SlideShare a Scribd company logo

Identity & access management jonas syrstad

Download as PPTX, PDF
M
Meandmine2
Technology
1 of 12
Identity & access management THE KEY TO THE FLEXIBLE WORKSPACE Jonas Syrstad, jsy@pragma.no
Disclaimer  Avoiding any specific implementation  No deep dive into the protocols  Focus on Enterprises
Key elements; the 4 A’s  Administration  Authentication  Authorization  Auditing
Administration  Identity synchronization  Data flow  Ownership  Premission management  Access  Rights
Challenges  Ownership of data elements  Processes  Data flow
Authentication  Trusted 3rd party  Claims based identity  Open standards  WS-*  SAML
Claims based identity  A Claim is a statement that is true or false  A Security token consists of one or many claims  Examples of claim types  Name  Email  Gender  Group membership  Role
Claims based identity architecture  Security tokens issued by a trusted 3rd party  Consumed by a relying party  Penetrates trust and technology boundaries
Claims based identity architecture Claims Provider (STS like ADFS) 4. Provide security token 3. Request Security token 5. Submit security token Client Relying party (Browser, 2. Demand Security token (ASP.NET, mobile app, WCF service 1. Request application) access ++)
Technologies  WS-* Enterprise  SAML 2.0 Hybrid  OAuth Consumer  OpenId
Authorization  Determine what the user is allowed to do  An application responsibility  Device classification  What  Where  When
Auditing  Which applications does the users have access to?  How do we track a user across systems and modules  Single view of user activity  Automated actions on breaches of protocol

Recommended

Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
webinos Security privacy
webinos Security privacywebinos Security privacy
webinos Security privacywebinos project
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices SecurityAditi Anand
 
Deviceidentity 150909102029-lva1-app6891
Deviceidentity 150909102029-lva1-app6891Deviceidentity 150909102029-lva1-app6891
Deviceidentity 150909102029-lva1-app6891Lan & Wan Solutions
 
Content filters presentation
Content filters presentationContent filters presentation
Content filters presentationkdore
 
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity FoundationLiberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity FoundationSimon Evans
 
Concordia
ConcordiaConcordia
ConcordiaAshish Jain
 
Web Filters
Web FiltersWeb Filters
Web FiltersSwiftTech Solutions, Inc.
 

Recommended

Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
webinos Security privacy
webinos Security privacywebinos Security privacy
webinos Security privacywebinos project
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices SecurityAditi Anand
 
Deviceidentity 150909102029-lva1-app6891
Deviceidentity 150909102029-lva1-app6891Deviceidentity 150909102029-lva1-app6891
Deviceidentity 150909102029-lva1-app6891Lan & Wan Solutions
 
Content filters presentation
Content filters presentationContent filters presentation
Content filters presentationkdore
 
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity FoundationLiberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity FoundationSimon Evans
 
Concordia
ConcordiaConcordia
ConcordiaAshish Jain
 
Web Filters
Web FiltersWeb Filters
Web FiltersSwiftTech Solutions, Inc.
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Hardware Authentication
Hardware AuthenticationHardware Authentication
Hardware AuthenticationCoder Tech
 
A novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologiesA novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologiesGiuseppe La Torre
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
eMAS Multifactor Authentication
eMAS Multifactor AuthenticationeMAS Multifactor Authentication
eMAS Multifactor AuthenticationKalyana Sundaram
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security WhitepaperBoxHQ
 
Authentication With Captive Portal
Authentication With Captive PortalAuthentication With Captive Portal
Authentication With Captive PortalWavecrest Computing
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security ChecklistSimform
 
Grc f43
Grc f43Grc f43
Grc f43SelectedPresentations
 
Web Services Security Tutorial
Web Services Security TutorialWeb Services Security Tutorial
Web Services Security TutorialJorgen Thelin
 
Sesame in a nutshell
Sesame in a nutshellSesame in a nutshell
Sesame in a nutshellharinisanthosh
 
Secure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should HaveSecure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should HaveBoxHQ
 
Joomla web application development vulnerabilities
Joomla web application development vulnerabilitiesJoomla web application development vulnerabilities
Joomla web application development vulnerabilitiesBlazeDream Technologies Pvt Ltd
 
