Synergies of Cloud Identity: Putting it All Together

•

1 like•1,224 views

Synergisticly using digital identity to securely adopt cloud computing, mobile, and social. Introduction to the "Neo Security Stack" of digital identity standards, namely OpenID Connect, OAuth, JWT, and SCIM and how to use them together.

Synergies of Cloud Identity: Putting it All
Together
By Travis Spencer, CEO

Agenda
• Impact of mobile and cloud on business
• Central role of identity in coping with these
changes
• Using the different identity specs together to
this end

Copyright (C) 2012 Twobo Technologies AB

Mobile is Changing Business
• 75% of mobiles in Scandinavia
are smartphones; 50% in rest of
Europe & US
• BYOD is a foregone conclusion
for most
– 90% of orgs will support corporate
apps on personal devices by 2014
• 80% of orgs will use tablets by
next year

Copyright (C) 2012 Twobo Technologies AB

Mobilizing Business Processes
• Workflows are a business’s
circulatory system
• Automation and efficiency
are critical
• Mobile helps optimizes
these processes

Copyright (C) 2012 Twobo Technologies AB

Reusing Existing Technology
• Prior technology
investments will remain on
the books for years
• Existing data/systems
must be available to mobile
users and cloud services
• IT organizations need to
bridge the old and new
technologies

Copyright (C) 2012 Twobo Technologies AB

Seamless Access to Cloud Apps
• Giving employees new passwords for each
cloud app is not secure or scalable
• 123456 is not a secure password, but cloud
providers allows it!
• Existing OTP tokens are not supported
• Seamless cloud access is required

Copyright (C) 2012 Twobo Technologies AB

Crucial Security Concerns

Enterprise API Mobile
Security Security Security

Copyright (C) 2012 Twobo Technologies AB

Identity is Central

Mobile
Security

MDM MAM
Identity
Enterprise A
u API
Security t Security
h
Z

Copyright (C) 2012 Twobo Technologies AB Venn diagram by Gunnar Peterson

Neo-security Stack
OpenID Connect
• SCIM, SAML, OAuth, and JWT are the new
standards-based cloud security stack
• OAuth 2 is the new meta-protocol defining
how tokens are handled
• These address old requirements, solves
new problems & are composed
in useful ways Grandpa SAML
& junior
• WS- again?

Copyright (C) 2012 Twobo Technologies AB

SAML + OAuth
• Relay OAuth token in SAML
messages
• Use SAML tokens to authenticate
OAuth clients or as the AS’s output
token format
• Use SAML SSO to authenticate
users to AS

Copyright (C) 2012 Twobo Technologies AB

SCIM + OAuth

• Use OAuth to secure
SCIM API calls
• Use SCIM to create
accounts needed to
access APIs secured
using OAuth

Copyright (C) 2012 Twobo Technologies AB

Push Tokens & Pull Identities

IdP/SCIM Server SP / SCIM Client
User Data

Get User

Access token in
federation message

Browser
Copyright (C) 2012 Twobo Technologies AB

SCIM + SAML/OIC

• Carry SCIM attributes in SAML assertions
(bindings for SCIM)
– Enables JIT provisioning
– Supplements SCIM API & schema
• Provisioning accounts using SCIM API to
updated before/after logon

Copyright (C) 2012 Twobo Technologies AB

User Managed Access

• Also extends OAuth 2
• Allows users to centrally
control distribution of
their identity data
• Used with Personal Data
Stores (PDS) to create
“identity data lockers”

Copyright (C) 2012 Twobo Technologies AB

Questions & Thanks

@2botech
@travisspencer
www.2botech.com
www.travisspencer.com

Copyright (C) 2012 Twobo Technologies AB

Synergies of Cloud Identity: Putting it All Together

Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden. Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.

OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes

Nordic APIs

In this presentation, Travis Spencer, CEO of Curity and expert in OAuth, will explain what claims are. He will demonstrate their useful, and show them in the context of the various actors and flows involved in an OAuth-based system. He will go on to explain how they related to the ever-confusing idea of scopes. His presentation will conclude with an explanation of how claims an be used to increase privacy, enhance security, improve UX, and serve in creating more fine-grained access control systems. Attendees will leave with a better understanding of what OAuth scopes are, the role of claims in API security, and how to authorize access using these concepts when building APIs.

