SlideShare a Scribd company logo

Understanding 'Authentication' and 'Identity Federation'

Naohiro Fujie
Naohiro Fujie

My deck at Asia MVP/RD meetup that describes identity related keywords.

Technology
1 of 6
Download to read offline
Understanding 'Authentication’ and ‘Identity Federation' Naohiro Fujie MVP for Enterprise Mobility
Confusion… •Identity = Authentication ?? •Authentication = Single Sign On ?? •Federation ??
What is ‘Identity’ – Johari Window • We want to recognize existence of ‘Entity’ like person, computer, other physical things. • But we cannot recognize ‘Entity’ directly since the ‘Entity’ is different from ourselves. • Also we cannot recognize all part of own ‘Entity’. Source: Wikipedia https://en.wikipedia.org/wiki/Johari_window
Recognize ‘Entity’ through ‘Identity’ • ‘Identity’ is not only an ‘Identifier’ but a set of attributes. • Identifier is one of attribute or a set of attribute of the entity to separate it from other entities. • Ex) If there is no ‘Fujie-san’ around here, surname can be used as identifier, but at my home, we cannot use surname as identifier. • We recognize ‘Entity’ through recognizing attributes. Name Company Hair Style Height Loves Heavy Metal Identity - Set of attributes Entity to recognize
Identity related keywords • Authentication • To check entity is valid or not. • Federation • To federate(pass) identity related information to other entities. • By federate AuthN result attribute to other entity(system), user can Single Sign On between entities. 2.Verify 1.Name/Password AuthN result3.Generate Computer system A - Entity which need to validate a entity Name Company Password Attributes of the user User - Entity to be verified 4.Access Authentication Federation 6.SSO Major protocols are SAML, OpenID Connect Major protocols are RADIUS, Kerberos OpenID Computer system B - Federate with system A Name Attributes of the user 5.Federate AuthN result
Role of Identity & Access Management Trust Trust Trust/Federation Provide Credentials Provide Common Attributes Provide AuthN Result Identity Management System Authentication System Applications Identity Management System’s role - Provide trustworthy identities to other systems. How? ex) by import data from HR Authentication System’s role - Verify the validity of the user. How? ex) Password + SMS notification Application’s role - Authorize user’s access. How? ex) Change user’s role align to the department and title attributes of the user Trust means… - Externalize and delegate feature to other system, and trust the response from the system. Applications Note) User can SSO across apps if these apps trust the same authN system. App admins App specific attributes Federation is based on inter-system ‘Trust’

Recommended

OAuth
OAuthOAuth
OAuthIván Fernández Perea
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Introduction to OAuth2
Introduction to OAuth2 Introduction to OAuth2
Introduction to OAuth2 Sean Whitesell
 
Mashing Up with User-centric Identity
Mashing Up with User-centric IdentityMashing Up with User-centric Identity
Mashing Up with User-centric Identitykkjjkevin03
 
Adfs 2 & claims based identity
Adfs 2 & claims based identityAdfs 2 & claims based identity
Adfs 2 & claims based identityNathan Winters
 
Electronic resource management overview
Electronic resource management overviewElectronic resource management overview
Electronic resource management overviewJill Emery
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptShivanand Arur
 

Recommended

OAuth
OAuthOAuth
OAuthIván Fernández Perea
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Introduction to OAuth2
Introduction to OAuth2 Introduction to OAuth2
Introduction to OAuth2 Sean Whitesell
 
Mashing Up with User-centric Identity
Mashing Up with User-centric IdentityMashing Up with User-centric Identity
Mashing Up with User-centric Identitykkjjkevin03
 
Adfs 2 & claims based identity
Adfs 2 & claims based identityAdfs 2 & claims based identity
Adfs 2 & claims based identityNathan Winters
 
Electronic resource management overview
Electronic resource management overviewElectronic resource management overview
Electronic resource management overviewJill Emery
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptShivanand Arur
 
Identity federation & user centric identity
Identity federation & user centric identityIdentity federation & user centric identity
Identity federation & user centric identitywegdam
 
Identity federation and strong authentication
Identity federation and strong authenticationIdentity federation and strong authentication
Identity federation and strong authenticationJustin Richer
 
Identity Federation for the Enterprise: Lessons Learned
Identity Federation for the Enterprise: Lessons LearnedIdentity Federation for the Enterprise: Lessons Learned
Identity Federation for the Enterprise: Lessons LearnedNalneesh Gaur
 
