Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...
Workshop zu interkultureller Kommunikation / Workshop on intercultural commun...
 
Ecocert Productos Órganicos
Ecocert Productos ÓrganicosEcocert Productos Órganicos
Ecocert Productos Órganicos
 
La Metrología 11-1
La Metrología 11-1La Metrología 11-1
La Metrología 11-1
 
Webinar: Successfully manage processes
Webinar: Successfully manage processesWebinar: Successfully manage processes
Webinar: Successfully manage processes
 
Webjam Top Tipsheet
Webjam Top TipsheetWebjam Top Tipsheet
Webjam Top Tipsheet
 
Blacksmith Institute
Blacksmith InstituteBlacksmith Institute
Blacksmith Institute
 
Tríptico Acción49
Tríptico Acción49Tríptico Acción49
Tríptico Acción49
 
G3 sp
G3 spG3 sp
G3 sp
 
Plan de clase
Plan de clasePlan de clase
Plan de clase
 

Ähnlich wie 2010 - Fédération des identités et OpenID

Review on OpenID Authentication Framework
Review on OpenID Authentication FrameworkReview on OpenID Authentication Framework
Review on OpenID Authentication Frameworkijsrd.com
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID TutorialsNao Haida
 
Implementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteImplementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteDavid Keener
 
Securing your digital identity with drupal
Securing your digital identity with drupalSecuring your digital identity with drupal
Securing your digital identity with drupalmysty
 
OpenID Progress EEMA Conference
OpenID Progress EEMA ConferenceOpenID Progress EEMA Conference
OpenID Progress EEMA Conferenceevidos
 
Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)teoli2003
 
OpenID and decentralised social networks
OpenID and decentralised social networksOpenID and decentralised social networks
OpenID and decentralised social networksSimon Willison
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity WSO2
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationJustin Richer
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationSylvain Maret
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
Authenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isAuthenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isH Mohammed Rajjaz
 
Authenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity ServerAuthenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity ServerRajendram Kathees
 

Ähnlich wie 2010 - Fédération des identités et OpenID (20)

Review on OpenID Authentication Framework
Review on OpenID Authentication FrameworkReview on OpenID Authentication Framework
Review on OpenID Authentication Framework
 
OpenID Tutorials
OpenID TutorialsOpenID Tutorials
OpenID Tutorials
 
OpenID and OAuth
OpenID and OAuthOpenID and OAuth
OpenID and OAuth
 
Implementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteImplementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking Site
 
Openid+Opensocial
Openid+OpensocialOpenid+Opensocial
Openid+Opensocial
 
Securing your digital identity with drupal
Securing your digital identity with drupalSecuring your digital identity with drupal
Securing your digital identity with drupal
 
OpenID Progress EEMA Conference
OpenID Progress EEMA ConferenceOpenID Progress EEMA Conference
OpenID Progress EEMA Conference
 
Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
Mozilla BrowserID/Persona (2012 MDN Hack Day LDN)
 
OpenID and decentralised social networks
OpenID and decentralised social networksOpenID and decentralised social networks
OpenID and decentralised social networks
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity
 
Open ID
Open IDOpen ID
Open ID
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016
 
Lecture 20101124
Lecture 20101124Lecture 20101124
Lecture 20101124
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
Authenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isAuthenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 is
 
Authenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity ServerAuthenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity Server
 

Mehr von Cyber Security Alliance

Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Cyber Security Alliance
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itCyber Security Alliance
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksCyber Security Alliance
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCyber Security Alliance
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsCyber Security Alliance
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacksCyber Security Alliance
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fCyber Security Alliance
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...Cyber Security Alliance
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureCyber Security Alliance
 

Mehr von Cyber Security Alliance (20)

Bug Bounty @ Swisscom
Bug Bounty @ SwisscomBug Bounty @ Swisscom
Bug Bounty @ Swisscom
 
Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacks
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomware
 
Blockchain for Beginners
Blockchain for Beginners Blockchain for Beginners
Blockchain for Beginners
 
Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging apps
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacks
 
Rump : iOS patch diffing
Rump : iOS patch diffingRump : iOS patch diffing
Rump : iOS patch diffing
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented feature
 
Rump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabriceRump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabrice
 
Operation emmental appsec
Operation emmental appsecOperation emmental appsec
Operation emmental appsec
 

Kürzlich hochgeladen

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Kürzlich hochgeladen (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