Beyond Bearer: Token Binding as the Foundation for a More Secure Web

Brian Campbell

The overwhelming majority of security tokens used today on the web are bearer tokens (e.g. HTTP cookies, OpenID Connect ID tokens, SAML assertions, OAuth tokens). Any party in possession of a bearer token is able to use it to gain access to the associated protected resources, which makes them a highly attractive target for attackers. Although there have been many efforts to provide better than bearer security, none have achieved widespread deployment success. Token Binding is new IETF protocol that enables strong cryptographic defenses against the use of stolen security tokens and, with a novel approach and the backing of some very significant industry players, has the potential to find the success that’s been elusive to previous attempts. This session will provide an overview of how Token Binding works and its application to higher level protocols like OpenID Connect and OAuth. Some bad jokes and gratuitous photography will be included to take the edge off the otherwise very nerdy content.

Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...

Hitachi, Ltd. OSS Solution Center.

Making Security Approachable for Developers and Operators

ArmonDadgar

Security is a complex topic filled with jargon and subtle nuances. The "weakest link" challenge in security means we must be concerned with every threat vector and apply best practices universally. This becomes challenging when we need to bring developers and operators into the fold, since our infrastructure and applications are critical to the our security posture. Instead of expecting everybody to become an expert in security, we need to make security more approachable for these audiences. In this talk, we discuss how to apply best practices and make them accessible to developers and operators through APIs, secure by default platforms, and policy as code.

ASP.NET CORE AND IDENTITY

Trâm Mai

Enterprise Access Control Patterns for Rest and Web APIs

CA API Management

Beveiliging en REST services

Maurice De Beijer [MVP]

Transforming organizations into platforms

Twobo Technologies

Designing an API

Twobo Technologies

#dd12 OAuth for Domino DevelopersDominopoint - Italian Lotus User Group

SCIM presentation from CIS 2012

Twobo Technologies

Introduction to OAuth2.0Oracle Corporation

The JSON-based Identity Protocol Suite

Twobo Technologies

Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...

CA API Management

Identity on the Internet is changing. Social networking has kicked off a massive change in how we integrate identity across applications. This is much more than a simple redesign of security tokens and protocols; instead it is a radical redistribution of power and control over entitlements, shifting it away from the centralized control of a cabal of directory engineers and out to the users themselves. There are compelling reasons for this shift: it enables scaling of identity administration, and it promotes rapid and agile integration of applications. These are goals shared by the enterprise, but this change has significant implications on infrastructure, people and process. Join us to learn how you can bring modern identity management into the enterprise.

OAuth 101 & Secure APIs 2012 Cloud Identity Summit

Brian Campbell

Implementing Enterprise Identity and Access Management in a microservices wor...

Judy Breedlove

Azure AD B2C An Introduction - DogFoodCon 2018

Jeremy Gray

Identity and Client Management using OpenID Connect and SAML

pqrs1234

IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies

Spellpoint - Securing Access for Microservices

Ubisecure

What's hot

Twobo LDAP Attribute Store for ADFSTwobo Technologies

Open APIs - Risks and Rewards (Øredev 2013)

Nordic APIs

OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes

Nordic APIs

Beyond Bearer: Token Binding as the Foundation for a More Secure Web

Brian Campbell

Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...

Hitachi, Ltd. OSS Solution Center.

Making Security Approachable for Developers and Operators

ArmonDadgar

ASP.NET CORE AND IDENTITY

Trâm Mai

Enterprise Access Control Patterns for Rest and Web APIs

CA API Management

What's hot (8)

Twobo LDAP Attribute Store for ADFS

Open APIs - Risks and Rewards (Øredev 2013)

OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes

Beyond Bearer: Token Binding as the Foundation for a More Secure Web

Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...

Making Security Approachable for Developers and Operators

ASP.NET CORE AND IDENTITY

Enterprise Access Control Patterns for Rest and Web APIs

Viewers also liked

Beveiliging en REST services

Maurice De Beijer [MVP]

Transforming organizations into platforms

Twobo Technologies

Designing an API

Twobo Technologies

#dd12 OAuth for Domino DevelopersDominopoint - Italian Lotus User Group

SCIM presentation from CIS 2012

Twobo Technologies

Introduction to OAuth2.0Oracle Corporation

The JSON-based Identity Protocol Suite

Twobo Technologies

Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...

