Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together
1 like364 views
This document discusses two approaches to single sign-on (SSO): web access management (WAM) and open standards like SAML and OAuth. WAM uses policy enforcement points to intercept requests and enforce security policies, while open standards pass identity between an identity provider and applications. Both approaches can meet different needs, and choosing the wrong one can increase costs and cause delays. The document provides guidelines for choosing between the approaches and notes that they can be combined to get the benefits of both within a single SSO solution from CA Technologies.
Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together
- 2. 1 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD © 2016 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2016 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
- 4. 3 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Single Sign-on Can Mean Many Different Things § Getting an identity from one application to another § Maintaining a secure session across multiple applications § Only allowing the correct users access § Security controls for the session § Knowing what actions users are doing § URL filtering to keep bad requests out
- 5. 4 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Two Approaches to Meet Different Needs § Policy enforcement points to intercept and examine each request § Shared session across multiple applications WEB ACCESS MANAGEMENT § Identity passed from identity provider to applications § Claims approach to SSO § Application remains in control of own security policies OPEN STANDARDS TIGHTLY COUPLED LOOSELY COUPLED
- 6. 5 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Choosing the Wrong Approach Can Cause Problems § Increased integration costs § Use of workarounds to meet requirements § Customization § Project Delays Image taken from https://hikingartist.com/thrive/nail-screw/ Choosing the right approach to meet your needs is critical
- 7. 6 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Decision Guidelines § On Premise or PaaS applications § Simple cross application linking § Enforcement of user authorization § Audit / Timeout / Session Security WEB ACCESS MANAGEMENT § Third Party sites § Applications have a native integration § Remote locations § Only concerned with passing identity OPEN STANDARDS
- 8. 7 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD SAML SSO Approaches Can be Combined… SAML to an Internal Application While Maintaining URL Filtering End User SSO Gateway SSO Session Application session Application Session Linker
- 11. 10 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Summary Choose the right approach to meet your business needs WAM and Open Standards do not contradict they compliment Combine WAM and Open standards together
- 12. 11 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Recommended Sessions SESSION # TITLE DATE/TIME SCT915 Data Breach Digest, John Grimm 11/16/2016 at 12:45 pm SCT45T How Fast Is Your Directory? 11/16/2016 at 4:30 pm SCX205 CA SSO, AA Roadmap 11/18/2016 at 1:45 pm