SlideShare ist ein Scribd-Unternehmen logo

OpenAM as Flexible Integration Component

ForgeRock
ForgeRock

Case Studies on STORK, IDAP, & eID. Led by Zaeher Rachid, lead access management and OpenAM engineer at Paradigmo and Wouter Vandenbussche Identity And Access Management Consultant, Global Consulting and Integration Services | Verizon Enterprise Solutions

Technologie
1 von 30
Downloaden Sie, um offline zu lesen
2013 Open Stack Identity Summit - France OpenAM as flexible integration component Case studies: STORK, IDAP & eID
Who we are Wouter Vandenbussche Zaeher Rachid IAM analyst and architect IAM Practice Manager Verizon Enterprise Solutions Consulting & integration services Identity practice zaeher.rachid@paradigmo.com wouter.vandenbussche@be.verizon.com @wouterbussche
What we do Typical customer demand •  •  Identity management •  Access control •  Authentication and federation Realization •  •  Full lifecycle: strategy, analysis, implementation and support •  Solutions with products from partners •  Customization and tailored development by experts •  Adequate operational support organization
Why Verizon/Paradigmo together? Client requirements Verizon UIS specifications Flexible integration component customized and supported by:
OpenAM as integration component Value the strengths of ForgeRock OpenAM •  •  Flexible integration component •  Bringing adaptability, reliability and agility to projects Case studies •  •  UK Cabinet Office IDAP: Open market identity assurance •  STORK: pan-European authentication •  eID Authentication: Strong authentication with high reliability
Service Provider The big picture AuthN Request AuthN means Other IDP (Oauth, OpenID, STORK) Final IDP selection
UK Cabinet Office : Overview UK Cabinet Office (Government Digital Service) •  •  Identity Assurance Programme (IDAP) •  Privacy and Trust Government identity hub •  “We’re working closely with departments to develop an identity assurance process that can be adapted and reused right across government, benefiting users and service providers alike with a simpler, faster, better and safer way to access and transact with government services.” Open market identity providers •  •  Trust Framework and good practice guides •  IDP: Identity proofing and strong authentication
UK Cabinet Office : Trust scheme Department 1 Service provider 1 Service provider 2 Matching Service 1 Department 2 Service provider 3 Service provider 4 Matching Service 2 Match M DS to local us er store
UK Cabinet Office : Verizon IDP Verizon IDP Data provider for identity proofing OpenAM for integration Profile Management for user interfaces Profile mgmt for user interfaces Standardized Verizon product for strong authN
UK Cabinet Office : Demo
STORK : Overview STORK •  •  •  European eID interoperability platform Within existing legal restrictions, respectful with all national cultures and complying with the requirements of scalability, trust and security, especially the privacy. STORK PEPS architecture •  •  •  Leveraging the national trust frameworks to Europe Hiding national implementations for the other member states National identity providers •  •  •  Incoming and outgoing federation Implementation of Pan European Proxy Service (PEPS)
STORK: use cases Service Provider Citizen Service Provider Citizen
Service Provider STORK: trust scheme Final IDP selection
STORK: our setup Service Provider Service Provider
STORK: demo
Service Provider SAML received SAML validated AuthN mean retrieved Existing session verified? OpenAM behavior Default class return the AuthN mean corresponding to the 1st allowed context. Nothing recorded regarding other contexts. Class DefaultIDPAuthnContextMapper Redirect / forward AuthN level verified? SAML response sent Class DefaultIDPAdapter method: preSendResponse
OpenAM before •  AuthN contexts •  How to propose multiple AuthN means to end user? •  How to customize SSO regarding SAML AuthN context? •  AuthN level •  What if AuthN level not aligned with business requirements? •  KPIs •  How to demonstrate SLA compliance when you rely on external systems? •  How to catch timestamps for valid sessions?
OpenAM before AuthN contexts
OpenAM after •  Open source •  It greatly helps to understand issues when you are at the leading edge of federation features! •  ForgeRock support •  RFE raised @ ForgeRock •  Urgent delivery of RFE as a patch •  RFE now included in new releases •  Additional hooks for custom development
OpenAM after SAML received SAML validated AuthN mean retrieved Existing session verified? Class DefaultIDPAdapter method: initialize Class DefaultIDPAdapter method: preSingleSignOn Redirect / forward AuthN level verified? SAML response sent Class DefaultIDPAdapter method: preAuthentication
OpenAM after after •  Additional requirements… •  Request for multiple assertions in SAML response •  Request for accessing STORK extensions in SAML requests/ responses •  … result in new RFEs •  Additional hooks •  To manipulate SAML Request objects before they are processed •  To manipulate SAML Response •  To trap and to treat SAML Response errors
eID Authentication: overview Belgian electronic identity cards •  •  Very high level of assurance: NIST 4 •  PKI based authentication mean & sturdy issuing process •  High penetration rate among population •  Public available infrastructure Authentication •  •  Confirmation of possession of and access to the card •  Real-time validation of the status of the card Identity Provider •  •  Reusability, simplify integration and increase reliability
eID: trust scheme Validate possession and access Assert Identity Service Provider
OpenAM OCSP/CRLs checking SSL mutual AuthN OCSP down Yes No OCSP Responder No CRLs
OpenAM OCSP/CRLs mechanism Cache exist? yes no Lookup CRL URL in X509 certificate yes Cache expired? no Lookup certificate SerialNumber in CRL Fetch cached CRL Cache CRL
Belgian CA •  New intermediate CA issued each month with the same CN but different SERIALNUMBER => different CRL URL
Belgian CA behavior !  Belgian CA behavior " New intermediate CA issued each month with the same CN but different SERIALNUMBER => different crl url " Bulk issuing of certificates, all revoked by default " Big CRL can contain more than 100K entries !  Cache issues " Lot of time wasted on CRL initialization (download, validation, processing, …) " Storing big objects in LDAP " LDAP entry has CN in the name and certificateRevocationList is single valued field " LDAP replication can be an issue during peak time !  Average time for authentication is more than 10 seconds " Most of the time wasted in CRL checking
CRL caching implementation •  SQLite database •  Daemon that fetches CRL and creates one database per CRL •  Only storing certificate SERIALNUMBER •  Custom “Cert” module •  SQL statement to retrieve revoked certificates •  Performance •  AuthN < 100ms •  CRL checking < 5ms
Conclusion •  Our customers and engineers value the strengths of ForgeRock OpenAM as an integration component in the delivery of solutions for authentication and federation •  Adaptability •  Easy to customize components and extend functionality •  Reliability •  Scalable and stable deployments •  Agility •  Fast realizations due to open source and partnership with ForgeRock
2013 Open Stack Identity Summit - France Q&A

