SlideShare a Scribd company logo

RSA Europe: Future of Cloud Identity

Download as PPTX, PDF
Mike Schwartz
Mike Schwartz

A slideshow on the future of Identity in the cloud, with openid connect fueling data sharing, federation, and security.

Technology
1 of 28
The Future of Cloud Identity Security Michael Schwartz Founder / CEO Gluu Session ID: IAM-207 Session Classification: General Interest
Background 2
Finally an Internet Identity Foundation… 3
Who is behind the OpenID Foundation 4
Challenges Solved by OpenID Connect  How to share authentication with apps / websites  Potential for Authorization  Discovery  How to identify an anonymous Internet visitor  Support constant new stream of mobile apps  “Apps” are not well known ahead of time… need to support dynamic registration  Session Management  How can you “logout”… 5
How did we get here?  1998: Web Access Management  Traditional enterprise SSO (i.e. SiteMinder)  2001: Federation  How do I access websites outside my organization : SAML  2011 Social Login  Facebook Connect - Technology goes consumer 6
Predecessors of OpenID Connect  SAML  Widely deployed by organizations  Authentication + attributes + federation  OpenID  Easy centralized authentication  Information Cards  Lots of lessons learned : OpenID Account Chooser  OAUTH 1.0 and 1.1  Bundled Authentication / Authorization: first authorization 7
Introducing OpenID Connect 8
What is OpenID Connect?  Profile of OAuth2  Entities  Client, OpenID Providers (“OP”), Relying Party (“RP”)  Workflows  Discovery, Authentication, Dynamic Client registration, Attribute Release, Session management  Schema  Token, Keystore 9
10
11
Subtle Revolutions  “SMTP-stlye” email address are the entity identifiers  Ease of use for Web Developers  Good usability for People 12
When ?  OP support 2013  Google launch of Account Chooser  Large RP’s will support first … 2013  CMS, CRM, communication and SaaS apps to follow 13
What is next? 14
Tools and Rules  Tools  Its not just the Web, but the depth of software tools and support that makes it so powerful.  Rules  How the standards are used can be strengthened by the central authorities.  Both are needed… but rules may take a while 15
Organizational Trust Management  Organizational Trust Management  Which “clients” are authorized for which scopes?  Which people are authorized to use which clients?  How to group related clients? 16
MultiParty Federations In OpenID Connect ? $1.8 Million NSTIC Grant http://www.nist.gov/itl/nstic-092012.cfm 17
User Trust Management  UMA : User Managed Authorization  Proposed IETF standard  Enable users to centrally store permissions given to applications  Also Profile of OAuth2  Central “Authorization Manager” infrastructure  Specify which Clients have access to which resources (URLs)  PEP / PDP architecture  Course-grain authentication 18
Fine Grain Authorization  How to specify access to resources  Resources need to be described by rules  All the pictures in this folder, except these three…  Specifying “who” is authorized also needs rules  Any teacher in my child’s school can send her a message  Note who could also be an organization, federation or some other entity.  External conditions  During business hours allow hosts from subnet 10.10.10.x  Many believe to solve this, we need a “Graph” standard 19
What would an OpenID Graph look like? There are three types of arcs and nodes: contextual, relational, literal 20
Graph : Contextual Arcs • What is the provenance of data? • How to group / organize data Note: Different Contexts Address of the data is the same, but who are you going to believe? joe@acme.com or chase.com ? 21
Graph: Relational Arcs  How are OpenID endpoints related?  How do we convey real world relationships in the online world? 22
Graph: Permissions (1) What part of the graph (2) what operations (3) under what conditions Relational arc specifies what operations are allowed on what part of the graph: could be $add, $mod, $del, $get, $all $if specifies conditions $do specifies a “Link Contract” Javascript equation format 23
Conclusion 24
How can you prepare for OpenID Connect?  If you are a CTO / CSO  Deploy an “OpenID Provider” at your organization to enable developers for testing of new applications and cloud service providers.  Inquire about the roadmap for OpenID Connect support from your current SaaS providers  Define the vision to use OpenID Connect for internal and external SSO  Make plans to consolidate existing SAML and SSO infrastructures 25
How can you prepare for OpenID Connect?  If you are a Website or App developer  Don’t create any more user databases  Authenticated via OpenID Connect  Use the “User Info” endpoint to request the OpenID Scopes which contain information about the entity.  Allow people to identify themselves with an email address: support OpenID Connect discovery.  Support OpenID Connect Dynamic Client Registration for your app 26
How can you prepare for OpenID Connect?  If you are a Person !  Understand that you may need to choose your identity depending on the app or website in question  Gripe to websites that don’t support OpenID Connect 27
If you want Open Source OpenID Connect…  Please checkout the OX project  OpenID Connect  UMA  SCIM  OpenID Graph http://ox.gluu.org 28

