SlideShare a Scribd company logo

Authentication

F
ForgeRock Identity Tech Talks

This document discusses authentication and describes how it is becoming more complex and sophisticated. It introduces the concepts of modules, chains, and flags that are used to build authentication processes. Modules perform specific authentication functions and can share information through a shared state. Chains combine modules together, and each module in a chain has a flag to determine if it is required, requisite, sufficient, or optional. The document then proposes moving to a tree structure rather than chains to provide more flexibility, including the ability to branch and loop. It describes stripping functionality out of modules and into decision nodes to avoid coupling.

Technology
1 of 19
Download to read offline
AUTHENTICATION DAVID LUNA, IDENTITY TECH TALK 2017
AUTHENTICATION COMPLEX AUTHENTICATION ▸ Traditionally, we’ve had usernames and passwords ▸ Can now engage with users without either (!) ▸ Increased sophistication ▸ Multiple services utilised during authentication ▸ Weigh up user convenience vs increased security ▸ Becoming apparent in our day-to-day lives
AUTHENTICATION Source: BBC News, 25 June 2017
AUTHENTICATION INCREASED SOPHISTICATION ▸ Much higher uptake of 2FA, growing more common to hear the phrases “multifactor” and “two factor” ▸ Remote services, e.g. push can be utilised as out-of-band communication ▸ Risk management ▸ Location / IP / Device / Requested Resource ▸ Do we trust this user right now? If not, ask for more!
AUTHENTICATION HOW DO WE ADMIN THIS? ▸ Frictionless user experience ▸ Long-lived sessions ▸ Requirements for one app differ to those of another ▸ Utilise policies with transaction authentication ▸ Re-authenticate using a specific authentication process to access a particular resource once. ▸ Re-access? Re-authenticate.
AUTHENTICATION MODULES ▸ Perform a specific authentication function ▸ That function’s complexity varies greatly ▸ Once inside a module, result is either PASS or FAILED ▸ sharedState allows modules to share information gathered from the user up to that point in authentication, but ▸ If utilising sharedState must know which keys to use - couples the modules themselves
AUTHENTICATION CHAINS ▸ Chains combine sets of modules together to form an authentication process for a user ▸ Modules in a chain each have a flag ▸ User progresses through the chain, each module has access to a sharedState put things in, or read things from
AUTHENTICATION FLAGS - REQUIRED ▸ All required modules used in the process must have a PASS outcome. Authentication process continues even if they have a FAILED outcome, but will FAIL.
AUTHENTICATION FLAGS - REQUISITE ▸ All requisite modules used in the process must have a PASS outcome. Authentication process ends in failure if they have a FAILED outcome.
AUTHENTICATION FLAGS - SUFFICIENT ▸ A sufficient module with a PASSED outcome will end the chain in PASS. Authentication process continues even if they have a FAILED outcome.
AUTHENTICATION FLAGS - OPTIONAL ▸ An optional module continues after executing.
AUTHENTICATION PASS AND FAIL ▸ Only two outcomes of authentication: ▸ PASS - Granted a session cookie, redirected to successURL configured for the chain ▸ FAIL - Redirected to failureURL configured for the chain, or simply an authentication failed screen
AUTHENTICATION FLEXIBILITY OF CHAINS ▸ String of modules ▸ Flags don’t allow branching ▸ Allow you to skip to another chain by failing and using failureURL ▸ Gives us a cascade of chains to use if a user fails ▸ Doesn’t allow for decision making in the chain, decisions can be made in modules only via sharedState
DEMO
AUTHENTICATION CHAINS GOOD. GRAPHS ARE BETTER. ▸ They’re graphs, but we’ll call them trees. ▸ No, I know, but we’ll call them trees. Please? Thanks. ▸ Feature: ▸ Source / Sink node(s) (start and end) ▸ Gathering nodes (majority of old Modules) ▸ Decision nodes (components of Modules stripped out)
AUTHENTICATION TREES ▸ Decisions now made outside of modules ▸ Branching can occur to anywhere in the tree ▸ Loops are supported! ▸ Save a tree, and load it within another tree ▸ Modules no longer need to understand specifics of sharedState - that’s now the decision node’s job ▸ Decision nodes can be easily scripted
AUTHENTICATION TREES CONTINUED ▸ Nodes have one input, and N outputs, not just FAIL and PASS. ▸ No more flags! ▸ e.g. create an “Optional” module which has a FAIL and PASS output by putting both FAIL and PASS outcomes to the same next node ▸ Implement granular functionality using Decision Node ▸ sharedState is now tree-specific, doesn’t couple modules
DEMO
AUTHENTICATION David Luna @ohnomorejuzzo david@luna.co.uk

