SlideShare ist ein Scribd-Unternehmen logo

RSA2008: What Vendors Won’t Tell You About Federated Identity

Als PPT, PDF herunterladen
D
Dan Houser

Federated Identity overview, including the little known traps and issues with implementing federated identity for SSO using SAML. Lessons learned, build vs. buy, support, SLAs, and legal issues. Jointly developed with Bob West.

Internet
1 von 14
What Vendors Won’t Tell You About Federated Identity Dan Houser, Cardinal Health / Bob West, Echelon One | 04/08/08 | Session: IAM-108
2 2 Agenda • Why This Talk? • The Promise of Federation • The Delivery • Why Federation Projects are Fiendishly Difficult • Support and SLA Issues • Lessons Learned • Build vs. Buy • What We Might Do Differently • Wrap-up/Q&A • Contact Info
3 3 Why This Talk? • Voluminous Information that Confuses • Endless Federation FUD factor • No Bulls**t Detector in C-Suite • Debunking Myths • Orwellian Controls • Reality Buffer • Self-interest Standards
4 The Promise of Federation • Build It and They Will Come • Build Once, Use Forever • It's Just a Matter of Interfaces • Standards Are Standard • Standards Are Good • After the 3rd Project, Federation Pays for Itself
5 The Delivery • Is Federation Living up to Promises? • ROI? – After the 3rd Project, Pays for Itself? – ROI Sometimes Elusive – Marketing, Relationship – ROI Sometimes Direct – Time to Market Factors • Selling the Sizzle
6 Why Federation Projects Are Fiendishly Difficult • Complexity – SAML 1.0 / 1.1 / 2.0 – Complex Infrastructure – High Availability – Web Services / SOAP/ XML • Business Issues • Just a Matter of Programming • Silver-plated requirements • Federation Relationship • Support & SLA issues
7 Why Federation Projects Are Fiendishly Difficult • Session Management Surprises • User Issues – Authentication – Tastes Great – Less Filling • Security Wonks Seeking Silver Bullet Instead of Sufficiency • Trust Framework Missing
8 Support and SLA Issues • Troubleshooting With Half the Data • 23x7 Federating to 8x5 Becomes 8x5 • Monitoring & Predictive Failure • Production SLA + Support Hours • Time Synchronization • Log Sharing, Session Harmonizing & Aggregation Missing • Documentation & Error Codes up to the Task? • Coordinated, Distributed, Federated Helpdesk
9 Lessons Learned • Management Expectations – Why I'm Running for President • Having the Right Partners – Would You Buy a Used Car From Them? • Taking the Long Approach • New Federation: It's New! – Like New Pharmaceuticals, Not New Car or New Stereo – Risky, Not Flashy • Staffing & Support • Value Proposition
10 Build vs. Buy
13 Audience: You Decide
14 What Might We Do Differently? • Create multi-path strategy: SAML vs. Tactical • Deploy SAML Federation on remote appliances managed by our identity team • Trust standards / protocol • Programmer Staffing setup from beginning as rotating assignment • Web Services XML Gateway • SAML 2.0
15 Wrap-Up/Q&A
16 Contact Info • Dan Houser: dan.houser@gmail.com • Bob West: bob.west@echelonone.net

Empfohlen

Crafting The Perfect Proposal - WordCamp Asheville 2019
Crafting The Perfect Proposal - WordCamp Asheville 2019Crafting The Perfect Proposal - WordCamp Asheville 2019
Crafting The Perfect Proposal - WordCamp Asheville 2019Melanie Adcock
 
eFolder Partner Chat Webinar — How to Design a Business Continuity Plan for C...
eFolder Partner Chat Webinar — How to Design a Business Continuity Plan for C...eFolder Partner Chat Webinar — How to Design a Business Continuity Plan for C...
eFolder Partner Chat Webinar — How to Design a Business Continuity Plan for C...eFolder
 