CA API Management

Viewers also liked (8)

Beveiliging en REST services

Transforming organizations into platforms

Designing an API

#dd12 OAuth for Domino Developers

SCIM presentation from CIS 2012

Introduction to OAuth2.0

The JSON-based Identity Protocol Suite

Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...

Similar to Synergies of Cloud Identity: Putting it All Together

OAuth 101 & Secure APIs 2012 Cloud Identity Summit

Brian Campbell

Implementing Enterprise Identity and Access Management in a microservices wor...

Judy Breedlove

Azure AD B2C An Introduction - DogFoodCon 2018

Jeremy Gray

Identity and Client Management using OpenID Connect and SAML

pqrs1234

IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies

Spellpoint - Securing Access for Microservices

Ubisecure

MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft

Jitendra Bafna

Con8817 api management - enable your infrastructure for secure mobile and c...

OracleIDM

RTView - Monitoring Service for SmartCloud Applications

SL Corporation

IBM’s Mac Devine and SL’s Tom Lubinski show how easy it is to monitor your SmartCloud deployed applications. The webinar includes: • How monitoring is added to manage all components deployed through application patterns • Application monitoring summary views of all deployed components • Detailed views of infrastructure components to be able to pinpoint and detect application bottlenecks

Prakhar Sood-Resume-CVPrakhar Sood

Migrating and Modernizing Identity on the Path to Multi Cloud

Strata Identity

After dozens of customer interviews with some of the world’s largest enterprises, the team here at Strata learned first hand the challenges customers face when considering identity migration and modernization projects. We're sharing those learnings in this session while outlining the 5 most common migration use cases. We also cover how the right combination of software and services can accelerate delivery timelines while removing uncertainty from your project.

Criticality of identity

Nordic APIs

Jan19 scim webinar-04

Paul Madsen

Connectivity for a Smarter Planet

Prolifics

http://prolifics.com/ This presentation takes a deep dive into the latest features of IBM WebSphere MQ and Message Broker to see how these new capabilities are changing the world. It examines how MQ and Message Broker can connect anything, anywhere and achieve universal connectivity with: - Enhanced file and messaging capabilities of IBM WebSphere Message Broker 8.0 and WebSphere MQ 7.5, including the ability to handle many formats (i.e. XML, CSV, etc.) - The ability of WebSphere MQ Telemetry Transport (MQTT) to connect through the web or through devices - An extended reach of WebSphere MQ via the new HTTP and FTP bridges - High Availability that makes the system more reliable than ever and allows WebSphere MQ clients to automatically reconnect

PCI and the Cloud

CloudPassage

Join the discussion with Andrew Hay, Chief Evangelist of CloudPassage and Dave Shackleford, Senior Vice President, Research and Chief Technology Officer of IANS. In this presentation, we will discuss: - How compliance is affected by using private, hybrid, and public cloud environments - What to consider when researching providers who offer "PCI-compliant" clouds - Recommendations for improving compliance and security posture in the cloud

SmartCard Forum 2010 - Secured Access for enterpriseOKsystem

Cidway Byod Authentication

lfilliat

Enterprise serverless

DmitryLozitskiy2

Single Sign-On: Our Path to Password Elimination

Symantec

Security in the Hybrid Cloud at Liberty Mutual

VMware Tanzu

Similar to Synergies of Cloud Identity: Putting it All Together (20)

OAuth 101 & Secure APIs 2012 Cloud Identity Summit

Implementing Enterprise Identity and Access Management in a microservices wor...

Azure AD B2C An Introduction - DogFoodCon 2018

Identity and Client Management using OpenID Connect and SAML

IBM SmartCloudEnterprise use of IBM Rational Solutions

Spellpoint - Securing Access for Microservices

MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft

Con8817 api management - enable your infrastructure for secure mobile and c...