Recommended

Devops (start walking in the same direction) by ops
Devops (start walking in the same direction) by opsDevops (start walking in the same direction) by ops
Devops (start walking in the same direction) by opsDemis Rizzotto
 
App gate sdp_use_case_secure_devops
App gate sdp_use_case_secure_devopsApp gate sdp_use_case_secure_devops
App gate sdp_use_case_secure_devopsCristian Garcia G.
 
Building a Release Strategy
Building a Release StrategyBuilding a Release Strategy
Building a Release StrategyEng Teong Cheah
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessIvan Dwyer
 
You only have to change one thing to make DevOps work, Everything
You only have to change one thing to make DevOps work, EverythingYou only have to change one thing to make DevOps work, Everything
You only have to change one thing to make DevOps work, EverythingKen Mugrage
 
What Every Software Engineer Should Know About Security and Encryption
What Every Software Engineer Should Know About Security and EncryptionWhat Every Software Engineer Should Know About Security and Encryption
What Every Software Engineer Should Know About Security and EncryptionAll Things Open
 
5 steps to securing your identity infrastructure.pptx
5 steps to securing your identity infrastructure.pptx5 steps to securing your identity infrastructure.pptx
5 steps to securing your identity infrastructure.pptxMCont1
 

Recommended

Devops (start walking in the same direction) by ops
Devops (start walking in the same direction) by opsDevops (start walking in the same direction) by ops
Devops (start walking in the same direction) by opsDemis Rizzotto
 
App gate sdp_use_case_secure_devops
App gate sdp_use_case_secure_devopsApp gate sdp_use_case_secure_devops
App gate sdp_use_case_secure_devopsCristian Garcia G.
 
Building a Release Strategy
Building a Release StrategyBuilding a Release Strategy
Building a Release StrategyEng Teong Cheah
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessIvan Dwyer
 
You only have to change one thing to make DevOps work, Everything
You only have to change one thing to make DevOps work, EverythingYou only have to change one thing to make DevOps work, Everything
You only have to change one thing to make DevOps work, EverythingKen Mugrage
 
What Every Software Engineer Should Know About Security and Encryption
What Every Software Engineer Should Know About Security and EncryptionWhat Every Software Engineer Should Know About Security and Encryption
What Every Software Engineer Should Know About Security and EncryptionAll Things Open
 
5 steps to securing your identity infrastructure.pptx
5 steps to securing your identity infrastructure.pptx5 steps to securing your identity infrastructure.pptx
5 steps to securing your identity infrastructure.pptxMCont1
 
Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Nexgen Technology
 
Single SignOn and Context Management Solutions
Single SignOn and Context Management SolutionsSingle SignOn and Context Management Solutions
Single SignOn and Context Management Solutionsmanikrane
 
Zero Credential Development with Managed Identities
Zero Credential Development with Managed IdentitiesZero Credential Development with Managed Identities
Zero Credential Development with Managed IdentitiesJoonas Westlin
 
passkey.pptx
passkey.pptxpasskey.pptx
passkey.pptxArpana Dhaka
 
BeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapBeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapIvan Dwyer
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
 
