More Related Content Similar to Ubisecure presentation short (20) Ubisecure presentation short1. IAM using Ubisecure
Authentication, SSO, Federation,
Access control, Authorization
and User management
UBISECURE SOLUTIONS, INC.
Your Partner in
Identity and Access Management
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
2. Ubisecure’s vision
Vision
To be the preferred partner in providing authentication and
authorization solutions, that enable secure business for the
Extended Enterprise.
Partner Customer
Partner The Company Customer
Partner Customer
The Extended Enterprise
Extended Enterprise, see e.g. http://en.wikipedia.org/wiki/Extended_Enterprise
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
3. Ubisecure’s mission
Ubisecure provides authentication and authorization solutions
that securely unite partner companies, teams and content.
UNITING
BUSINESS
on the
INTERNET
SECURELY
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
4. UBISECURE SOLUTIONS, INC.
Briefly
Ubisecure develops and markets software products for Identity and Access
Management (IAM).
The Ubisecure product lines:
Ubisecure CustomerID – providing Identity Management and Provisioning of the
external users of the Enterprise
Ubisecure SSO – providing Authentication and Access Control for Intranet, Extranet
and Web Services
Ubisecure Trust – providing Federation for Intranet and Extranet Services
Current primary market area is Finland;
Establishing market presence in Sweden;
Other selected market areas are being investigated
Target customers are medium to large enterprises and government
organizations
Established in 2002, products under development since 1999
Located in Espoo, Finland and Stockholm, Sweden
Confidential www.ubisecure.com
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
5. Excellent Customer
Relations is the heart of
every company that
wants to create profitable
and durable relations
with its customers!
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
6. Smoothness and agility in creating
new Business Concepts and new
forms of co-operation is key to
success for companies that want to
create profitable and durable
relations with its Business Partners!
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
7. Outstanding Business Performance
UBISECURE
CustomerID x500 500 times more cost efficient
to register new customer
UBISECURE 29% savings in developing
SSO -29% each internet service
UBISECURE 100 times more cost efficient
Trust x100 way to acquire new customer
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
8. Identities are Assets.
Don’t waste Your opportunity.
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
9. Grow your Business.
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
10. Ubisecure Product Positioning: Business-Oriented IAM
Low threshold for
your company to
develop
Business partners and Customers
and launch
co-operation
with selected
Effective Business Partners
management of Your
external identities Company
SSO
Automated and federation
user registration
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
11. Business Partners and Customers + Own organization
Public Cloud + External Cloud + Internal Cloud
Authentication
Federation
Provisioning
User-driven IAM-services
Workflow-driven IAM-services
Business Partners and Customers
User-driven federation
External Services Out-of-band fed.
Self-registration Own org
JIT federation
Self-registration w. confirmation
External Cloud Active Directory
Your
Company
Public Cloud
Internal Services
Internal Cloud Single Sign-On
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
12. Customers in various segments
Public sector Industry, trade and service Finance and insurance
Confidential www.ubisecure.com
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
13. Lokalförsäkring – Improved self services
Customers Service 1
Private & Companies
Local Insurance Group
Service 2
Service 3
Business challenge
- Increase customer service
- Increase admin efficiency
- Reduce paper work
- Improve control
Local Insurance Group (Lokalföräkring)
- The Local Insurance Group is Finland's 5th biggest non-life insurer in terms of premium income.
- Its market share is 9 per cent of Finnish direct insurance income.
- The Group has 545,000 customers and it has responsibility for almost 2 million policies.
- Customers are households, private individuals and SME companies in the expanding countryside and in urban area,
especially in service industries. The group is the market leader for farm insurance.
The picture has been simplified, leaving out intermediate steps and messaging details for readers’ convenience!