Recommended

SWXG 2010.6.9 v2
SWXG 2010.6.9 v2SWXG 2010.6.9 v2
SWXG 2010.6.9 v2Paul Trevithick
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Kaliya "Identity Woman" Young
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaVasiliy Suvorov
 
Verifiable credentials explained by CCI
Verifiable credentials explained by CCIVerifiable credentials explained by CCI
Verifiable credentials explained by CCIKaliya "Identity Woman" Young
 
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinCalvin Cheng
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
 
Ecosystem map Prototype & Future Vision
Ecosystem map Prototype & Future VisionEcosystem map Prototype & Future Vision
Ecosystem map Prototype & Future VisionKaliya "Identity Woman" Young
 

Recommended

SWXG 2010.6.9 v2
SWXG 2010.6.9 v2SWXG 2010.6.9 v2
SWXG 2010.6.9 v2Paul Trevithick
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Kaliya "Identity Woman" Young
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaVasiliy Suvorov
 
Verifiable credentials explained by CCI
Verifiable credentials explained by CCIVerifiable credentials explained by CCI
Verifiable credentials explained by CCIKaliya "Identity Woman" Young
 
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinCalvin Cheng
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
 
Ecosystem map Prototype & Future Vision
Ecosystem map Prototype & Future VisionEcosystem map Prototype & Future Vision
Ecosystem map Prototype & Future VisionKaliya "Identity Woman" Young
 
Privacy in the Smart City
Privacy in the Smart CityPrivacy in the Smart City
Privacy in the Smart CityDavid Wood
 
Seratio whitepaper educational passport distributed learning ledger (30 april...
Seratio whitepaper educational passport distributed learning ledger (30 april...Seratio whitepaper educational passport distributed learning ledger (30 april...
Seratio whitepaper educational passport distributed learning ledger (30 april...Sajin Abdu
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Gokul Alex
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
Openid
OpenidOpenid
OpenidJISC.AM
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydSSIMeetup
 
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Evernym
 
Introduction To Solidity
Introduction To SolidityIntroduction To Solidity
Introduction To Solidity101 Blockchains
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?Evernym
 
10 Best Professional Blockchain Courses And Certifications
10 Best Professional Blockchain Courses And Certifications10 Best Professional Blockchain Courses And Certifications
10 Best Professional Blockchain Courses And CertificationsBlockchain Council
 
Introduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityIntroduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityKaryl Fowler
 
Getting Started With Self-Sovereign Identity (SSI) | Evernym Webinar
Getting Started With Self-Sovereign Identity (SSI) | Evernym WebinarGetting Started With Self-Sovereign Identity (SSI) | Evernym Webinar
Getting Started With Self-Sovereign Identity (SSI) | Evernym WebinarEvernym
 
OpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens Conference 2018 - Don Thibeau - OpenID ConnectOpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens Conference 2018 - Don Thibeau - OpenID ConnectOpenAthens
 
Verifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIF
Verifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIFVerifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIF
Verifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIFEvernym
 
How To Build A Career In Blockchain
How To Build A Career In BlockchainHow To Build A Career In Blockchain
How To Build A Career In Blockchain101 Blockchains
 
Claims based identity for windows
Claims based identity for windowsClaims based identity for windows
Claims based identity for windowsPradeep Krishnamurthy
 
Blocktick as Product
Blocktick as ProductBlocktick as Product
Blocktick as ProductCeline George
 
DaaS/IaaS Forum Moscow - Ivo Murris
DaaS/IaaS Forum Moscow - Ivo MurrisDaaS/IaaS Forum Moscow - Ivo Murris
DaaS/IaaS Forum Moscow - Ivo MurrisDenis Gundarev
 