VFB 2013 - Partnering for Innovation - Stirling Dynamics
VFB 2013 - Partnering for Innovation - Stirling DynamicsVFB 2013 - Partnering for Innovation - Stirling Dynamics
VFB 2013 - Partnering for Innovation - Stirling DynamicsScience City Bristol
 
An Adaptive Approach to Software Procurement
An Adaptive Approach to Software ProcurementAn Adaptive Approach to Software Procurement
An Adaptive Approach to Software ProcurementCo-Operative Systems
 
Amsterdam Keynote June 2007
Amsterdam Keynote June 2007Amsterdam Keynote June 2007
Amsterdam Keynote June 2007ParkWood Advisors LLC
 
Build vs. Buy: The Cio's Dilemma (Centrastage)
Build vs. Buy: The Cio's Dilemma (Centrastage)Build vs. Buy: The Cio's Dilemma (Centrastage)
Build vs. Buy: The Cio's Dilemma (Centrastage)Zuora, Inc.
 
Fundraising Tips for Techs
Fundraising Tips for TechsFundraising Tips for Techs
Fundraising Tips for TechsWelch LLP
 
Merced Overview
Merced OverviewMerced Overview
Merced OverviewJohn DuMerer
 

Empfohlen

Crafting The Perfect Proposal - WordCamp Asheville 2019
Crafting The Perfect Proposal - WordCamp Asheville 2019Crafting The Perfect Proposal - WordCamp Asheville 2019
Crafting The Perfect Proposal - WordCamp Asheville 2019Melanie Adcock
 
eFolder Partner Chat Webinar — How to Design a Business Continuity Plan for C...
eFolder Partner Chat Webinar — How to Design a Business Continuity Plan for C...eFolder Partner Chat Webinar — How to Design a Business Continuity Plan for C...
eFolder Partner Chat Webinar — How to Design a Business Continuity Plan for C...eFolder
 
VFB 2013 - Partnering for Innovation - Stirling Dynamics
VFB 2013 - Partnering for Innovation - Stirling DynamicsVFB 2013 - Partnering for Innovation - Stirling Dynamics
VFB 2013 - Partnering for Innovation - Stirling DynamicsScience City Bristol
 
An Adaptive Approach to Software Procurement
An Adaptive Approach to Software ProcurementAn Adaptive Approach to Software Procurement
An Adaptive Approach to Software ProcurementCo-Operative Systems
 
Amsterdam Keynote June 2007
Amsterdam Keynote June 2007Amsterdam Keynote June 2007
Amsterdam Keynote June 2007ParkWood Advisors LLC
 
Build vs. Buy: The Cio's Dilemma (Centrastage)
Build vs. Buy: The Cio's Dilemma (Centrastage)Build vs. Buy: The Cio's Dilemma (Centrastage)
Build vs. Buy: The Cio's Dilemma (Centrastage)Zuora, Inc.
 
Fundraising Tips for Techs
Fundraising Tips for TechsFundraising Tips for Techs
Fundraising Tips for TechsWelch LLP
 
Merced Overview
Merced OverviewMerced Overview
Merced OverviewJohn DuMerer
 
The Great Divide- Research and Licensing -- Eric's Slides (1)
The Great Divide- Research and Licensing -- Eric's Slides (1)The Great Divide- Research and Licensing -- Eric's Slides (1)
The Great Divide- Research and Licensing -- Eric's Slides (1)Eric Giegerich
 
Deltek Agency Management: Avoid the pitfalls of over servicing
Deltek Agency Management: Avoid the pitfalls of over servicingDeltek Agency Management: Avoid the pitfalls of over servicing
Deltek Agency Management: Avoid the pitfalls of over servicingCallum Broderick
 
Rich Mironov - Product Management Auckland Talk Slides
Rich Mironov - Product Management Auckland Talk SlidesRich Mironov - Product Management Auckland Talk Slides
Rich Mironov - Product Management Auckland Talk SlidesAnthony Marter
 
