Trusted 3 rd Party Authentication & Friends: SSO and IdM

17
Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland

description

Trusted 3 rd Party Authentication & Friends: SSO and IdM. NWACC Security Workshop 2013 Portland. Overview. Arc of Authentication History Define Trusted 3 rd Party Authentication (TTPA) Place TTPA in current computing trend Advantages Challenges Technology - PowerPoint PPT Presentation

Transcript of Trusted 3 rd Party Authentication & Friends: SSO and IdM

Page 1: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

Trusted 3rd Party Authentication & Friends: SSO and

IdMNWACC Security Workshop 2013

Portland

Page 2: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

• Arc of Authentication History• Define Trusted 3rd Party Authentication (TTPA)• Place TTPA in current computing trend• Advantages• Challenges• Technology• Single Sign-On (SSO) & Identity Management

(IdM)• Security’s Stake• Discussion• Advanced topics

o Multi-factor authenticationo Identity acceptance from 3rd parties

Overview

Page 3: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

Source: http://www.guardian.co.uk/technology/2008/mar/06/computing.google http://infomotions.com/musings/waves/media/client-server-illustration.gif

A Brief History of Authentication

Page 4: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

Source: http://files.softicons.com/download/application-icons/clouds-icons-by-studiotwentyeight/png/512x512/CloudApp.png

“The Cloud” This is where our romance gets rocky

Page 5: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

An entity two parties, who may have no knowledge about each other, trust. In this case the 3rd party is used to facilitate authentication and/or exchange of attributes

What is a Trusted 3rd Party

Page 6: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM
Page 7: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

The rise of BUI and the “Cloud” are pushing more enterprise and workgroup solutions to to HTTP/S and off our networks.

- Google Apps, Office365- AWS, Google App Engine- Salesforce- DocuSign- Box.net, DropBox

Trend in Enterprise IT

Page 8: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM
Page 9: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

• Service providers never have user authentication credentials• Service providers do not need to

manage accounts• Single, uniformed login interface• Signed assertions are difficult to

forge

Advantages

Page 10: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

• Not all IdP and SP get along• Need to negotiate attribute release

and formatting• Single Sign-on can create an

inconsistent user experience since SP can tune behavior• Not getting cross eyed reading XML

Challenges

Page 11: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

• Shibboleth• Microsoft Active Directory Federation

Services• Central Authentication Service (CAS)• Homegrown SAML

generator/interrupter

Security Assertion Markup Language

How can we do this?

Page 12: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

• Signle Sign-on (SSO)• Identity Management (IdM)

Hitchhiker & a Dependency

Page 13: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

• Increases the value of a credential• Access auditing• Authorization• Provisioning/deprovisioning become

tied to roles and attributes • Confidence in assertion exchange

Security’s stake in all this.

Page 14: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

What are you doing for centralized web authentication?

Would you consider it trusted 3rd party authentication and do you have any brief tips or lessons you can share?

Discussion

Page 15: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

• Multi-factor authenticationoCan be a vended solutiono Phone, SMS, smartphone app, hardware• Identity acceptance from 3rd parties

(Facebook, Google, Twitter, etc.)

Advanced Topics

Page 16: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

http://shibboleth.net/https://incommon.org/http://www.jasig.org/casGoogle “MS ADFS”

Resources

Page 17: Trusted 3 rd  Party Authentication & Friends: SSO and  IdM

Trusted 3rd Party Authentication & Friends: SSO and

IdMNWACC Security Workshop 2013

Portland

[email protected]