sun java tm system identity solution
play

Sun Java TM System Identity Solution Stuart Sim Chief Architect - PowerPoint PPT Presentation

Apr 23, 2023 •243 likes •1.12k views

Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research Sun Microsystems Agenda Business Drivers for Identity Management Suns Identity Management Solution Sun Java System Access Manager

  1. Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research Sun Microsystems

  2. Agenda • Business Drivers for Identity Management • Sun’s Identity Management Solution • Sun Java System Access Manager Overview > Authentication Services > Federation Services > Auditing Services > SSO for non web apps • Sun Java System Identity Server Overview > User Provisioning • Sun Open Source Strategy for Identity Sun Proprietary/Confidential: Internal Use Only

  3. Sun's Identity Management Suite • Comprehensive software solution that includes Directory Server Enterprise Edition > Directory Services Access Manager > Access Control, Single Sign-On, Federation > Provisioning and Identity Synchronization Services > Identity Auditing • Open, Integrated, “Integrate-able” Identity Manager to reduce cost, complexity Identity Auditor Sun Proprietary/Confidential: Internal Use Only

  4. Sun Java TM System Access Manager

  5. Access Manager 6.3 Core Auth (LDAP, Radius, AD, etc.) ✗ SSO (CDSSO, SAML 1.1, ✗ Liberty) Authorization (Role Mgt, ✗ Policy) Liberty Alliance Compliant Phase 1 & 2 (ID-FF, ID- ✗ WSF) Discovery Service ✗ Metadata Management ✗ Bulk-federation ✗ PAOS, LECP ✗ Personal/Employee Profile ✗ ResourceID Mapper ✗ RoleID Mapper ✗ Federation Manager ✗ 13:40 5 Sun Proprietary/Confidential: Internal Use Only

  6. Access Management Today: Fragmented, Insecure, Costly ● Who has access to what resource? ● What can users do with that access? Directories Customers ● How much does secure access cost me? Databases ● How do I quickly deploy new Employees services? ● How do I how do I comply with laws & regulations? Business Partners Applications Web Custom Services Systems Sun Proprietary/Confidential: Internal Use Only

  7. Sun Java TM Enterprise System • Sun Java Enterprise Suites Application Platform Suite • Communication Suite • NEW Availability Suite • Infrastructure Suite • Identity Management Suite • • Original « Business model » Pricing per employee • Included license, service and support • RTU (employee, client) • • Multi-platforms Solaris SPARC et x64, Linux RedHat AS 2.3 • Windows 2003, HP-UX • 13:40 7 Sun Proprietary/Confidential: Internal Use Only

  8. Solution: Sun Java Access Manager ● Increase enterprise-wide security ● Reduce complexity and operational costs ● Open access to customers, partners ● Provide a foundation for compliance Directories Access Manager Customers Customers Services Authentication Databases Databases Employees Employees Single Sign-On Policy User Profile/Roles Federation Business Business Audit/Reports Partners Applications Applications Web Web Custom Custom Sun Proprietary/Confidential: Internal Use Only Services Services Systems Systems

  9. Access Manager: Functional Overview • Single sign on to web, J2EE resources • Centralize policy based authentication and authorization • Enable distributed authentication and policy enforcement • Audit and log all authentication events • Platform for enabling identity based web services Policy Agents Access Manager Services Directories Authentication Single Sign-On Policy Databases User Profile/Roles Federation Audit/Reports Business Applications Sun Proprietary/Confidential: Internal Use Only

  10. Centralized Authentication Services • Leverage existing authentication mechanisms • Centrally manage, establish user identity > Over 15 mechanisms out of the box - LDAP, Active Directory, JDBC, SAML, others • Adapt using custom modules as needed Firewall Policy Agents Access Manager Modules Directories Services JDBC Authentication LDAP Cert Single Sign-On Policy Databases HTTP User Profile/Roles Federation Audit/Reports Business Applications Sun Proprietary/Confidential: Internal Use Only

  11. Distributed Authentication Services • Flexible deployment model > Deploy authN mechanisms in the DMZ or behind the firewall > Customize presentation, credential extraction • Create high performance, secure AuthN Firewall DMZ Access Manager Services Distributed Authentication AuthN Single Sign-On Policy User Profile/Roles Federation Audit/Reports Sun Proprietary/Confidential: Internal Use Only

