1 / 17

Trusted 3 rd Party Authentication & Friends: SSO and IdM

Trusted 3 rd Party Authentication & Friends: SSO and IdM. NWACC Security Workshop 2013 Portland. Overview. Arc of Authentication History Define Trusted 3 rd Party Authentication (TTPA) Place TTPA in current computing trend Advantages Challenges Technology

ziv
Download Presentation

Trusted 3 rd Party Authentication & Friends: SSO and IdM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trusted 3rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland

  2. Overview • Arc of Authentication History • Define Trusted 3rd Party Authentication(TTPA) • Place TTPAin current computing trend • Advantages • Challenges • Technology • Single Sign-On (SSO) & Identity Management (IdM) • Security’s Stake • Discussion • Advanced topics • Multi-factor authentication • Identity acceptance from 3rd parties

  3. A Brief History of Authentication Source: http://www.guardian.co.uk/technology/2008/mar/06/computing.google http://infomotions.com/musings/waves/media/client-server-illustration.gif

  4. “The Cloud” This is where our romance gets rocky Source: http://files.softicons.com/download/application-icons/clouds-icons-by-studiotwentyeight/png/512x512/CloudApp.png

  5. What is a Trusted 3rd Party An entity two parties, who may have no knowledge about each other, trust. In this case the 3rd party is used to facilitate authentication and/or exchange of attributes

  6. Trend in Enterprise IT The rise of BUI and the “Cloud” are pushing more enterprise and workgroup solutions to to HTTP/S and off our networks. • Google Apps, Office365 • AWS, Google App Engine • Salesforce • DocuSign • Box.net, DropBox

  7. Advantages • Service providers never have user authentication credentials • Service providers do not need to manage accounts • Single, uniformed login interface • Signed assertions are difficult to forge

  8. Challenges • Not all IdPand SP get along • Need to negotiate attribute release and formatting • Single Sign-on can create an inconsistent user experience since SP can tune behavior • Not getting cross eyed reading XML

  9. How can we do this? • Shibboleth • Microsoft Active Directory Federation Services • Central Authentication Service (CAS) • Homegrown SAML generator/interrupter Security Assertion Markup Language

  10. Hitchhiker & a Dependency • Signle Sign-on (SSO) • Identity Management (IdM)

  11. Security’s stake in all this. • Increases the value of a credential • Access auditing • Authorization • Provisioning/deprovisioning become tied to roles and attributes • Confidence in assertion exchange

  12. Discussion What are you doing for centralized web authentication? Would you consider it trusted 3rd party authentication and do you have any brief tips or lessons you can share?

  13. Advanced Topics • Multi-factor authentication • Can be a vended solution • Phone, SMS, smartphone app, hardware • Identity acceptance from 3rd parties (Facebook, Google, Twitter, etc.)

  14. Resources http://shibboleth.net/ https://incommon.org/ http://www.jasig.org/cas Google “MS ADFS”

  15. Trusted 3rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland nathan.zierfuss@alaska.edu

More Related