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5Denis Gundarev
 

More Related Content

What's hot

Privacy in the Smart City
Privacy in the Smart CityPrivacy in the Smart City
Privacy in the Smart CityDavid Wood
 
Seratio whitepaper educational passport distributed learning ledger (30 april...
Seratio whitepaper educational passport distributed learning ledger (30 april...Seratio whitepaper educational passport distributed learning ledger (30 april...
Seratio whitepaper educational passport distributed learning ledger (30 april...Sajin Abdu
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Gokul Alex
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydSSIMeetup
 
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Evernym
 
Introduction To Solidity
Introduction To SolidityIntroduction To Solidity
Introduction To Solidity101 Blockchains
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?Evernym
 
10 Best Professional Blockchain Courses And Certifications
10 Best Professional Blockchain Courses And Certifications10 Best Professional Blockchain Courses And Certifications
10 Best Professional Blockchain Courses And CertificationsBlockchain Council
 
Introduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityIntroduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityKaryl Fowler
 
Getting Started With Self-Sovereign Identity (SSI) | Evernym Webinar
Getting Started With Self-Sovereign Identity (SSI) | Evernym WebinarGetting Started With Self-Sovereign Identity (SSI) | Evernym Webinar
Getting Started With Self-Sovereign Identity (SSI) | Evernym WebinarEvernym
 
OpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens Conference 2018 - Don Thibeau - OpenID ConnectOpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens Conference 2018 - Don Thibeau - OpenID ConnectOpenAthens
 
Verifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIF
Verifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIFVerifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIF
Verifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIFEvernym
 
How To Build A Career In Blockchain
How To Build A Career In BlockchainHow To Build A Career In Blockchain
How To Build A Career In Blockchain101 Blockchains
 
Blocktick as Product
Blocktick as ProductBlocktick as Product
Blocktick as ProductCeline George
 

What's hot (20)

Privacy in the Smart City
Privacy in the Smart CityPrivacy in the Smart City
Privacy in the Smart City
 
Seratio whitepaper educational passport distributed learning ledger (30 april...
Seratio whitepaper educational passport distributed learning ledger (30 april...Seratio whitepaper educational passport distributed learning ledger (30 april...
Seratio whitepaper educational passport distributed learning ledger (30 april...
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
Openid
OpenidOpenid
Openid
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
 
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
 
Introduction To Solidity
Introduction To SolidityIntroduction To Solidity
Introduction To Solidity
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?
 
10 Best Professional Blockchain Courses And Certifications
10 Best Professional Blockchain Courses And Certifications10 Best Professional Blockchain Courses And Certifications
10 Best Professional Blockchain Courses And Certifications
 
Introduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityIntroduction to Self-Sovereign Identity
Introduction to Self-Sovereign Identity
 
Getting Started With Self-Sovereign Identity (SSI) | Evernym Webinar
Getting Started With Self-Sovereign Identity (SSI) | Evernym WebinarGetting Started With Self-Sovereign Identity (SSI) | Evernym Webinar
Getting Started With Self-Sovereign Identity (SSI) | Evernym Webinar
 
OpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens Conference 2018 - Don Thibeau - OpenID ConnectOpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens Conference 2018 - Don Thibeau - OpenID Connect
 
Verifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIF
Verifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIFVerifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIF
Verifiable Credentials & Legal Entity Identifiers (LEIs) | Evernym & GLEIF
 
How To Build A Career In Blockchain
How To Build A Career In BlockchainHow To Build A Career In Blockchain
How To Build A Career In Blockchain
 
Claims based identity for windows
Claims based identity for windowsClaims based identity for windows
Claims based identity for windows
 
Blocktick as Product
Blocktick as ProductBlocktick as Product
Blocktick as Product
 

Viewers also liked

DaaS/IaaS Forum Moscow - Ivo Murris
DaaS/IaaS Forum Moscow - Ivo MurrisDaaS/IaaS Forum Moscow - Ivo Murris
DaaS/IaaS Forum Moscow - Ivo MurrisDenis Gundarev
 
