Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Federated identity management (fidm) using security assertion markup language (saml)

Federated identity management (fidm) using security assertion markup language (saml).

http://www.ifour-consultancy.com

  • Login to see the comments

Federated identity management (fidm) using security assertion markup language (saml)

  1. 1. WHAT IS IDM Identity management (IDM) deals with identifying individuals and controlling their access to resources within a system by implementing user rights and restrictions http://www.ifour-consultancy.com Offshore software development company India
  2. 2. WHAT IS FIDM Federated identity management (FIDM) is an arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all enterprises in the group (identity federation) http://www.ifour-consultancy.com Offshore software development company India
  3. 3. FIDM CONTINUED… IDENTITY FEDERATION: Linking a person's electronic identity and attributes stored across multiple distinct IDMs. SINGLE SIGN ON (SSO): In this a user's single authentication ticket or token is trusted across multiple IT systems or organizations. http://www.ifour-consultancy.com Offshore software development company India
  4. 4. CIRCLE OF TRUST  A circle of trust is a trust relationship among a set of identity providers and service providers that allows a Principal to use a single federated identity and single sign-on when conducting business transactions with providers within that set.  Organizations affiliate together into circles of trust based on federation technology and operational agreements that define trust relationships between the parties. http://www.ifour-consultancy.com Offshore software development company India
  5. 5. What is SAML  In order for FIDM to be effective, the partners must have a sense of mutual trust (circle of trust).  SAML is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. http://www.ifour-consultancy.com Offshore software development company India
  6. 6. Exchange of SAML messages takes place between two parties :Relying Party and Asserting Party.  The Asserting Party asserts information about a given subject. such as whether a subject has been authenticated and is authorized to perform a certain action.  The Relying Party uses information provided by the Asserting Party to make security-related decisions .Such as what types of access to grant the subject to a specific resource. http://www.ifour-consultancy.com Offshore software development company India
  7. 7. SAML Request & Response Cycle  The relying party, which needs to authenticate a specific client request, sends a SAML request to its issuing authority.  The issuing authority responds with a SAML assertion, which supplies the relying party with the requested security information.  SAML does not specify the method of authentication at the identity provider; it may use a username and password, or other form of authentication, including multi-factor authentication http://www.ifour-consultancy.com Offshore software development company India
  8. 8. Assertions in SAML SAML defines three kinds of assertions about a subject:  AUTHENTICATION ASSERTIONS: State that the user has proven her identity by a particular method at a specific time.  ATTRIBUTE ASSERTIONS: Contain specific details about the user such as an employee number or an account number.  AUTHORIZATION ASSERTIONS: State the resources a user can access and under what conditions they can be accessed. http://www.ifour-consultancy.com Offshore software development company India
  9. 9. ROLES in SAML The SAML specification defines three roles:  The principal (typically a user):Requests a service from the service provider.  Identity provider (idp): Service provider requests and obtains an identity assertion from the identity provider.  Service provider (sp):The service provider can make an access control decision .It can decide whether to perform some service for the connected principal based on assertion. http://www.ifour-consultancy.com Offshore software development company India
  10. 10.  Before delivering the identity assertion to the SP, the IdP may request some information from the principal in order to authenticate the principal E.g. user name and password.  In SAML, one identity provider may provide SAML assertions to many service providers. Similarly, one SP may rely on and trust assertions from many independent IdPs. http://www.ifour-consultancy.com Offshore software development company India
  11. 11. Benefits of SAML  Platform neutrality: SAML abstracts the security framework away from platform architectures and vendor implementations., making security more independent of application logic.  Loose coupling of directories: SAML does not require user information to be maintained and synchronized between directories.  Improved online experience for end users: SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication.  Reduced administrative costs for service providers: Using SAML to 'reuse' a single act of authentication multiple times across multiple services can reduce the cost of maintaining account.  Risk transference: SAML can act to push responsibility for proper management of identities to the identity provider, which is more compatible with its business model than that of a service provider. http://www.ifour-consultancy.com Offshore software development company India
  12. 12. SAML 1.0 & SAML 1.1  SAML 1.0 defines two key concepts:  a security token format, known as an assertion, which associates a given identity with specific access rights. A directory service, which allows users to login with a user name and password, is a typical source of authentication tokens (e.g. passwords) at an identity provider.  profiles that describe ways to package these assertions to provide single sign-on SAML 1.1 updates SAML 1.0 with feedback & corrections http://www.ifour-consultancy.com Offshore software development company India
  13. 13. Example  IRCTC , Yatra.com and Makemytrip.com work on the principle of FIDM  Here user’s Electronic Identity is confirmed via one time password sent by IRCTC  Using the same Electronic Identity the users can sign in to Yatra.com and Makemytrip.com http://www.ifour-consultancy.com Offshore software development company India
  14. 14. References  Identity Federation concepts-White Paper(CSC)  FIDM-Elisa Bertino  www.irctc.com  Symbiosis students  Akansha Sharrma  Kajal Kalpna Thomas  Pragati Juneja  Aadya Aditi http://www.ifour-consultancy.com Offshore software development company India
  15. 15. THANK YOU http://www.ifour-consultancy.com Offshore software development company India

×