2010 - Fédération des identités et OpenID

  • 1. OpenID & SAML, OpenID & SAML OpenID & SAML, SAML OpenID & Identity Federation, SuisseID Identity Federation, SuisseID Strong Authentication ServiceZukunft StrongSign-On Konzepte mit Single Authentication Service Single-Sign-on Concepts with Future & Geneva Application Security Forum 2010 March 4th 2010 Robert Ott, Master of Science (Honors), CFO Robert Ott Fredi Weideli, Master of Computer Science, CTO clavidOpenID Representative Switzerland - ag, Zug 5180 CFO, Clavid AG, Switzerland -
  • 2. Agenda • SECTION 1 OpenID - What is it? How does it work? Integration? • SECTION 2 SAML - What is it? How does it work? • SECTION 3 Identity Federation • SECTION 4 A Word on SuisseID • SECTION 5 Strong Authentication as a Service • SECTION 6 Further Links / Conclusion / Q&A Geneva Application Security Forum 2010, March 4th 2010 Page 2
  • 3. SECTION 1 SECTION 1 OpenID > What is it? > How does it work? > How to integrate? Geneva Application Security Forum 2010, March 4th 2010 Page 3
  • 4. OpenID - What is it? > Internet SingleSignOn > Free Choice of Identity Provider > Relatively Simple Protocol > No License Fee > User-Centric Identity Management > Independent of Identification Methods > Internet Scalable > Non-Profit Organization Geneva Application Security Forum 2010, March 4th 2010 Page 4
  • 5. OpenID - How does it work? User Hans Muster (Domain: www.iid.ch) AUTHENTICATION Identity Provider e.g. clavid.ch hans.muster.iid.ch Identity URL OpenID=hans.muster.iid.ch e.g. hans.muster.iid.ch Enabled Service Geneva Application Security Forum 2010, March 4th 2010 Page 5
  • 6. OpenID - How does it work? User Hans Muster 3 4, 4a Identity Provider e.g. clavid.com hans.muster.clavid.com 5 6 1 2 Identity URL Caption https://hans.muster.clavid.com 1. User enters OpenID 2. Discovery 3. Authentication 4. Approval 4a. Change Attributes 5. Send Attributes 6. Validation Enabled Service Geneva Application Security Forum 2010, March 4th 2010 Page 6
  • 7. OpenID - How does it work? Step 1: A user decides to use a personalized Internet Service supporting OpenID (e.g. local.ch). The user clicks on „Login using OpenID“ and enters its OpenID (e.g. hans.muster.iid.ch). Step 2: The requested Internet Service converts the OpenID into an URL (http://hans.muster.iid.ch) and requests this URL in order to receive the Identity Provider of the user. Step 2a: In this example, the user has delegated its OpenID to the Identity Provider clavid.ch. Step 3: The Identity Provider provides possible authentication methods for that specific user (in this case “Password”). Having successfully authenticated, the next step (approval) is initiated. Step 4: The user decides on the values of the requested attributes to be provided to the Internet Service. The Identity Provider usually provides user specific Personas (attribute templates) to assist the user in this approval process. Step 4a: At this point, the user may decide to change attribute values and store them on the Identity Provider for future approvals for that specific service. Thus, a user can automate future approvals for specific Internet Services. Step 5, 6: The attribute values are then signed and communicated from the Identity Provider to the Internet Service. The Internet Service validates the signature of the provided attributes and finally accepts the user to be authenticated. Geneva Application Security Forum 2010, March 4th 2010 Page 7
  • 8. OpenID - How does it work? Geneva Application Security Forum 2010, March 4th 2010 Page 8
  • 9. OpenID - How does it work? Geneva Application Security Forum 2010, March 4th 2010 Page 9
  • 10. OpenID - User Centric Identity Management TOMORROW ? FUTURE ? TODAY OpenID Provider Username Username Password Password Username Username Password Password Geneva Application Security Forum 2010, March 4th 2010 Page 10
  • 11. OpenID - How to Integrate? Assumptions concerning your current Site • Users sign in with their username and password • There is a form, where new users have to register • Each user is identified by a unique ID in your database • A settings page let users manage their account info Recipe • Extend the database to map the OpenIDs to the user IDs • Extend the registration page with an OpenID input field • Extend the sign in page with an OpenID input field • Extend the settings page to attach and detach openIDs Geneva Application Security Forum 2010, March 4th 2010 Page 11