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5Denis Gundarev
 
ID Next 2013 Keynote Slides by Mike Schwartz
ID Next 2013 Keynote Slides by Mike SchwartzID Next 2013 Keynote Slides by Mike Schwartz
ID Next 2013 Keynote Slides by Mike SchwartzMike Schwartz
 
BriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev
BriForum 2013 Chicago - Citrix Troubleshooting - Denis GundarevBriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev
BriForum 2013 Chicago - Citrix Troubleshooting - Denis GundarevDenis Gundarev
 
Briforum 2011 Chicago
Briforum 2011 ChicagoBriforum 2011 Chicago
Briforum 2011 ChicagoDan Brinkmann
 
DaaS/IaaS Forum Moscow - Najat Messaoud
DaaS/IaaS Forum Moscow - Najat MessaoudDaaS/IaaS Forum Moscow - Najat Messaoud
DaaS/IaaS Forum Moscow - Najat MessaoudDenis Gundarev
 
Who Are You? From Meat to Electrons - SXSW 2014
Who Are You? From Meat to Electrons - SXSW 2014Who Are You? From Meat to Electrons - SXSW 2014
Who Are You? From Meat to Electrons - SXSW 2014Mike Schwartz
 
Mule security - saml
Mule security - samlMule security - saml
Mule security - samlcharan teja R
 
DaaS/IaaS Forum Moscow - Chris Rogers
DaaS/IaaS Forum Moscow - Chris RogersDaaS/IaaS Forum Moscow - Chris Rogers
DaaS/IaaS Forum Moscow - Chris RogersDenis Gundarev
 
Cloud Identity: A Recipe for Higher Education
Cloud Identity: A Recipe for Higher EducationCloud Identity: A Recipe for Higher Education
Cloud Identity: A Recipe for Higher EducationMike Schwartz
 
RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V
RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-VRUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V
RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-VDenis Gundarev
 
Citrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingCitrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingDenis Gundarev
 
Clickjacking DevCon2011
Clickjacking DevCon2011Clickjacking DevCon2011
Clickjacking DevCon2011Krishna T
 
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Mike Schwartz
 
SYN507: Reducing desktop infrastructure management overhead using “old school...
SYN507: Reducing desktop infrastructure management overhead using “old school...SYN507: Reducing desktop infrastructure management overhead using “old school...
SYN507: Reducing desktop infrastructure management overhead using “old school...Denis Gundarev
 
WebRTC Identity in SAML Federations
WebRTC Identity in SAML FederationsWebRTC Identity in SAML Federations
WebRTC Identity in SAML FederationsMihály Mészáros
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 

Viewers also liked (20)

DaaS/IaaS Forum Moscow - Ivo Murris
DaaS/IaaS Forum Moscow - Ivo MurrisDaaS/IaaS Forum Moscow - Ivo Murris
DaaS/IaaS Forum Moscow - Ivo Murris
 
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5
RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5
 
ID Next 2013 Keynote Slides by Mike Schwartz
ID Next 2013 Keynote Slides by Mike SchwartzID Next 2013 Keynote Slides by Mike Schwartz
ID Next 2013 Keynote Slides by Mike Schwartz
 
BriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev
BriForum 2013 Chicago - Citrix Troubleshooting - Denis GundarevBriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev
BriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev
 
Briforum 2011 Chicago
Briforum 2011 ChicagoBriforum 2011 Chicago
Briforum 2011 Chicago
 
The Tools I Use
The Tools I UseThe Tools I Use
The Tools I Use
 
DaaS/IaaS Forum Moscow - Najat Messaoud
DaaS/IaaS Forum Moscow - Najat MessaoudDaaS/IaaS Forum Moscow - Najat Messaoud
DaaS/IaaS Forum Moscow - Najat Messaoud
 
Who Are You? From Meat to Electrons - SXSW 2014
Who Are You? From Meat to Electrons - SXSW 2014Who Are You? From Meat to Electrons - SXSW 2014
Who Are You? From Meat to Electrons - SXSW 2014
 
Mule security - saml
Mule security - samlMule security - saml
Mule security - saml
 
DaaS/IaaS Forum Moscow - Chris Rogers
DaaS/IaaS Forum Moscow - Chris RogersDaaS/IaaS Forum Moscow - Chris Rogers
DaaS/IaaS Forum Moscow - Chris Rogers
 