Duo Platform Edition Overview
Duo Platform Edition OverviewDuo Platform Edition Overview
Duo Platform Edition OverviewNatalie Hewitt
 
Testing 101
Testing 101Testing 101
Testing 101Manuel de la Peña Peña
 
SoapUI : Day22 : Webservice Authentication
SoapUI : Day22 : Webservice AuthenticationSoapUI : Day22 : Webservice Authentication
SoapUI : Day22 : Webservice AuthenticationTesting World
 
Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...
Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...
Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...DevOpsDays Tel Aviv
 
Parks & recreation infographic
Parks & recreation infographicParks & recreation infographic
Parks & recreation infographicMechsoft Technologies LLC
 
decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...swathi78
 
decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...swathi78
 
Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.SecureAuth
 
Zero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resourcesZero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resourcesJoonas Westlin
 
Zero credential development with managed identities
Zero credential development with managed identitiesZero credential development with managed identities
Zero credential development with managed identitiesJoonas Westlin
 
Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based AuthenticationPortalGuard dba PistolStar, Inc.
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
 
Microsoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) PresentationMicrosoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) PresentationMicrosoft Private Cloud
 
Virtual private network 03
Virtual private network 03Virtual private network 03
Virtual private network 03Noman khan
 
Deep dive into the Open Banking payments flows
Deep dive into the Open Banking payments flowsDeep dive into the Open Banking payments flows
Deep dive into the Open Banking payments flowsForgeRock Identity Tech Talks
 
Implementing Open Banking with ForgeRock
Implementing Open Banking with ForgeRockImplementing Open Banking with ForgeRock
Implementing Open Banking with ForgeRockForgeRock Identity Tech Talks
 

More Related Content

Similar to Authentication

Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Nexgen Technology
 
Single SignOn and Context Management Solutions
Single SignOn and Context Management SolutionsSingle SignOn and Context Management Solutions
Single SignOn and Context Management Solutionsmanikrane
 
Zero Credential Development with Managed Identities
Zero Credential Development with Managed IdentitiesZero Credential Development with Managed Identities
Zero Credential Development with Managed IdentitiesJoonas Westlin
 
BeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapBeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapIvan Dwyer
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
 
Duo Platform Edition Overview
Duo Platform Edition OverviewDuo Platform Edition Overview
Duo Platform Edition OverviewNatalie Hewitt
 
SoapUI : Day22 : Webservice Authentication
SoapUI : Day22 : Webservice AuthenticationSoapUI : Day22 : Webservice Authentication
SoapUI : Day22 : Webservice AuthenticationTesting World
 
Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...
Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...
Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...DevOpsDays Tel Aviv
 
decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...swathi78
 
decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...swathi78
 
Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.SecureAuth
 
Zero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resourcesZero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resourcesJoonas Westlin
 
Zero credential development with managed identities
Zero credential development with managed identitiesZero credential development with managed identities
Zero credential development with managed identitiesJoonas Westlin
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
 
Microsoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) PresentationMicrosoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) PresentationMicrosoft Private Cloud
 
Virtual private network 03
Virtual private network 03Virtual private network 03
Virtual private network 03Noman khan
 

Similar to Authentication (20)

Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...
 
Single SignOn and Context Management Solutions
Single SignOn and Context Management SolutionsSingle SignOn and Context Management Solutions
Single SignOn and Context Management Solutions
 
Zero Credential Development with Managed Identities
Zero Credential Development with Managed IdentitiesZero Credential Development with Managed Identities
Zero Credential Development with Managed Identities
 
passkey.pptx
passkey.pptxpasskey.pptx
passkey.pptx
 
BeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence GapBeyondCorp: Closing the Adherence Gap
BeyondCorp: Closing the Adherence Gap
 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero Trust
 
Duo Platform Edition Overview
Duo Platform Edition OverviewDuo Platform Edition Overview
Duo Platform Edition Overview
 
Testing 101
Testing 101Testing 101
Testing 101
 
SoapUI : Day22 : Webservice Authentication
SoapUI : Day22 : Webservice AuthenticationSoapUI : Day22 : Webservice Authentication
SoapUI : Day22 : Webservice Authentication
 
Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...
Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...
Want to do the DevOps? Change Everything - Ken Mugrage - DevOpsDays Tel Aviv ...
 