  • 12. OpenID - How to Integrate? Ingredients • A OpenID Consumer Library • The Standard OpenID Logos • An OpenID Provider to test your site with Geneva Application Security Forum 2010, March 4th 2010 Page 12
  • 13. OpenID - How to Integrate? OpenID Libraries Language Library C# DotNetOpenId, ExtremeSwank C++ Libopkele Java NetMesh InfoGrid LID, OpenID4Java, joid Perl Net::OpenID, OpenID4Perl Python JanRain Ruby JanRain, Heraldry PHP Jan Rain, Zend Framework OpenID Component, Saeven.net's JanRain Service Utility Class, Taral, Simple Class, sfOpenIDPlugin, CakePHP, EasyOpenID, OpenID For PHP, AuthOpenID Snippet Coldfusion CFKit OpenID, CFOpenID, OpenID CFC Apache 2 mod_auth_openid Geneva Application Security Forum 2010, March 4th 2010 Page 13
  • 14. SECTION 2 SECTION 2 SAML >What is it? >How does it work? Geneva Application Security Forum 2010, March 4th 2010 Page 14
  • 15. SAML – What is it? SAML (Security Assertion Markup Language): > Defined by the Oasis Group > Well and Academically Designed Specification > Uses XML Syntax > Used for Authentication & Authorization > SAML Assertions > Statements: Authentication, Attribute, Authorization > SAML Protocols > Queries: Authentication, Artifact, Name Identifier Mapping, etc. > SAML Bindings > SOAP, Reverse-SOAP, HTTP-Get, HTTP-Post, HTTP-Artifact > SAML Profiles > Web Browser SingleSignOn Profile, Identity Provider Discovery Profile, Assertion Query / Request Profile, Attribute Profile Geneva Application Security Forum 2010, March 4th 2010 Page 15
  • 16. SAML – How does it work? User Hans Muster AUTHENTICATION Redirect with Identity Provider <Response> Redirect with e.g. clavid.ch (signed Assertion) <AuthnRequest> Access Resource Enabled Service e.g. Google Apps for Business Geneva Application Security Forum 2010, March 4th 2010 Page 16
  • 17. SAML – How does it work? User Hans Muster 3 2 4 Identity Provider e.g. clavid.ch 4 2 1 6 Enabled Service e.g. Google Apps for Business Geneva Application Security Forum 2010, March 4th 2010 Page 17
  • 18. SAML – How does it work? Step 1: A user decides to use a personalized Internet Service connected to a SAML based Identity provider (e.g. Google Business Application Calendar). Step 2: The Internet Service recognizes that the user is not logged in yet. A SAML <AuthnRequest> is created and sent via redirect to the Identity Provider. Step 3: The Identity Provider provides possible authentication methods for that specific user (in this case “YubiKey” OTP). Having successfully authenticated, the next step is initiated. Step 4: The Identity Provider creates a SAML <Response> containing the user’s identifier for the specific target application. Then it signs the SAML <Response> and sends it via a Post- Redirect to the Internet Services (e.g. Google Calendar) Step 5: The Internet Service (e.g. Google Apps) verifies the signature of the SAML <Response> and now knows the user’s identifier provided by the Identity Provider. Step 6: The Internet Service can now be used by the user. Geneva Application Security Forum 2010, March 4th 2010 Page 18
  • 19. SAML – How does it work? 1) Call Application URL 3) Application Usage 2) Login Geneva Application Security Forum 2010, March 4th 2010 Page 19
  • 20. SECTION 3 SECTION 3 Identity Federation Geneva Application Security Forum 2010, March 4th 2010 Page 20
  • 21. B2B Identity Federation - The Protocol Problem Company A Intranet Internet Service A Travel Proprietary Token Ticket Shop https Internet Service B OpenID Document Management SAML 1.0 Internet Service C Personal Recruting SAML 2.0 SaaS Applications Geneva Application Security Forum 2010, March 4th 2010 Page 21
  • 22. B2B Identity Federation - The Protocol Mess Company A Intranet Internet Service A Proprietary Token OpenID Travel Ticket Shop SAML 1.0 https Internet Service B SAML 2.0 Company B Document Management Intranet Proprietary Token OpenID Internet Service C SAML 1.0 Personal https SAML 2.0 Recruting Company C Proprietary Token SaaS Applications Intranet OpenID SAML 1.0 https SAML 2.0 Geneva Application Security Forum 2010, March 4th 2010 Page 22
