Professional Documents
Culture Documents
Opensso Overview: Sidharth Mishra Sun Microsystems, Inc
Opensso Overview: Sidharth Mishra Sun Microsystems, Inc
Opensso Overview: Sidharth Mishra Sun Microsystems, Inc
OpenSSO Enterprise
Web SSO
OpenSSO Enterprise
How does it work?
Windows NT, WindowsDesktopSSO (Kerberos), Anonymous, Membership (self-enrollment) `` > Custom authentication mechanisms using the SPI
Multi-factor Authentication (Chained Authenticaton Mechanisms) Multi-Level and Multi-Scheme Authentication Resource-based Authentication
URL) > Subjects Who is allowed to access (User/Role/Group etc.) > Condition Extra Constraints (IP Address mask, authN level/scheme, time/day etc.) > Response Provider Additional Response data to be sent back to resource.
Centralized server configuration Centralized agent configuration Agent and proxy modes AAA Identity Services Embedded directory server for user store and policy store XACML support for standards-based policy management Consumes and translates 3rd party tokens from all major WAM solutions
Federation
partner and employee relationships. > Extended existing and new revenue opportunities. > Implement business models that generate efficiencies and productivity gains.
10
11
What It Does?
5 2
WSS Agent clientsdk
for consuming, processing and transforming security tokens including SAML > Abstracts security from the application. > Agent allows standardization on security across multiple containers (e.g. Sun, IBM, BEA etc.)
Secures SOAP request and validates SOAP response at WSC. Validates SOAP request and secures SOAP response at WSP.
OpenSSO Server
1 Request
13
How It Works
> An authenticated client requests token needed to
access web service provider. > The STS verifies the credentials presented by the client, and then in response, it issues a security token that provides proof that the client has authenticated with the STS. > The client presents the WS-I BSP based security token(User Name, X.509, SAML etc.) to the Web service. > The Web service verifies that the token was issued by a trusted STS, which proves that the client has successfully authenticated with the STS.
SOAP (WSS)
1 Request
14
Three Tough Challenges. One Powerful Solution. Only standards-based solution that provides a pluggable, end-to-end secure web-services solution Standards based integration with Glassfish. SecurityToken Service that can be deployed as an Integrated, or standalone, solution Security Token Service that can handle token issuance, validation and translation via WS-Trust Policy enforcement point plugins for Weblogic, WebSphere, Tomcat and JBOSS
15
Identity Services
Problem
How do I invoke and leverage OpenSSO services (authN, authZ etc.) in a platform / language independent manner?
Benefits
Allows developers to easily invoke OpenSSO services. Identity Access Layer provides abstraction so components can change without affecting applications. Agentless solution that does not require deployment of agent or proxy to protect a resource. Supports usage of the IDE of developer's choice > NetBeans, Eclipse, Visual Studio
Identity Services
Identity Services
17
Thank You.
sid@sun.com
18