Federation in Practice

845 views

Published on

Presented by Victor Ake, OpenAM Product Manager and ForgeRock Co-Founder at ForgeRock Open Identity Stack Summit, June 2013.

Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/

Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
845
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
46
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Federation in Practice

  1. 1. Open Identity SummitFederation in practiceVíctor AkéOpenAM Product ManagerForgeRock
  2. 2. Open Identity SummitApplications and data within the firewall perimeterUsers within the enterpriseDifficult to roll out new servicesOLD ACCESS CONTROL
  3. 3. Open Identity SummitHanseatic League (Hansa)Trade ConfederationCenturies 13th – 17thTrading outside the wallsSecureMembership agreementFollow protocol
  4. 4. Open Identity SummitPartnersOutsourcingSuppliersCustomersInformation, services and users outside the fireWALL
  5. 5. Open Identity SummitFEDERATIONFederalism is a political concept in whicha group of members are bound togetherby covenant (Latin: foedus, covenant*)with a governing representative head.*Agreement
  6. 6. Open Identity SummitSChengen AreaIt is a group of 26 Europeancountries that have abolishedpassport and immigrationcontrols at their commonborders.!  Present your security tokenat the entrance!  Travel seamlessly within thearea
  7. 7. Open Identity SummitPartnersOutsourcingSuppliersCustomersCommercialApplicationsIn-house devapplicationsLegacyapplicationsDirectoryDatabasesActiveDirectoryEnterpriseFEDERATEDIDENTITYIs the means of linking a person´s electronic identity and attributes,stored across multiple distinct identity management systems
  8. 8. Open Identity SummitBenefits of Federated identityProvides Single Sign On for an enhanced user experienceShare information across partners securely and privatelyPromote adoption of new servicesReduces costsCloud friendlyMobile friendly
  9. 9. Open Identity SummitIdentity Federation StandardsSAML 2.0Ws-federationID-FF
  10. 10. Open Identity SummitIdentity Provider,Asserting PARTY, IdPService Provider,Relaying party,Consumer, SPCircle of TrustService Provider,Relaying party,Consumer, SPAgreementsprincipalAuthenticateObtain TokenPresent tokenAccess resourceIdentity Federation actors
  11. 11. Open Identity Summit! Enterprise connected to CloudSaaS, partners, suppliers, etc! Customers using socialauthenticationSaaSPrivate CloudSocialPartnersOutsourcingSuppliersCommercialApplicationsIn-house devapplicationsLegacyapplicationsDirectoryDatabasesActiveDirectoryUse cases
  12. 12. Open Identity Summit! SaaS/IDaas Providing services toEnterprises! Social authentication to SaaS andIDaaSMulti-tenantIdPMulti-tenantSPIDaasSaaSSocialCommercialApplicationsIn-house devapplicationsLegacyapplicationsDirectoryDatabasesActiveDirectoryUse cases
  13. 13. Open Identity SummitWebAppNativeAppNativeAppWebAppLoginAppREST/OAuth2/OpenIDConnectAuthenticationAuthorizationAttribute DeliveryFederationSSOToken PersistenceSession MgmtOAuth2 ProviderOpenAMCloudEnterpriseUse cases
  14. 14. Open Identity SummitSP to IdP MeshIdP$IdP$IdP$IdP$SP$SP$SP$
  15. 15. Open Identity SummitIdP ProxyIdP$IdP$IdP$IdP$SP$SP$SP$IdPProxy
  16. 16. Open Identity SummitFederation is more than SSOSAML 2.0IdP, SP, IdP Proxy, Attribute Query Provider, AttributeAuthority, Authentication Authority, XACML PEP, XACMLPDPWS-FederationIdP, SPID-FFIdP, SPOAuth 2.0RESTful Authorization protocol
  17. 17. Open Identity SummitOpenAM + familyOpenamFull blown FederationOpenAM FedletLightweight SAML 2.0 SPOpenIG and FedletPowerful combination of integration and SAML 2.0
  18. 18. Open Identity SummitWalkthrough on how to configure OpenAMto achieve SSO to GoogleApps & SalesForceusing SAML2
  19. 19. Open Identity SummitIDPSP SPCircle of TrustSSO to Google apps and salesforcedemo.openam.org
  20. 20. Q & AVíctor AkéOpenAM Product ManagerForgeRockThanks !

×