SlideShare ist ein Scribd-Unternehmen logo

Mobile Cloud Identity

Mark Diodati
Mark Diodati

Join Mark Diodati for this engaging tour of things identity, from a mobile and cloud perspective.

TechnologieBusiness
1 von 48
Downloaden Sie, um offline zu lesen
Mobile Cloud Identity Mark Diodati Technical Director—CTO Office @mark_diodati mdiodati@pingidentity.com Thurs 13-12-05
Agenda • • • • • Cloud Identity Modern Identity’s Building Blocks OpenID Connect FIDO NFC
Mobile Cloud Identity CLOUD IDENTITY
On-Premises, Hybrid, Cloud on-premises cloud hybrid
Cloud Identity • Identity Management as a Service (IDaaS) – Externally hosted, turnkey SaaS applications that perform identity management • Users and applications may be on-premises or hosted – OPEX, flexible with changes in economies of scale • Identity bridge – On-premises component to connect on-premises and externally hosted environments – Supports multiple identity services
Cloud Orientation to from in
Hosted On-Premises Sync (API) Federation SSO To The Cloud (SSO + Provisioning) Identity bridge s ero b Ker Employee Dire ctor y SSO syn c Federation IdP Directory synchronization Active Directory
To The Cloud (Mobile Identity) MDM cloud service Private key Profile/policy Credential provisioning Group A App distro Externally Hosted On-Premises Group Microsoft Certificate Services Identity Bridge MDM Active Directory MMC
From The Cloud (SSO) Partner SAML, OAuth, Password, X.509 Hosted On-Premises OAuth relying party OAuth authorization service Federation SP Federation IDP OAuth resource server HTTP cookie uth OA Identity bridge WAM-protected application SAM L SAML-enabled application
From the Cloud (Provisioning) Provisioning IDaaS Externally Hosted ERP Reconciliation Active Directory Europe Identity bridge North America On-Premises Identity bridge Manufacturing Reconciliation Active Directory
In The Cloud (SSO + Provisioning) IDaaS Provisioning Provisioning Federation IdP Authentication Federated SSO User Hosted On-Premises
Mobile Cloud Identity MODERN BUILDING BLOCKS
Modern Building Blocks • REST (Representational State Transfer) – Adopted in response to the complexity of SOAP – Uses HTTP for its request/response – Objects are represented as URLs – Example HTTP verbs • GET: retrieve object attributes • POST: create object with new attributes • DELETE: delete object
Modern Building Blocks • JSON (JavaScript Object Notation) – Adopted in response to the complexity of XML – Data format representing name value pairs
Modern Building Blocks • Most modern identity standards leverage JSON over REST – Peanut butter and jelly – OAuth (authorization), SCIM (provisioning), FIDO (authentication), OpenID Connect (multi-protocol) • Some notable exceptions are SAML and XACML
Modern Building Blocks POST https://pingidentity.com:8443/Users Authorization: Basic Y249RGlyZWN0b3J5IE1... Content-Type: application/json { "userType":"spy", "externalId":“tstark86753", REST HTTP verb (add user in "pacsSerial":"87654321", "active":true, SCIM) "otpSerial":"12345678", "email":“tony.stark@pingidentity.com", "userName":"lcarroll", "givenName":“Tony", "familyName":“Stark“ }