RTView - Monitoring Service for SmartCloud Applications

Prakhar Sood-Resume-CV

Migrating and Modernizing Identity on the Path to Multi Cloud

Criticality of identity

Jan19 scim webinar-04

Connectivity for a Smarter Planet

PCI and the Cloud

SmartCard Forum 2010 - Secured Access for enterprise

Cidway Byod Authentication

Enterprise serverless

Single Sign-On: Our Path to Password Elimination

Security in the Hybrid Cloud at Liberty Mutual

Recently uploaded

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Free Complete Python - A step towards Data Science

RinaMondal9

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Recently uploaded (20)

By Design, not by Accident - Agile Venture Bolzano 2024

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

PHP Frameworks: I want to break free (IPC Berlin 2024)

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Communications Mining Series - Zero to Hero - Session 1

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

20240605 QFM017 Machine Intelligence Reading List May 2024

National Security Agency - NSA mobile device best practices

Introduction to CHERI technology - Cybersecurity

20240607 QFM018 Elixir Reading List May 2024

UiPath Test Automation using UiPath Test Suite series, part 4

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

FIDO Alliance Osaka Seminar: Overview.pdf

GridMate - End to end testing is a critical piece to ensure quality and avoid...

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

Pushing the limits of ePRTC: 100ns holdover for 100 days

Free Complete Python - A step towards Data Science

Securing your Kubernetes cluster_ a step-by-step guide to success !

Monitoring Java Application Security with JDK Tools and JFR Events

Synergies of Cloud Identity: Putting it All Together

1. Synergies of Cloud Identity: Putting it All Together By Travis Spencer, CEO

2. Agenda • Impact of mobile and cloud on business • Central role of identity in coping with these changes • Using the different identity specs together to this end Copyright (C) 2012 Twobo Technologies AB

3. Mobile is Changing Business • 75% of mobiles in Scandinavia are smartphones; 50% in rest of Europe & US • BYOD is a foregone conclusion for most – 90% of orgs will support corporate apps on personal devices by 2014 • 80% of orgs will use tablets by next year Copyright (C) 2012 Twobo Technologies AB

4. Mobilizing Business Processes • Workflows are a business’s circulatory system • Automation and efficiency are critical • Mobile helps optimizes these processes Copyright (C) 2012 Twobo Technologies AB

5. Reusing Existing Technology • Prior technology investments will remain on the books for years • Existing data/systems must be available to mobile users and cloud services • IT organizations need to bridge the old and new technologies Copyright (C) 2012 Twobo Technologies AB

6. Seamless Access to Cloud Apps • Giving employees new passwords for each cloud app is not secure or scalable • 123456 is not a secure password, but cloud providers allows it! • Existing OTP tokens are not supported • Seamless cloud access is required Copyright (C) 2012 Twobo Technologies AB

9. Neo-security Stack OpenID Connect • SCIM, SAML, OAuth, and JWT are the new standards-based cloud security stack • OAuth 2 is the new meta-protocol defining how tokens are handled • These address old requirements, solves new problems & are composed in useful ways Grandpa SAML & junior • WS- again? Copyright (C) 2012 Twobo Technologies AB

10. SAML + OAuth • Relay OAuth token in SAML messages • Use SAML tokens to authenticate OAuth clients or as the AS’s output token format • Use SAML SSO to authenticate users to AS Copyright (C) 2012 Twobo Technologies AB

13. SCIM + SAML/OIC • Carry SCIM attributes in SAML assertions (bindings for SCIM) – Enables JIT provisioning – Supplements SCIM API & schema • Provisioning accounts using SCIM API to updated before/after logon Copyright (C) 2012 Twobo Technologies AB

14. OpenID Connect • Builds on OAuth for profile sharing • Uses the flows optimized for user-consent scenarios • Adds identity-based inputs/outputs to core OAuth messages • Tokens are JWTs Copyright (C) 2012 Twobo Technologies AB

15. User Managed Access • Also extends OAuth 2 • Allows users to centrally control distribution of their identity data • Used with Personal Data Stores (PDS) to create “identity data lockers” Copyright (C) 2012 Twobo Technologies AB

Synergies of Cloud Identity: Putting it All Together

Recommended

Recommended

More Related Content

What's hot

What's hot (8)

Viewers also liked

Viewers also liked (8)

Similar to Synergies of Cloud Identity: Putting it All Together

Similar to Synergies of Cloud Identity: Putting it All Together (20)

Recently uploaded

Recently uploaded (20)

Synergies of Cloud Identity: Putting it All Together