CloudIDSummit, profile picture
Uploaded byCloudIDSummit
576 views

CIS14: Implementing MITREid

The document discusses the challenges faced by software developers in managing digital identities and provides solutions such as implementing OpenID 2.0 and OAuth 2.0 for federated identity management. It emphasizes building secure, scalable systems to facilitate user authentication and provides various programming libraries for developers. The conclusion advocates the use of open standards and user-driven trust models for better security and integration in digital identity management.

Embed presentation

Downloaded 14 times
The  story  of  MITREid   Jus3n  Richer   The  MITRE  Corpora3on   © 2014 The MITRE Corporation. All rights reserved. Approved for Public Release: Distribution Unlimited (Case Number: 14-1639)
The  plight  of  a  so;ware  developer   •  I  build  things  that  people  use   •  I  want  to  know  who’s  there   •  What  can  I  do?  
1.  Make  local  accounts  
1.  Make  local  accounts  
1.  Make  local  accounts  
2.  Use  LDAP  
2.  Use  LDAP  
3.  Use  Enterprise  SSO  
3.  Use  Enterprise  SSO  
3.  Use  Enterprise  SSO   Firewall Intranet Internet
What  to  do?  
Give  people  a  digital  iden3ty  
Let’s  build  something   •  OpenID  2.0  Server   •  Running  on  corporate  IT  hardware  in   corporate  IT  environment   •  Backed  by  corporate  SSO  and  user  profile   informa3on   •  “We  do  SSO  so  you  don’t  have  to”  
Why  OpenID?   •  Open  standard  protocol   •  Network-­‐based  federa3on   •  User-­‐driven  trust  model   •  Simple  to  use  and  develop  
Make  it  easy  for  developers:   PlaXorm  support   •  Libraries:   –  Java   –  PHP   –  Python   –  Javascript   –  Ruby   –  Perl   –  …   •  PlaXorms  &  Plugins:   –  Spring  Security   –  Elgg   –  Wordpress   –  Mediawiki   –  Omniauth   –  Drupal   –  …  
Usage  Profile:  The  prototype   Firewall Intranet Internet OpenID Server SSO  
Usage  Profile:  The  external  service   Firewall Intranet Internet OpenID Server SSO  
User  Profiles:  The  mobile  user   Firewall Intranet Internet OpenID Server 2FA  
The  architecture   Firewall User Profiles Shared Database Internal OP External OP Intranet Internet Two-­‐Factor  Authn  Corporate  SSO  
Run3me  security  decisions  
Adop3on  by  the  extended  enterprise  
The  Long  Tail   1   10   100   1000   10000  
We  didn’t  even  plan  this  
Mul3ple  types  of  user  
Moving  on  from  OpenID  2.0  
Let’s  build  it  (again)!   •  OAuth  2.0  and  OpenID  Connect  server   •  OpenID  Connect  client  library   •  Enterprise-­‐friendly  features  and  plaXorm   •  Flexible  deployment   and...  
Open  Source  
We’re  running  it  ourselves  
Building  the  specifica3ons  
Moving  toward  federa3on  across   the  extended  enterprise  
Beaer  security:  Separa3on   OpenID Provider
Delega3ng  services:  OAuth   OpenID Provider
Beaer  security:  Revoca3on  
Easier  integra3on  by  developers   OpenID Provider•  Standard   •  Agile   •  Flexible   •  Distributed   •  Proprietary   •  Fragile   •  Rigid   •  Centralized  
Beaer  administra3on:     An  abstrac3on  layer   OpenID Provider
Scalable  security  decisions   Whitelist Trusted partners, business contracts, customer organizations, trust frameworks Graylist User-based trust decisions Follow Trust on First Use model, keep logs Blacklist Very bad sites we don’t want to deal with, ever Organiza3ons   decide  these   End-­‐users     decide  these  
Conclusions   •  Use  open  standards   •  Give  your  people  digital  iden33es  and  let   them  decide  where  to  use  them   •  Use  federa3on  where  possible  
Ques3ons?   jricher@mitre.org  