Modern Building Blocks POST https://pingidentity.com:8443/Users Authorization: Basic Y249RGlyZWN0b3J5IE1... Content-Type: application/json { "userType":"spy", "externalId":“tstark86753", "pacsSerial":"87654321", In REST, objects and "active":true, endpoints have "otpSerial":"12345678", "email":“tony.stark@pingidentity.com", unique URLs "userName":"lcarroll", "givenName":“Tony", "familyName":“Stark“ }
Modern Building Blocks JSON data representation POST https://pingidentity.com:8443/Users Authorization: Basic Y249RGlyZWN0b3J5IE1... Content-Type: application/json { "userType":“superhero", "externalId":"tstark86753", "pacsSerial":"87654321", "active":true, "otpSerial":"12345678", "email":"tony.stark@pingidentity.com", "userName":"tstark", "givenName":"Tony", "familyName":"Stark" }
Modern Building Blocks POST https://pingidentity.com:8443/Users Authorization: Basic Y249RGlyZWN0b3J5IE1... Content-Type: application/json { "userType":"spy", "externalId":"tstark86753", "pacsSerial":"87654321", "active":true, "otpSerial":"12345678", "email":"tony.stark@pingidentity.com", "userName":"tstark", "givenName":"Tony", "familyName":"Stark" }
Mobile Cloud Identity OPENID CONNECT
OAuth • Increasingly popular protocol for session management in rich mobile applications • Mobile web applications function well with traditional enterprise authentication • Rich mobile applications may break existing infrastructure like authentication and Web access management
OAuth Components and Flow OAuth resource server OAuth authorization server OAuth client/relying party A Native application R A refresh token access token ded loa ion wn icat do ent ens + auth ok 6. T e code nc fere e 5. R 2. Us er au 3. the To ke n/ nr co efe ns en ren t ce ret urn co de rce ou es n n r atio t tio ca sen pli e ap pr n to ke ss to ce Ac ss 8. ce Ac 7. A 1. Browser instantiated 4. Code delivery Web browser
Why Not Just Use OAuth? • OAuth is: – Valuable as an access delegation protocol – A good fit for native mobile applications – Friendly for developers • OAuth is not: – A user identity protocol – An “identity at scale” protocol
OAuth resource server OpenID Connect Flow authorization server user information endpoint n s en atio k To form in er Us A AP IA cce ss A OAuth client/relying party ID R A ID token refresh token access token OpenID Provider
OIDC Multliple Provider Flow OpenID OpenID Provider #1 Provider OAuth resource server authorization server authorization server user information endpoint user information endpoint n ns kens ionatio t ke o a To1. Tormform f n r in er i e Us2. Us AP3. A A A I A PI cce Ac ss ces s A A OAuth OAuth client/relying party client/relying party ID ID R R A A access refresh access ID refresh token token token token token ID ID OpenID OpenID Provider #2 Provider 4. ID token 5. Access, Refresh tokens R R A A
OpenID Connect Protocols Protocol for clients that support additional security
OpenID Connect Protocols Protocol for simpler clients
OpenID Connect Protocols Optional discovery of OpenID providers
OpenID Connect Protocols Optional automated registration of clients (e.g., server applications, mobile devices)
OpenID Connect Under The Covers • OAuth 2.0 specifications • JSON Web Token (JWT) • JOSE – JSON Web Signature (JWS) – JSON Web Encryption (JWE) – JSON Web Algorithms (JWA) – JSON Web Key (JWK)
Mobile Cloud Identity FIDO