How information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 brandedHow information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 brandedNalneesh Gaur
 
SSIR corporate presentation
SSIR corporate presentationSSIR corporate presentation
SSIR corporate presentationSilverStandard
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Gabriella Davis
 
Anal ca vakalis
Anal ca vakalisAnal ca vakalis
Anal ca vakalisfondas vakalis
 
Project Management in an Agency Environment
Project Management in an Agency Environment Project Management in an Agency Environment
Project Management in an Agency Environment Jeff Thaler
 
A Guide On Dating Safely
A Guide On Dating SafelyA Guide On Dating Safely
A Guide On Dating Safelyguest494d882b
 
Max Intl Presentation
Max Intl PresentationMax Intl Presentation
Max Intl PresentationJulieFarmer
 
Thyroid
ThyroidThyroid
ThyroidIrene Tan
 
Save power
Save powerSave power
Save powerBhavesh Gudhka
 
Avivo
AvivoAvivo
AvivoDave Burrell
 
Ffplan New 97 2003
Ffplan New 97 2003Ffplan New 97 2003
Ffplan New 97 2003Joshua Yamson
 
Coronado Island
Coronado IslandCoronado Island
Coronado Islandjangeres
 
Chemistry Jeopardy
Chemistry JeopardyChemistry Jeopardy
Chemistry Jeopardyginaarnold
 
David Scott Irevised Pp
David Scott Irevised PpDavid Scott Irevised Pp
David Scott Irevised PpDavid Scott
 
SweepsPros 2009
SweepsPros 2009SweepsPros 2009
SweepsPros 2009razoulay
 
6 Doamne Cine Esti
6 Doamne Cine Esti6 Doamne Cine Esti
6 Doamne Cine Estialexcurbet
 
Greg Linch - Publish2 contest
Greg Linch - Publish2 contestGreg Linch - Publish2 contest
Greg Linch - Publish2 contestGreg Linch
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Kaliya "Identity Woman" Young
 
Identity 3.0 and Oracle
Identity 3.0 and OracleIdentity 3.0 and Oracle
Identity 3.0 and OracleBram van Pelt
 

More Related Content

Viewers also liked

Identity federation & user centric identity
Identity federation & user centric identityIdentity federation & user centric identity
Identity federation & user centric identitywegdam
 
Identity federation and strong authentication
Identity federation and strong authenticationIdentity federation and strong authentication
Identity federation and strong authenticationJustin Richer
 
Identity Federation for the Enterprise: Lessons Learned
Identity Federation for the Enterprise: Lessons LearnedIdentity Federation for the Enterprise: Lessons Learned
Identity Federation for the Enterprise: Lessons LearnedNalneesh Gaur
 
How information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 brandedHow information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 brandedNalneesh Gaur
 
SSIR corporate presentation
SSIR corporate presentationSSIR corporate presentation
SSIR corporate presentationSilverStandard
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Gabriella Davis
 
Project Management in an Agency Environment
Project Management in an Agency Environment Project Management in an Agency Environment
Project Management in an Agency Environment Jeff Thaler
 
A Guide On Dating Safely
A Guide On Dating SafelyA Guide On Dating Safely
A Guide On Dating Safelyguest494d882b
 
Max Intl Presentation
Max Intl PresentationMax Intl Presentation
Max Intl PresentationJulieFarmer
 
Coronado Island
Coronado IslandCoronado Island
Coronado Islandjangeres
 
Chemistry Jeopardy
Chemistry JeopardyChemistry Jeopardy
Chemistry Jeopardyginaarnold
 
David Scott Irevised Pp
David Scott Irevised PpDavid Scott Irevised Pp
David Scott Irevised PpDavid Scott
 
SweepsPros 2009
SweepsPros 2009SweepsPros 2009
SweepsPros 2009razoulay
 
6 Doamne Cine Esti
6 Doamne Cine Esti6 Doamne Cine Esti
6 Doamne Cine Estialexcurbet
 
Greg Linch - Publish2 contest
Greg Linch - Publish2 contestGreg Linch - Publish2 contest
Greg Linch - Publish2 contestGreg Linch
 

Viewers also liked (20)

Identity federation & user centric identity
Identity federation & user centric identityIdentity federation & user centric identity
Identity federation & user centric identity
 
Identity federation and strong authentication
Identity federation and strong authenticationIdentity federation and strong authentication
Identity federation and strong authentication
 
