SlideShare ist ein Scribd-Unternehmen logo

OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update

Als PPTX, PDF herunterladen
O
OpenIDFoundation

OpenID Foundation Fast Federation (FastFed) Working Group update presented by Darin McAdams (Amazon) at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.

Internet
1 von 54
® FAST FED A NEW STANDARD TO SIMPLIFY SSO ADOPTION Erik Gustavson, Engineering Manager, Google Darin McAdams, Principal Engineer, AWS
® The Problem Low adoption of federation in enterprise settings
® The Problem Low adoption of federation in enterprise settings Why? It’s hard to configure.
®
® 44 STEPS
® Strange Terminology Entity ID ACS URLIdP Metadata Signed Responses Name ID Mapping Certificate Downloads
® User Attribute Mappings • FirstName • first_name • f_name • GivenName • given_name • givenName App wants:You have:
® User Provisioning
® User Provisioning More terminology! More to configure! JIT SCIM User Lifecycle Management
® The Results Error: Could not validate SAML response
® Finally, Success!
® Finally, Success! Until 1 year later…
® Finally, Success! Until 1 year later… Security Certificate Expired!
® Lots of Pain System Administrator Budget 1-2 weeks to configure SSO to each application Identity Providers Each app is different. Custom integration & documentation. Service Providers Getting into Identity Provider catalogs. Not self-service. What should I be doing!?
® Today’s Registration Experience Identity Provider Service Provider Copy/Paste Copy/Paste Admin
® Desired Registration Experience Identity Provider Service Provider Admin
® Fast Federation (FastFed) Working Group
® How does FastFed work? • Does NOT replace SAML, OIDC, SCIM… • DOES orchestrate the configuration of them
® Message Flows Identity Provider Service Provider
® Message Flows Identity Provider Service Provider
® Message Flows Identity Provider Service Provider alice@company.com
® Message Flows Identity Provider Service Provider alice@company.com
® Message Flows Identity Provider Service Provider alice@company.com Company.com GET https://_well-known.company.com/webfinger
® Message Flows Identity Provider Service Provider Company.com "https://tenant-12345.idp.com/fastfed"
® Message Flows Identity Provider Service Provider "https://tenant-12345.idp.com/fastfed"
® Message Flows Identity Provider Service Provider "https://tenant-12345.idp.com/fastfed" Get Metadata
® HTTP/1.1 200 OK Content-Type: application/json { "identity_provider": { "provider_domain": ”idp.com", "tenant_id": "tenant-12345", ”display name": ”Identity Provider”, ”display_images": { "large_icon_uri": "https://idp.com/images/tile.png", } "capabilities": { "authentication_profiles": [ "urn:ietf:params:fastfed:1.0:authentication:SAML:Basic", ], "provisioning_profiles":[ "urn:ietf:params:fastfed:1.0:provisioning:SCIM:FullLifeCycle" ], "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], } "jwks_uri": "https://idp.com/fastfed/keys", "fastfed_handshake_start_uri": "https://tenant-12345.idp.com/fastfed/start", } Message Flows Identity Provider Service Provider
® HTTP/1.1 200 OK Content-Type: application/json { "identity_provider": { "provider_domain": ”idp.com", "tenant_id": "tenant-12345", ”display name": ”Identity Provider”, ”display_images": { "large_icon_uri": "https://idp.com/images/tile.png", } "capabilities": { "authentication_profiles": [ "urn:ietf:params:fastfed:1.0:authentication:SAML:Basic", ], "provisioning_profiles":[ "urn:ietf:params:fastfed:1.0:provisioning:SCIM:FullLifeCycle" ], "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], } "jwks_uri": "https://idp.com/fastfed/keys", "fastfed_handshake_start_uri": "https://tenant-12345.idp.com/fastfed/start", } Message Flows Identity Provider Service Provider
® HTTP/1.1 200 OK Content-Type: application/json { "identity_provider": { "provider_domain": ”idp.com", "tenant_id": "tenant-12345", ”display name": ”Identity Provider”, ”display_images": { "large_icon_uri": "https://idp.com/images/tile.png", } "capabilities": { "authentication_profiles": [ "urn:ietf:params:fastfed:1.0:authentication:SAML:Basic", ], "provisioning_profiles":[ "urn:ietf:params:fastfed:1.0:provisioning:SCIM:FullLifeCycle" ], "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], } "jwks_uri": "https://idp.com/fastfed/keys", "fastfed_handshake_start_uri": "https://tenant-12345.idp.com/fastfed/start", } Message Flows Identity Provider Service Provider
