190 likes | 256 Views
Introduction to:. Single Sign On Evolved. Claudio Sanchez | LinkedIn.com /in/ ClaudioASanchez | @ ClaudioASanchez. Realtime feedback . @ ClaudioASanchez # CMAPCCWIF #CMAPCC. Agenda. Application Security Federated Identity What problem are we trying to solve? Case study
E N D
Introduction to: Single Sign On Evolved Claudio Sanchez | LinkedIn.com/in/ClaudioASanchez | @ClaudioASanchez
Realtime feedback • @ClaudioASanchez • #CMAPCCWIF • #CMAPCC
Agenda Application Security Federated Identity What problem are we trying to solve? Case study Current state of affairs Identity in Real Life Terminology The Federated Authdance Code demo Q&A
Application Security • Not Sexy • Requires specialized knowledge • Often times, depends on the environment • Never hear about it, unless it fails
Federated Identity • Organization for the Advancement of Structured Information Standards (OASIS) • WS-Federation • WS-Trust • SAML • OpenID, Oauth, Facebook Connect
The Face of WIF Vittorio Bertocci | Microsoft | Vibro.NET NOT Vittorio
What problem are we solving? • How many accounts/passwords do you currently have? “Various Gartner studies have estimated that 25% to 35% of calls made to help desks are related to password resets” “Analysts’ estimate costs at approximately $25 to $40 per call with four password reset calls per user per year ”
Case Study | Health Care • Clinicians use an average of 6.4 passwords per day • SSO solution can save an average of 9.51 minutes per day per clinician • $2,675 per year, per clinician1 • 1,051 patient beds • More than 1,710 full-time attending physicians • 700 full-time equivalent clinicians can save more than $1.88 million per year with an SSO solution in place. $2,675 lost productivity per clinician*1,710 physicians= $4,574,250 1 Based on a $135K/Year Salary, and 250 working days. Source: The Gartner Group, 2002 & The PonemonInstitute, 2010
Our apps are prisoners Login.aspx Page1.aspx Credential Stores Credential Types / APIs User Attributes Stores
Identity in Real Life Externalizes Authentication ? ? ! Gets user info from the document
Terminology • Claim • Anything that can be said about a user • Name, email, age, role, gender, Sports Team Affiliation, etc • Security Token • Serialized collection of claims • Crypto-signed by issuer • Identity Provider (IdP) • The issuer responsible for authenticating the user • Relaying Party • An application configured to trust an IdP for authentication (Your application)
Claims Can Set Your Application Free Identity Provider Windows Azure ACS STS Claims Relying Party Security Token
Multiple apps “One token to rule them all”
LinkedIn.com/in/ClaudioASanchez @ClaudioASanchez http://ClaudioASanchez.blogspot.com