SlideShare una empresa de Scribd logo

Identity & access management jonas syrstad

Descargar como PPTX, PDF
M
Meandmine2
Tecnología
1 de 12
Identity & access management THE KEY TO THE FLEXIBLE WORKSPACE Jonas Syrstad, jsy@pragma.no
Disclaimer  Avoiding any specific implementation  No deep dive into the protocols  Focus on Enterprises
Key elements; the 4 A’s  Administration  Authentication  Authorization  Auditing
Administration  Identity synchronization  Data flow  Ownership  Premission management  Access  Rights
Challenges  Ownership of data elements  Processes  Data flow
Authentication  Trusted 3rd party  Claims based identity  Open standards  WS-*  SAML
Claims based identity  A Claim is a statement that is true or false  A Security token consists of one or many claims  Examples of claim types  Name  Email  Gender  Group membership  Role
Claims based identity architecture  Security tokens issued by a trusted 3rd party  Consumed by a relying party  Penetrates trust and technology boundaries
Claims based identity architecture Claims Provider (STS like ADFS) 4. Provide security token 3. Request Security token 5. Submit security token Client Relying party (Browser, 2. Demand Security token (ASP.NET, mobile app, WCF service 1. Request application) access ++)
Technologies  WS-* Enterprise  SAML 2.0 Hybrid  OAuth Consumer  OpenId
Authorization  Determine what the user is allowed to do  An application responsibility  Device classification  What  Where  When
Auditing  Which applications does the users have access to?  How do we track a user across systems and modules  Single view of user activity  Automated actions on breaches of protocol

Recomendados

Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
webinos Security privacy
webinos Security privacywebinos Security privacy
webinos Security privacywebinos project
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices SecurityAditi Anand
 
Deviceidentity 150909102029-lva1-app6891
Deviceidentity 150909102029-lva1-app6891Deviceidentity 150909102029-lva1-app6891
Deviceidentity 150909102029-lva1-app6891Lan & Wan Solutions
 
Content filters presentation
Content filters presentationContent filters presentation
Content filters presentationkdore
 
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity FoundationLiberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity FoundationSimon Evans
 
Concordia
ConcordiaConcordia
ConcordiaAshish Jain
 
Web Filters
Web FiltersWeb Filters
Web FiltersSwiftTech Solutions, Inc.
 

Recomendados

Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
webinos Security privacy
webinos Security privacywebinos Security privacy
webinos Security privacywebinos project
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices SecurityAditi Anand
 
Deviceidentity 150909102029-lva1-app6891
Deviceidentity 150909102029-lva1-app6891Deviceidentity 150909102029-lva1-app6891
Deviceidentity 150909102029-lva1-app6891Lan & Wan Solutions
 
Content filters presentation
Content filters presentationContent filters presentation
Content filters presentationkdore
 
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity FoundationLiberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity FoundationSimon Evans
 
Concordia
ConcordiaConcordia
ConcordiaAshish Jain
 
Web Filters
Web FiltersWeb Filters
Web FiltersSwiftTech Solutions, Inc.
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Hardware Authentication
Hardware AuthenticationHardware Authentication
Hardware AuthenticationCoder Tech
 
A novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologiesA novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologiesGiuseppe La Torre
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
eMAS Multifactor Authentication
eMAS Multifactor AuthenticationeMAS Multifactor Authentication
eMAS Multifactor AuthenticationKalyana Sundaram
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security WhitepaperBoxHQ
 
Authentication With Captive Portal
Authentication With Captive PortalAuthentication With Captive Portal
Authentication With Captive PortalWavecrest Computing
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security ChecklistSimform
 
Grc f43
Grc f43Grc f43
Grc f43SelectedPresentations
 
Web Services Security Tutorial
Web Services Security TutorialWeb Services Security Tutorial
Web Services Security TutorialJorgen Thelin
 
Sesame in a nutshell
Sesame in a nutshellSesame in a nutshell
Sesame in a nutshellharinisanthosh
 
Secure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should HaveSecure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should HaveBoxHQ
 
Joomla web application development vulnerabilities
Joomla web application development vulnerabilitiesJoomla web application development vulnerabilities
Joomla web application development vulnerabilitiesBlazeDream Technologies Pvt Ltd
 
Module 4 CIS 595
Module 4 CIS 595Module 4 CIS 595
Module 4 CIS 595Derick Peterson
 
Pattern For Ws Security
Pattern For Ws SecurityPattern For Ws Security
Pattern For Ws SecurityGianfranco Conti
 