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
14. Lokalförsäkring – Improved self services
Customers
Private & Companies
Full automated self registration service
Service
Local Insurance Group Integration
module
Ubisecure
CustomerID
Service
Integration
module
Delegating rights/mandates/power of attorney
- Private & Company
Ubisecure
SSO Service
Solution
Integration
Functionality: Self registration service, Delegated rights, Single-Sign-On, Authorization, module
Role based access, own AD/LDAP
Benefits: Secure and simple access to services 24/7 - Increased revenue
Outsourced identity management
Outsourced and flexible authorization between companies and people. Service
Reduce customer care costs Integration
module
Improved customer satisfaction
Centralized audit capabilities of services
Standard based APIs for application integration
Easy and cost efficient deployment with Ubilogin Integration modules
Future: Prepared for business networking (federation)
The picture has been simplified, leaving out intermediate steps and messaging details for readers’ convenience!
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
15. Finnish Tax Authority – eGovernment service at its best
Finnish society Service
Private & Companies
Finnish tax authority
Service
Service
Business challenge
- Create a flexible means of issuing identities to customers,
organizations or citizens and authenticate them around the services.
- Enable government agencies to reduce the cost of supporting
customers at the point-of-service and transfer services to the
Internet.
Finnish Tax Authority
- Finnish population is app. 5.3 million and the country have app. 370 000 registered companies.
- The Tax Administration collects approximately 2/3 of all taxes and tax-like payments in Finland.
- Business idea: The right tax at the right time. Secure and simple access to services 24/7.
The picture has been simplified, leaving out intermediate steps and messaging details for readers’ convenience!
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
16. Finnish Tax Authority – eGovernment service at its best
Finnish society
Public & Private
Service
Finnish tax authority Integration
module
Ubilogin
eIDM
Service
Integration
module
Automated self registration service
- Company – Role based and delegating
Ubilogin
Solution SSO+
Functionality: Self registration service, Single-Sign-On, Authorization, Role based Federation Service
access, Federation, own AD/LDAP
Integration
Benefits: 32+ millions transaction and ~760 M€ in savings per year! module
Outsourced identity management - Reduced cost per transaction from
50€ to 0.1-0.15€.
More than 80% of the Finnish companies use the service every month.
More then 40% of the Finnish population use the service every month. Service
Integration
Secure and simple access to services 24/7. Effortless tax collection.
module
Automation of taxation data inflow.
Centralized audit capabilities of services
Outsourced and flexible authorization between companies and people.
Standard based APIs for application integration
Easy and cost efficient deployment with Ubilogin Integration modules
The picture has been simplified, leaving out intermediate steps and messaging details for readers’ convenience!
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
17. Case Retail: The Largest Retail Chain in Finland
THE CHALLENGES THE SOLUTION THE BENEFITS
Fast deployment of
User authentication Corporate Authentication and
Strong Authentication
Federation w External AuthN
alternatives
Security with Ease of use
Automated
Low threshold to use services
Identity provisioning and Identity provisioning
role-based access New business concepts
Role-Based Access Control
multiplying inflow of users
Corporate IDP
(hosted at
Multiple corporate portals and services
Retail company External
Service Provider) authentication services
SAML
Loyalty SP
Portal
SAML
Intranet SP
Portal User / Active Directory Active Directory
Employee
Thousands of external identities
using service
SAML Millions of end-users (customers)
Extranet SP
Portal
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
18. Case Itella: Postal and Information logistics services
THE CHALLENGES THE SOLUTION THE BENEFITS
Rapid service roll-out with
User authentication Corporate Authentication and
no individual account provisioning
Federation w External AuthN
Security with Ease of use Low threshold to
