Federated Identity overview, including the little known traps and issues with implementing federated identity for SSO using SAML. Lessons learned, build vs. buy, support, SLAs, and legal issues. Jointly developed with Bob West.
Top 10 Interactive Website Design Trends in 2024.pptx
RSA2008: What Vendors Won’t Tell You About Federated Identity
1. What Vendors Won’t Tell You About Federated Identity
Dan Houser, Cardinal Health / Bob West, Echelon One | 04/08/08 | Session: IAM-108
2. 2 2
Agenda
• Why This Talk?
• The Promise of Federation
• The Delivery
• Why Federation Projects are Fiendishly Difficult
• Support and SLA Issues
• Lessons Learned
• Build vs. Buy
• What We Might Do Differently
• Wrap-up/Q&A
• Contact Info
3. 3 3
Why This Talk?
• Voluminous Information that Confuses
• Endless Federation FUD factor
• No Bulls**t Detector in C-Suite
• Debunking Myths
• Orwellian Controls
• Reality Buffer
• Self-interest Standards
4. 4
The Promise of Federation
• Build It and They Will Come
• Build Once, Use Forever
• It's Just a Matter of Interfaces
• Standards Are Standard
• Standards Are Good
• After the 3rd Project, Federation Pays for Itself
5. 5
The Delivery
• Is Federation Living up to Promises?
• ROI?
– After the 3rd Project, Pays for Itself?
– ROI Sometimes Elusive
– Marketing, Relationship
– ROI Sometimes Direct
– Time to Market Factors
• Selling the Sizzle
6. 6
Why Federation Projects Are Fiendishly Difficult
• Complexity
– SAML 1.0 / 1.1 / 2.0
– Complex Infrastructure
– High Availability
– Web Services / SOAP/ XML
• Business Issues
• Just a Matter of Programming
• Silver-plated requirements
• Federation Relationship
• Support & SLA issues
7. 7
Why Federation Projects Are Fiendishly Difficult
• Session Management Surprises
• User Issues – Authentication
– Tastes Great
– Less Filling
• Security Wonks Seeking Silver Bullet Instead of
Sufficiency
• Trust Framework Missing
8. 8
Support and SLA Issues
• Troubleshooting With Half the Data
• 23x7 Federating to 8x5 Becomes 8x5
• Monitoring & Predictive Failure
• Production SLA + Support Hours
• Time Synchronization
• Log Sharing, Session Harmonizing &
Aggregation Missing
• Documentation & Error Codes up to the Task?
• Coordinated, Distributed, Federated Helpdesk
9. 9
Lessons Learned
• Management Expectations
– Why I'm Running for President
• Having the Right Partners
– Would You Buy a Used Car From Them?
• Taking the Long Approach
• New Federation: It's New!
– Like New Pharmaceuticals, Not New Car or New Stereo
– Risky, Not Flashy
• Staffing & Support
• Value Proposition
12. 14
What Might We Do Differently?
• Create multi-path strategy: SAML vs. Tactical
• Deploy SAML Federation on remote appliances
managed by our identity team
• Trust standards / protocol
• Programmer Staffing setup from beginning as
rotating assignment
• Web Services XML Gateway
• SAML 2.0