Techniques for securing rest
Techniques for securing restTechniques for securing rest
Techniques for securing restSudhakar Anivella
 
test
testtest
testpixeldemo
 
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...Inspirisys Solutions Limited
 
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseDecriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseBoxHQ
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 

Más contenido relacionado

La actualidad más candente

Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Hardware Authentication
Hardware AuthenticationHardware Authentication
Hardware AuthenticationCoder Tech
 
A novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologiesA novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologiesGiuseppe La Torre
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
eMAS Multifactor Authentication
eMAS Multifactor AuthenticationeMAS Multifactor Authentication
eMAS Multifactor AuthenticationKalyana Sundaram
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security WhitepaperBoxHQ
 
Authentication With Captive Portal
Authentication With Captive PortalAuthentication With Captive Portal
Authentication With Captive PortalWavecrest Computing
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security ChecklistSimform
 
Web Services Security Tutorial
Web Services Security TutorialWeb Services Security Tutorial
Web Services Security TutorialJorgen Thelin
 
Secure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should HaveSecure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should HaveBoxHQ
 
Techniques for securing rest
Techniques for securing restTechniques for securing rest
Techniques for securing restSudhakar Anivella
 
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...Inspirisys Solutions Limited
 
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseDecriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseBoxHQ
 

La actualidad más candente (20)

Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
 
Hardware Authentication
Hardware AuthenticationHardware Authentication
Hardware Authentication
 
A novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologiesA novel approach to Web of things: M2M and enhanced javascript technologies
A novel approach to Web of things: M2M and enhanced javascript technologies
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
 
eMAS Multifactor Authentication
eMAS Multifactor AuthenticationeMAS Multifactor Authentication
eMAS Multifactor Authentication
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security Whitepaper
 
Authentication With Captive Portal
Authentication With Captive PortalAuthentication With Captive Portal
Authentication With Captive Portal
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security Checklist
 
Grc f43
Grc f43Grc f43
Grc f43
 
Web Services Security Tutorial
Web Services Security TutorialWeb Services Security Tutorial
Web Services Security Tutorial
 
Sesame in a nutshell
Sesame in a nutshellSesame in a nutshell
Sesame in a nutshell
 
Secure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should HaveSecure File Sharing Basics - What Every File Sharing Provider Should Have
Secure File Sharing Basics - What Every File Sharing Provider Should Have
 
Joomla web application development vulnerabilities
Joomla web application development vulnerabilitiesJoomla web application development vulnerabilities
Joomla web application development vulnerabilities
 
Module 4 CIS 595
Module 4 CIS 595Module 4 CIS 595
Module 4 CIS 595
 
Pattern For Ws Security
Pattern For Ws SecurityPattern For Ws Security
Pattern For Ws Security
 
Techniques for securing rest
Techniques for securing restTechniques for securing rest
Techniques for securing rest
 
test
testtest
test
 
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
 
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseDecriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
 

Similar a Identity & access management jonas syrstad

Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxArjayBalberan1
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingRahul Roshan
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computingijcsa
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
Web Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsWeb Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsPort80 Software
 
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...IBM Danmark
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Donald Malloy
 

Similar a Identity & access management jonas syrstad (20)

Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud Computing
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computing
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identity
 
Web Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future MusingsWeb Server Technologies Part III: Security & Future Musings
Web Server Technologies Part III: Security & Future Musings
 
Web-services
Web-services Web-services
Web-services
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web Security
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2
 

Más de Meandmine2

Digital verdiøkning 2012-kjell ingvar torvik
Digital verdiøkning 2012-kjell ingvar torvikDigital verdiøkning 2012-kjell ingvar torvik
Digital verdiøkning 2012-kjell ingvar torvikMeandmine2
 
Oda nilsen devoteam_digitalkonferansen_2012
Oda nilsen devoteam_digitalkonferansen_2012Oda nilsen devoteam_digitalkonferansen_2012
Oda nilsen devoteam_digitalkonferansen_2012Meandmine2
 
Digitalkonferansen citrix-bjørn riiber
Digitalkonferansen citrix-bjørn riiberDigitalkonferansen citrix-bjørn riiber
Digitalkonferansen citrix-bjørn riiberMeandmine2
 
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...Meandmine2
 
Digin nor sis-tore orderløkken
Digin nor sis-tore orderløkkenDigin nor sis-tore orderløkken
Digin nor sis-tore orderløkkenMeandmine2
 