Single Sign-On
use secure services
Identity provisioning and
role-based access Delegated and automated
New business concepts
Identity provisioning
multiplying inflow of users
Information Corporate IDP
(hosted at
Multiple corporate portals and services
Logistics company External
Service Provider) authentication services
SAML
Logistics SP
Portal
SAML
Intranet SP
Portal User / Active Directory
Employee
25 000 internal identities
using service
SAML Thousands of external identities
Extranet SP
Millions of end-users (customers)
Portal
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
19. Case Silta: HR-As-A-Service
THE CHALLENGES THE SOLUTION THE BENEFITS
Rapid service roll-out with
User authentication Intranet authentication +
no individual account provisioning
Security, Ease of use and Windows-AD federation
Low threshold to use services
user acceptance of -As-A-Service
SaaS service Secure access to SaaS-services also
SSO from desktop to services
from outside the corporate network
IAM-As-A-Service
SaaS provider Provider
External
authentication services
SAML
HR SP
IAM
As-a-Service As-A-Service
Hundreds of customer organizations
Thousands of customer identities
User /
Employee
using service
Active Directory
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
20. Case eCraft: Collaboration Application-As-A-Service
THE CHALLENGES THE SOLUTION THE BENEFITS
User authentication SSO from the desktop to the cloud
Intranet authentication +
Security, Ease of use and Authorization information securely
user acceptance of Windows-AD federation
SaaS service -As-A-Service Zero user account administration
SaaS provider
Active Directory
IAM
As-A-Service
User /
Employee
using service
SAML
SP
Collaboration App
As-a-Service
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
21. Market strategy: The value chain
SaaS Integrator/ Customer
Ubisecure
Provider Consultancy
Develops and Provides Implements and User organization
provides the Ubisecure SSO and deploys the Service that has internal
Ubisecure SSO and Ubisecure in in Customer apps and services
Ubisecure CustomerID organization and as well as external
CustomerID As-A-Service configures services for its
products Ubisecure SSO and external users
Ubisecure (Partners,
CustomerID in the Customers)
customer
environment
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
22. The easy-to-deploy
Single Sign-On The identity
and management solution
Federation Solution that enables
that provides outsourcing and delegation of
Extensive Authentication and external user data management
Access Control to partners, customers and other
for Intranet, Extranet and stakeholders.
Web Services.
UBISECURE UBISECURE
SSO CustomerID
Identify and Authorize.
Enable secure business.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
23. challenges does Ubisecure products solve?
What problems does Ubisecure Single Sign-On solve?
1. to “We want
“We wantUSER AUTHENTICATION want “We “We need “We want
efficiency our partners
enableInsufficient or unreliable user authentication secure to get rid of
new business in management to have easy authentication the identity
concepts and accuracy Single Sign-On for our management
in access
2. SINGLE SIGN-ON
speeding access external users! hassle
by enabling to our extranet We don’t want
up newMultiple logon to applications during same session + with replication
customer delegated services from our competitor from multiple
acquisition Growingmanagement user IDs and passwordsaccess
and number of their to to memorize repositories!”
registration!” of access own domains our extranet!”
information, and their
3. APPLICATION-SPECIFIC ACCESS CONTROL
roles and intranets!”
Problemsattributes!” with multiple application-specific access
and flaws
control management and user management
4. KEY SECURITY ISSUES
Security issues, e.g. strong user authentication require special
UBISECURE
expertise and experience and are typically difficult and
expensive to deploy
Confidential www.ubisecure.com
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright UbisecureSolutions, Inc. All rights reserved.
Copyright
Copyright Solutions,
Solutions, reserved.
reserved.
24. A complete set-up as SaaS for the Enterprise
Authentication
Federation
Provisioning
User-driven IAM-services
Workflow-driven IAM-services
Business Partners and Customers
User-driven federation
External Services Out-of-band fed.