FIDO—A Tale of Two Protocols • FIDO Unified Authentication Framework (UAF) – Local mobile biometrics – Initially proposed by Lenovo, Nok Nok, PayPal, others – Also supports non-biometric authentication • Universal Second Factor (U2F) – “Smart” smart card • Initially proposed by Google and Yubikey (first to partner)
FIDO UAF (2) FIDO handshake FIDO Server F device attestation (3) Asymmetrci key authn web site/RP Binding of user info and public key ID Proofing (1) user authentication to FIDO client FIDO Client authenticator(s) F device key pair site-specific key pairs FIDO Attestation Service F
UAF to OpenID Connect Binding of user info and public key OpenID Provider (1) user authentication to FIDO client F A (5 )A PI re qu es t/ re sp on se (4) Token information (2) FIDO handshake FIDO client (3) asymmetric key authn F FIDO authentication module A mobile application (relying party) ID A tokens R
User info, public key and Key Handle ord auth ser passw (1) u site authn service activation button (activation required during enrollment and optional at runtime) U2F authn service device attestation (2) Challenge response, with Key Han dle web site/RP FIDO U2F site-specific key pairs (with Key Handles) device key pair (per batch) attestation service
U2F to Federation User info, public key and Key Handle Federation IDP U2F authn service Federation SP (2) Challe nge respo nse, with Key Handle (3) SAM L cr ede ntia ls (1) user password auth primary authn service (4) L AM S als nti de cre
SCEP Certificate Enrollment iPhone Configuration Utility Certificate authority Profile service SCEP.mobileconfig CE ex ec ut es S iO S (4) ticates (3) Profile is downloaded n (2) User authe User Pe nr oll me nt (1) Utility publishes enrollment profile ) (5 te ca fi rti Ce in is ed all st in S iO re to s
SCEP Enrollment Vulnerability Certificate authority Profile service (1) Can I have a SCEP secret? e. cat tifi cer 9”. r a 7530 l fo rol “86 en et is r rk, Sta sec n y CE P S To (3 ) Y o u r SCEP.mobileconfig ( M 4) M yS y CE n a Ps m ec e is re “N ti Yo s “ ick ur 86 Fu ce (5) 75 ry rti fic Here 30 ”. ate y 9” . na ou g me o! is N ick Fu ry. (2) Sure! Your SCEP secret is “8675309”. Certificate Private Key
Enhanced Enrollment MDM service Certificate authority (1) Here is public key for user Tony Stark (2) Sure! Here is the certificate (3) He re an is y d p ou riv r c ate ert ke ifica y! te Private key Certificate
MDM - Email Proxy Private key Certificate MDM Identity Bridge Exchange Server S4U Kerberos impersonation X.509 authentication Kerberos tickets Active Directory
Mobile Cloud Identity NFC
NFC on Mobile Device Antenna NFC controller Secure element NFC system
NFC for Converged Authentication Building access NFC IT access
NFC for Tablet Authentication Smartphone Web application Private key SSL Certificate NFC Tablet Contactless smart card
NFC Provisioning PKI Certificate Mobile Credential Management Service (MCM) PACS Credential A A Application Application Externally Hosted On-Premises Identity Bridge Certificate Authority PACS Host Active Directory
Mobile Credential Management Service Trusted Service Manager MDM Mobile Credential Management Service (MCM) Mobile Network Operators NFC Secure Element A
NFC Authorization Authorization Policy PKI Authentication Policy Delivery PKI Certificate
48 Copy right ©2013 Ping Identity Corporation. All rights reserv ed.