  12. Centralized Policy Services • Flexible, comprehensive policy decision engine > Centrally define, manage authorizations > Easily extend authorizations to new applications > Base access controls, authorizations on roles, user profiles • Create a central point of control > Easier to audit usage > Easier to handle role/policy exceptions > Easier to make dynamic access decisions • Define granular controls > Control access to specific end points > Systematic management of sessions Sun Proprietary/Confidential: Internal Use Only

  13. Centralized Policy Services • Define Resource Realms > Create a virtual delegation hierarchy for managing resources > Delegate policy administration based on realms • Flexible policy deployment model > Decouple underlying directory structure from policy implementation Sun Proprietary/Confidential: Internal Use Only

  14. Distributed Policy Services • Provide policy enforcement at the point of access > Easily adapt centralized policy capabilities onto existing applications > Provide deeper, fine grained enforcement of policy > Leverage system capabilities • Provide centralized policy enforcement > Reverse Proxy solution expands flexibility, manageability Sun Proprietary/Confidential: Internal Use Only

  15. Centralized Audit Services • Centrally track all AuthN, AuthZ events • Provide easy to manage proof points > Who had access, who granted that access > What systems did they access > What functions did they perform > When did they perform those functions • Standards-based implementation > Easy integration with existing auditing, reporting tools Sun Proprietary/Confidential: Internal Use Only

  16. Access Manager Architecture Flexible Administration GUI CLI Reporting Centralized Audit Administration Administration Logging Access Federation Management Access Manager Services Session Authentication Authorization (Policy) Single Sign-On Auditing Existing Existing Existing Applications Resources Data Stores Sun Proprietary/Confidential: Internal Use Only

  17. Access Manager Architecture • Open > Unique J2EE architecture > Commitment to open standards and APIs - JAAS, JDK 1.4 Log API, Liberty, SAML, etc. • Integrated > Leverage the strengths of Sun's market leading Identity Management platform > Reuse services, functionality • Integrate-able > Deploys seamlessly into your existing environment > Data store independent > Modular, flexible deployment options > Faster time to deployment, lower TCO Sun Proprietary/Confidential: Internal Use Only

  18. Access Manager: Extended Integration • Leveraging your existing network > Integration with smartcards, tokens, certificate providers > Reliable integration with enterprise applications > Superior integration with system management, monitoring > Out of the box support, easy customization Sun Proprietary/Confidential: Internal Use Only

  19. Liberty Platform Requirements • Trust Relationships • Infrastructure entities – Identity Provider (IDP) and Service Provider (SP) • Trust Circle (PKI trust root/paths) • Confidentiality and Integrity • Secure back-channel (TLS, SSL or VPN) • XML signatures • Peer Authentication and Authorization • Server-side certificates • Session State Management • Common domain cookie 13:40 19 Sun Proprietary/Confidential: Internal Use Only

  20. Sample Architecture 13:40 20 Sun Proprietary/Confidential: Internal Use Only

  21. Web Service SSO Service Flow How to Integrate Legacy application with SSO & WS TK CoT TK Security Affiliation zone Untrusted Security User Liberty enable Discovery Server Identity Provider 3 rd Party AP Principal SMS GW (DS) (IDP) Contend Provider A B C D E F G H I J K Liberty ID-WSF SSOs Not Specified by Liberty Liberty ID-WSF 13:40 21 Sun Proprietary/Confidential: Internal Use Only

  22. Legacy & Web Service SSO service SMS to Web Service SSO SMS Gateway Content Provider Service Request SMS GW SMS CP Content Delivery Federation CP Manager Federation Auth Req Discovery Request Manager Service Request LDAP IDP DS Geo-Loc PP (LES) Access Manager Access Manager HTTP/SOAP Identity Provider Attribute Provider Non HTTP 13:40 22 Sun Proprietary/Confidential: Internal Use Only

  23. Deployment Environment Typical & Traditional Internet Architecture 13:40 23 Sun Proprietary/Confidential: Internal Use Only

  24. Sun Java TM System Federation Manager 24

  25. Agenda • What is Federated Identity? • Federation Business Drivers – The Virtual Campus • Benefits of Identity Federation • Sun's Federated Identity Management • Sun Java System TM Federation Manager • Sun’s work in Federation 25