Selling un$exy - Insights on building a sales team
Selling un$exy - Insights on building a sales teamSelling un$exy - Insights on building a sales team
Selling un$exy - Insights on building a sales teamJamie Sutherland
 
Increase Sales with TEQlease
Increase Sales with TEQleaseIncrease Sales with TEQlease
Increase Sales with TEQleaseTEQlease Capital
 
Using Financing as a Sales Tool
Using Financing as a Sales ToolUsing Financing as a Sales Tool
Using Financing as a Sales ToolTEQlease Capital
 
Colin Berrell Self-Awareness Profile
Colin Berrell Self-Awareness ProfileColin Berrell Self-Awareness Profile
Colin Berrell Self-Awareness ProfileColin Berrell
 
Dmitri Vietze's Level Up Presentation
Dmitri Vietze's Level Up PresentationDmitri Vietze's Level Up Presentation
Dmitri Vietze's Level Up PresentationDimension Mill
 
Strategic accountsales ppt
Strategic accountsales pptStrategic accountsales ppt
Strategic accountsales pptBentley Systems
 
Lecture 8 Resources and Costs.pptx
Lecture 8 Resources and Costs.pptxLecture 8 Resources and Costs.pptx
Lecture 8 Resources and Costs.pptxGelmelinaLeaLepitenH
 
SiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring Vendors
SiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring VendorsSiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring Vendors
SiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring VendorsInfer
 
The corporate finance network at the great british business show
The corporate finance network at the great british business showThe corporate finance network at the great british business show
The corporate finance network at the great british business showKirsty McGregor
 
Five Steps to a Martech Power Stack (2021)
Five Steps to a Martech Power Stack (2021)Five Steps to a Martech Power Stack (2021)
Five Steps to a Martech Power Stack (2021)Josh Hill
 
Art of the deal
Art of the dealArt of the deal
Art of the dealCorelytics by CoreConnex, Inc.
 
Evolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success StoryEvolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success StoryVMware Tanzu
 
Evolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success StoryEvolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success StoryVMware Tanzu
 
Biz plan presentation_template
Biz plan presentation_templateBiz plan presentation_template
Biz plan presentation_templateCOMSATS Institute of Information Technology Abbottabad
 
Creating sustainable collaborative systems
Creating sustainable collaborative systemsCreating sustainable collaborative systems
Creating sustainable collaborative systemsOnlineiq with Urszula Richards
 
HIDA - Expo & Business Exchange: Working With the Federal Government
HIDA - Expo & Business Exchange: Working With the Federal GovernmentHIDA - Expo & Business Exchange: Working With the Federal Government
HIDA - Expo & Business Exchange: Working With the Federal GovernmentJSchaus & Associates
 
Healthcare Enterprise Data Model: The Buy vs. Build Debate
Healthcare Enterprise Data Model: The Buy vs. Build DebateHealthcare Enterprise Data Model: The Buy vs. Build Debate
Healthcare Enterprise Data Model: The Buy vs. Build DebatePerficient, Inc.
 
SMART Sales System - Module 12: Qualifying
SMART Sales System - Module 12: QualifyingSMART Sales System - Module 12: Qualifying
SMART Sales System - Module 12: QualifyingSalesScripter
 
Illp 6-revenue-model
Illp 6-revenue-modelIllp 6-revenue-model
Illp 6-revenue-modelLuis Caldas de Oliveira
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Great Divide- Research and Licensing -- Eric's Slides (1)
The Great Divide- Research and Licensing -- Eric's Slides (1)The Great Divide- Research and Licensing -- Eric's Slides (1)
The Great Divide- Research and Licensing -- Eric's Slides (1)Eric Giegerich
 
Deltek Agency Management: Avoid the pitfalls of over servicing
Deltek Agency Management: Avoid the pitfalls of over servicingDeltek Agency Management: Avoid the pitfalls of over servicing
Deltek Agency Management: Avoid the pitfalls of over servicingCallum Broderick
 