Empfohlen

Identity and Access Management Provider
Identity and Access Management ProviderIdentity and Access Management Provider
Identity and Access Management ProviderPriyanka Agarwal
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
Fido and Touch ID
Fido and Touch IDFido and Touch ID
Fido and Touch IDSteve Sidner
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 

Empfohlen

Identity and Access Management Provider
Identity and Access Management ProviderIdentity and Access Management Provider
Identity and Access Management ProviderPriyanka Agarwal
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
Fido and Touch ID
Fido and Touch IDFido and Touch ID
Fido and Touch IDSteve Sidner
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 
Enisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionEnisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionAli Soleymani
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
Web Authn & Security Keys: Unlocking the Key to Authentication
Web Authn & Security Keys: Unlocking the Key to AuthenticationWeb Authn & Security Keys: Unlocking the Key to Authentication
Web Authn & Security Keys: Unlocking the Key to AuthenticationFIDO Alliance
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO Alliance
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Agile Set, LLC
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
Worldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleWorldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleFIDO Alliance
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...FIDO Alliance
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO Alliance
 
Usher functionality
Usher functionalityUsher functionality
Usher functionalityMark Fazackerley
 
Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Brian Campbell
 

Weitere ähnliche Inhalte

Was ist angesagt?

Enisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionEnisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionAli Soleymani
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
Web Authn & Security Keys: Unlocking the Key to Authentication
Web Authn & Security Keys: Unlocking the Key to AuthenticationWeb Authn & Security Keys: Unlocking the Key to Authentication
Web Authn & Security Keys: Unlocking the Key to AuthenticationFIDO Alliance
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO Alliance
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Agile Set, LLC
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
Worldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleWorldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleFIDO Alliance
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...FIDO Alliance
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO Alliance
 

Was ist angesagt? (20)

Enisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionEnisa report e idas compliant eid solution
Enisa report e idas compliant eid solution
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2F
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
 
Web Authn & Security Keys: Unlocking the Key to Authentication
Web Authn & Security Keys: Unlocking the Key to AuthenticationWeb Authn & Security Keys: Unlocking the Key to Authentication
Web Authn & Security Keys: Unlocking the Key to Authentication
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security Keys
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
 
Worldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleWorldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of Sale
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile Connect
 

Andere mochten auch

Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Brian Campbell
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarBrian Campbell
 

Andere mochten auch (6)

Usher functionality
Usher functionalityUsher functionality
Usher functionality
 
Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations Seminar
 

Ähnlich wie Mobile Cloud Identity

Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New BlackWSO2
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...Nuno Árias Silva
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...Nuno Árias Silva
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATUREProfesia Srl, Lynx Group
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
FIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonFIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonKi-Eun Shin
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationChristian Glahn
 

Ähnlich wie Mobile Cloud Identity (20)

Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access Control
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
 
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
FIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonFIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG Hackathon
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
Architect day 20181128 - Afternoon Session
Architect day 20181128 - Afternoon SessionArchitect day 20181128 - Afternoon Session
Architect day 20181128 - Afternoon Session
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
 