Empfohlen

OpenAM Survival Tips
OpenAM Survival TipsOpenAM Survival Tips
OpenAM Survival TipsForgeRock
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study ForgeRock
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An IntroductionForgeRock
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in PracticeForgeRock
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack RoadmapForgeRock
 
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!ForgeRock
 

Empfohlen

OpenAM Survival Tips
OpenAM Survival TipsOpenAM Survival Tips
OpenAM Survival TipsForgeRock
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study ForgeRock
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An IntroductionForgeRock
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in PracticeForgeRock
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack RoadmapForgeRock
 
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!ForgeRock
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible IdentityForgeRock
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud ServiceForgeRock
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture ReviewForgeRock
 
THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTUREForgeRock
 
Implementing eGov
Implementing eGovImplementing eGov
Implementing eGovForgeRock
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...ForgeRock
 
Webinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursWebinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursForgeRock
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An IntroductionForgeRock
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital ServicesCustomer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital ServicesForgeRock
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1ForgeRock
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
Single sign on using WSO2 identity server
Single sign on using WSO2 identity serverSingle sign on using WSO2 identity server
Single sign on using WSO2 identity serverWSO2
 
Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Markus Schlichting
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentOlivier Naveau
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!Simon Haslam
 

Weitere ähnliche Inhalte

Was ist angesagt?

OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible IdentityForgeRock
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud ServiceForgeRock
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture ReviewForgeRock
 
THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTUREForgeRock
 
Implementing eGov
Implementing eGovImplementing eGov
Implementing eGovForgeRock
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...ForgeRock
 
Webinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursWebinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursForgeRock
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An IntroductionForgeRock
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital ServicesCustomer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital ServicesForgeRock
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1ForgeRock
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
Single sign on using WSO2 identity server
Single sign on using WSO2 identity serverSingle sign on using WSO2 identity server
Single sign on using WSO2 identity serverWSO2
 
Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Markus Schlichting
 

Was ist angesagt? (20)

OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible Identity
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture Review
 
THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURE
 
Implementing eGov
Implementing eGovImplementing eGov
Implementing eGov
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
 
Webinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursWebinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New Featurs
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital ServicesCustomer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
 
Single sign on using WSO2 identity server
Single sign on using WSO2 identity serverSingle sign on using WSO2 identity server
Single sign on using WSO2 identity server
 
Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)
 

Ähnlich wie OpenAM as Flexible Integration Component

ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentOlivier Naveau
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerNovell
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil Saldanha
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point Thorbjørn Værp
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAmazon Web Services
 
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAmazon Web Services
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud SecurityRightScale
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudAmazon Web Services
 

Ähnlich wie OpenAM as Flexible Integration Component (20)

ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration component
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
 
ATAGTR2017 Blockchain Based Testing
ATAGTR2017 Blockchain Based TestingATAGTR2017 Blockchain Based Testing
ATAGTR2017 Blockchain Based Testing
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpractices
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing Zone
 
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
 
20190404 Blockchain GIG #2 Oracle Mark発表資料
20190404 Blockchain GIG #2 Oracle Mark発表資料 20190404 Blockchain GIG #2 Oracle Mark発表資料
20190404 Blockchain GIG #2 Oracle Mark発表資料
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS Cloud
 
MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06
 

Mehr von ForgeRock

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationForgeRock
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyForgeRock
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication ForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyForgeRock
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)ForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...ForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)ForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...ForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...ForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
 

Mehr von ForgeRock (20)

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 

Kürzlich hochgeladen

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Kürzlich hochgeladen (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