Rich Mironov - Product Management Auckland Talk Slides
Rich Mironov - Product Management Auckland Talk SlidesRich Mironov - Product Management Auckland Talk Slides
Rich Mironov - Product Management Auckland Talk SlidesAnthony Marter
 
Selling un$exy - Insights on building a sales team
Selling un$exy - Insights on building a sales teamSelling un$exy - Insights on building a sales team
Selling un$exy - Insights on building a sales teamJamie Sutherland
 
Increase Sales with TEQlease
Increase Sales with TEQleaseIncrease Sales with TEQlease
Increase Sales with TEQleaseTEQlease Capital
 
Using Financing as a Sales Tool
Using Financing as a Sales ToolUsing Financing as a Sales Tool
Using Financing as a Sales ToolTEQlease Capital
 
Colin Berrell Self-Awareness Profile
Colin Berrell Self-Awareness ProfileColin Berrell Self-Awareness Profile
Colin Berrell Self-Awareness ProfileColin Berrell
 
Dmitri Vietze's Level Up Presentation
Dmitri Vietze's Level Up PresentationDmitri Vietze's Level Up Presentation
Dmitri Vietze's Level Up PresentationDimension Mill
 

Was ist angesagt? (8)

The Great Divide- Research and Licensing -- Eric's Slides (1)
The Great Divide- Research and Licensing -- Eric's Slides (1)The Great Divide- Research and Licensing -- Eric's Slides (1)
The Great Divide- Research and Licensing -- Eric's Slides (1)
 
Deltek Agency Management: Avoid the pitfalls of over servicing
Deltek Agency Management: Avoid the pitfalls of over servicingDeltek Agency Management: Avoid the pitfalls of over servicing
Deltek Agency Management: Avoid the pitfalls of over servicing
 
Rich Mironov - Product Management Auckland Talk Slides
Rich Mironov - Product Management Auckland Talk SlidesRich Mironov - Product Management Auckland Talk Slides
Rich Mironov - Product Management Auckland Talk Slides
 
Selling un$exy - Insights on building a sales team
Selling un$exy - Insights on building a sales teamSelling un$exy - Insights on building a sales team
Selling un$exy - Insights on building a sales team
 
Increase Sales with TEQlease
Increase Sales with TEQleaseIncrease Sales with TEQlease
Increase Sales with TEQlease
 
Using Financing as a Sales Tool
Using Financing as a Sales ToolUsing Financing as a Sales Tool
Using Financing as a Sales Tool
 
Colin Berrell Self-Awareness Profile
Colin Berrell Self-Awareness ProfileColin Berrell Self-Awareness Profile
Colin Berrell Self-Awareness Profile
 
Dmitri Vietze's Level Up Presentation
Dmitri Vietze's Level Up PresentationDmitri Vietze's Level Up Presentation
Dmitri Vietze's Level Up Presentation
 

Ähnlich wie RSA2008: What Vendors Won’t Tell You About Federated Identity

Strategic accountsales ppt
Strategic accountsales pptStrategic accountsales ppt
Strategic accountsales pptBentley Systems
 
Lecture 8 Resources and Costs.pptx
Lecture 8 Resources and Costs.pptxLecture 8 Resources and Costs.pptx
Lecture 8 Resources and Costs.pptxGelmelinaLeaLepitenH
 
SiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring Vendors
SiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring VendorsSiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring Vendors
SiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring VendorsInfer
 
The corporate finance network at the great british business show
The corporate finance network at the great british business showThe corporate finance network at the great british business show
The corporate finance network at the great british business showKirsty McGregor
 
Five Steps to a Martech Power Stack (2021)
Five Steps to a Martech Power Stack (2021)Five Steps to a Martech Power Stack (2021)
Five Steps to a Martech Power Stack (2021)Josh Hill
 
Evolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success StoryEvolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success StoryVMware Tanzu
 
Evolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success StoryEvolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success StoryVMware Tanzu
 
HIDA - Expo & Business Exchange: Working With the Federal Government
HIDA - Expo & Business Exchange: Working With the Federal GovernmentHIDA - Expo & Business Exchange: Working With the Federal Government
HIDA - Expo & Business Exchange: Working With the Federal GovernmentJSchaus & Associates
 
Healthcare Enterprise Data Model: The Buy vs. Build Debate
Healthcare Enterprise Data Model: The Buy vs. Build DebateHealthcare Enterprise Data Model: The Buy vs. Build Debate
Healthcare Enterprise Data Model: The Buy vs. Build DebatePerficient, Inc.
 