Cloud Identity: A Recipe for Higher Education
Cloud Identity: A Recipe for Higher EducationCloud Identity: A Recipe for Higher Education
Cloud Identity: A Recipe for Higher Education
 
RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V
RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-VRUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V
RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V
 
Citrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingCitrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & Troubleshooting
 
Clickjacking DevCon2011
Clickjacking DevCon2011Clickjacking DevCon2011
Clickjacking DevCon2011
 
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
 
Kantara OTTO slides
Kantara OTTO slidesKantara OTTO slides
Kantara OTTO slides
 
How to Fail at VDI
How to Fail at VDIHow to Fail at VDI
How to Fail at VDI
 
SYN507: Reducing desktop infrastructure management overhead using “old school...
SYN507: Reducing desktop infrastructure management overhead using “old school...SYN507: Reducing desktop infrastructure management overhead using “old school...
SYN507: Reducing desktop infrastructure management overhead using “old school...
 
WebRTC Identity in SAML Federations
WebRTC Identity in SAML FederationsWebRTC Identity in SAML Federations
WebRTC Identity in SAML Federations
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 

Similar to RSA Europe: Future of Cloud Identity

CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCloudIDSummit
 
An architectural approach for decentralized applications
An architectural approach for decentralized applicationsAn architectural approach for decentralized applications
An architectural approach for decentralized applicationsOWASP Indonesia Chapter
 
GHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail QuestGHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail QuestPaulaPaulSlides
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...Paris Open Source Summit
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NGWorteks
 
How to increase your understanding of application usage with LeanIX and OneLo...
How to increase your understanding of application usage with LeanIX and OneLo...How to increase your understanding of application usage with LeanIX and OneLo...
How to increase your understanding of application usage with LeanIX and OneLo...LeanIX GmbH
 
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CloudIDSummit
 
CIS13: Deploying an Identity Provider in a Complex, Federated and Siloed World
CIS13: Deploying an Identity Provider in a Complex, Federated and Siloed WorldCIS13: Deploying an Identity Provider in a Complex, Federated and Siloed World
CIS13: Deploying an Identity Provider in a Complex, Federated and Siloed WorldCloudIDSummit
 
Review on OpenID Authentication Framework
Review on OpenID Authentication FrameworkReview on OpenID Authentication Framework
Review on OpenID Authentication Frameworkijsrd.com
 
Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Synacts
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAkantarainitiative
 
OpenID Progress EEMA Conference
OpenID Progress EEMA ConferenceOpenID Progress EEMA Conference
OpenID Progress EEMA Conferenceevidos
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huangKen Huang
 
Windows Server 2008 R2 Active Directory ADFS Claims Base Identity for Windows...
Windows Server 2008 R2 Active Directory ADFS Claims Base Identity for Windows...Windows Server 2008 R2 Active Directory ADFS Claims Base Identity for Windows...
Windows Server 2008 R2 Active Directory ADFS Claims Base Identity for Windows...Tũi Wichets
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Introducing OpenAthens Cloud for content providers
Introducing OpenAthens Cloud for content providersIntroducing OpenAthens Cloud for content providers
Introducing OpenAthens Cloud for content providersOpenAthens
 

Similar to RSA Europe: Future of Cloud Identity (20)

Feide Connect
Feide ConnectFeide Connect
Feide Connect
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
An architectural approach for decentralized applications
An architectural approach for decentralized applicationsAn architectural approach for decentralized applications
An architectural approach for decentralized applications
 
GHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail QuestGHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail Quest
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
 
How to increase your understanding of application usage with LeanIX and OneLo...
How to increase your understanding of application usage with LeanIX and OneLo...How to increase your understanding of application usage with LeanIX and OneLo...
How to increase your understanding of application usage with LeanIX and OneLo...
 
