Blocking identity leakage: Why an organization should become an IdP

By Mark O'Neill	Article Rating:
December 8, 2012 06:40 PM EST	Reads:	1,276

Related
Print
Email
Feedback
Add This
Blog This

This week, my colleague Ed King presented a webinar with Eve Maler (@xmlgrrl) from Forrester about why organizations should become identity providers. This is an important topic. Organizations are leaking identity. The path of least resistance is for an employee to use a SalesForce.com login, another SaaS service login, or even a Google Apps or Facebook login to log into a third-party site. The third-party site could be a B2B procurement hub, or a corporate travel service. In that case, the SaaS service becomes crucial as the IdP (Identity Provider) which enables the user to log into the service. This is undoubtably good for the SaaS service, which is why so many are becoming IdP by supporting standards such as OAuth 2.0 and SAML. But what about the organization itself? Would it not be better for the organization to to stop the identity leakage and become an IdP itself?

In the webinar, Ed and Ruth talked about why organizations should become IdPs. But the next question is how. The Vordel API Server makes this easy.

OAuth 2.0 and SAML are two key standards used to become an IdP. They enable a token to be issued, based on a user's login. Let's look at OAuth 2.0 first:

OAuth 2.0

The Vordel API Server comes with a prebuilt OAuth 2.0 sample. In this sample, you can see a sample app asking the user to authorize a connection to a third-party service. In the example below, I've setup an organization to use the Vordel API server to act as an IdP by authenticating the user against a corporate Active Directory, and then to prompt the server to allow a third-party site to access their information.This results in user being issued an OAuth 2.0 Access Token, and the third-party site receiving an OAuth 2.0 bearer token.

Here is how I'm authenticating the user against a corporate Active Directory then redirecting them to the OAuth 2.0 services:

You can see an example of the bearer token below in the Vordel API Server traffic monitor:

And here's the policy on the API Server which validates the OAuth 2.0 bearer token:

SAML

Now let's look at the SAML use case. SAML is often used, in this content, to issue a signed SAML Authentication assertion for the IdP to assert that the user has been authenticated. The policy below, in the Vordel API Server, allows an organization to act as an IdP by authenticating a user against a corporate Active Directory and then issuing (and signing) a SAML Assertion:

Here is how the Active Directory connection is configured (note the long list of other identity connectors in the Vordel API Server):

Finally, here is the signed SAML Assertion which is issued by our IdP policy.

At this point, you may be thinking "What should I use for my IdP, SAML or OAuth 2.0?". Well, it usually isn't a case of either/or. A third-party provider may dictate the answer by only supporting one or the other. But in the example above, you can clearly see that an OAuth bearer token is a lot smaller than a signed SAML Assertion, and size may be a big consideration for mobile use cases. In any case, you can support both with the Vordel API Server, getting the best of both worlds.

So, to make the first step for your organization to become an IdP, download your copy of the Vordel API Server here.

CIO, CTO & Developer Resources

Read the original blog entry...

Published December 8, 2012 – Reads 1,276
Copyright © 2012 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

Related
Print
Email
Feedback
Add This
Blog This

More Stories By Mark O'Neill

Mark O'Neill is Chief Technology Office of Vordel. Vordel connects applications to applications, businesses to other businesses, and SOA to Cloud Computing. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

read more & respond »

Cloud Expo & Big Data Expo 2012 West

KEYNOTES

OpenStack

Opening Keynote | Mission-Critical Applications in the Cloud – Myth or Reality?

Rackspace

Day 2 Keynote | An Open Cloud Discussion

Progress

Day 3 Keynote | Cloud Applications: Some Assembly Required

Akamai

Day 3 Lunch Keynote | The Extended Enterprise: Taking Your App Delivery Strategy to the Cloud

Cisco

Day 4 Keynote | The Ever Changing Cloud

PLATINUM PLUS SPONSORS

Nebula | OpenStack

Discussion Panel – Powered by OpenStack

Progress Software

The Impact of Big Data and Cloud on Data Connectivity

Rackspace

The IT Talent Shift: Preparing Your Enterprise IT Talent for the Cloud

PLATINUM SPONSORS

Dell

Is There a Silver Lining to Cloud — Or Just a Lot of Hot Air?

Intel

Enterprise without Limits: A Blueprint for Organizational Agility

New Relic

Managing the Explosive Growth and Consolidation of Big Data in the Cloud

Red Hat

Managing the Explosive Growth and Consolidation of Big Data in the Cloud

Terremark

Perception vs Reality in the Cloud

GOLD SPONSORS

Akamai

Challenges and Opportunities for a Cloud-based Application Delivery Strategy

Broadcom

Sustainable Networking Innovation Through Collective Intelligence: Software Defined Networking

Citrix

Lessons Learned from 100 IaaS Cloud Deployments...and Counting

Driving Innovation Through the Cloud

SOA Software

Best Practices of API Management

SoftLayer

Building a "Mainstream" Private Cloud: What You Need to Know

VMware

From Infrastructure to Applications - the Next Step in Your Cloud Journey

Big Data Power Panel at Cloud Expo Silicon Valley: Cloud and Big Data – What's Working, What's New?

