from usecases to specifications
play

From UseCases to Specifications Fulup Ar Foll Liberty Technical - PowerPoint PPT Presentation

Aug 02, 2023 •151 likes •363 views

From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect, Global Software Practice Sun Microsystems Why Identity Related Services ? Identity-enabling: Exposes identity details to other services

  1. From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect, Global Software Practice Sun Microsystems

  2. Why Identity Related Services ? • Identity-enabling: Exposes identity details to other services • Identity-enabled: Offers personalization when given access to identity details • Basic: Performed without regard to who’s doing the asking or using the results Liberty Paris Workshop 23:23:20 2

  3. What's About Federation • Federation of providers (CoT) , a group of entities providing services who signed agreement, in order to make life of shared customers/users (Principal) more simple . accept Principal identity authentication to be done once per session (SSO) ✗ and by a shared authority (IDP) Accept to provide service knowing only an “avatar” of principal identity ✗ (Opaque Handle/Federation Key). This non significant pointer on principal identity allowing service provider (SP) to know that “it is him” without knowing “who he is”. • Federation: a weak link that allow to map a principal avatar identity used by a service provider to the effective principal identity know only from the authority of authentication (IDP). • Federated Identity: The data/attributes at the service provider attached to a principal identity avatar. Liberty Paris Workshop 23:23:20 3

  4. OASIS SAML v2 Overview: The Road to Convergence July 2002 January 2003 November 2003 April 2005 Liberty SAML v.2.0 Phase 1 ID-FF v.1.1 ID-FF v.1.2 Alliance use/testing OASIS Contribution OASIS SAML v.1.0 SAML v.1.1 SAML v.2.0 SSTC November 2002 September 2003 March 2005 OASIS Contribution Internet2 Shib v.1.0/1.1 Shib v.1.2 Shibboleth July/August 2003 April 2004 Liberty Paris Workshop 23:23:20 4

  5. Why Choosing Liberty ? ✗ Fit your requirements: Free & Open standard, Privacy, Security, Interoperability ✗ An industrial reality: Certified products, Already proven in production ✗ You're not in a position of choosing: Costumer chooses for you !!! Kravspesifikasjon for PKI i offentlig Requirements Spec. for PKI in Public Sector sektor Versjon 1.02 , Januar 2005 Version 1.02 , January 2005 Requirement 10.5.1 Autentication Krav 10.5.1 Autentisering It shall be offered an ”Identity Provider” Det skal tilbys en ”Identity Provider” i according to Liberty Alliance specifications. henhold til Liberty Alliance The solution shalll be described. It shall be spesifikasjoner. Løsningen skal indicated which versions and which high level beskrives. Det skal angis hvilke versjoner functions are supported. og overordnede funksjoner som støttes. Liberty Paris Workshop 23:23:21 5

  6. OASIS SAML 2.0 Concepts Profiles Combining protocols, bindings, and Authn assertions to support a defined use case Context Detailed data on Bindings types and Mapping SAML protocols onto standard messaging strengths or communication protocols of authentication Protocols Request/response pairs for obtaining assertions and doing ID management Assertions Metadata Authentication, attribute, and entitlement IdP and SP information configuration data Liberty Paris Workshop 23:23:21 6

  7. Global Liberty Architecture Circle Of Trust Identity Provider Service Provider ● Authentification ● Federation ● web content ● Discovery service ● games ● Policies/Authorization ● merchant site ● .... Identity Services ● Geolocation Principal Auth. Pts ● Personnal Profile ● .... ● customer Auth. Pts ● employé ● game user ● .... Legacy/existing Other ● Massaging Infrastructure CoTs ● Ticketting ● .... Liberty ID-FF/SAML-2.0 Liberty ID-WSF Not Specified by Liberty Liberty Paris Workshop 23:23:21 7

  8. Liberty Technical Framework  ID-FF (Identity Federation Framework)  Federation/Defederation  SSO (single & simplified Sign On) / SLO (single logout)  Authentication context & Attributes  Metadata  ID-WSF (Identity Web Service Framework)  Authentication Service  Discovery Service  DST (Data Service Template)  Interaction Service  ID-SIS (Identity Service Interface)  Personal profile, Geoloc, Presence, Contact Book, ... Liberty Paris Workshop 23:23:22 8

  9. Basic CoT (outsourcing of services) CoT Service Provider(s) Authentication Authority C B Identities Outsourced app D IDP E E' DS PP Payment F A G Customers Liberty Paris Workshop 23:23:22 9

