oasis sstc f2f 4 th feb 2004 w25 kerberos saml
play

Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos & SAML John Hughes, - PowerPoint PPT Presentation

Nov 12, 2023 •163 likes •239 views

Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos & SAML John Hughes, Entegrity Solutions Tim Alsop, CyberSafe Limited Current Document Progress Two documents : Generalised AuthnRequest Profiles Working Draft 02, 1st February 2004

  1. Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos & SAML John Hughes, Entegrity Solutions Tim Alsop, CyberSafe Limited

  2. Current Document Progress ● Two documents : ● Generalised AuthnRequest Profiles ● Working Draft 02, 1st February 2004 ● draft-sstc-solution-profile-kerberos-02 ● Kerberos SAML Profiles ● Working Draft 02, 1st February 2004 ● draft-sstc-solution-profile-kerberos-02

  3. Initial Use Cases

  4. Scope : draft-sstc-solution-profile-kerberos-?? ● Provide a secure and trusted mechanism to pass a user identity to the SAML Responder via the SAML Service so that an artifact or assertion can be returned using the authenticated identity of the user. ● Provide a secure and trusted mechanism to allow the SAML Service to communicate with the SAML Responder; ● Provide secure sessions (e.g. mutual authentication, data integrity, confidentiality, channel binding, replay attack detection) between the authentication and authorisation related infrastructure components required for a SAML deployment; ● Implement a Single SignOn (“SSO”) experience for users - especially useful when the workstation and/or server operating systems have a Kerberos implementation available and multiple vendors operating systems are used; ● Take advantage of the credential delegation/forwarding capability in the Kerberos protocol to pass credentials securely from middle tier to back- end tier application and infrastructure components; ● Provide a secure approach for passing a SAML Assertion to an application that is Kerberos enabled.

  5. DCE PAC Schema <?xml version='1.0' encoding='UTF-8' ?> <!-- Schema for DCE PAC --> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="sstc-saml-schema-dce-pac-2.0-cs.xsd" > <xs:element name="ForeignGroup"> <xs:complexType> <xs:sequence> <xs:element name="Realm" type="string" minOccurs="1" maxOccurs="1"/> <xs:element name="GroupName" type="string" minOccurs="1" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> </xs:schema>

  6. NameIdentifier Syntax ? 1) <saml:Subject> <saml:NameIdentifier NameQualifier="http://www.cybersafe.ltd.uk/" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"> talsop@CYBERSAFE.LTD.UK </saml:NameIdentifier> 2) <saml:Subject> <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:2.0:nameid-format:DCE" NameQualifier=“MyRealm">jhughes </saml:NameIdentifier>

  7. Outstanding : ● Microsoft Kerberos PAC authorisation data mapping ● Binding Kerberos credentials to SAML Assertion – how/why ? ● More details on Kerberos/GSS-API bindings ● Take advantage of any existing Liberty, WSS, Microsoft Passport Kerberos related standards/drafts ● Future ● Site to Site (e.g. cross realm) trust ● Other …

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school

AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school

AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school Kerberos implementation based on V4 protocol. Client-server transport uses RX. Raw Kerberos binary ticket placed in credential cache

251 views • 11 slides
Cooperatives, SSE and SSTC Anita Amorim Head of ESPU, PARDEV, ILO South South and Triangular

Cooperatives, SSE and SSTC Anita Amorim Head of ESPU, PARDEV, ILO South South and Triangular

Cooperatives, SSE and SSTC Anita Amorim Head of ESPU, PARDEV, ILO South South and Triangular Cooperation (SSTC) Definition: Partnership among equals involving a learning process or exchange of expertise derived from effective

537 views • 22 slides
Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES

Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES

Akademska in raziskovalna mrea Slovenije Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES aaa-podpora@arnes.si Cork Institute of Technology Cork, Ireland, 19.5.2009 Kerberos Kerberos Akademska in

353 views • 16 slides
OASIS SB Program Open Season On ramp Overview How to get on OASIS OASIS Program Management Office

OASIS SB Program Open Season On ramp Overview How to get on OASIS OASIS Program Management Office

U.S. General Services Administration OASIS SB Program Open Season On ramp Overview How to get on OASIS OASIS Program Management Office Slide Deck Version: July 10, 2018 1 OASIS and OASIS Small Business OASIS and OASIS Small Business (SB) are

763 views • 41 slides
Google&lt;-SAML-&gt;Zscaler Integration Agenda n What is SAML? n AAA, Testing,

Google&lt;-SAML-&gt;Zscaler Integration Agenda n What is SAML? n AAA, Testing,

Summer Webinar Series Google&lt;-SAML-&gt;Zscaler Integration Dianne Dunlap (ddunlap@mcnc.org, 919-248-8439) Client Network Engineering Webinar Links: www.mcnc.org/cne-webinars Google&lt;-SAML-&gt;Zscaler Integration Agenda n What is

899 views • 63 slides
A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol developed at MIT as part of Project Athena. Is a shared-secret, trusted third party authentication system. Uses encryption to provide

280 views • 8 slides
Update on Kerberos Extensibility draft-yu-krb-wg-kerberos-extensions-02.txt Tom Yu IETF 61

Update on Kerberos Extensibility draft-yu-krb-wg-kerberos-extensions-02.txt Tom Yu IETF 61

Update on Kerberos Extensibility draft-yu-krb-wg-kerberos-extensions-02.txt Tom Yu IETF 61 Kerberos Extensibility Document Status Notational Conventions Future Plans 1 Document Status Updates from -00 Update I-D boilerplate

407 views • 7 slides
WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest / Hungary Agenda Education &amp; Research Identity Federations SAML Terminology Overview of SAML auth call flow WebRTC Identity model