Module 4 CIS 595
Module 4 CIS 595Module 4 CIS 595
Module 4 CIS 595Derick Peterson
 
Pattern For Ws Security
Pattern For Ws SecurityPattern For Ws Security
Pattern For Ws SecurityGianfranco Conti
 
Techniques for securing rest
Techniques for securing restTechniques for securing rest
Techniques for securing restSudhakar Anivella
 
test
testtest
testpixeldemo
 
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...Inspirisys Solutions Limited
 
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseDecriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseBoxHQ
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 

More Related Content

What's hot

Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Hardware Authentication
Hardware AuthenticationHardware Authentication
Hardware AuthenticationCoder Tech
 
A novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologiesA novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologiesGiuseppe La Torre
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
eMAS Multifactor Authentication
eMAS Multifactor AuthenticationeMAS Multifactor Authentication
eMAS Multifactor AuthenticationKalyana Sundaram
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security WhitepaperBoxHQ
 
Authentication With Captive Portal
Authentication With Captive PortalAuthentication With Captive Portal
Authentication With Captive PortalWavecrest Computing
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security ChecklistSimform
 
Web Services Security Tutorial
Web Services Security TutorialWeb Services Security Tutorial
Web Services Security TutorialJorgen Thelin
 
Secure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should HaveSecure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should HaveBoxHQ
 
Techniques for securing rest
Techniques for securing restTechniques for securing rest
Techniques for securing restSudhakar Anivella
 
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...Inspirisys Solutions Limited
 
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseDecriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseBoxHQ
 

What's hot (20)

Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
 
Hardware Authentication
Hardware AuthenticationHardware Authentication
Hardware Authentication
 
A novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologiesA novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologies
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
 
eMAS Multifactor Authentication
eMAS Multifactor AuthenticationeMAS Multifactor Authentication
eMAS Multifactor Authentication
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security Whitepaper
 
Authentication With Captive Portal
Authentication With Captive PortalAuthentication With Captive Portal
Authentication With Captive Portal
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security Checklist
 
Grc f43
Grc f43Grc f43
Grc f43
 
Web Services Security Tutorial
Web Services Security TutorialWeb Services Security Tutorial
Web Services Security Tutorial
 
Sesame in a nutshell
Sesame in a nutshellSesame in a nutshell
Sesame in a nutshell
 
Secure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should HaveSecure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should Have
 
Joomla web application development vulnerabilities
Joomla web application development vulnerabilitiesJoomla web application development vulnerabilities
Joomla web application development vulnerabilities
 
Module 4 CIS 595
Module 4 CIS 595Module 4 CIS 595
Module 4 CIS 595
 
Pattern For Ws Security
Pattern For Ws SecurityPattern For Ws Security
Pattern For Ws Security
 
Techniques for securing rest
Techniques for securing restTechniques for securing rest
Techniques for securing rest
 
test
testtest
test
 
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
 
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseDecriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
 

Similar to Identity & access management jonas syrstad

Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxArjayBalberan1
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingRahul Roshan
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computingijcsa
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
Web Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsWeb Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsPort80 Software
 
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...IBM Danmark
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Donald Malloy
 

Similar to Identity & access management jonas syrstad (20)

Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud Computing
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computing
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identity
 
Web Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsWeb Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future Musings
 
Web-services
Web-services Web-services
Web-services
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web Security
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2
 

More from Meandmine2

Digital verdiøkning 2012-kjell ingvar torvik
Digital verdiøkning 2012-kjell ingvar torvikDigital verdiøkning 2012-kjell ingvar torvik
Digital verdiøkning 2012-kjell ingvar torvikMeandmine2
 
Oda nilsen devoteam_digitalkonferansen_2012
Oda nilsen devoteam_digitalkonferansen_2012Oda nilsen devoteam_digitalkonferansen_2012
Oda nilsen devoteam_digitalkonferansen_2012Meandmine2
 
Digitalkonferansen citrix-bjørn riiber
Digitalkonferansen citrix-bjørn riiberDigitalkonferansen citrix-bjørn riiber
Digitalkonferansen citrix-bjørn riiberMeandmine2
 
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...Meandmine2
 
Digin nor sis-tore orderløkken
Digin nor sis-tore orderløkkenDigin nor sis-tore orderløkken
Digin nor sis-tore orderløkkenMeandmine2
 