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
 
CIS13: Deploying an Identity Provider in a Complex, Federated and Siloed World
CIS13: Deploying an Identity Provider in a Complex, Federated and Siloed WorldCIS13: Deploying an Identity Provider in a Complex, Federated and Siloed World
CIS13: Deploying an Identity Provider in a Complex, Federated and Siloed World
 
Review on OpenID Authentication Framework
Review on OpenID Authentication FrameworkReview on OpenID Authentication Framework
Review on OpenID Authentication Framework
 
Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
 
OpenID Progress EEMA Conference
OpenID Progress EEMA ConferenceOpenID Progress EEMA Conference
OpenID Progress EEMA Conference
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
BlockchainLAB Hackathon
BlockchainLAB HackathonBlockchainLAB Hackathon
BlockchainLAB Hackathon
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huang
 
Windows Server 2008 R2 Active Directory ADFS Claims Base Identity for Windows...
Windows Server 2008 R2 Active Directory ADFS Claims Base Identity for Windows...Windows Server 2008 R2 Active Directory ADFS Claims Base Identity for Windows...
Windows Server 2008 R2 Active Directory ADFS Claims Base Identity for Windows...
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
Introducing OpenAthens Cloud for content providers
Introducing OpenAthens Cloud for content providersIntroducing OpenAthens Cloud for content providers
Introducing OpenAthens Cloud for content providers
 

More from Mike Schwartz

LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthMike Schwartz
 
OTTO - Internet2 TechX 2017
OTTO - Internet2 TechX 2017OTTO - Internet2 TechX 2017
OTTO - Internet2 TechX 2017Mike Schwartz
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...Mike Schwartz
 
LASCON: Three Profiels of OAuth2 for Identity and Access Management
LASCON: Three Profiels of OAuth2 for Identity and Access ManagementLASCON: Three Profiels of OAuth2 for Identity and Access Management
LASCON: Three Profiels of OAuth2 for Identity and Access ManagementMike Schwartz
 
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!Mike Schwartz
 
RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
RSA Conference 2016: Who Are You? From Meat to Electrons and Back AgainRSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
RSA Conference 2016: Who Are You? From Meat to Electrons and Back AgainMike Schwartz
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyMike Schwartz
 
OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2Mike Schwartz
 
Requirements for Personal Clouds : Tech Ranch Talk 8/7/13
Requirements for Personal Clouds : Tech Ranch Talk 8/7/13Requirements for Personal Clouds : Tech Ranch Talk 8/7/13
Requirements for Personal Clouds : Tech Ranch Talk 8/7/13Mike Schwartz
 
Gluu EDU Webinar: Shibboleth/SAML SSO
Gluu EDU Webinar: Shibboleth/SAML SSOGluu EDU Webinar: Shibboleth/SAML SSO
Gluu EDU Webinar: Shibboleth/SAML SSOMike Schwartz
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 

More from Mike Schwartz (13)

LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
 
OTTO - Internet2 TechX 2017
OTTO - Internet2 TechX 2017OTTO - Internet2 TechX 2017
OTTO - Internet2 TechX 2017
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...
 
LASCON: Three Profiels of OAuth2 for Identity and Access Management
LASCON: Three Profiels of OAuth2 for Identity and Access ManagementLASCON: Three Profiels of OAuth2 for Identity and Access Management
LASCON: Three Profiels of OAuth2 for Identity and Access Management
 
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
 
RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
RSA Conference 2016: Who Are You? From Meat to Electrons and Back AgainRSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
 
OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2
 
Federation registry
Federation registryFederation registry
Federation registry
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
Requirements for Personal Clouds : Tech Ranch Talk 8/7/13
Requirements for Personal Clouds : Tech Ranch Talk 8/7/13Requirements for Personal Clouds : Tech Ranch Talk 8/7/13
Requirements for Personal Clouds : Tech Ranch Talk 8/7/13
 
Gluu EDU Webinar: Shibboleth/SAML SSO
Gluu EDU Webinar: Shibboleth/SAML SSOGluu EDU Webinar: Shibboleth/SAML SSO
Gluu EDU Webinar: Shibboleth/SAML SSO
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