  26. What is Federated Identity? “The agreements, standards, and technologies that make identity and entitlements portable across autonomous domains.” Burton Group, Identity and Privacy Strategies Research Report “Toward Federated Identity Management: The Journey Continues,” August 19, 2003. 26

Recommend

DTrace Topics: -> java/lang/System.arraycopy <- java/lang/System.arraycopy Java <-

DTrace Topics: -> java/lang/System.arraycopy <- java/lang/System.arraycopy Java <-

# ./jflow.d <- java/lang/Thread.sleep -> Greeting.greet -> java/io/PrintStream.println -> java/io/PrintStream.print -> java/io/PrintStream.write -> java/io/PrintStream.ensureOpen <- java/io/PrintStream.ensureOpen ->

632 views • 34 slides
Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto, 2005-11-07 Ingrid Melve, FEIDE manager From campus identity management to a federated solution Case: FEIDE Campus Identity Management 2

655 views • 30 slides
The Solution Provider Partner in Vietnam The Platform for Identity-Driven Relationships

The Solution Provider Partner in Vietnam The Platform for Identity-Driven Relationships

The Solution Provider Partner in Vietnam The Platform for Identity-Driven Relationships Gigyas Customer Identity Management Platform enables companies to build better relationships by turning unknown users into known, loyal and engaged

373 views • 21 slides
Security Requirement and Implementation Solution for e-Gov System Chuan Liu

Security Requirement and Implementation Solution for e-Gov System Chuan Liu

Security Requirement and Implementation Solution for e-Gov System Chuan Liu liuchuan@tongtech.com TongTech Co., Ltd 2006-11 Agenda Introduction of E-Gov (Platform) Requirement of Identity Management & Authorization

749 views • 21 slides
UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity System UCSBnetID authentication UCSB-wide student and employee info http://www.identity.ucsb.edu/ LDAP Overview Lightweight Directory Access Protocol

604 views • 24 slides
2/17/2017 Continued from yesterday >java RealQueen 5 SOLUTION: 1 3 5 2 4 SOLUTION: 1 4 2 5

2/17/2017 Continued from yesterday >java RealQueen 5 SOLUTION: 1 3 5 2 4 SOLUTION: 1 4 2 5

2/17/2017 Continued from yesterday >java RealQueen 5 SOLUTION: 1 3 5 2 4 SOLUTION: 1 4 2 5 3 SOLUTION: 2 4 1 3 5 SOLUTION: 2 5 3 1 4 SOLUTION: 3 1 4 2 5 SOLUTION: 3 5 2 4 1 SOLUTION: 4 1 3 5 2 SOLUTION: 4 2 5 3 1 SOLUTION: 5 2

210 views • 4 slides
BLENDING JAVA WITH DYNAMIC LANGUAGES speaker.identity { name 'V enkat Subramaniam'

BLENDING JAVA WITH DYNAMIC LANGUAGES speaker.identity { name 'V enkat Subramaniam'

BLENDING JAVA WITH DYNAMIC LANGUAGES speaker.identity { name 'V enkat Subramaniam' company 'Agile Developer, Inc.' credentials 'Programmer', 'Author', 'T rainer' blog 'http://agiledeveloper.com/blog' email

934 views • 22 slides
JAVA Java vs. Java Java Language Specification

JAVA Java vs. Java Java Language Specification

BR 10/05 JAVA Java vs. Java Java Language Specification http://java.sun.com/docs/books/jls/second_edition/html/j.title.doc.html Java programming language is compiled into java byte code Java Virtual Machine Specification

1.07k views • 44 slides
Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients & partners Conclusion Identity management System Requester Users admin Approver Application Application Provisioning system Identity A

826 views • 45 slides
Migrating a Java Solution to HP Integrity NonStop A mix of Whats, Whys and Hows Moore Ewing

Migrating a Java Solution to HP Integrity NonStop A mix of Whats, Whys and Hows Moore Ewing

SQL/MX ANSI compliance Migrating a Java Solution to HP Integrity NonStop A mix of Whats, Whys and Hows Moore Ewing HPE EMEA NonStop Presales What 1. A Card Management Solution Create Programs, Issue Cards, Authenticate Use, Manage

836 views • 34 slides
How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red