Digin offshoring foredrag jarle trydal
Digin offshoring foredrag jarle trydalDigin offshoring foredrag jarle trydal
Digin offshoring foredrag jarle trydalMeandmine2
 
Digin foredrag bente mortensen
Digin foredrag bente mortensenDigin foredrag bente mortensen
Digin foredrag bente mortensenMeandmine2
 
20120919 digitalkonferansen hans petter aanby
20120919 digitalkonferansen hans petter aanby20120919 digitalkonferansen hans petter aanby
20120919 digitalkonferansen hans petter aanbyMeandmine2
 
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)Meandmine2
 
2012 digitalkonferansen shared_version-ragnhild fidjestøl
2012 digitalkonferansen shared_version-ragnhild fidjestøl2012 digitalkonferansen shared_version-ragnhild fidjestøl
2012 digitalkonferansen shared_version-ragnhild fidjestølMeandmine2
 

More from Meandmine2 (10)

Digital verdiøkning 2012-kjell ingvar torvik
Digital verdiøkning 2012-kjell ingvar torvikDigital verdiøkning 2012-kjell ingvar torvik
Digital verdiøkning 2012-kjell ingvar torvik
 
Oda nilsen devoteam_digitalkonferansen_2012
Oda nilsen devoteam_digitalkonferansen_2012Oda nilsen devoteam_digitalkonferansen_2012
Oda nilsen devoteam_digitalkonferansen_2012
 
Digitalkonferansen citrix-bjørn riiber
Digitalkonferansen citrix-bjørn riiberDigitalkonferansen citrix-bjørn riiber
Digitalkonferansen citrix-bjørn riiber
 
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...
 
Digin nor sis-tore orderløkken
Digin nor sis-tore orderløkkenDigin nor sis-tore orderløkken
Digin nor sis-tore orderløkken
 
Digin offshoring foredrag jarle trydal
Digin offshoring foredrag jarle trydalDigin offshoring foredrag jarle trydal
Digin offshoring foredrag jarle trydal
 
Digin foredrag bente mortensen
Digin foredrag bente mortensenDigin foredrag bente mortensen
Digin foredrag bente mortensen
 
20120919 digitalkonferansen hans petter aanby
20120919 digitalkonferansen hans petter aanby20120919 digitalkonferansen hans petter aanby
20120919 digitalkonferansen hans petter aanby
 
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)
 
2012 digitalkonferansen shared_version-ragnhild fidjestøl
2012 digitalkonferansen shared_version-ragnhild fidjestøl2012 digitalkonferansen shared_version-ragnhild fidjestøl
2012 digitalkonferansen shared_version-ragnhild fidjestøl
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Identity & access management jonas syrstad

  • 1. Identity & access management THE KEY TO THE FLEXIBLE WORKSPACE Jonas Syrstad, jsy@pragma.no
  • 2. Disclaimer  Avoiding any specific implementation  No deep dive into the protocols  Focus on Enterprises
  • 3. Key elements; the 4 A’s  Administration  Authentication  Authorization  Auditing
  • 4. Administration  Identity synchronization  Data flow  Ownership  Premission management  Access  Rights
  • 5. Challenges  Ownership of data elements  Processes  Data flow
  • 6. Authentication  Trusted 3rd party  Claims based identity  Open standards  WS-*  SAML
  • 7. Claims based identity  A Claim is a statement that is true or false  A Security token consists of one or many claims  Examples of claim types  Name  Email  Gender  Group membership  Role
  • 8. Claims based identity architecture  Security tokens issued by a trusted 3rd party  Consumed by a relying party  Penetrates trust and technology boundaries
  • 9. Claims based identity architecture Claims Provider (STS like ADFS) 4. Provide security token 3. Request Security token 5. Submit security token Client Relying party (Browser, 2. Demand Security token (ASP.NET, mobile app, WCF service 1. Request application) access ++)
  • 10. Technologies  WS-* Enterprise  SAML 2.0 Hybrid  OAuth Consumer  OpenId
  • 11. Authorization  Determine what the user is allowed to do  An application responsibility  Device classification  What  Where  When
  • 12. Auditing  Which applications does the users have access to?  How do we track a user across systems and modules  Single view of user activity  Automated actions on breaches of protocol