RSA Europe: Future of Cloud Identity

  • 1. The Future of Cloud Identity Security Michael Schwartz Founder / CEO Gluu Session ID: IAM-207 Session Classification: General Interest
  • 3. Finally an Internet Identity Foundation… 3
  • 4. Who is behind the OpenID Foundation 4
  • 5. Challenges Solved by OpenID Connect  How to share authentication with apps / websites  Potential for Authorization  Discovery  How to identify an anonymous Internet visitor  Support constant new stream of mobile apps  “Apps” are not well known ahead of time… need to support dynamic registration  Session Management  How can you “logout”… 5
  • 6. How did we get here?  1998: Web Access Management  Traditional enterprise SSO (i.e. SiteMinder)  2001: Federation  How do I access websites outside my organization : SAML  2011 Social Login  Facebook Connect - Technology goes consumer 6
  • 7. Predecessors of OpenID Connect  SAML  Widely deployed by organizations  Authentication + attributes + federation  OpenID  Easy centralized authentication  Information Cards  Lots of lessons learned : OpenID Account Chooser  OAUTH 1.0 and 1.1  Bundled Authentication / Authorization: first authorization 7
  • 9. What is OpenID Connect?  Profile of OAuth2  Entities  Client, OpenID Providers (“OP”), Relying Party (“RP”)  Workflows  Discovery, Authentication, Dynamic Client registration, Attribute Release, Session management  Schema  Token, Keystore 9
  • 10. 10
  • 11. 11
  • 12. Subtle Revolutions  “SMTP-stlye” email address are the entity identifiers  Ease of use for Web Developers  Good usability for People 12
  • 13. When ?  OP support 2013  Google launch of Account Chooser  Large RP’s will support first … 2013  CMS, CRM, communication and SaaS apps to follow 13
  • 15. Tools and Rules  Tools  Its not just the Web, but the depth of software tools and support that makes it so powerful.  Rules  How the standards are used can be strengthened by the central authorities.  Both are needed… but rules may take a while 15
  • 16. Organizational Trust Management  Organizational Trust Management  Which “clients” are authorized for which scopes?  Which people are authorized to use which clients?  How to group related clients? 16
  • 17. MultiParty Federations In OpenID Connect ? $1.8 Million NSTIC Grant http://www.nist.gov/itl/nstic-092012.cfm 17
  • 18. User Trust Management  UMA : User Managed Authorization  Proposed IETF standard  Enable users to centrally store permissions given to applications  Also Profile of OAuth2  Central “Authorization Manager” infrastructure  Specify which Clients have access to which resources (URLs)  PEP / PDP architecture  Course-grain authentication 18
  • 19. Fine Grain Authorization  How to specify access to resources  Resources need to be described by rules  All the pictures in this folder, except these three…  Specifying “who” is authorized also needs rules  Any teacher in my child’s school can send her a message  Note who could also be an organization, federation or some other entity.  External conditions  During business hours allow hosts from subnet 10.10.10.x  Many believe to solve this, we need a “Graph” standard 19
  • 20. What would an OpenID Graph look like? There are three types of arcs and nodes: contextual, relational, literal 20
  • 21. Graph : Contextual Arcs • What is the provenance of data? • How to group / organize data Note: Different Contexts Address of the data is the same, but who are you going to believe? joe@acme.com or chase.com ? 21
  • 22. Graph: Relational Arcs  How are OpenID endpoints related?  How do we convey real world relationships in the online world? 22
  • 23. Graph: Permissions (1) What part of the graph (2) what operations (3) under what conditions Relational arc specifies what operations are allowed on what part of the graph: could be $add, $mod, $del, $get, $all $if specifies conditions $do specifies a “Link Contract” Javascript equation format 23
  • 25. How can you prepare for OpenID Connect?  If you are a CTO / CSO  Deploy an “OpenID Provider” at your organization to enable developers for testing of new applications and cloud service providers.  Inquire about the roadmap for OpenID Connect support from your current SaaS providers  Define the vision to use OpenID Connect for internal and external SSO  Make plans to consolidate existing SAML and SSO infrastructures 25
  • 26. How can you prepare for OpenID Connect?  If you are a Website or App developer  Don’t create any more user databases  Authenticated via OpenID Connect  Use the “User Info” endpoint to request the OpenID Scopes which contain information about the entity.  Allow people to identify themselves with an email address: support OpenID Connect discovery.  Support OpenID Connect Dynamic Client Registration for your app 26
  • 27. How can you prepare for OpenID Connect?  If you are a Person !  Understand that you may need to choose your identity depending on the app or website in question  Gripe to websites that don’t support OpenID Connect 27
  • 28. If you want Open Source OpenID Connect…  Please checkout the OX project  OpenID Connect  UMA  SCIM  OpenID Graph http://ox.gluu.org 28