Parks & recreation infographic
Parks & recreation infographicParks & recreation infographic
Parks & recreation infographic
 
decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...
 
decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...decentralized access control with anonymous authentication of data stored in ...
decentralized access control with anonymous authentication of data stored in ...
 
Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.
 
Zero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resourcesZero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resources
 
Zero credential development with managed identities
Zero credential development with managed identitiesZero credential development with managed identities
Zero credential development with managed identities
 
Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based Authentication
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone Else
 
Microsoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) PresentationMicrosoft Forefront - Unified Access Gateway (UAG) Presentation
Microsoft Forefront - Unified Access Gateway (UAG) Presentation
 
Virtual private network 03
Virtual private network 03Virtual private network 03
Virtual private network 03
 

More from ForgeRock Identity Tech Talks

Mobile Authentication - Moving Towards a Passwordless Future
Mobile Authentication - Moving Towards a Passwordless FutureMobile Authentication - Moving Towards a Passwordless Future
Mobile Authentication - Moving Towards a Passwordless FutureForgeRock Identity Tech Talks
 

More from ForgeRock Identity Tech Talks (16)

Deep dive into the Open Banking payments flows
Deep dive into the Open Banking payments flowsDeep dive into the Open Banking payments flows
Deep dive into the Open Banking payments flows
 
Implementing Open Banking with ForgeRock
Implementing Open Banking with ForgeRockImplementing Open Banking with ForgeRock
Implementing Open Banking with ForgeRock
 
Just Enough Authentication
Just Enough AuthenticationJust Enough Authentication
Just Enough Authentication
 
Anonymity, Trust, Accountability
Anonymity, Trust, AccountabilityAnonymity, Trust, Accountability
Anonymity, Trust, Accountability
 
Gov.uk Verify - The Journey So Far
Gov.uk Verify - The Journey So FarGov.uk Verify - The Journey So Far
Gov.uk Verify - The Journey So Far
 
EU Single Digital Market - eIDAS To The Rescue
EU Single Digital Market - eIDAS To The RescueEU Single Digital Market - eIDAS To The Rescue
EU Single Digital Market - eIDAS To The Rescue
 
Delivering Identity at Internet Scale
Delivering Identity at Internet ScaleDelivering Identity at Internet Scale
Delivering Identity at Internet Scale
 
The Slow Death of Passwords
The Slow Death of PasswordsThe Slow Death of Passwords
The Slow Death of Passwords
 
Steak and OAuth Pi
Steak and OAuth PiSteak and OAuth Pi
Steak and OAuth Pi
 
Share All The Things With UMA
Share All The Things With UMAShare All The Things With UMA
Share All The Things With UMA
 
A Deep Dive Into Identity Work Flow
A Deep Dive Into Identity Work FlowA Deep Dive Into Identity Work Flow
A Deep Dive Into Identity Work Flow
 
Rethinking The Policy Agent
Rethinking The Policy AgentRethinking The Policy Agent
Rethinking The Policy Agent
 
Authorization Using JWTs
Authorization Using JWTsAuthorization Using JWTs
Authorization Using JWTs
 
Mobile Authentication - Moving Towards a Passwordless Future
Mobile Authentication - Moving Towards a Passwordless FutureMobile Authentication - Moving Towards a Passwordless Future
Mobile Authentication - Moving Towards a Passwordless Future
 
Blockchain
BlockchainBlockchain
Blockchain
 
Introduction to SAML & OIDC
Introduction to SAML & OIDCIntroduction to SAML & OIDC
Introduction to SAML & OIDC
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 