Kürzlich hochgeladen

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

Mobile Cloud Identity

  • 1. Mobile Cloud Identity Mark Diodati Technical Director—CTO Office @mark_diodati mdiodati@pingidentity.com Thurs 13-12-05
  • 2. Agenda • • • • • Cloud Identity Modern Identity’s Building Blocks OpenID Connect FIDO NFC
  • 5. Cloud Identity • Identity Management as a Service (IDaaS) – Externally hosted, turnkey SaaS applications that perform identity management • Users and applications may be on-premises or hosted – OPEX, flexible with changes in economies of scale • Identity bridge – On-premises component to connect on-premises and externally hosted environments – Supports multiple identity services
  • 7. Hosted On-Premises Sync (API) Federation SSO To The Cloud (SSO + Provisioning) Identity bridge s ero b Ker Employee Dire ctor y SSO syn c Federation IdP Directory synchronization Active Directory
  • 8. To The Cloud (Mobile Identity) MDM cloud service Private key Profile/policy Credential provisioning Group A App distro Externally Hosted On-Premises Group Microsoft Certificate Services Identity Bridge MDM Active Directory MMC
  • 9. From The Cloud (SSO) Partner SAML, OAuth, Password, X.509 Hosted On-Premises OAuth relying party OAuth authorization service Federation SP Federation IDP OAuth resource server HTTP cookie uth OA Identity bridge WAM-protected application SAM L SAML-enabled application
  • 10. From the Cloud (Provisioning) Provisioning IDaaS Externally Hosted ERP Reconciliation Active Directory Europe Identity bridge North America On-Premises Identity bridge Manufacturing Reconciliation Active Directory
  • 11. In The Cloud (SSO + Provisioning) IDaaS Provisioning Provisioning Federation IdP Authentication Federated SSO User Hosted On-Premises
  • 12. Mobile Cloud Identity MODERN BUILDING BLOCKS
  • 13. Modern Building Blocks • REST (Representational State Transfer) – Adopted in response to the complexity of SOAP – Uses HTTP for its request/response – Objects are represented as URLs – Example HTTP verbs • GET: retrieve object attributes • POST: create object with new attributes • DELETE: delete object
  • 14. Modern Building Blocks • JSON (JavaScript Object Notation) – Adopted in response to the complexity of XML – Data format representing name value pairs
  • 15. Modern Building Blocks • Most modern identity standards leverage JSON over REST – Peanut butter and jelly – OAuth (authorization), SCIM (provisioning), FIDO (authentication), OpenID Connect (multi-protocol) • Some notable exceptions are SAML and XACML
  • 16. Modern Building Blocks POST https://pingidentity.com:8443/Users Authorization: Basic Y249RGlyZWN0b3J5IE1... Content-Type: application/json { "userType":"spy", "externalId":“tstark86753", REST HTTP verb (add user in "pacsSerial":"87654321", "active":true, SCIM) "otpSerial":"12345678", "email":“tony.stark@pingidentity.com", "userName":"lcarroll", "givenName":“Tony", "familyName":“Stark“ }
  • 17. Modern Building Blocks POST https://pingidentity.com:8443/Users Authorization: Basic Y249RGlyZWN0b3J5IE1... Content-Type: application/json { "userType":"spy", "externalId":“tstark86753", "pacsSerial":"87654321", In REST, objects and "active":true, endpoints have "otpSerial":"12345678", "email":“tony.stark@pingidentity.com", unique URLs "userName":"lcarroll", "givenName":“Tony", "familyName":“Stark“ }
  • 18. Modern Building Blocks JSON data representation POST https://pingidentity.com:8443/Users Authorization: Basic Y249RGlyZWN0b3J5IE1... Content-Type: application/json { "userType":“superhero", "externalId":"tstark86753", "pacsSerial":"87654321", "active":true, "otpSerial":"12345678", "email":"tony.stark@pingidentity.com", "userName":"tstark", "givenName":"Tony", "familyName":"Stark" }
  • 19. Modern Building Blocks POST https://pingidentity.com:8443/Users Authorization: Basic Y249RGlyZWN0b3J5IE1... Content-Type: application/json { "userType":"spy", "externalId":"tstark86753", "pacsSerial":"87654321", "active":true, "otpSerial":"12345678", "email":"tony.stark@pingidentity.com", "userName":"tstark", "givenName":"Tony", "familyName":"Stark" }
  • 21. OAuth • Increasingly popular protocol for session management in rich mobile applications • Mobile web applications function well with traditional enterprise authentication • Rich mobile applications may break existing infrastructure like authentication and Web access management
  • 22. OAuth Components and Flow OAuth resource server OAuth authorization server OAuth client/relying party A Native application R A refresh token access token ded loa ion wn icat do ent ens + auth ok 6. T e code nc fere e 5. R 2. Us er au 3. the To ke n/ nr co efe ns en ren t ce ret urn co de rce ou es n n r atio t tio ca sen pli e ap pr n to ke ss to ce Ac ss 8. ce Ac 7. A 1. Browser instantiated 4. Code delivery Web browser