  10. CoT/CoT (proxy authentication) CoT 2 CoT 1 SelfContained Proxy Authentication Authentication Business Agreement Wireless FixNet/DSL Services Identities Identities Services ex: Wireless CoT ex: FixNet operator Local Service Request Alien Service Request Customers Liberty Paris Workshop 23:23:22 10

  11. Shared CoT (global shared Services) « XyZ » Global Common Services Global CoT Global Identities Common Services Proxy Autentication Global Service Request Extented to Global CoTs German French French Services Identities Identities German Services German CoT French CoT German Customers French Customers Operator « XyZ » Germany Operator « XyZ » France Liberty Paris Workshop 23:23:23 11

  12. Access Control SP is responsible for securing access. For each SP, identify data needed for access control decisions and where it will come from.  For individual consumers may come from user.  For outsourcing scenario, data needed may be split between SP and IDP.  Attributes can be sent in a bulk feed.  SP application can use SAML  Can use provisioning/sync solution between SP and IDP to better leverage capabilities of an access management type of product . Liberty Paris Workshop 23:23:23 12

  13. Support How to support someone you don't know ? For each SP and IDP, identify potential user issues, and how support will be provided by SP and IDP.  User cannot login, can't access app, data wrong,...  Identify how users will report a problem  Identify first responder, escalation paths  Identify how each responder will  Be able to identify user's account  Be able to contact user later to ask more questions  Gets tricky if user has different ID at SP and IDP  User likely to forget SP ID when accounts federated Liberty Paris Workshop 23:23:24 13

  14. Logout Local and/or Global logout both possible  Bigger issue than it initially seems  Providing just one may cause issues  Users do local logout, leave global session, walk away from browser  Users might avoid use of global logout thinking they have more work to do.  Best to support both, educate users on differences  If you must do just one, choose global logout Liberty Paris Workshop 23:23:24 14

  15. SSO expectations Sign Sign One & Simplified Sign One  Set expectation appropriately  Logins to hardware devices  Logins to networks (VPNs etc)  Logins to applications  Different levels of authentication (i.e. single versus dual factor)  “Simplified Sign On” may be better term Liberty Paris Workshop 23:23:24 15

  16. Monitoring  Obvious  Monitor HW, OS on all component servers (app, authN service, authZ service, storage)  Proactive  Monitor CPU, number of connections, response time and set acceptability threshold values for each.  Possible Glitch  Monitor federated login with synthetic transactions. IDP may be best positioned to do so if access to IDP is restricted. Liberty Paris Workshop 23:23:24 16

  17. Business Agreements  Many other legal documents typically exist  Sales contracts, Purchase Orders, Statements of Work, Service Level Agreements, Contract approvals, Consulting Services agreements etc.  Liberty-related agreements need to relate to other agreements  Add Liberty-specific terms to existing SOW/SLA templates  Liberty compliance, adding/removing COT members, joining other COTs, federation, authN levels, session timeouts, adding/removing users, policy enforcement Liberty Paris Workshop 23:23:24 17

  18. Production Deployment  There is a world of difference between doing this in a lab and the real world. Deploy and test as early as possible in the 'real' environment.  Hardened environments  Firewalls & firewall rules  Network & Load balancers  Router ACLs  Certificates  DNS and mappings Liberty Paris Workshop 23:23:24 18

  19. Liberty Summary ✗ A free standard focusing on: ✗ Privacy ✗ Security ✗ Interoperability ✗ An industrial reality: ✗ Certified to latest spec products available ✗ Already proven in production ✗ Return of experience available ✗ Deployment paper ✗ Consulting services Liberty Paris Workshop 23:23:24 19

  20. The End fulup@sun.com Liberty Paris Workshop 23:23:24 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SDN Usecases ECE/CS598HPN Radhika Mittal Logistics Do all of you receive my emails? Are

SDN Usecases ECE/CS598HPN Radhika Mittal Logistics Do all of you receive my emails? Are

SDN Usecases ECE/CS598HPN Radhika Mittal Logistics Do all of you receive my emails? Are you all submitting your reading assignments? Do you have access to Illinois media space? Warm-up assignment due on Thursday. Have all of you

713 views • 36 slides
Network Artificial Intelligence (NAI) draft-zheng-opsawg-network-ai-usecases

Network Artificial Intelligence (NAI) draft-zheng-opsawg-network-ai-usecases

Network Artificial Intelligence (NAI) draft-zheng-opsawg-network-ai-usecases draft-li-rtgwg-network-ai-arch Yi Zheng, China Unicom Zhenbin Li, Jinhui Zhang, Xu Shiping, Dhruv Dhody, Huawei 2 Introduction Explore how Artificial