CEO Power Panel at Cloud Expo Silicon Valley

CTO Power Panel at Cloud Expo Silicon Valley: The Cloud Computing State of the Union

Click For 2012 East Event Webcasts

Cloud Expo & Big Data Expo 2012 East

KEYNOTES

SHI

Opening Keynote | Mission-Critical Applications in the Cloud – Myth or Reality?

Rackspace

Day 2 Keynote | The Era of Open Clouds is Upon Us

Oracle

Day 2 Lunch Keynote | A Pragmatic Journey to the Cloud

Citrix

Day 3 Keynote | Step up to a Higher Cloud

Akamai

Day 3 Lunch Keynote | Trends and Challenges in the Hyperconnected World

DIAMOND SPONSOR

SHI

From Chief Information Officer to Chief Innovation Officer

PLATINUM PLUS SPONSORS

Oracle

Oracle's Cloud - An Enterprise Cloud for Business-Critical Applications

Rackspace

Cloud – Vision to Reality

PLATINUM SPONSORS

Citrix

Architecting Your Cloud: Lessons Learned from 100 CloudStack Deployments

Dell

Enterprise without Limits: A Blueprint for Organizational Agility

Intel

Managing the Explosive Growth and Consolidation of Big Data in the Cloud

Pacific Control Systems

Galaxy – the Cloud-Based Platform of Platforms

GOLD SPONSORS

Akamai

Taking Your Application Delivery Strategy to the Cloud

EffectiveUI

Effectively Leveraging the Cloud for Better User Experience

Interexion

The World According to Cloud

NextAxiom Technology

Fuel Your Cloud with Metered, Virtualized Middleware

PerspecSys

Taming the Cloud Data Beast – Information Privacy, Residency and Security in the Cloud

Softlayer

Enterprise Class or Internet Scale? The Right Cloud for the Job

Terremark

Executing Enterprise Clouds

Whiptail

Data at the Speed of Life

POWER PANELS

Big Data Power Panel at Cloud Expo New York: What's Driving Big Data – and Why Now?

Cloud Trends' Power Panel at Cloud Expo New York: Unleashing the Ever-Growing Value of the Cloud

CEO Power Panel at Cloud Expo New York: Cloud Computing and Big Data Strategy

CTO Power Panel at Cloud Expo NY: Cloud Computing: What's Working, What's New, What's Next?

Click For 2011 West
Event Webcasts

Open Web Developer Topics

Open Web Developer News Desk

Open Web Developer Viewpoint

OpenSocial

Security

Write For Us

Is Your Business 100% Ready for the New Era of Cloud Computing and Big Data? The Only Enterprise IT Event in 2013 Covering the Entire Scope of both Cloud & Big Data

Come to New York and get yourself up to date with the Big Data revolution! As advanced data storage, access and analytics technologies aimed at handling high-volume and/or fast moving data all move center stage, aided by the Cloud Computing boom, Cloud Expo is the single most effective event for you to learn how to use you own enterprise data – processed in the Cloud – most effectively to drive value for your business.

There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Get a jump on that rapidly evolving trend at Big Data Expo, which we are introducing in June at Cloud Expo New York.

Cloud Expo was announced on February 24, 2007, the day the term "cloud computing" was coined. That same year, the first Cloud Expo took place in New York City with 450 delegates. Next June, Cloud Expo is returning to New York with more than 10,000 delegates and over 600 sponsors and exhibitors.

"Cloud" has become synonymous with "computing" and "software" in two short years. Cloud Expo is the new PC Expo, Comdex, and InternetWorld of our decade. By 2012, more than 50,000 delegates per year will participate in Cloud Expo worldwide.

The cloud is certainly a compelling alternative to running all applications within a traditional corporate data center. But moving from theory into practice is where things get complicated, and this is where attending a top industry event like Cloud Expo comes in.

No one can take full advantage of cloud computing without first becoming familiar with the latest issues and trends, which is why the organizing principle of the 10th International Cloud Conference & Expo on June 10-13, 2013 - is to ensure - through an intensive four-day schedule of keynotes, general and breakout sessions, and our bustling Expo Floor - that attending delegates leave the Javits Center with abundant resources, ideas and examples they can apply immediately to leveraging the Cloud, helping them to maximize performance, minimize cost and improve the scalability of their Enterprise IT endeavors.

Delegates will leave Cloud Expo with dramatically increased understanding the entire scope of the entire cloud computing spectrum from storage to security.

Whether you're an enterprise or small to medium business, you'll soon be benefiting from the Cloud. Join your peers in New York City June 10-13, and maximize those benefits already in 2013. See you in New York City!

Register Now!
Save $500 on your “Golden Pass”! Call 201.802.3020
or click here to Register
Early Bird Expires Friday.

Speaker Opportunities
Submit your speaking proposal for the upcoming Cloud Expo in New York City
[June 10-13, 2013]

Exhibitor Info
Please Call 201.802.3021
events (at) sys-con.com.
Carmen Gonzalez,
carmen (at) sys-con.com.

Produced and presented by Cloud Expo, Inc.