Cybercom Enhanced Security Platform, CESP-ID
Upcoming SlideShare
Loading in...5
×
 

Cybercom Enhanced Security Platform, CESP-ID

on

  • 1,048 views

CESP-ID is a flexible authentication solution that provides secure authentication ...

CESP-ID is a flexible authentication solution that provides secure authentication
of users and enables Single Sign On between applications and organizations.
It is based on the Security Assertion Markup Language (SAML) 2.0,
which is an XML-based standard for exchanging authentication data between
security domains. CESP-ID supports several different authentication mechanisms
and is integrated with Trusted Security Server for providing verification
of electronic ID (EID). CESP-ID is compliant with the Swedish healthcare
standard “Bastjänster för Informationsförsörjning“, BIF and also conforms to
SAML V2.0 IdP LITE profile.

Statistics

Views

Total Views
1,048
Slideshare-icon Views on SlideShare
1,047
Embed Views
1

Actions

Likes
0
Downloads
2
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cybercom Enhanced Security Platform, CESP-ID Cybercom Enhanced Security Platform, CESP-ID Document Transcript

    • CESP-ID Cybercom Enhanced Security Platform CESP-ID is a flexible authentication solution that provides secure authentica- tion of users and enables Single Sign On between applications and organi- zations. It is based on the Security Assertion Markup Language (SAML) 2.0, which is an XML-based standard for exchanging authentication data between security domains. CESP-ID supports several different authentication mecha- nisms and is integrated with Trusted Security Server for providing verifica- tion of electronic ID (EID). CESP-ID is compliant with the Swedish healthcare standard “Bastjänster för Informationsförsörjning“, BIF and also conforms to SAML V2.0 IdP LITE profile.
    • #2-12-2009 Cybercom CESP-ID CESP-ID CESP-ID Authentication Service CESP-ID is built up by two services, CESP-ID Authenti- CESP-ID Authentication Service is the Identity Provider cation Service and CESP-ID Validation Service, which (IdP) that authenticates the user and issues a SAML together form a flexible authentication solution. It is assertion that verifies the user’s identity. It ships with possible to add new custom authentication provid- the following features: ers as well as integration modules according to your organization’s needs, thanks to CESP-ID’s extensible • Secure authentication with support for several design and use of web services interface. different authentication methods through CESP-ID Authentication Providers The organization benefits of using CESP-ID is a more • Issuing of SAML 2.0 Assertions secure authentication and effective administration of • Signing of assertions by the XML Digital Signa- user accounts at one place for all applications, and ture standard the possibility to provide Single Sign On for enhanced user experience. • Support for Single Sign On through the SAML Web Browser SSO Profile standard • Support for Single Log Out (IdP- and SP-initiate • Support for automatic registration of users • Integration with legacy systems that use custom stores for user credentials • Logging of authentication events with customiz- able detail level Page 2
    • Cybercom CESP-ID CESP-ID Authentication Providers CESP-ID Validation Service CESP-ID’s Authentication Providers delivers a flexible CESP-ID Validation Service is responsible for verifying solution for integrating different authentication an issued SAML assertion and is used by the Service methods with CESP-ID. The following Authentication Provider when validating a user’s identity. It performs Providers are currently available: the following checks on each SAML assertion: • XML Validation against schema definitions en- • Username & Password in custom database sures that the SAML assertion is well formed • Integrated Windows Authentication through • Valid Time Checking ensures that the assertion Active Directory (NTLM / Kerberos) is not expired and that the current time is within • Verification of X.509-certificates including revo- the valid time window cation control (CRL and OCSP)* • Valid Signature Checking ensures that the asser- • Verification of EID (electronic ID)* tion has not been tampered or forged • Novell eDirectory using LDAP (SSL/TLS) • Signing Certificate Checking ensures that the signing certificate was valid at the time of sign- *All certificate verifications are done through Trusted ing and that it is issued by a trusted Certificate Security Server, which is certified by “Bankernas ID- Authority tjänst” • Proof of Possession Checking ensures that the user presenting the SAML assertion is in fact the New authentication methods can be added by user it was issued to implementing a custom Authentication Provider for CESP-ID. CESP-ID Integration Modules CESP-ID Attribute Providers CESP-ID Integration Modules ensures smooth integra- CESP-ID ’s Attribute Providers makes it possible to use tion with existing applications and systems. These several different attribute sources. It is also possible to integration modules enable other systems to take configure which Service Providers that require certain advantage of the authentication functions that attributes, so that each SAML Assertion is customized CESP-ID provides and can be used to achieve SSO for the specific Service where it will be consumed. between applications. The attributes can be retrieved from the following CESP-ID comes with a ready-made integration mod- sources: ule for use together with Forms Authentication in ASP.NET. This integration module is built on • Database Microsoft’s Provider Model and can be used to • LDAP catalog provide a SAML based authentication in applications, for example SharePoint and EPiServer. The Forms • X.509 Certificate Authentication integration module includes the following: • Specialized login page which performs authen- tication through CESP-ID Authentication Service according to SAML Web Browser SSO Profile. • SamlMembershipProvider, SamlRoleProvider and SamlMembershipUser, which are used to create the user’s identity and role based on his/her SAML assertion Page 3
    • Cybercom CESP-ID About Cybercom Contact Details The Cybercom Group is a high-tech consultancy that For further information, please contact: offers global sourcing for end-to-end solutions. The Henrik Johansson, Business Unit Manager Group established itself as a world-class supplier in henrik.johansson@cybercomgroup.com these segments: security, portal solutions, mobile +46 70 825 00 80 services, and embedded systems. or vistit our website www.cybercom.com Thanks to its extensive industry and operations ex- perience, Cybercom can offer strategic and techno- logical expertise to these markets: telecom, industry, media, public sector, retail, and banking and financial services. The Group employs 2,000 persons and runs projects worldwide. Cybercom has 28 offices in 11 countries. Since 1999, Cybercom’s share has been quoted on the NASDAQ OMX Nordic Exchange. The company was launched in 1995. Page 4 Cybercom Group Europe AB (publ.) P.O. Box 7574 · SE-103 93 Stockholm · Sweden Phone: +46 8 578 646 00 · www.cybercom.com