Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM SmartCloud Notes

1,996 views

Published on

In the tip,Dan Kern (IBM) explains how SmartCloud for Social Business uses Security Assertion Markup Language (SAML) for SSO and how the architecture of a federated identity works using SAML.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,996
On SlideShare
0
From Embeds
0
Number of Embeds
373
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM SmartCloud Notes

  1. 1. © 2014 IBM Corporation ID105: Extend Your Security Into the Cloud with IBM SmartCloud Notes David Kern | Resident Paranoid, STSM and Global ICS Security Architect | IBM
  2. 2. 22 IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. Please Note
  3. 3. 10 Transparent Authentication  Users have too many passwords  Password prompts are annoying  Many “different” passwords leads to lower security  Users shouldn't know or care who provides their services or from where  Password management is annoying – by using cryptographic mechanisms instead of passwords, we can help keep the problem from getting worse, and maybe even help improve the situation.  SmartCloud for Social Business uses Security Assertion Markup Language (SAML) – Public standard from OASIS – Based on the strength of PKI – SAML uses signed XML identity assertions – Many implementations available from IBM and third party providers ● Including open source implementations – Many organizations currently use SAML for web SSO – Did I mention that SAML is a public standard yet?
  4. 4. 11 Federated Identity  Use your existing web passwords for SmartCloud for Social Business web resources  Keep your passwords behind your corporate firewall  Manage your own password requirements  Manage your own change intervals  Manage your own re-use requirements  Never send a password over the 'net to SCSB! – Also prevents crackers from guessing your passwords against SCSB  Because SAML is a public standard, you can use any SAML 1.1 or SAML 2.0 compliant identity provider – Microsoft's ADFS 2.0 for Active Directory integration – IBM's own Tivoli Federated Identity Manager (TFIM) – OpenSAML  IdP initiated SAML flows support a “web portal” user experience
  5. 5. 12 Federated Identity Web browser SAML Identity Provider TAM/WebSEAL TFIM (SAML SP) Customer Site Internet SCSB SC Web App 443 (https)
  6. 6. 13 Federated Identity Web browser SAML Identity Provider TAM/WebSEAL TFIM (SAML SP) Customer Site Internet SCSB SC Web App
  7. 7. 14 Federated Identity Web browser SAML Identity Provider TAM/WebSEAL TFIM (SAML SP) Customer Site Internet SCSB SC Web App
  8. 8. 15 Federated Identity Web browser SAML Identity Provider TAM/WebSEAL TFIM (SAML SP) Customer Site Internet SCSB SC Web App HTTP(s) POST with SAML assertion
  9. 9. 16 Federated Identity Web browser SAML Identity Provider TAM/WebSEAL TFIM (SAML SP) Customer Site Internet SCSB SC Web App HTTP(s) GET with session cookie
  10. 10. 17 Integrated login across SmartCloud for Social Business services  Users directly authenticate once (and only once) to SCSB  Transparently authenticate to SCSB services around the world  Your users shouldn't care about our back end topology – Different data centers, different cages, different servers – no problem  The advantages of centralized authentication and distributed processing power at the same time – Can help simplify integration of new services and partners – Can help make expansion easier to accomodate  Password data storage and checking minimized
  11. 11. 6262 © Copyright IBM Corporation 2014. All rights reserved.  U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.  IBM, the IBM logo, ibm.com, Lotus, Tivoli, Rational, and Lotus Notes, Notes, Domino, LotusLive, LotusLive Notes, and IBM SmartCloud are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml Other company, product, or service names may be trademarks or service marks of others. Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Acknowledgements and Disclaimers

×