Understanding 'Authentication' and 'Identity Federation'
7 likes1,959 views
This document discusses identity, authentication, and identity federation. It defines identity as a set of attributes that are used to recognize an entity, rather than just an identifier. Authentication is verifying that an entity is valid, while federation passes identity information between systems to enable single sign-on. Identity management systems provide trusted identities and credentials, authentication systems verify users, and applications authorize access based on attributes. Federation is based on trust between systems to externalize features and trust responses.
Understanding 'Authentication' and 'Identity Federation'
- 1. Understanding 'Authentication’ and ‘Identity Federation' Naohiro Fujie MVP for Enterprise Mobility
- 2. Confusion… •Identity = Authentication ?? •Authentication = Single Sign On ?? •Federation ??
- 3. What is ‘Identity’ – Johari Window • We want to recognize existence of ‘Entity’ like person, computer, other physical things. • But we cannot recognize ‘Entity’ directly since the ‘Entity’ is different from ourselves. • Also we cannot recognize all part of own ‘Entity’. Source: Wikipedia https://en.wikipedia.org/wiki/Johari_window
- 4. Recognize ‘Entity’ through ‘Identity’ • ‘Identity’ is not only an ‘Identifier’ but a set of attributes. • Identifier is one of attribute or a set of attribute of the entity to separate it from other entities. • Ex) If there is no ‘Fujie-san’ around here, surname can be used as identifier, but at my home, we cannot use surname as identifier. • We recognize ‘Entity’ through recognizing attributes. Name Company Hair Style Height Loves Heavy Metal Identity - Set of attributes Entity to recognize
- 5. Identity related keywords • Authentication • To check entity is valid or not. • Federation • To federate(pass) identity related information to other entities. • By federate AuthN result attribute to other entity(system), user can Single Sign On between entities. 2.Verify 1.Name/Password AuthN result3.Generate Computer system A - Entity which need to validate a entity Name Company Password Attributes of the user User - Entity to be verified 4.Access Authentication Federation 6.SSO Major protocols are SAML, OpenID Connect Major protocols are RADIUS, Kerberos OpenID Computer system B - Federate with system A Name Attributes of the user 5.Federate AuthN result
- 6. Role of Identity & Access Management Trust Trust Trust/Federation Provide Credentials Provide Common Attributes Provide AuthN Result Identity Management System Authentication System Applications Identity Management System’s role - Provide trustworthy identities to other systems. How? ex) by import data from HR Authentication System’s role - Verify the validity of the user. How? ex) Password + SMS notification Application’s role - Authorize user’s access. How? ex) Change user’s role align to the department and title attributes of the user Trust means… - Externalize and delegate feature to other system, and trust the response from the system. Applications Note) User can SSO across apps if these apps trust the same authN system. App admins App specific attributes Federation is based on inter-system ‘Trust’