Authentication

  • 2. AUTHENTICATION COMPLEX AUTHENTICATION ▸ Traditionally, we’ve had usernames and passwords ▸ Can now engage with users without either (!) ▸ Increased sophistication ▸ Multiple services utilised during authentication ▸ Weigh up user convenience vs increased security ▸ Becoming apparent in our day-to-day lives
  • 4. AUTHENTICATION INCREASED SOPHISTICATION ▸ Much higher uptake of 2FA, growing more common to hear the phrases “multifactor” and “two factor” ▸ Remote services, e.g. push can be utilised as out-of-band communication ▸ Risk management ▸ Location / IP / Device / Requested Resource ▸ Do we trust this user right now? If not, ask for more!
  • 5. AUTHENTICATION HOW DO WE ADMIN THIS? ▸ Frictionless user experience ▸ Long-lived sessions ▸ Requirements for one app differ to those of another ▸ Utilise policies with transaction authentication ▸ Re-authenticate using a specific authentication process to access a particular resource once. ▸ Re-access? Re-authenticate.
  • 6. AUTHENTICATION MODULES ▸ Perform a specific authentication function ▸ That function’s complexity varies greatly ▸ Once inside a module, result is either PASS or FAILED ▸ sharedState allows modules to share information gathered from the user up to that point in authentication, but ▸ If utilising sharedState must know which keys to use - couples the modules themselves
  • 7. AUTHENTICATION CHAINS ▸ Chains combine sets of modules together to form an authentication process for a user ▸ Modules in a chain each have a flag ▸ User progresses through the chain, each module has access to a sharedState put things in, or read things from
  • 8. AUTHENTICATION FLAGS - REQUIRED ▸ All required modules used in the process must have a PASS outcome. Authentication process continues even if they have a FAILED outcome, but will FAIL.
  • 9. AUTHENTICATION FLAGS - REQUISITE ▸ All requisite modules used in the process must have a PASS outcome. Authentication process ends in failure if they have a FAILED outcome.
  • 10. AUTHENTICATION FLAGS - SUFFICIENT ▸ A sufficient module with a PASSED outcome will end the chain in PASS. Authentication process continues even if they have a FAILED outcome.
  • 11. AUTHENTICATION FLAGS - OPTIONAL ▸ An optional module continues after executing.
  • 12. AUTHENTICATION PASS AND FAIL ▸ Only two outcomes of authentication: ▸ PASS - Granted a session cookie, redirected to successURL configured for the chain ▸ FAIL - Redirected to failureURL configured for the chain, or simply an authentication failed screen
  • 13. AUTHENTICATION FLEXIBILITY OF CHAINS ▸ String of modules ▸ Flags don’t allow branching ▸ Allow you to skip to another chain by failing and using failureURL ▸ Gives us a cascade of chains to use if a user fails ▸ Doesn’t allow for decision making in the chain, decisions can be made in modules only via sharedState
  • 14. DEMO
  • 15. AUTHENTICATION CHAINS GOOD. GRAPHS ARE BETTER. ▸ They’re graphs, but we’ll call them trees. ▸ No, I know, but we’ll call them trees. Please? Thanks. ▸ Feature: ▸ Source / Sink node(s) (start and end) ▸ Gathering nodes (majority of old Modules) ▸ Decision nodes (components of Modules stripped out)
  • 16. AUTHENTICATION TREES ▸ Decisions now made outside of modules ▸ Branching can occur to anywhere in the tree ▸ Loops are supported! ▸ Save a tree, and load it within another tree ▸ Modules no longer need to understand specifics of sharedState - that’s now the decision node’s job ▸ Decision nodes can be easily scripted
  • 17. AUTHENTICATION TREES CONTINUED ▸ Nodes have one input, and N outputs, not just FAIL and PASS. ▸ No more flags! ▸ e.g. create an “Optional” module which has a FAIL and PASS output by putting both FAIL and PASS outcomes to the same next node ▸ Implement granular functionality using Decision Node ▸ sharedState is now tree-specific, doesn’t couple modules
  • 18. DEMO