1.09k views • 52 slides
OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006

OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006

OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006 Background Proposal is to define extensions to Kerberos V5 (rfc4120) to support pre-authentication using an OTP Three main aims: Allow an OTP

180 views • 14 slides
SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline

SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline

Fondation RESTENA euroCAMP 04 April 2006 SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline SAML 1.1 overview Abstract operations vs. SAML profile Abstract operations: changes since

165 views • 14 slides
Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure

Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure

Kerberos4 1 Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure network: listen, modify secret key login session : from login to logout Version 5: more complex, not just TCP/IP, greater

98 views • 7 slides
Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many

Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many

Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many Authentication ? Servers Users How do users prove their identities when requesting services from machines on the network? Nave solution:

359 views • 10 slides
Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding COMP4631 L16 1 Agenda Distributed system security Introduction to Kerberos V4 Kerberos Realms Authentication with Kerberos in Windows NT 5

751 views • 30 slides
Kerberos &amp; X.509 11

Kerberos &amp; X.509 11

Kerberos &amp; X.509 11 Network Security, Principles and Practice,2nd Ed. :

767 views • 51 slides
UBL Update Jon Bosak Sun Microsystems http:// oasis- open.org / OASIS Symposium on the

UBL Update Jon Bosak Sun Microsystems http:// oasis- open.org / OASIS Symposium on the

UBL Update Jon Bosak Sun Microsystems http:// oasis- open.org / OASIS Symposium on the committees/ ubl Future of XML Vocabularies New Orleans, 25 April 2005 The Universal Business Language (UBL) International effort to define a

632 views • 10 slides
Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17 1 Agenda Distributed system security Introduction to Kerberos Kerberos Version 4 Authentication Protocol Authentication with Kerberos

494 views • 28 slides
Teterboro Landing Brownfields Redevelopment Worlds Largest In Situ Thermal Desorption Site

Teterboro Landing Brownfields Redevelopment Worlds Largest In Situ Thermal Desorption Site

Teterboro Landing Brownfields Redevelopment Worlds Largest In Situ Thermal Desorption Site John Bierschenk, Gorm Heron and Ken Parker, TerraTherm Inc., Gardner MA, USA 1 Teterboro Landing, NJ Approximate location of TTZ Approximate

371 views • 22 slides
UNIVERSITY OF FLORIDA ONLINE DUAL ENROLLMENT Litza Echeverria Rubio and Andreas Van Denend

UNIVERSITY OF FLORIDA ONLINE DUAL ENROLLMENT Litza Echeverria Rubio and Andreas Van Denend

UNIVERSITY OF FLORIDA ONLINE DUAL ENROLLMENT Litza Echeverria Rubio and Andreas Van Denend Distance &amp; Continuing Education ABOUT ONLINE DUAL ENROLLMENT Allows qualified high school students access to UF courses Earn both high school

282 views • 9 slides
(2000/60/CE) Challenges with implementation of river basin management plans in EU-Member

(2000/60/CE) Challenges with implementation of river basin management plans in EU-Member

The Water Framework Directive (2000/60/CE) Challenges with implementation of river basin management plans in EU-Member Countries and the link to economic growth Paris, November 25, 2016 Yannick Pochon, International Office for Water

158 views • 15 slides
London using the DCE platform Dr Koen H. van Dam Systems-NET Webinar series 9 April 2014 1

London using the DCE platform Dr Koen H. van Dam Systems-NET Webinar series 9 April 2014 1

Modelling electric vehicle demand in London using the DCE platform Dr Koen H. van Dam Systems-NET Webinar series 9 April 2014 1 Digital City Exchange 2 A smart city is a connected city: efficient use of resources through

310 views • 27 slides
Railroad TCE HSCA Site Public Hearing Warwick Township Building November 17 th , 2015 Agenda

Railroad TCE HSCA Site Public Hearing Warwick Township Building November 17 th , 2015 Agenda

Railroad TCE HSCA Site Public Hearing Warwick Township Building November 17 th , 2015 Agenda Site background and history Response alternatives and associated costs for potable water supply Public comments on proposed response Site

563 views • 27 slides
Community Meeting 24 May 2017 Recent Activities MB61L sampling report completed

Community Meeting 24 May 2017 Recent Activities MB61L sampling report completed

Tullamarine Landfill Community Meeting 24 May 2017 Recent Activities MB61L sampling report completed Groundwater sampling at new wells completed Snap shot of In Situ parameters on all groundwater boreholes completed Groundwater

487 views • 13 slides
DATA STRATEGIC FOCUS AREA BOARD MEETING Hope Johnson, Stephen Sosler, Peter Hansen 2-3

DATA STRATEGIC FOCUS AREA BOARD MEETING Hope Johnson, Stephen Sosler, Peter Hansen 2-3

DATA STRATEGIC FOCUS AREA BOARD MEETING Hope Johnson, Stephen Sosler, Peter Hansen 2-3 December 2015, Geneva What the Alliance aims to achieve in data by 2020 Focus areas Vaccine- Immunisation Delivery, Coverage preventable disease

119 views • 7 slides
Memphis Innovation Corridor Reimagining a Major Commercial Corridor for Bus Rapid Transit and

Memphis Innovation Corridor Reimagining a Major Commercial Corridor for Bus Rapid Transit and

Memphis Innovation Corridor Reimagining a Major Commercial Corridor for Bus Rapid Transit and Smart City Infrastructure Tennessee Section Institute of Transportation Engineers (TSITE) May 16, 2019 Agenda Project Goals Project

540 views • 25 slides

More recommend