Identity Federation for the Enterprise: Lessons Learned
Identity Federation for the Enterprise: Lessons LearnedIdentity Federation for the Enterprise: Lessons Learned
Identity Federation for the Enterprise: Lessons Learned
 
How information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 brandedHow information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 branded
 
SSIR corporate presentation
SSIR corporate presentationSSIR corporate presentation
SSIR corporate presentation
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017
 
Anal ca vakalis
Anal ca vakalisAnal ca vakalis
Anal ca vakalis
 
Project Management in an Agency Environment
Project Management in an Agency Environment Project Management in an Agency Environment
Project Management in an Agency Environment
 
A Guide On Dating Safely
A Guide On Dating SafelyA Guide On Dating Safely
A Guide On Dating Safely
 
Max Intl Presentation
Max Intl PresentationMax Intl Presentation
Max Intl Presentation
 
Thyroid
ThyroidThyroid
Thyroid
 
Save power
Save powerSave power
Save power
 
Avivo
AvivoAvivo
Avivo
 
Ffplan New 97 2003
Ffplan New 97 2003Ffplan New 97 2003
Ffplan New 97 2003
 
Coronado Island
Coronado IslandCoronado Island
Coronado Island
 
Chemistry Jeopardy
Chemistry JeopardyChemistry Jeopardy
Chemistry Jeopardy
 
David Scott Irevised Pp
David Scott Irevised PpDavid Scott Irevised Pp
David Scott Irevised Pp
 
SweepsPros 2009
SweepsPros 2009SweepsPros 2009
SweepsPros 2009
 
6 Doamne Cine Esti
6 Doamne Cine Esti6 Doamne Cine Esti
6 Doamne Cine Esti
 
Greg Linch - Publish2 contest
Greg Linch - Publish2 contestGreg Linch - Publish2 contest
Greg Linch - Publish2 contest
 

Similar to Understanding 'Authentication' and 'Identity Federation'

Identity 3.0 and Oracle
Identity 3.0 and OracleIdentity 3.0 and Oracle
Identity 3.0 and OracleBram van Pelt
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
Azure Active Directory by Nikolay Mozgovoy
Azure Active Directory by Nikolay MozgovoyAzure Active Directory by Nikolay Mozgovoy
Azure Active Directory by Nikolay MozgovoySigma Software
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationLiam Cleary [MVP]
 
Identity Proofing to provision accurately
Identity Proofing to provision accuratelyIdentity Proofing to provision accurately
Identity Proofing to provision accuratelyDavid Kelts, CIPT
 
Open Standards for Trusted and Universal ID Systems
Open Standards for Trusted and Universal ID SystemsOpen Standards for Trusted and Universal ID Systems
Open Standards for Trusted and Universal ID SystemsTRUSTECH Event
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCloudIDSummit
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 

Similar to Understanding 'Authentication' and 'Identity Federation' (20)

Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016
 
Identity 3.0 and Oracle
Identity 3.0 and OracleIdentity 3.0 and Oracle
Identity 3.0 and Oracle
 
Identity 3.0 and Oracle at AMIS25
Identity 3.0 and Oracle at AMIS25Identity 3.0 and Oracle at AMIS25
Identity 3.0 and Oracle at AMIS25
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
Azure Active Directory by Nikolay Mozgovoy
Azure Active Directory by Nikolay MozgovoyAzure Active Directory by Nikolay Mozgovoy
Azure Active Directory by Nikolay Mozgovoy
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0
 
Identity Proofing to provision accurately
Identity Proofing to provision accuratelyIdentity Proofing to provision accurately
Identity Proofing to provision accurately
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
 
Open Standards for Trusted and Universal ID Systems
Open Standards for Trusted and Universal ID SystemsOpen Standards for Trusted and Universal ID Systems
Open Standards for Trusted and Universal ID Systems
 
FirstNet ICAM
FirstNet ICAMFirstNet ICAM
FirstNet ICAM
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web Summit
 
Laws of relationships v7
Laws of relationships v7Laws of relationships v7
Laws of relationships v7
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 

More from Naohiro Fujie

分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要Naohiro Fujie
 
今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified ID今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified IDNaohiro Fujie
 
Azure AD B2CにIdPを色々と繋いでみる
Azure AD B2CにIdPを色々と繋いでみるAzure AD B2CにIdPを色々と繋いでみる
Azure AD B2CにIdPを色々と繋いでみるNaohiro Fujie
 