OpenAM as Flexible Integration Component

  • 1. 2013 Open Stack Identity Summit - France OpenAM as flexible integration component Case studies: STORK, IDAP & eID
  • 2. Who we are Wouter Vandenbussche Zaeher Rachid IAM analyst and architect IAM Practice Manager Verizon Enterprise Solutions Consulting & integration services Identity practice zaeher.rachid@paradigmo.com wouter.vandenbussche@be.verizon.com @wouterbussche
  • 3. What we do Typical customer demand •  •  Identity management •  Access control •  Authentication and federation Realization •  •  Full lifecycle: strategy, analysis, implementation and support •  Solutions with products from partners •  Customization and tailored development by experts •  Adequate operational support organization
  • 4. Why Verizon/Paradigmo together? Client requirements Verizon UIS specifications Flexible integration component customized and supported by:
  • 5. OpenAM as integration component Value the strengths of ForgeRock OpenAM •  •  Flexible integration component •  Bringing adaptability, reliability and agility to projects Case studies •  •  UK Cabinet Office IDAP: Open market identity assurance •  STORK: pan-European authentication •  eID Authentication: Strong authentication with high reliability
  • 6. Service Provider The big picture AuthN Request AuthN means Other IDP (Oauth, OpenID, STORK) Final IDP selection
  • 7. UK Cabinet Office : Overview UK Cabinet Office (Government Digital Service) •  •  Identity Assurance Programme (IDAP) •  Privacy and Trust Government identity hub •  “We’re working closely with departments to develop an identity assurance process that can be adapted and reused right across government, benefiting users and service providers alike with a simpler, faster, better and safer way to access and transact with government services.” Open market identity providers •  •  Trust Framework and good practice guides •  IDP: Identity proofing and strong authentication
  • 8. UK Cabinet Office : Trust scheme Department 1 Service provider 1 Service provider 2 Matching Service 1 Department 2 Service provider 3 Service provider 4 Matching Service 2 Match M DS to local us er store
  • 9. UK Cabinet Office : Verizon IDP Verizon IDP Data provider for identity proofing OpenAM for integration Profile Management for user interfaces Profile mgmt for user interfaces Standardized Verizon product for strong authN
  • 11. STORK : Overview STORK •  •  •  European eID interoperability platform Within existing legal restrictions, respectful with all national cultures and complying with the requirements of scalability, trust and security, especially the privacy. STORK PEPS architecture •  •  •  Leveraging the national trust frameworks to Europe Hiding national implementations for the other member states National identity providers •  •  •  Incoming and outgoing federation Implementation of Pan European Proxy Service (PEPS)
  • 12. STORK: use cases Service Provider Citizen Service Provider Citizen
  • 16. Service Provider SAML received SAML validated AuthN mean retrieved Existing session verified? OpenAM behavior Default class return the AuthN mean corresponding to the 1st allowed context. Nothing recorded regarding other contexts. Class DefaultIDPAuthnContextMapper Redirect / forward AuthN level verified? SAML response sent Class DefaultIDPAdapter method: preSendResponse
  • 17. OpenAM before •  AuthN contexts •  How to propose multiple AuthN means to end user? •  How to customize SSO regarding SAML AuthN context? •  AuthN level •  What if AuthN level not aligned with business requirements? •  KPIs •  How to demonstrate SLA compliance when you rely on external systems? •  How to catch timestamps for valid sessions?
  • 19. OpenAM after •  Open source •  It greatly helps to understand issues when you are at the leading edge of federation features! •  ForgeRock support •  RFE raised @ ForgeRock •  Urgent delivery of RFE as a patch •  RFE now included in new releases •  Additional hooks for custom development
  • 20. OpenAM after SAML received SAML validated AuthN mean retrieved Existing session verified? Class DefaultIDPAdapter method: initialize Class DefaultIDPAdapter method: preSingleSignOn Redirect / forward AuthN level verified? SAML response sent Class DefaultIDPAdapter method: preAuthentication
  • 21. OpenAM after after •  Additional requirements… •  Request for multiple assertions in SAML response •  Request for accessing STORK extensions in SAML requests/ responses •  … result in new RFEs •  Additional hooks •  To manipulate SAML Request objects before they are processed •  To manipulate SAML Response •  To trap and to treat SAML Response errors
  • 22. eID Authentication: overview Belgian electronic identity cards •  •  Very high level of assurance: NIST 4 •  PKI based authentication mean & sturdy issuing process •  High penetration rate among population •  Public available infrastructure Authentication •  •  Confirmation of possession of and access to the card •  Real-time validation of the status of the card Identity Provider •  •  Reusability, simplify integration and increase reliability
  • 23. eID: trust scheme Validate possession and access Assert Identity Service Provider
  • 24. OpenAM OCSP/CRLs checking SSL mutual AuthN OCSP down Yes No OCSP Responder No CRLs
  • 25. OpenAM OCSP/CRLs mechanism Cache exist? yes no Lookup CRL URL in X509 certificate yes Cache expired? no Lookup certificate SerialNumber in CRL Fetch cached CRL Cache CRL
  • 26. Belgian CA •  New intermediate CA issued each month with the same CN but different SERIALNUMBER => different CRL URL
  • 27. Belgian CA behavior !  Belgian CA behavior " New intermediate CA issued each month with the same CN but different SERIALNUMBER => different crl url " Bulk issuing of certificates, all revoked by default " Big CRL can contain more than 100K entries !  Cache issues " Lot of time wasted on CRL initialization (download, validation, processing, …) " Storing big objects in LDAP " LDAP entry has CN in the name and certificateRevocationList is single valued field " LDAP replication can be an issue during peak time !  Average time for authentication is more than 10 seconds " Most of the time wasted in CRL checking
  • 28. CRL caching implementation •  SQLite database •  Daemon that fetches CRL and creates one database per CRL •  Only storing certificate SERIALNUMBER •  Custom “Cert” module •  SQL statement to retrieve revoked certificates •  Performance •  AuthN < 100ms •  CRL checking < 5ms
  • 29. Conclusion •  Our customers and engineers value the strengths of ForgeRock OpenAM as an integration component in the delivery of solutions for authentication and federation •  Adaptability •  Easy to customize components and extend functionality •  Reliability •  Scalable and stable deployments •  Agility •  Fast realizations due to open source and partnership with ForgeRock
  • 30. 2013 Open Stack Identity Summit - France Q&A