1 / 16

Single Sign-On architectures in Public Networks (Liberty Alliance)

Single Sign-On architectures in Public Networks (Liberty Alliance). Aries Fajar Dwiputera Mentor: Dr.-Ing. S. Rupp. Seminar of Advanced Communication Services INFOTECH SS 2005 University of Stuttgart. HEADHACHE !!!!. IDENTITY CRISIS. IDENTITY NEEDS. CONVINIENCES

aria
Download Presentation

Single Sign-On architectures in Public Networks (Liberty Alliance)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Single Sign-On architectures in Public Networks (Liberty Alliance) Aries Fajar Dwiputera Mentor: Dr.-Ing. S. Rupp Seminar of Advanced Communication Services INFOTECH SS 2005 University of Stuttgart

  2. HEADHACHE !!!! IDENTITY CRISIS

  3. IDENTITY NEEDS • CONVINIENCES User easiness and minimize user bad experience (forgotten identity) • STANDARDIZED Can be implemented across different platform and device • SECURE To avoid Identity Fraud • PRIVACY Privacy must be controlled by the owner • LOWER COST Services for everybody

  4. Agenda • Problems • Liberty Alliance Project • Federated Identity • Circle of Trust • Liberty Architecture • Single-Sign-On ( Authentication ) • Profiles ( Authorization ) • Single-Log-Out • PGP Trust Relationship • Comparison of Liberty Alliance and PGP • Combination of Liberty Alliance and PGP • Conclusion • Questions and Answers

  5. Gmail.com XXX 111 TTT 444 YYY 222 Amazon.de Citibank.de Federated Identity ZZZ 333 ………. Ebay.de ……….. Liberty Alliance – Federated Identity - Solve compatibility between environments - Unions of identity

  6. Citibank.de Ebay.de ……. IDP Amazon.com Liberty Alliance -Circle of Trust • User / • Principal • Identity • Provider • Service • Provider User IDP SP

  7. Liberty Alliance –Architecture Source : www.projectliberty.org

  8. Request Obtain IDP Response + Redirection Auth Request Process Auth Response + Token Request + token Verified Token Response Process Assertion Response Transactions Liberty Alliance –Single-Sign-On User Service Provider Identity Provider - Sign-on once at a Liberty enabled site - Seamlessly signed-on - No need to authenticate again.

  9. IDP Liberty Alliance –Profiles • Different Profiles and Roles - Different access rights User Personalization Roles : Guest Roles : Reseller Roles : User Roles : Guest

  10. Authenticate + Authorize ( Transactions ) Request Single Log Out Request Log Out Process Log Out Log Out Response Single Log OutConfirmed Liberty Alliance –Single Sign Out User Identity Provider Service Provider Synchronized session logout functionality across all sessions that were authenticated by a particular identity provider.

  11. Agenda • Problems • Liberty Alliance Project • Federated Identity • Circle of Trust • Liberty Architecture • Single-Sign-On ( Authentication ) • Profiles ( Authorization ) • Single-Log-Out • PGP Trust Relationship • Comparison of Liberty Alliance and PGP • Combination of Liberty Alliance and PGP • Conclusion • Questions and Answers

  12. PGP Trust Relationship • Web of Trust • Introducer • Each other’s signature • Decentralized

  13. Comparison :Liberty Alliance and PGP

  14. User IDP SP Web of Trust Combination :Liberty Alliance – PGP • Web of Trust between IDPs • and SPs • Circle of Trust between • User-IDP

  15. CONCLUSION :Combination Liberty Alliance and PGP • Single-Sign-On • Conveniences and easiness for the User • Easy Key Management • The burden switch away from the user • Authenticate and Authorize • User profiles and personalization • Distributed & Mobile • Everything is connected and One-Time-Service • Scalability • Adding new element is easy

  16. THANK YOU

More Related