Digin offshoring foredrag jarle trydal
Digin offshoring foredrag jarle trydalDigin offshoring foredrag jarle trydal
Digin offshoring foredrag jarle trydalMeandmine2
 
Digin foredrag bente mortensen
Digin foredrag bente mortensenDigin foredrag bente mortensen
Digin foredrag bente mortensenMeandmine2
 
20120919 digitalkonferansen hans petter aanby
20120919 digitalkonferansen hans petter aanby20120919 digitalkonferansen hans petter aanby
20120919 digitalkonferansen hans petter aanbyMeandmine2
 
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)Meandmine2
 
2012 digitalkonferansen shared_version-ragnhild fidjestøl
2012 digitalkonferansen shared_version-ragnhild fidjestøl2012 digitalkonferansen shared_version-ragnhild fidjestøl
2012 digitalkonferansen shared_version-ragnhild fidjestølMeandmine2
 

Más de Meandmine2 (10)

Digital verdiøkning 2012-kjell ingvar torvik
Digital verdiøkning 2012-kjell ingvar torvikDigital verdiøkning 2012-kjell ingvar torvik
Digital verdiøkning 2012-kjell ingvar torvik
 
Oda nilsen devoteam_digitalkonferansen_2012
Oda nilsen devoteam_digitalkonferansen_2012Oda nilsen devoteam_digitalkonferansen_2012
Oda nilsen devoteam_digitalkonferansen_2012
 
Digitalkonferansen citrix-bjørn riiber
Digitalkonferansen citrix-bjørn riiberDigitalkonferansen citrix-bjørn riiber
Digitalkonferansen citrix-bjørn riiber
 
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...
Digitalkonferansen 2012 cloud, consumerization, cloud and all the rest-morg...
 
Digin nor sis-tore orderløkken
Digin nor sis-tore orderløkkenDigin nor sis-tore orderløkken
Digin nor sis-tore orderløkken
 
Digin offshoring foredrag jarle trydal
Digin offshoring foredrag jarle trydalDigin offshoring foredrag jarle trydal
Digin offshoring foredrag jarle trydal
 
Digin foredrag bente mortensen
Digin foredrag bente mortensenDigin foredrag bente mortensen
Digin foredrag bente mortensen
 
20120919 digitalkonferansen hans petter aanby
20120919 digitalkonferansen hans petter aanby20120919 digitalkonferansen hans petter aanby
20120919 digitalkonferansen hans petter aanby
 
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)
190912 digitalkonferansen kristiansand (dagfinn ringås microsoft)
 
2012 digitalkonferansen shared_version-ragnhild fidjestøl
2012 digitalkonferansen shared_version-ragnhild fidjestøl2012 digitalkonferansen shared_version-ragnhild fidjestøl
2012 digitalkonferansen shared_version-ragnhild fidjestøl
 

Último

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 

Último (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 

Identity & access management jonas syrstad

  • 1. Identity & access management THE KEY TO THE FLEXIBLE WORKSPACE Jonas Syrstad, jsy@pragma.no
  • 2. Disclaimer  Avoiding any specific implementation  No deep dive into the protocols  Focus on Enterprises
  • 3. Key elements; the 4 A’s  Administration  Authentication  Authorization  Auditing
  • 4. Administration  Identity synchronization  Data flow  Ownership  Premission management  Access  Rights
  • 5. Challenges  Ownership of data elements  Processes  Data flow
  • 6. Authentication  Trusted 3rd party  Claims based identity  Open standards  WS-*  SAML
  • 7. Claims based identity  A Claim is a statement that is true or false  A Security token consists of one or many claims  Examples of claim types  Name  Email  Gender  Group membership  Role
  • 8. Claims based identity architecture  Security tokens issued by a trusted 3rd party  Consumed by a relying party  Penetrates trust and technology boundaries
  • 9. Claims based identity architecture Claims Provider (STS like ADFS) 4. Provide security token 3. Request Security token 5. Submit security token Client Relying party (Browser, 2. Demand Security token (ASP.NET, mobile app, WCF service 1. Request application) access ++)
  • 10. Technologies  WS-* Enterprise  SAML 2.0 Hybrid  OAuth Consumer  OpenId
  • 11. Authorization  Determine what the user is allowed to do  An application responsibility  Device classification  What  Where  When
  • 12. Auditing  Which applications does the users have access to?  How do we track a user across systems and modules  Single view of user activity  Automated actions on breaches of protocol