SMART Sales System - Module 12: Qualifying
SMART Sales System - Module 12: QualifyingSMART Sales System - Module 12: Qualifying
SMART Sales System - Module 12: QualifyingSalesScripter
 
Preparing your Business for Sale & What to Expect from the Sale Process
Preparing your Business for Sale & What to Expect from the Sale ProcessPreparing your Business for Sale & What to Expect from the Sale Process
Preparing your Business for Sale & What to Expect from the Sale ProcessMichael J. Walker, CF
 
Tcn fast track nov 2012 pitching the plan
Tcn fast track nov 2012 pitching the planTcn fast track nov 2012 pitching the plan
Tcn fast track nov 2012 pitching the planThe Capital Network
 
How CMS improved its bid & pre-sales productivity by 35%
How CMS improved its bid & pre-sales productivity by 35%How CMS improved its bid & pre-sales productivity by 35%
How CMS improved its bid & pre-sales productivity by 35%Makrand Jadhav
 
Best Practices in Software Vendor Selection
Best Practices in Software Vendor SelectionBest Practices in Software Vendor Selection
Best Practices in Software Vendor SelectionAdvantiv Solutions, LLC
 
5 Things to Know Before Moving Your Sage 300 to the Cloud
5 Things to Know Before Moving Your Sage 300 to the Cloud5 Things to Know Before Moving Your Sage 300 to the Cloud
5 Things to Know Before Moving Your Sage 300 to the CloudNet at Work
 

Ähnlich wie RSA2008: What Vendors Won’t Tell You About Federated Identity (20)

Strategic accountsales ppt
Strategic accountsales pptStrategic accountsales ppt
Strategic accountsales ppt
 
Lecture 8 Resources and Costs.pptx
Lecture 8 Resources and Costs.pptxLecture 8 Resources and Costs.pptx
Lecture 8 Resources and Costs.pptx
 
SiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring Vendors
SiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring VendorsSiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring Vendors
SiriusDecisions Webinar: How to Evaluate Predictive Lead Scoring Vendors
 
The corporate finance network at the great british business show
The corporate finance network at the great british business showThe corporate finance network at the great british business show
The corporate finance network at the great british business show
 
Five Steps to a Martech Power Stack (2021)
Five Steps to a Martech Power Stack (2021)Five Steps to a Martech Power Stack (2021)
Five Steps to a Martech Power Stack (2021)
 
Art of the deal
Art of the dealArt of the deal
Art of the deal
 
Evolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success StoryEvolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success Story
 
Evolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success StoryEvolving Towards a Modernized Platform: Our Success Story
Evolving Towards a Modernized Platform: Our Success Story
 
Biz plan presentation_template
Biz plan presentation_templateBiz plan presentation_template
Biz plan presentation_template
 
Creating sustainable collaborative systems
Creating sustainable collaborative systemsCreating sustainable collaborative systems
Creating sustainable collaborative systems
 
HIDA - Expo & Business Exchange: Working With the Federal Government
HIDA - Expo & Business Exchange: Working With the Federal GovernmentHIDA - Expo & Business Exchange: Working With the Federal Government
HIDA - Expo & Business Exchange: Working With the Federal Government
 
Healthcare Enterprise Data Model: The Buy vs. Build Debate
Healthcare Enterprise Data Model: The Buy vs. Build DebateHealthcare Enterprise Data Model: The Buy vs. Build Debate
Healthcare Enterprise Data Model: The Buy vs. Build Debate
 