® HTTP/1.1 200 OK Content-Type: application/json { "identity_provider": { "provider_domain": ”idp.com", "tenant_id": "tenant-12345", ”display name": ”Identity Provider”, ”display_images": { "large_icon_uri": "https://idp.com/images/tile.png", } "capabilities": { "authentication_profiles": [ "urn:ietf:params:fastfed:1.0:authentication:SAML:Basic", ], "provisioning_profiles":[ "urn:ietf:params:fastfed:1.0:provisioning:SCIM:FullLifeCycle" ], "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], } "jwks_uri": "https://idp.com/fastfed/keys", "fastfed_handshake_start_uri": "https://tenant-12345.idp.com/fastfed/start", Message Flows Identity Provider Service Provider
® HTTP/1.1 200 OK Content-Type: application/json { "identity_provider": { "provider_domain": ”idp.com", "tenant_id": "tenant-12345", ”display name": ”Identity Provider”, ”display_images": { "large_icon_uri": "https://cloudprovider.com/images/tile.png", } "capabilities": { "authentication_profiles": [ "urn:ietf:params:fastfed:1.0:authentication:SAML:Basic", ], "provisioning_profiles":[ "urn:ietf:params:fastfed:1.0:provisioning:SCIM:FullLifeCycle" ], "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], } "jwks_uri": "https://idp.com/fastfed/keys", "fastfed_handshake_start_uri": "https://tenant-12345.idp.com/fastfed/start", } Message Flows Identity Provider Service Provider
® HTTP/1.1 200 OK Content-Type: application/json { "identity_provider": { "provider_domain": ”idp.com", "tenant_id": "tenant-12345", ”display name": ”Identity Provider”, ”display_images": { "large_icon_uri": "https://cloudprovider.com/images/tile.png", } "capabilities": { "authentication_profiles": [ "urn:ietf:params:fastfed:1.0:authentication:SAML:Basic", ], "provisioning_profiles":[ "urn:ietf:params:fastfed:1.0:provisioning:SCIM:FullLifeCycle" ], "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], } "jwks_uri": "https://idp.com/fastfed/keys", "fastfed_handshake_start_uri": "https://tenant-12345.idp.com/fastfed/start", } Message Flows Identity Provider Service Provider
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date HTTP REDIRECT
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date HTTP REDIRECT includes location of Service configuration
® HTTP/1.1 200 OK Content-Type: application/json { ”application_provider": { "provider_domain": ”service.com", "tenant_id": "tenant-67890", ”display name": ”Service Provider”, ”display_images": { "large_icon_uri": "https://app.com/images/tile.png", } "capabilities": { "authentication_profiles": [ "urn:ietf:params:fastfed:1.0:authentication:SAML:Basic", ], "provisioning_profiles":[ "urn:ietf:params:fastfed:1.0:provisioning:SCIM:FullLifeCycle" ], "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], } … Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date HTTP REDIRECT includes location of Service configuration
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date • Authenticate
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date • Authenticate • Confirm
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date • Authenticate • Confirm • (Optional) Reviews and Approvals
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date • Authenticate • Confirm • (Optional) Reviews and Approvals
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date Complete Registration • SAML/OIDC Metadata • SCIM Metadata • OAuth ClientID/Secret
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date Complete Registration • SAML/OIDC Metadata • SCIM Metadata • OAuth ClientID/Secret JWT, signed with private key
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date Complete Registration • SAML/OIDC Metadata • SCIM Metadata • OAuth ClientID/Secret JWT, signed with private key Valid?
® Message Flows Identity Provider Service Provider Pending Registration • IdP • Tenant ID • Public Key • Expiration Date Complete Registration • SAML/OIDC Metadata • SCIM Metadata • OAuth ClientID/Secret JWT, signed with private key Valid?
® Message Flows Identity Provider Service Provider• SAML/OIDC Metadata • SCIM Metadata • OAuth ClientID/Secret Response
® Message Flows Identity Provider Service Provider • SAML/OIDC Metadata • SCIM Metadata • OAuth ClientID/Secret • SAML/OIDC Metadata • SCIM Metadata • OAuth ClientID/Secret DONE!
® Working Group Members • ADP • AWS • Google • Microsoft • Okta • SailPoint • Salesforce • and growing…
® Since Identiverse
® Since Identiverse • Closing out remaining issues
® Since Identiverse • Closing out remaining issues, e.g. • IGA Providers
® Since Identiverse • Closing out remaining issues, e.g. • IGA Providers • Provider Authentication
® Since Identiverse • Closing out remaining issues, e.g. • IGA Providers • Provider Authentication • Wordsmithing…
® Since Identiverse • Closing out remaining issues, e.g. • IGA Providers • Provider Authentication • Wordsmithing… • Production timelines?
® Since Identiverse • Closing out remaining issues, e.g. • IGA Providers • Provider Authentication • Wordsmithing… • Production timelines? • Lesson from demo -> UX