  • 23. Why Not Just Use OAuth? • OAuth is: – Valuable as an access delegation protocol – A good fit for native mobile applications – Friendly for developers • OAuth is not: – A user identity protocol – An “identity at scale” protocol
  • 24. OAuth resource server OpenID Connect Flow authorization server user information endpoint n s en atio k To form in er Us A AP IA cce ss A OAuth client/relying party ID R A ID token refresh token access token OpenID Provider
  • 25. OIDC Multliple Provider Flow OpenID OpenID Provider #1 Provider OAuth resource server authorization server authorization server user information endpoint user information endpoint n ns kens ionatio t ke o a To1. Tormform f n r in er i e Us2. Us AP3. A A A I A PI cce Ac ss ces s A A OAuth OAuth client/relying party client/relying party ID ID R R A A access refresh access ID refresh token token token token token ID ID OpenID OpenID Provider #2 Provider 4. ID token 5. Access, Refresh tokens R R A A
  • 26. OpenID Connect Protocols Protocol for clients that support additional security
  • 27. OpenID Connect Protocols Protocol for simpler clients
  • 28. OpenID Connect Protocols Optional discovery of OpenID providers
  • 29. OpenID Connect Protocols Optional automated registration of clients (e.g., server applications, mobile devices)
  • 30. OpenID Connect Under The Covers • OAuth 2.0 specifications • JSON Web Token (JWT) • JOSE – JSON Web Signature (JWS) – JSON Web Encryption (JWE) – JSON Web Algorithms (JWA) – JSON Web Key (JWK)
  • 32. FIDO—A Tale of Two Protocols • FIDO Unified Authentication Framework (UAF) – Local mobile biometrics – Initially proposed by Lenovo, Nok Nok, PayPal, others – Also supports non-biometric authentication • Universal Second Factor (U2F) – “Smart” smart card • Initially proposed by Google and Yubikey (first to partner)
  • 33. FIDO UAF (2) FIDO handshake FIDO Server F device attestation (3) Asymmetrci key authn web site/RP Binding of user info and public key ID Proofing (1) user authentication to FIDO client FIDO Client authenticator(s) F device key pair site-specific key pairs FIDO Attestation Service F
  • 34. UAF to OpenID Connect Binding of user info and public key OpenID Provider (1) user authentication to FIDO client F A (5 )A PI re qu es t/ re sp on se (4) Token information (2) FIDO handshake FIDO client (3) asymmetric key authn F FIDO authentication module A mobile application (relying party) ID A tokens R
  • 35. User info, public key and Key Handle ord auth ser passw (1) u site authn service activation button (activation required during enrollment and optional at runtime) U2F authn service device attestation (2) Challenge response, with Key Han dle web site/RP FIDO U2F site-specific key pairs (with Key Handles) device key pair (per batch) attestation service
  • 36. U2F to Federation User info, public key and Key Handle Federation IDP U2F authn service Federation SP (2) Challe nge respo nse, with Key Handle (3) SAM L cr ede ntia ls (1) user password auth primary authn service (4) L AM S als nti de cre
  • 37. SCEP Certificate Enrollment iPhone Configuration Utility Certificate authority Profile service SCEP.mobileconfig CE ex ec ut es S iO S (4) ticates (3) Profile is downloaded n (2) User authe User Pe nr oll me nt (1) Utility publishes enrollment profile ) (5 te ca fi rti Ce in is ed all st in S iO re to s
  • 38. SCEP Enrollment Vulnerability Certificate authority Profile service (1) Can I have a SCEP secret? e. cat tifi cer 9”. r a 7530 l fo rol “86 en et is r rk, Sta sec n y CE P S To (3 ) Y o u r SCEP.mobileconfig ( M 4) M yS y CE n a Ps m ec e is re “N ti Yo s “ ick ur 86 Fu ce (5) 75 ry rti fic Here 30 ”. ate y 9” . na ou g me o! is N ick Fu ry. (2) Sure! Your SCEP secret is “8675309”. Certificate Private Key
  • 39. Enhanced Enrollment MDM service Certificate authority (1) Here is public key for user Tony Stark (2) Sure! Here is the certificate (3) He re an is y d p ou riv r c ate ert ke ifica y! te Private key Certificate
  • 40. MDM - Email Proxy Private key Certificate MDM Identity Bridge Exchange Server S4U Kerberos impersonation X.509 authentication Kerberos tickets Active Directory
  • 42. NFC on Mobile Device Antenna NFC controller Secure element NFC system
  • 43. NFC for Converged Authentication Building access NFC IT access
  • 44. NFC for Tablet Authentication Smartphone Web application Private key SSL Certificate NFC Tablet Contactless smart card
  • 45. NFC Provisioning PKI Certificate Mobile Credential Management Service (MCM) PACS Credential A A Application Application Externally Hosted On-Premises Identity Bridge Certificate Authority PACS Host Active Directory
  • 47. NFC Authorization Authorization Policy PKI Authentication Policy Delivery PKI Certificate
  • 48. 48 Copy right ©2013 Ping Identity Corporation. All rights reserv ed.