347 views • 10 slides
A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas

A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas

A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas State] John Hatcliff Work on specification patterns by Matthew Dwyer, Jay Corbett, and George Avrunin http://www.cis.ksu.edu/santos/bandera

303 views • 29 slides
Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications

Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications

Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications Reach Lift System Seat height 9-33 Wheel brakes, Handles 100kg Sliding bearings without tipping Safety and stability Weight Hydraulic jack 1500N

298 views • 13 slides
Main Use Cases and Gap Analysis for Network Slicing draft-netslices-usecases-01

Main Use Cases and Gap Analysis for Network Slicing draft-netslices-usecases-01

July 14th, 2017 Part II: - What are my main use cases? Security Level: - What IETF work is in progress? Main Use Cases and Gap Analysis for Network Slicing draft-netslices-usecases-01 draft-qiang-netslices-gap-analysis-01 www.huawei.com

457 views • 14 slides
Main Use Cases and Gap Analysis for Network Slicing draft-netslices-usecases-01

Main Use Cases and Gap Analysis for Network Slicing draft-netslices-usecases-01

July 7 th , 2017 version Part II: - What are my main use cases? Security Level: - What IETF work is in progress? Main Use Cases and Gap Analysis for Network Slicing draft-netslices-usecases-01 draft-qiang-netslices-gap-analysis-01

197 views • 16 slides
EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com

EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com

EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com http://www.elizabethcastro.com/epub Specifications Specifications Specifications Specifications Specifications Specifications Specifications Specifications

712 views • 58 slides
no no-more more UseCases NoMore ApS | Nytorv 3. 1 st floor, 1450 Copenhagen, Denmark |

no no-more more UseCases NoMore ApS | Nytorv 3. 1 st floor, 1450 Copenhagen, Denmark |

nomore no no-more more UseCases NoMore ApS | Nytorv 3. 1 st floor, 1450 Copenhagen, Denmark | CVR: 37549223 | E: info@nomorehours.com | +45 78 76 25 00 | www.nomorehours.com When youre in a workshop From workshop c From works

568 views • 28 slides
Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT

Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT

Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT Communications Nov. 2015 IETF94@yokohama Draft Overview Motivation The volume of DDoS attack will exceed available anti- DDoS capability by

802 views • 10 slides
15-150 Fall 2020 Stephen Brookes Lecture 3 Patterns and specifications Patterns and

15-150 Fall 2020 Stephen Brookes Lecture 3 Patterns and specifications Patterns and

15-150 Fall 2020 Stephen Brookes Lecture 3 Patterns and specifications Patterns and specifications Patterns and specifications Advice After class, study slides and lecture notes. Start homework early, plan to finish on time.

1.34k views • 98 slides
STORAGE STORAGE RACKS RACKS PREMIUM SERIES SPECIFICATIONS SPECIFICATIONS Welded connection

STORAGE STORAGE RACKS RACKS PREMIUM SERIES SPECIFICATIONS SPECIFICATIONS Welded connection

STORAGE STORAGE RACKS RACKS PREMIUM SERIES SPECIFICATIONS SPECIFICATIONS Welded connection of Upright bracing that provides the following advantages: Manila Office: Higher capacity and impact resistance. 747 Aurora Boulevard,

326 views • 17 slides
White Space use cases & requirements I-D: draft-probasco-paws-overview-usecases Gabor Bajko,

White Space use cases & requirements I-D: draft-probasco-paws-overview-usecases Gabor Bajko,

White Space use cases & requirements I-D: draft-probasco-paws-overview-usecases Gabor Bajko, Basavaraj Patil, Scott Probasco 1 Overview Introduce White Space concept Use case: TVWS database discovery Use case: Hot-spot, urban

529 views • 14 slides
PAWS: Use Cases I-D: draft-ietf-paws-problem-stmt-usecases-rqmts Basavaraj Patil, Scott Probasco

PAWS: Use Cases I-D: draft-ietf-paws-problem-stmt-usecases-rqmts Basavaraj Patil, Scott Probasco

PAWS: Use Cases I-D: draft-ietf-paws-problem-stmt-usecases-rqmts Basavaraj Patil, Scott Probasco (Nokia) Juan Carlos Zuniga (Interdigital) IETF 82 Updates from Rev 00 to 01 Added the Mobility, Indoor networking and machine-2- machine use

539 views • 19 slides
Specifications Introduction to the Module This module is dedicated to specifications The

Specifications Introduction to the Module This module is dedicated to specifications The