Empfohlen

OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
MikeLeszcz
 
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OpenIDFoundation
 
OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02
MikeLeszcz
 
OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16
MikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OpenIDFoundation
 
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
MikeLeszcz
 
OIDF Workshop 4/29/2019 -- OpenID Certification Update
OIDF Workshop 4/29/2019 -- OpenID Certification UpdateOIDF Workshop 4/29/2019 -- OpenID Certification Update
OIDF Workshop 4/29/2019 -- OpenID Certification Update
OpenIDFoundation
 

Empfohlen

OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
MikeLeszcz
 
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OpenIDFoundation
 
OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02
MikeLeszcz
 
OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16
MikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OpenIDFoundation
 
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
MikeLeszcz
 
OIDF Workshop 4/29/2019 -- OpenID Certification Update
OIDF Workshop 4/29/2019 -- OpenID Certification UpdateOIDF Workshop 4/29/2019 -- OpenID Certification Update
OIDF Workshop 4/29/2019 -- OpenID Certification Update
OpenIDFoundation
 
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenIDFoundation
 
OpenID Foundation RISC WG Update - 2018-04-02
OpenID Foundation RISC WG Update - 2018-04-02OpenID Foundation RISC WG Update - 2018-04-02
OpenID Foundation RISC WG Update - 2018-04-02
MikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OpenIDFoundation
 
OpenID Certification Program Update - 2017-10-16
OpenID Certification Program Update - 2017-10-16OpenID Certification Program Update - 2017-10-16
OpenID Certification Program Update - 2017-10-16
MikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OpenIDFoundation
 
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License PresentantionOpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
MikeLeszcz
 
OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16
MikeLeszcz
 
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
MikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OpenIDFoundation
 
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group UpdateOpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
MikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OpenIDFoundation
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
Bjorn Hjelm
 
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OpenIDFoundation
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewOpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
MikeLeszcz
 
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
Brian Campbell
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
WSO2
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
WSO2
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
OpenIDFoundation
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity
WSO2
 
Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015
Vlad Mihnea
 

Weitere ähnliche Inhalte

Was ist angesagt?