Self-registration Own org
JIT federation
Self-registration w. confirmation
External Cloud Active Directory
Your
Company
Public Cloud
Internal Services
Internal Cloud Single Sign-On
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
25. UBISECURE UBISECURE
SSO Trust
Ubisecure SSO is a Liberty Interoperable™ SAML 2.0 Product
The rigorous tests consisted of
well-defined use-cases and test
procedures
Confirm the security,
trustworthiness and the
interoperability of Ubilogin products
Proofs the security, flexibility and
trust mechanisms also in networks
of federated services from different
parties
Ubisecure SSO passed interop
tests in September 2008 as only This test process was the
European product! technically the most demanding
ever and the broadest in terms of
Interop program arranged by Liberty use-cases
Alliance
Many new requirements for the IdP
and the SP were defined and
tested
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
26. UBISECURE UBISECURE
UBISECURE SSO SSO Trust
Authentication Methods
Username SMS- Certificates,
One-Time Operator Banks’ Federated
+ authentication smartcards
Passwords services ID-services and other
password and others and tokens
UBIKEY SAML
UBIKEY
2316 5387
9899 4278
3320 8987
OTP Printout
6539 8498
9848 2456 SMS
UBIKEY *) Mobile certificate
OTP MIDlet
WS-Federation
*) *)
CallSign
*) *)
Active Directory
*)
LDAP
SQL
*)
Biometric *) *)
RFID *)
*) Possible to use. Not readily available as Ubisecure SSO option.
Confidential www.ubisecure.com
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright UbisecureSolutions, Inc. All rights reserved.
Copyright
Copyright Solutions,
Solutions, reserved.
reserved.
27. UBISECURE
Trust
Example of federation
This setup
SP-B1 requires trust
SP-B2 relationship for
This IDP-Proxy SP-ABC with
setup only all IDPs
requires trust
relationship for
SP-A2 with IDP-B
IDP-A SP-A2
SP-ABC
SP-A1
Federation ABC
IDP-A
IDP-C
SP-C2
SP-C1
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
28. UBISECURE
Trust
Federation with Cloud Services
SP-M5
SP-M4
IDP-M
SP-M3
SP-M2
Provides SSO
user-experience
from corporate
intranet to all
Cloud-services
used
SP-M1
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
29. UBISECURE
Trust
Example of federation with ”The Works”
SP-B1
SP-B2
IDP-B
SP-M5 SP-A2
SP-M4
SP-A1 Federation ABC+X
IDP-A
SP-M3 IDP-C
SP-M2 IDP-M+X SP-C2
SP-C1
SP-M1 SP-R2
SP-R1 Federation RS+X
IDP-R
IDP-S
Provides SSO user-
experience from corporate SP-S2
intranet to all services used,
SP-S1
wherever they are
produced.
Identities and well-managed
and used securely.
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
30. UBISECURE
CustomerID
The CustomerID external identity lifecycle process
WebServices
SQL
Active Directory
1 2 3 … … … …
Initial registration: Identity Identity enrichment Identity life-cycle
Self-service and/or verification using management:
Delegated against internal or external Self-service
entry of basic info selected attribute services/silos and/or Delegated
Id-provider
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
31. THANK YOU!
Ubisecure Solutions, Inc.
www.ubisecure.com <firstname.lastname>@ubisecure.com
FINLAND: SWEDEN:
Tekniikantie 14 WTC, Klarabergsviadukten 70, Box 70396
FIN-02150 Espoo S-10724 Stockholm
tel. +358-9-2517 7250
fax +358-9-2517 7070
Registered in Espoo, Finland
reg. nr. FI1748721-4
Ubisecure paves the way for a smoother and safer Internet. Ubisecure software products enable new
online business concepts and speed the growth of existing web-based operations by joining separate sites
and services into larger trusted areas. The innovative products allow internet users to flexibly and securely
move between online services – without encountering repeated login prompts. Ubisecure maintains an
extensive network of partners that offer organizations advice, consulting and technical services; and
provides high-level training in secure online business through the widely appreciated Ubisecure IAM
Academy. Founded in 2002 in Finland, Ubisecure Solutions Inc. is a pioneering provider of standardized
identity and access management solutions. For more information, please visit www.ubisecure.com.
Identify and Authorize.
Enable secure business.
www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.