Module 7 Specifications Introduction to the Module This module is dedicated to specifications The docstring at start of a function (DEMO) Also the website documentation (DEMO) Useful for knowing how a function works What if you

501 views • 31 slides
Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science

Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science

Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science http://pag.lcs.mit.edu/ Joint work with Michael Ernst Jeremy Nimmer, page 1 Synopsis Specifications are useful for many tasks Use of specifications

485 views • 29 slides
Methods and Specifications Practical considerations for methods, specifications and applications of

Methods and Specifications Practical considerations for methods, specifications and applications of

4/24/2019 Methods and Specifications Practical considerations for methods, specifications and applications of principles in the lab; troubleshooting. Sue Gates Dairy Farmers of America May 9, 2019 2019 ADPI Dairy 360 1 MORE THAN 14,000 FARMER-

415 views • 18 slides
Build Scalable APIs using GraphQL and Serverless @simona_cotin @simona_cotin @simona_cotin

Build Scalable APIs using GraphQL and Serverless @simona_cotin @simona_cotin @simona_cotin

Build Scalable APIs using GraphQL and Serverless @simona_cotin @simona_cotin @simona_cotin JS @simona_cotin @simona_cotin @simona_cotin @simona_cotin a data-fetching API powerful enough to describe all of Facebook -Lee Byron

756 views • 60 slides
Measuring QoS in Web-Based Virtual Worlds: an Evaluation of

Measuring QoS in Web-Based Virtual Worlds: an Evaluation of

Measuring QoS in Web-Based Virtual Worlds: an Evaluation of Unity 3D Web Builds Hussein Bakri and Colin Allison University of St Andrews openvirtualworlds.org QoS in

411 views • 24 slides
When Should We Add Theory Axioms And Which Ones? Giles Reger 1 , Martin Suda 1 2 1 School of

When Should We Add Theory Axioms And Which Ones? Giles Reger 1 , Martin Suda 1 2 1 School of

When Should We Add Theory Axioms And Which Ones? Giles Reger 1 , Martin Suda 1 2 1 School of Computer Science, University of Manchester, UK 2 Institute for Information Systems, TU Vienna, Austria AITP, April 4, 2016 Reger, Suda When Should

889 views • 42 slides
Hints for AVATAR (and some more) Martin Suda Czech Technical University in Prague, Czech

Hints for AVATAR (and some more) Martin Suda Czech Technical University in Prague, Czech

Hints for AVATAR (and some more) Martin Suda Czech Technical University in Prague, Czech Republic PIWo 2019, Prague, October 2019 1/17 Interactive Theorem Proving with ATPs Some people actually use ATPs to do math! 1/17 Interactive

823 views • 57 slides
Outline Overview VR Tour VR Tour Entities Luiz Velho Tour Script IMPA Tour

Outline Overview VR Tour VR Tour Entities Luiz Velho Tour Script IMPA Tour

Outline Overview VR Tour VR Tour Entities Luiz Velho Tour Script IMPA Tour Experience Case Study VR Tour Concepts Meta-Narrative "Guided Participatory Meta-Narrative Narrative-Based Content For Virtual

618 views • 7 slides
The Ar The Art of Group Coachi hing ng Mo Modul ule 5 5: V Vision t to R Real ality

The Ar The Art of Group Coachi hing ng Mo Modul ule 5 5: V Vision t to R Real ality

The Ar The Art of Group Coachi hing ng Mo Modul ule 5 5: V Vision t to R Real ality Mar Marketing P g Proce cess 1 Course Overview 1. The Art of Group Coaching Model 2. Logistics in Group Coaching 3. Facilitation Confidence

385 views • 16 slides
Introduction to Machine Learning 4. Perceptron and Kernels Alex Smola Carnegie Mellon University

Introduction to Machine Learning 4. Perceptron and Kernels Alex Smola Carnegie Mellon University

Introduction to Machine Learning 4. Perceptron and Kernels Alex Smola Carnegie Mellon University http://alex.smola.org/teaching/cmu2013-10-701 10-701 Outline Perceptron Hebbian learning & biology Algorithm Convergence

839 views • 56 slides
PNNI Private Network to Network Interface Principles Topology concepts Routing Protocols

PNNI Private Network to Network Interface Principles Topology concepts Routing Protocols

PNNI Private Network to Network Interface Principles Topology concepts Routing Protocols Topology aggregation Call setup and routing algorithm PNNI-1 S-38.121 / S-04 / RKa, NB ATM background ATM = Asynchronous Transfer Mode

500 views • 17 slides

More recommend