LINEログインの最新アップデートとアプリ連携ウォークスルー
LINEログインの最新アップデートとアプリ連携ウォークスルーLINEログインの最新アップデートとアプリ連携ウォークスルー
LINEログインの最新アップデートとアプリ連携ウォークスルーNaohiro Fujie
 
ざっくり解説 LINE ログイン
ざっくり解説 LINE ログインざっくり解説 LINE ログイン
ざっくり解説 LINE ログインNaohiro Fujie
 
Azure AD x LINE x Auth0
Azure AD x LINE x Auth0Azure AD x LINE x Auth0
Azure AD x LINE x Auth0Naohiro Fujie
 
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向Naohiro Fujie
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要Naohiro Fujie
 
LIFFとの連携でさらに強力に。こんなに使えるLINEログイン
LIFFとの連携でさらに強力に。こんなに使えるLINEログインLIFFとの連携でさらに強力に。こんなに使えるLINEログイン
LIFFとの連携でさらに強力に。こんなに使えるLINEログインNaohiro Fujie
 
自己主権型IDと分散型ID
自己主権型IDと分散型ID自己主権型IDと分散型ID
自己主権型IDと分散型IDNaohiro Fujie
 
Azure ADの外部コラボレーションとBYOID
Azure ADの外部コラボレーションとBYOIDAzure ADの外部コラボレーションとBYOID
Azure ADの外部コラボレーションとBYOIDNaohiro Fujie
 
祝!公式サポート Auth0 + LINE Login
祝!公式サポート Auth0 + LINE Login祝!公式サポート Auth0 + LINE Login
祝!公式サポート Auth0 + LINE LoginNaohiro Fujie
 
IDaaSにSign in with Appleをつないでみた
IDaaSにSign in with AppleをつないでみたIDaaSにSign in with Appleをつないでみた
IDaaSにSign in with AppleをつないでみたNaohiro Fujie
 
次世代KYCと自己主権型アイデンティティの動向
次世代KYCと自己主権型アイデンティティの動向次世代KYCと自己主権型アイデンティティの動向
次世代KYCと自己主権型アイデンティティの動向Naohiro Fujie
 
これからの KYC と Identity on Blockchain の動向
これからの KYC と Identity on Blockchain の動向これからの KYC と Identity on Blockchain の動向
これからの KYC と Identity on Blockchain の動向Naohiro Fujie
 
SSIとDIDで何を解決したいのか?(β版)
SSIとDIDで何を解決したいのか?(β版)SSIとDIDで何を解決したいのか?(β版)
SSIとDIDで何を解決したいのか?(β版)Naohiro Fujie
 
教育機関におけるBYOIDとKYC
教育機関におけるBYOIDとKYC教育機関におけるBYOIDとKYC
教育機関におけるBYOIDとKYCNaohiro Fujie
 
実装して理解するLINE LoginとOpenID Connect入門
実装して理解するLINE LoginとOpenID Connect入門実装して理解するLINE LoginとOpenID Connect入門
実装して理解するLINE LoginとOpenID Connect入門Naohiro Fujie
 
組織におけるアイデンティティ管理の基本的な考え方
組織におけるアイデンティティ管理の基本的な考え方組織におけるアイデンティティ管理の基本的な考え方
組織におけるアイデンティティ管理の基本的な考え方Naohiro Fujie
 

More from Naohiro Fujie (20)

分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要
 
今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified ID今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified ID
 
LINE Login総復習
LINE Login総復習LINE Login総復習
LINE Login総復習
 
Azure AD B2CにIdPを色々と繋いでみる
Azure AD B2CにIdPを色々と繋いでみるAzure AD B2CにIdPを色々と繋いでみる
Azure AD B2CにIdPを色々と繋いでみる
 
LINEログインの最新アップデートとアプリ連携ウォークスルー
LINEログインの最新アップデートとアプリ連携ウォークスルーLINEログインの最新アップデートとアプリ連携ウォークスルー
LINEログインの最新アップデートとアプリ連携ウォークスルー
 
ざっくり解説 LINE ログイン
ざっくり解説 LINE ログインざっくり解説 LINE ログイン
ざっくり解説 LINE ログイン
 
Azure AD x LINE x Auth0
Azure AD x LINE x Auth0Azure AD x LINE x Auth0
Azure AD x LINE x Auth0
 
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要
 
LIFFとの連携でさらに強力に。こんなに使えるLINEログイン
LIFFとの連携でさらに強力に。こんなに使えるLINEログインLIFFとの連携でさらに強力に。こんなに使えるLINEログイン
LIFFとの連携でさらに強力に。こんなに使えるLINEログイン
 