More Related Content

PDF
Electronic security
byWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
PPTX
Internet of Things (IoT) Security
byshiriskumar
 
PDF
Security in the Internet of Things
byForgeRock
 
PPTX
IoT Security Middleware: evaluating the threats and protecting against them
byNick Allott
 
PPTX
Istio Security Overview
byMichael Furman
 
PPT
IoT Security – Executing an Effective Security Testing Process
byEC-Council
 
PDF
Internet of Things Security Patterns
byMark Benson
 
PPTX
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
byManisha Luthra
 
Electronic security
byWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Internet of Things (IoT) Security
byshiriskumar
 
Security in the Internet of Things
byForgeRock
 
IoT Security Middleware: evaluating the threats and protecting against them
byNick Allott
 
Istio Security Overview
byMichael Furman
 
IoT Security – Executing an Effective Security Testing Process
byEC-Council
 
Internet of Things Security Patterns
byMark Benson
 
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
byManisha Luthra
 

What's hot

PDF
IoT Security, Mirai Revisited
byClare Nelson, CISSP, CIPP-E
 
PPTX
IDENTITY IN THE WORLD OF IOT
byForgeRock
 
PPTX
IoT security
byYashKesharwani2
 
PDF
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
byDesign World
 
PPTX
Iot Security, Internet of Things
byBryan Len
 
PPTX
IoT Security Imperative: Stop your Fridge from Sending you Spam
byAmit Rohatgi
 
PPTX
OWASP A4 XML External Entities (XXE)
byMichael Furman
 
PPTX
IoT Security Awareness Training : Tonex Training
byBryan Len
 
PDF
IoT/M2M Security
byYu-Hsin Hung
 
PDF
Google Case Study: Strong Authentication for Employees and Consumers
byFIDO Alliance
 
PDF
Google FIDO Authentication Case Study
byFIDO Alliance
 
PPTX
Top 3 tips for security documentation
byMichael Furman
 
PDF
Securing the Internet of Things
byChristopher Frenz
 
PDF
The security story behind critical industrial networks
byodix (ODI LTD)
 
PPTX
Hallwaze security snapshot
byhallwaze_1
 
PDF
odix introduction ransomware prevention in WFH reality 2020
byodix (ODI LTD)
 
PDF
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
byDenim Group
 
PPTX
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
byWindows Developer
 
PDF
The identity of things & the smart cities of tomorrow webinar may 2015
byForgeRock
 
PPTX
Privacy and Security in the Internet of Things
byJeff Katz
 
IoT Security, Mirai Revisited
byClare Nelson, CISSP, CIPP-E
 
IDENTITY IN THE WORLD OF IOT
byForgeRock
 
IoT security
byYashKesharwani2
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
byDesign World
 
Iot Security, Internet of Things
byBryan Len
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
byAmit Rohatgi
 
OWASP A4 XML External Entities (XXE)
byMichael Furman
 
IoT Security Awareness Training : Tonex Training
byBryan Len
 
IoT/M2M Security
byYu-Hsin Hung
 
Google Case Study: Strong Authentication for Employees and Consumers
byFIDO Alliance
 
Google FIDO Authentication Case Study
byFIDO Alliance
 
Top 3 tips for security documentation
byMichael Furman
 
Securing the Internet of Things
byChristopher Frenz
 
The security story behind critical industrial networks
byodix (ODI LTD)
 
Hallwaze security snapshot
byhallwaze_1
 
odix introduction ransomware prevention in WFH reality 2020
byodix (ODI LTD)
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
byDenim Group
 
Build 2017 - B8024 - Connected intelligent things with Windows IoT Core and A...
byWindows Developer
 
The identity of things & the smart cities of tomorrow webinar may 2015
byForgeRock
 
Privacy and Security in the Internet of Things
byJeff Katz
 

Similar to CIS14: Implementing MITREid

PDF
Practical Federated Identity
byWSO2
 
PDF
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
byWSO2
 
PPTX
Keeping Secrets on the Internet of Things - Mobile Web Application Security
byKelly Robertson
 