SMART Sales System - Module 12: Qualifying
SMART Sales System - Module 12: QualifyingSMART Sales System - Module 12: Qualifying
SMART Sales System - Module 12: Qualifying
 
Illp 6-revenue-model
Illp 6-revenue-modelIllp 6-revenue-model
Illp 6-revenue-model
 
Preparing your Business for Sale & What to Expect from the Sale Process
Preparing your Business for Sale & What to Expect from the Sale ProcessPreparing your Business for Sale & What to Expect from the Sale Process
Preparing your Business for Sale & What to Expect from the Sale Process
 
Tcn fast track nov 2012 pitching the plan
Tcn fast track nov 2012 pitching the planTcn fast track nov 2012 pitching the plan
Tcn fast track nov 2012 pitching the plan
 
How CMS improved its bid & pre-sales productivity by 35%
How CMS improved its bid & pre-sales productivity by 35%How CMS improved its bid & pre-sales productivity by 35%
How CMS improved its bid & pre-sales productivity by 35%
 
Llp tecnico-6-revenue-model
Llp tecnico-6-revenue-modelLlp tecnico-6-revenue-model
Llp tecnico-6-revenue-model
 
Best Practices in Software Vendor Selection
Best Practices in Software Vendor SelectionBest Practices in Software Vendor Selection
Best Practices in Software Vendor Selection
 
5 Things to Know Before Moving Your Sage 300 to the Cloud
5 Things to Know Before Moving Your Sage 300 to the Cloud5 Things to Know Before Moving Your Sage 300 to the Cloud
5 Things to Know Before Moving Your Sage 300 to the Cloud
 

Mehr von Dan Houser

Hacking Bourbon
Hacking BourbonHacking Bourbon
Hacking BourbonDan Houser
 
2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called Ethics2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called EthicsDan Houser
 
Securing Big Data and the Grid
Securing Big Data and the GridSecuring Big Data and the Grid
Securing Big Data and the GridDan Houser
 
The Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & PolicyThe Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & PolicyDan Houser
 
Perimeter Defense in a World Without Walls
Perimeter Defense in a World Without WallsPerimeter Defense in a World Without Walls
Perimeter Defense in a World Without WallsDan Houser
 
Risk Based Planning for Mission Continuity
Risk Based Planning for Mission ContinuityRisk Based Planning for Mission Continuity
Risk Based Planning for Mission ContinuityDan Houser
 
Security Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIIISecurity Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIIIDan Houser
 
Certifications and Career Development for Security Professionals
Certifications and Career Development for Security ProfessionalsCertifications and Career Development for Security Professionals
Certifications and Career Development for Security ProfessionalsDan Houser
 
Advanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM AuditAdvanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM AuditDan Houser
 
Debunking Information Security myths
Debunking Information Security mythsDebunking Information Security myths
Debunking Information Security mythsDan Houser
 
Hacking a Major Security Conference
Hacking a Major Security ConferenceHacking a Major Security Conference
Hacking a Major Security ConferenceDan Houser
 
Building & Running A Successful Identity Program
Building & Running A Successful Identity ProgramBuilding & Running A Successful Identity Program
Building & Running A Successful Identity ProgramDan Houser
 
Case Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big DataCase Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big DataDan Houser
 
Crypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT AuditorCrypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT AuditorDan Houser
 

Mehr von Dan Houser (14)

Hacking Bourbon
Hacking BourbonHacking Bourbon
Hacking Bourbon
 
2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called Ethics2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called Ethics
 
Securing Big Data and the Grid
Securing Big Data and the GridSecuring Big Data and the Grid
Securing Big Data and the Grid
 
The Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & PolicyThe Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & Policy
 
Perimeter Defense in a World Without Walls
Perimeter Defense in a World Without WallsPerimeter Defense in a World Without Walls
Perimeter Defense in a World Without Walls
 
