Security Cas And Open Id

720
-1

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
720
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security Cas And Open Id

  1. 1. Security and Identity Ruby, CAS and OpenID Justin Gehtland justin@thinkrelevance.com Copyright 2007, Relevance, Inc. Licensed only for use in conjunction with Relevance-provided training For permission to use, send email to contact@thinkrelevance.com
  2. 2. Hello, My Name Is Justin Gehtland President of Relevance justin@thinkrelevance.com Copyright 2007, Relevance Inc.
  3. 3. Step 1 > rails myapp Copyright 2007, Relevance Inc.
  4. 4. Step 2 > script/plugin install acts_as_authenticated Copyright 2007, Relevance Inc.
  5. 5. Step 3 There is no step 3! Copyright 2007, Relevance Inc.
  6. 6. Good Enough? Redundant implementations No shared auth Comingled storage Copyright 2007, Relevance Inc.
  7. 7. Identity: There should be only one Client Rails App Auth Store Request Locked Page Redirect to Central Login Request Login Page, Perform Login Return Token Request Locked Page, Present Token Provide Token, URL Authenticate request Provide Locked Page Copyright 2007, Relevance Inc.
  8. 8. Two Types of Central Authentication Private Located within enterprise or WAN Circumscribed set of apps Public Available on public internet Apps opt in Copyright 2007, Relevance Inc.
  9. 9. OpenID (PUBLIC) Free, Open central ID Vendor-supported, but not controlled Copyright 2007, Relevance Inc.
  10. 10. ruby-openid Dependencies on: net transports Yadis (OpenID + directory service) Copyright 2007, Relevance Inc.
  11. 11. CAS (PRIVATE) Central Authentication Service FOSS Java-based Copyright 2007, Relevance Inc.
  12. 12. rubycas-client Matt Zukowski, Ola Bini and Matt Walker Simple wrapper around CAS Development is mostly just configuration Copyright 2007, Relevance Inc.
  13. 13. What about... LDAP NTLM Commercial SSOs Copyright 2007, Relevance Inc.

×