PDF
Security-and-Privacy-in-Architectural-Modeling (2).pdf
bypatidararnav007
 
PPTX
Implementing MITREid - CIS 2014 Presentation
byJustin Richer
 
ODP
Building open source identity infrastructures
byFrancesco Chicchiriccò
 
PPT
Identity Federation on JBossAS
byRoger CARHUATOCTO
 
PDF
Identity mediation for enterprise identity bus
byPushpalanka Jayawardhana
 
PDF
OpenID and decentralised social networks
bySimon Willison
 
PDF
Geneva Application Security Forum: Vers une authentification plus forte dans ...
bySylvain Maret
 
PDF
2010 - Fédération des identités et OpenID
byCyber Security Alliance
 
PPT
OpenID Progress EEMA Conference
byevidos
 
PDF
Open Source Identity Integration with OpenSSO
byelliando dias
 
PPT
Web-services
bywebhostingguy
 
PPTX
Packt publishing book proposal api and mobile access management
byGluu
 
PDF
Building the Social Web with OpenID
bySimon Willison
 
PPTX
Introduction to the FAPI Read & Write OAuth Profile
byNat Sakimura
 
PDF
Identity 2.0 - OpenID And User Centric Identity
byMartin Strandbygaard
 
PDF
The Implications of OpenID
bySimon Willison
 
PPT
FOSSwire3 + OpenID
bycvanp
 
Practical Federated Identity
byWSO2
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
byWSO2
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
byKelly Robertson
 
Security-and-Privacy-in-Architectural-Modeling (2).pdf
bypatidararnav007
 
Implementing MITREid - CIS 2014 Presentation
byJustin Richer
 
Building open source identity infrastructures
byFrancesco Chicchiriccò
 
Identity Federation on JBossAS
byRoger CARHUATOCTO
 
Identity mediation for enterprise identity bus
byPushpalanka Jayawardhana
 
OpenID and decentralised social networks
bySimon Willison
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
bySylvain Maret
 
2010 - Fédération des identités et OpenID
byCyber Security Alliance
 
OpenID Progress EEMA Conference
byevidos
 
Open Source Identity Integration with OpenSSO
byelliando dias
 
Web-services
bywebhostingguy
 
Packt publishing book proposal api and mobile access management
byGluu
 
Building the Social Web with OpenID
bySimon Willison
 
Introduction to the FAPI Read & Write OAuth Profile
byNat Sakimura
 
Identity 2.0 - OpenID And User Centric Identity
byMartin Strandbygaard
 
The Implications of OpenID
bySimon Willison
 
FOSSwire3 + OpenID
bycvanp
 

More from CloudIDSummit

PDF
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
byCloudIDSummit
 
PPTX
CIS 2016 Content Highlights
byCloudIDSummit
 
PDF
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
byCloudIDSummit
 
PDF
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
byCloudIDSummit
 
PDF
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
byCloudIDSummit
 
PDF
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
byCloudIDSummit
 
PDF
CIS 2015 The IDaaS Dating Game - Sean Deuby
byCloudIDSummit
 
PDF
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
byCloudIDSummit
 
PDF
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
byCloudIDSummit
 
PDF
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
byCloudIDSummit
 
PDF
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
byCloudIDSummit
 
PDF
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
byCloudIDSummit
 
PDF
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
byCloudIDSummit
 
PDF
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
byCloudIDSummit
 
PDF
CIS 2015 Identity Relationship Management in the Internet of Things
byCloudIDSummit
 
PDF
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
byCloudIDSummit
 
PDF
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
byCloudIDSummit
 
PDF
Mobile security, identity & authentication reasons for optimism 20150607 v2
byCloudIDSummit
 
PDF
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
byCloudIDSummit
 
PPTX
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
byCloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
byCloudIDSummit
 
CIS 2016 Content Highlights
byCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
byCloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
byCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
byCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
byCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
byCloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
byCloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
byCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
byCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
byCloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
byCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
byCloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
byCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
byCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
byCloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
byCloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
byCloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
byCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
byCloudIDSummit
 

Recently uploaded

PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 

CIS14: Implementing MITREid