How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red

How to build an Identity Management System on Linux Simo Sorce Principal Software Engineer Red Hat, Inc. What is an Identity Management System and why should I care ? In a nutshell: an IdM system is a set of services and rules to manage

586 views • 22 slides
Java build system by Zoltn Jakab zoltan.jakab@ericsson.com Contents Build a Java program

Java build system by Zoltn Jakab zoltan.jakab@ericsson.com Contents Build a Java program

Java build system by Zoltn Jakab zoltan.jakab@ericsson.com Contents Build a Java program Ant Concept Language elements Reuse and extension Other Java build tools Hello world package demo; public class HelloWorld {

798 views • 50 slides
Introducing Log4j 2.0 History of Apache Log4j Early Java Logging System.out and System.err

Introducing Log4j 2.0 History of Apache Log4j Early Java Logging System.out and System.err

Introducing Log4j 2.0 History of Apache Log4j Early Java Logging System.out and System.err Originally, Java didn't have any form of logging other than abuse of the standard output and error PrintStream objects. The shell running a

430 views • 26 slides
Tweak Your Modules! Java Platform Module System Stephan Herrmann Simply Retail. J JDT embraces

Tweak Your Modules! Java Platform Module System Stephan Herrmann Simply Retail. J JDT embraces

J D T Tweak Your Modules! Java Platform Module System Stephan Herrmann Simply Retail. J JDT embraces Java 9 / Part II D T We've all migrated to Java 11 From here adopting new Java versions is a breeze Compatibility for all!

664 views • 17 slides
Java Path Finder (JPF) Christian Bergum Bergersen June 1, 2015 What is Java Path Finder?

Java Path Finder (JPF) Christian Bergum Bergersen June 1, 2015 What is Java Path Finder?

Java Path Finder (JPF) Christian Bergum Bergersen June 1, 2015 What is Java Path Finder? Java Path Finder is an open-source analysis system that automatically verifies/model check Java programs. Initially developed by NASA. The Java

615 views • 16 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006)

Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006)

Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006) Java 7 (2010) Other topics Basic concurrency in Java Java Memory Model describes how threads interact through memory Single thread

812 views • 34 slides
Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements Repetition statements (loops) Writing Classes in Java Selim Aksoy Class definitions Bilkent University Encapsulation and Java modifiers

346 views • 11 slides
A smart card based solution for user- centric identity management Jan Vossaert Researcher at

A smart card based solution for user- centric identity management Jan Vossaert Researcher at

A smart card based solution for user- centric identity management Jan Vossaert Researcher at KaHo Sint-Lieven Affiliated Researcher at KULeuven 1 Overview Introduction Approach Overview of the architecture Protocols

460 views • 21 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
SaaS Platform Identity Verification True Professionals Organizations need to automate their

SaaS Platform Identity Verification True Professionals Organizations need to automate their

Identity Verification SaaS Platform Identity Verification True Professionals Organizations need to automate their onboarding processes making sure they know who is on the other side. Challenges Ideal Solution Expectations As the majority

454 views • 4 slides
Java Technology Goes to the Movies: Java Technology in Next- Generation Optical Disc Formats

Java Technology Goes to the Movies: Java Technology in Next- Generation Optical Disc Formats

Java Technology Goes to the Movies: Java Technology in Next- Generation Optical Disc Formats Bill Foote Erik Moll Staff Engineer System Architect Sun Microsystems, Inc. Philips Applied Technologies http://java.sun.com

935 views • 61 slides
IDENTITY What is the Relationship Between Identity and the College Experience? What Role

IDENTITY What is the Relationship Between Identity and the College Experience? What Role

2/15/2019 Jordan Truex Agenda or Summary Layout The Road to SelfAuthorship NonTraditional Students Effective Interview Strategies Meeting the Student Where They Are IDENTITY What is the Relationship Between Identity and the

367 views • 10 slides
The Java Virtual Machine Martin Schberl Overview Review Java/JVM JVM Bytecodes

The Java Virtual Machine Martin Schberl Overview Review Java/JVM JVM Bytecodes

The Java Virtual Machine Martin Schberl Overview Review Java/JVM JVM Bytecodes Bytecode examples Class information Parameter passing On projects JVMHW The Java virtual machine 2 Java System Overview JVMHW The Java

688 views • 46 slides

More recommend