Risk Based Planning for Mission Continuity
Risk Based Planning for Mission ContinuityRisk Based Planning for Mission Continuity
Risk Based Planning for Mission Continuity
 
Security Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIIISecurity Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIII
 
Certifications and Career Development for Security Professionals
Certifications and Career Development for Security ProfessionalsCertifications and Career Development for Security Professionals
Certifications and Career Development for Security Professionals
 
Advanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM AuditAdvanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM Audit
 
Debunking Information Security myths
Debunking Information Security mythsDebunking Information Security myths
Debunking Information Security myths
 
Hacking a Major Security Conference
Hacking a Major Security ConferenceHacking a Major Security Conference
Hacking a Major Security Conference
 
Building & Running A Successful Identity Program
Building & Running A Successful Identity ProgramBuilding & Running A Successful Identity Program
Building & Running A Successful Identity Program
 
Case Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big DataCase Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big Data
 
Crypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT AuditorCrypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT Auditor
 

Kürzlich hochgeladen

Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 

Kürzlich hochgeladen (20)

Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 

RSA2008: What Vendors Won’t Tell You About Federated Identity

  • 1. What Vendors Won’t Tell You About Federated Identity Dan Houser, Cardinal Health / Bob West, Echelon One | 04/08/08 | Session: IAM-108
  • 2. 2 2 Agenda • Why This Talk? • The Promise of Federation • The Delivery • Why Federation Projects are Fiendishly Difficult • Support and SLA Issues • Lessons Learned • Build vs. Buy • What We Might Do Differently • Wrap-up/Q&A • Contact Info
  • 3. 3 3 Why This Talk? • Voluminous Information that Confuses • Endless Federation FUD factor • No Bulls**t Detector in C-Suite • Debunking Myths • Orwellian Controls • Reality Buffer • Self-interest Standards
  • 4. 4 The Promise of Federation • Build It and They Will Come • Build Once, Use Forever • It's Just a Matter of Interfaces • Standards Are Standard • Standards Are Good • After the 3rd Project, Federation Pays for Itself
  • 5. 5 The Delivery • Is Federation Living up to Promises? • ROI? – After the 3rd Project, Pays for Itself? – ROI Sometimes Elusive – Marketing, Relationship – ROI Sometimes Direct – Time to Market Factors • Selling the Sizzle
  • 6. 6 Why Federation Projects Are Fiendishly Difficult • Complexity – SAML 1.0 / 1.1 / 2.0 – Complex Infrastructure – High Availability – Web Services / SOAP/ XML • Business Issues • Just a Matter of Programming • Silver-plated requirements • Federation Relationship • Support & SLA issues
  • 7. 7 Why Federation Projects Are Fiendishly Difficult • Session Management Surprises • User Issues – Authentication – Tastes Great – Less Filling • Security Wonks Seeking Silver Bullet Instead of Sufficiency • Trust Framework Missing
  • 8. 8 Support and SLA Issues • Troubleshooting With Half the Data • 23x7 Federating to 8x5 Becomes 8x5 • Monitoring & Predictive Failure • Production SLA + Support Hours • Time Synchronization • Log Sharing, Session Harmonizing & Aggregation Missing • Documentation & Error Codes up to the Task? • Coordinated, Distributed, Federated Helpdesk
  • 9. 9 Lessons Learned • Management Expectations – Why I'm Running for President • Having the Right Partners – Would You Buy a Used Car From Them? • Taking the Long Approach • New Federation: It's New! – Like New Pharmaceuticals, Not New Car or New Stereo – Risky, Not Flashy • Staffing & Support • Value Proposition
  • 12. 14 What Might We Do Differently? • Create multi-path strategy: SAML vs. Tactical • Deploy SAML Federation on remote appliances managed by our identity team • Trust standards / protocol • Programmer Staffing setup from beginning as rotating assignment • Web Services XML Gateway • SAML 2.0
  • 14. 16 Contact Info • Dan Houser: dan.houser@gmail.com • Bob West: bob.west@echelonone.net