自己主権型IDと分散型ID
自己主権型IDと分散型ID自己主権型IDと分散型ID
自己主権型IDと分散型ID
 
Azure ADの外部コラボレーションとBYOID
Azure ADの外部コラボレーションとBYOIDAzure ADの外部コラボレーションとBYOID
Azure ADの外部コラボレーションとBYOID
 
祝!公式サポート Auth0 + LINE Login
祝!公式サポート Auth0 + LINE Login祝!公式サポート Auth0 + LINE Login
祝!公式サポート Auth0 + LINE Login
 
IDaaSにSign in with Appleをつないでみた
IDaaSにSign in with AppleをつないでみたIDaaSにSign in with Appleをつないでみた
IDaaSにSign in with Appleをつないでみた
 
次世代KYCと自己主権型アイデンティティの動向
次世代KYCと自己主権型アイデンティティの動向次世代KYCと自己主権型アイデンティティの動向
次世代KYCと自己主権型アイデンティティの動向
 
これからの KYC と Identity on Blockchain の動向
これからの KYC と Identity on Blockchain の動向これからの KYC と Identity on Blockchain の動向
これからの KYC と Identity on Blockchain の動向
 
SSIとDIDで何を解決したいのか?(β版)
SSIとDIDで何を解決したいのか?(β版)SSIとDIDで何を解決したいのか?(β版)
SSIとDIDで何を解決したいのか?(β版)
 
教育機関におけるBYOIDとKYC
教育機関におけるBYOIDとKYC教育機関におけるBYOIDとKYC
教育機関におけるBYOIDとKYC
 
実装して理解するLINE LoginとOpenID Connect入門
実装して理解するLINE LoginとOpenID Connect入門実装して理解するLINE LoginとOpenID Connect入門
実装して理解するLINE LoginとOpenID Connect入門
 
組織におけるアイデンティティ管理の基本的な考え方
組織におけるアイデンティティ管理の基本的な考え方組織におけるアイデンティティ管理の基本的な考え方
組織におけるアイデンティティ管理の基本的な考え方
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Understanding 'Authentication' and 'Identity Federation'

  • 1. Understanding 'Authentication’ and ‘Identity Federation' Naohiro Fujie MVP for Enterprise Mobility
  • 2. Confusion… •Identity = Authentication ?? •Authentication = Single Sign On ?? •Federation ??
  • 3. What is ‘Identity’ – Johari Window • We want to recognize existence of ‘Entity’ like person, computer, other physical things. • But we cannot recognize ‘Entity’ directly since the ‘Entity’ is different from ourselves. • Also we cannot recognize all part of own ‘Entity’. Source: Wikipedia https://en.wikipedia.org/wiki/Johari_window
  • 4. Recognize ‘Entity’ through ‘Identity’ • ‘Identity’ is not only an ‘Identifier’ but a set of attributes. • Identifier is one of attribute or a set of attribute of the entity to separate it from other entities. • Ex) If there is no ‘Fujie-san’ around here, surname can be used as identifier, but at my home, we cannot use surname as identifier. • We recognize ‘Entity’ through recognizing attributes. Name Company Hair Style Height Loves Heavy Metal Identity - Set of attributes Entity to recognize
  • 5. Identity related keywords • Authentication • To check entity is valid or not. • Federation • To federate(pass) identity related information to other entities. • By federate AuthN result attribute to other entity(system), user can Single Sign On between entities. 2.Verify 1.Name/Password AuthN result3.Generate Computer system A - Entity which need to validate a entity Name Company Password Attributes of the user User - Entity to be verified 4.Access Authentication Federation 6.SSO Major protocols are SAML, OpenID Connect Major protocols are RADIUS, Kerberos OpenID Computer system B - Federate with system A Name Attributes of the user 5.Federate AuthN result
  • 6. Role of Identity & Access Management Trust Trust Trust/Federation Provide Credentials Provide Common Attributes Provide AuthN Result Identity Management System Authentication System Applications Identity Management System’s role - Provide trustworthy identities to other systems. How? ex) by import data from HR Authentication System’s role - Verify the validity of the user. How? ex) Password + SMS notification Application’s role - Authorize user’s access. How? ex) Change user’s role align to the department and title attributes of the user Trust means… - Externalize and delegate feature to other system, and trust the response from the system. Applications Note) User can SSO across apps if these apps trust the same authN system. App admins App specific attributes Federation is based on inter-system ‘Trust’