  • 23. B2B Identity Federation - The Protocol Solution Company A Intranet Internet Service A Travel Ticket Shop https Internet Service B Internet Identity Provider Proprietary Token Company B Proprietary Token Document Identity Mapping Management Intranet OpenID One Time Passw. (OTP) Internet SSO Internet Service C Biometric (AXSioncs) Mobile Phone (SMS) eID (Identity Card) OpenID SAML 1.0 Personal https SSL Certificates Recruting Internet SSO Company C SAML 2.0 SAML 2.0 SaaS Applications https Intranet https Geneva Application Security Forum 2010, March 4th 2010 Page 23
  • 24. B2B Identity Federation - The Protocol Solution Company A Company B Intranet Intranet https https Internet Identity Provider Proprietary Token SAML 1.0 Company C Identity Federation Intranet One Time Passw. (OTP) Internet SSO Internet SSO Biometric (AXSioncs) Mobile Phone (SMS) eID (Identity Card) SAML 2.0 https SSL Certificates https https Geneva Application Security Forum 2010, March 4th 2010 Page 24
  • 25. SECTION 4 SECTION 4 A Word on SuisseID Geneva Application Security Forum 2010, March 4th 2010 Page 25
  • 26. A Word On SuisseID • SuisseID is currently in Early Draft Specification Phase • SuisseID should be available for public in spring 2010 • SuisseID cost will be refunded by the Government in 2010 • SuisseID will most probably be: – A signature certificate – An authentication certificate – All certificates conform to ZertES – Certificates contain a unique SuisseID number – An Identity Provider Services for attribute exchange • Eligible SuisseID certificate service providers will be: – Swiss Post (SwissSign), Swisscom, QuiVadis, Swiss Government Geneva Application Security Forum 2010, March 4th 2010 Page 26
  • 27. A Word On SuisseID Geneva Application Security Forum 2010, March 4th 2010 Page 27
  • 28. SECTION 5 SECTION 5 Strong Authentication as a Service Geneva Application Security Forum 2010, March 4th 2010 Page 28
  • 29. OpenID - International Identity Providers Username/Password Certificates Biometric OTP Geneva Application Security Forum 2010, March 4th 2010 Page 29
  • 30. Clavid Portal for Strong Authentication Geneva Application Security Forum 2010, March 4th 2010 Page 30
  • 31. Clavid Portal - AXSionics Geneva Application Security Forum 2010, March 4th 2010 Page 31
  • 32. Clavid Portal - Yubikey Geneva Application Security Forum 2010, March 4th 2010 Page 32
  • 33. Clavid Portal - Certificates Geneva Application Security Forum 2010, March 4th 2010 Page 33
  • 34. Clavid Portal - One Time Password OTP Methods: • OATH HOTP (RFC4226) • Challenge/Response (RFC2289) • Mobile OTP (OpenSource Project) • SMS • ... others ... Geneva Application Security Forum 2010, March 4th 2010 Page 34
  • 35. Clavid Portal - Personas Geneva Application Security Forum 2010, March 4th 2010 Page 35
  • 36. Clavid Portal - Login Settings Geneva Application Security Forum 2010, March 4th 2010 Page 36
  • 37. Clavid Login Dialog Geneva Application Security Forum 2010, March 4th 2010 Page 37
  • 38. SECTION 6 SECTION 6 Conclusion >Further References >Questions & Answers >Contact Information Geneva Application Security Forum 2010, March 4th 2010 Page 38
  • 39. Further Links: on OpenID OpenID Identity Providers can be found at: > http://en.wikipedia.org/wiki/OpenID > http://en.wikipedia.org/wiki/List_of_OpenID_providers > http://www.openiddirectory.com/openid-providers-c-1.html > http://www.clavid.com/ (Strong Authentication in Europe) Geneva Application Security Forum 2010, March 4th 2010 Page 39
  • 40. Conclusion > OpenID: An open, well documented specification allowing Internet Single Sign-On (SSO) for individual “Public Services” (B2C) > SAML: Trust based Internet and Intranet Single Sign-On for Business Services (B2B) > Professional Identity Providers already in place > User Centric Identity Management already integrated > Join OpenID Switzerland in order to increase the OpenID momentum > Enable your Internet Services to support OpenID or SAML !!! Geneva Application Security Forum 2010, March 4th 2010 Page 40
  • 41. Demo > SAML-Login to Google Business Apps using AXSionics Fingerprint > SAML-Login to Salesforce.com using YubiKey OTP > OpenID login to local.ch using Swiss PostZertifikat > Online Identity Administration (Clavid Portal) Geneva Application Security Forum 2010, March 4th 2010 Page 41
  • 42. Questions & Answers Geneva Application Security Forum 2010, March 4th 2010 Page 42
  • 43. Contact Information Geneva Application Security Forum 2010, March 4th 2010 Page 43