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
Brian Campbell
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
WSO2
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
WSO2
 

Was ist angesagt? (20)

OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018
 
OpenID Foundation RISC WG Update - 2018-04-02
OpenID Foundation RISC WG Update - 2018-04-02OpenID Foundation RISC WG Update - 2018-04-02
OpenID Foundation RISC WG Update - 2018-04-02
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
 
OpenID Certification Program Update - 2017-10-16
OpenID Certification Program Update - 2017-10-16OpenID Certification Program Update - 2017-10-16
OpenID Certification Program Update - 2017-10-16
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
 
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License PresentantionOpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
 
OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16
 
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
 
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group UpdateOpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewOpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
 
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 

Ähnlich wie OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update

Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity
WSO2
 
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Amazon Web Services
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
jbasney
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans Zandbelt
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 

Ähnlich wie OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update (20)

Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity
 
Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
Federation Services
Federation ServicesFederation Services
Federation Services
 
SSO Manager
SSO ManagerSSO Manager
SSO Manager
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
 
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS'sMongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans Zandbelt
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
 
20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic way20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic way
 
Can you keep a secret? (XP Days 2017)
Can you keep a secret? (XP Days 2017)Can you keep a secret? (XP Days 2017)
Can you keep a secret? (XP Days 2017)
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 

Mehr von OpenIDFoundation

Mehr von OpenIDFoundation (7)

OIDF Virtual Workshop -- 5/21/2020 -- OpenID Certification Program Update
OIDF Virtual Workshop -- 5/21/2020 -- OpenID Certification Program UpdateOIDF Virtual Workshop -- 5/21/2020 -- OpenID Certification Program Update
OIDF Virtual Workshop -- 5/21/2020 -- OpenID Certification Program Update
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
 
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
 
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group Update
 
OpenID Foundation Research & Education Working Group Update - October 22, 2018
OpenID Foundation Research & Education Working Group Update - October 22, 2018OpenID Foundation Research & Education Working Group Update - October 22, 2018
OpenID Foundation Research & Education Working Group Update - October 22, 2018
 
OpenID Foundation iGov Working Group Update - October 22, 2018
OpenID Foundation iGov Working Group Update - October 22, 2018OpenID Foundation iGov Working Group Update - October 22, 2018
OpenID Foundation iGov Working Group Update - October 22, 2018
 
OpenID Foundation Certification Program Update - October 22, 2018
OpenID Foundation Certification Program Update - October 22, 2018OpenID Foundation Certification Program Update - October 22, 2018
OpenID Foundation Certification Program Update - October 22, 2018
 

Kürzlich hochgeladen

Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
soniya singh
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
sexy call girls service in goa
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
SUHANI PANDEY
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
Diya Sharma
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 

Kürzlich hochgeladen (20)

Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 

OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update

Hinweis der Redaktion

  1. Despite existence of standards like SAML or OIDC, many apps see low federation rates. Not unusual to see percentages in the single digits, or low double-digits. Customers choose to create yet-another-login-and-password instead of SSO.
  2. The reason: Configuring SSO is hard! Let’s look at a typical experience…
  3. 44 steps to configure SSO from GSuite->AWS. This isn’t unusual.
  4. 44 steps to configure SSO from GSuite->AWS. This isn’t unusual.
  5. If you’ve never setup SSO before, you are immediately confused by strange words. “ACS URL? What is an ACS URL?”
  6. You need to be a translator between applications
  7. Besides SSO, how do you create user accounts in the application?
  8. More concepts! JIT, SCIM, Lifecycle
  9. After configuring… this is what happens. It doesn’t work. Maybe a typo, or accidentally copied the wrong value? No helpful logging. Calling tech support.
  10. Finally, you get it working
  11. Until 1 year later. Guess what happens after a year
  12. SAML certificate expiration. Now the system is broken again.
  13. Service Providers have no easy way to add themselves to app catalogs managed by the dentity Providers. They ask the Identity experts: “You made all these standards. Please, tell us what to do!” EVERYONE IS MISERABLE.
  14. What’s happening – a human is copying and pasting between systems. They have 4 browser windows open. The problem - humans are the most unreliable, error-prone data bus we could have chosen.
  15. To solve it, how do we let computers talk to each other? Behind the scenes, same standards. But, computers exchange the configuration programmatically.
  16. This was the goal of the FastFed working group. Later, we’re going to show how it works. But first, let’s show you the new experience.
  17. Does orchestrate their configuration. Sort of a control plane, and opinionated requirements for interoperability.
  18. Aliright, In the N minutes remaining, here’s a whirlwind tour of what’s happening behind the scenes. This is going to be FAST. Gives a taste. Toward the end, we’ll talk about where to learn more if it piques your interest.
  19. The flow starts at the service. Someone has administrative privileges there, and wants to setup SSO. First question – what is their Identity Provider?
  20. FastFed has a couple ways to solve this. The best user experience, and the one I’ll show here, uses their email address. In this case, the service has asked Alice for her email.
  21. Based on the email, we can take the domain name
  22. And, if the company has configured it, make a request to a well-known location to bootstrap. Uses an existing protocol names WebFinger, if you are familiar with it. (Although, we had to change WebFinger a little. )
  23. We get back a location. This tells us where to find the FastFed configuration for Alice. The URL could be anything, just a place to go next.
  24. Next the service can take this URL…
  25. And make a call to retrieve the FastFed Metadata for Alice and her organization
  26. What comes back is a whole lot of information. We won’t go through every detail, but a few highlights…
  27. It includes capabilities
  28. Here, we see this provider wants to use SAML and SCIM with a certain user schema. Another provider could prefer OpenID Connect, for example. This describes those preferences and capabilities.
  29. We see some metadata. Things like unique IDs. Or, display names and images.
  30. There’s also a public key. This will come in later. Just for now - remember – here’s where the service learns the public key for the Identity Provider.
  31. Finally, a URL that points us to the next step in the handshake.
  32. The service captures some of this information into a whitelist. The IDs, the public key. At this point, the service halts. It’s got a half-completed registration. Next step is to hand-off to the Identity Provider to finish the job.
  33. There’s a couple ways to do this handoff, but in practice, an HTTP Redirect will be the most common. Alice is redirected to her Identity Provider using the endpoints discovered earlier.
  34. I’m skipping over it here for time, but the redirect includes parameters for the Identity Provider to learn an equivalent set of metadata about the service. What SSO protocols does it support? What user attributes does it need?
  35. I’m skipping over it here for time, but the redirect includes parameters for the Identity Provider to learn an equivalent set of metadata about the service. What SSO protocols does it support? What user attributes does it need?
  36. The Identity Provider will authenticate Alice
  37. It will confirm she really wants to configure SSO into the service.
  38. Then, at some organizations, this will go into a security queue for approval. This is common, where even though Alice administers the service instance, the organization wants a little scrutiny before anyone in the company can launch 3rd party applications for org-wide use.
  39. Finally, everything’s approved.
  40. We’re ready to finish. Behind the scenes, the Identity Provider will make an HTTP request to complete the registration. Finally, the services begin exchanging metadata to for those protocols. This is the same information you were previously copying-and-pasting manually. BUT, how does the service know the call is allowed? We can’t permit a random IdP to register.
  41. To handle this, the Identity Provider signs the message using it’s public key.
  42. The service can validate. Does this match a pending registration? Signed with the right key?
  43. If everything looks OK, the service accepts it. Captures the metadata from the Identity Provider.
  44. Then, it responds with it’s own Metadata
  45. And we’re done. What happened - apps exchanged the same metadata that human beings were copying-and-pasting before. FastFed workflow creates the trust and communication channels. They can periodically resync to get updates, like SAML certificate rotation.
  46. All the specs are online. This isn’t just Google+AWS. We want everyone to have this experience. Interested? Get involved.
  47. All the specs are online. This isn’t just Google+AWS. We want everyone to have this experience. Interested? Get involved.
  48. All the specs are online. This isn’t just Google+AWS. We want everyone to have this experience. Interested? Get involved.
  49. All the specs are online. This isn’t just Google+AWS. We want everyone to have this experience. Interested? Get involved.
  50. All the specs are online. This isn’t just Google+AWS. We want everyone to have this experience. Interested? Get involved.
  51. All the specs are online. This isn’t just Google+AWS. We want everyone to have this experience. Interested? Get involved.
  52. All the specs are online. This isn’t just Google+AWS. We want everyone to have this experience. Interested? Get involved.
  53. All the specs are online. This isn’t just Google+AWS. We want everyone to have this experience. Interested? Get involved.