ID Next 2013 Keynote Slides by Mike Schwartz

1,011 views
891 views

Published on

Slide deck from Mike Schwartz's keynote address at ID Next 2013 in The Hague, Netherlands. His speech discussed what tools and rules are needed for scaling federations to include networks of trusted Identity Providers (IDP's) and Service Providers (SP's).

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,011
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Thank you Identity Next for inviting me to speak!
  • Federation is not a protocol! It is not SSO with an external web site. It’s a group of autonomous parties cooperating via a central authority.
    People are empowered by associating with an organization. An organization is empowered by joining a federation. Federations are empowered by joining inter-federations! No one knows more about federations than the Dutch.
  • The goal of online federations is to build trust… trust enables collaboration between autonomous domains.
  • The Internet is probably the world’s biggest federation… but there isn’t much trust
  • Smaller groups of domains can create more trust. However, trust can also be expensive, so more efficient frameworks were sought.
  • InCommon is a good example of a multi-party federation
  • The federations I’m interested in built a framework for security. Still true today, these goals were articulated by RL Bob more than a decade ago. But the goals have expanded.
  • Federations provide the contractual rules… Level of Assurance, Level of Protection, Level of Control
  • Federations also provide the tools : Choose standard protocols, define standard jargon, certify software, publish websites…
  • Federations are based on public key – private key cryptology… how are the public keys distributed? This is the trust model!
  • The metadata is just a big list of the certificates for all the IDPs and SPs. It’s a handy place to publish other information about the participants.
  • Only one problem… SAML is not going to be ubiquitous on the Internet… October 2012 – Final RFC OAuth2 … proliferation of Oauth2 APIs for authentication
  • Enter OpenID Connect : one OAuth2 API so developers won’t have to learn one API for FB and one API for Google
  • Connect defines more than authentication: discovery and client registration…
  • Connect is not the only profile of OAuth2: UMA provides a profile for authorization : defining who can get to what web sites or API’s
  • How to use OAuth2 for federations? Building the first bridge…
  • Federations are a journey… the hardest part of the journey is the first step.
  • Thank you!
  • ID Next 2013 Keynote Slides by Mike Schwartz

    1. 1. OAuth2 Federation Michael Schwarz, Founder / CEO Gluu Idnet’13 event – 19-20 November 2013 #idn13 IDentity.next’11 – What’s next www.everett.nl www.everett.nl on Identity?
    2. 2. IDentity.next’13 – What’ is the value of your Identity? 2
    3. 3. IDentity.next’13 – What’ is the value of your Identity? 3
    4. 4. IDentity.next’13 – What’ is the value of your Identity? 4
    5. 5. IDentity.next’13 – What’ is the value of your Identity? 5
    6. 6. Identity Providers Web Sites IDentity.next’13 – What’ is the value of your Identity? 6
    7. 7. Access by affiliation Access by attribute Access by individual …some of the original goals of InCommon IDentity.next’13 – What’ is the value of your Identity? 7
    8. 8. Level Of Assurance Level Of Protection Level Of Control IDentity.next’13 – What’ is the value of your Identity? 8
    9. 9. Software SAML UMA OpenID Connect Best Practices Schema IDentity.next’13 – What’ is the value of your Identity? 9
    10. 10. XML published on public website Signed IDentity.next’13 – What’ is the value of your Identity? 10
    11. 11. certificate URLs for SAML endpoints IDentity.next’13 – What’ is the value of your Identity? 11
    12. 12. IDentity.next’13 – What’ is the value of your Identity? 12
    13. 13. IDentity.next’13 – What’ is the value of your Identity? 13
    14. 14. IDentity.next’13 – What’ is the value of your Identity? 14
    15. 15. UMA IDentity.next’13 – What’ is the value of your Identity? 15
    16. 16. IDentity.next’13 – What’ is the value of your Identity? 16
    17. 17. IDentity.next’13 – What’ is the value of your Identity? 17
    18. 18. IDentity.next’13 – What’ is the value of your Identity? 18

    ×