Authentication & Authorization

After so many years of conflict, the war in between authentication protocols finally ended. While there is no clear winner, the only three survivors (SAML2, OpenID & InfoCard) have established an informal "armistice", where each claims to be more complementary than competitors. The industry, as well as customers, can easily sustain three protocols. Today any significant software implementation bridges the remaining protocols seamlessly. While this scenario may not be perfect,...

OpenID has gained significant popularity as an Internet identity system. Nonetheless, its adoption has been limited by usability and security issues. It has been widely speculated in the community that one of the ways that we can make OpenID more usable and safer is with the introduction of an active client to assist the user with his logon experience. In this session, we will describe the results of a community collaboration to develop an experimental multi-protocol version of Windows...

The traditional concept of an in-house data center behind a static corporate firewall is history once and for all. The enterprise is now in full embrace of dynamic applications provided and scaled by dedicated cloud service providers. To innovate faster, regain control, and compete in a new world that is shifting from a "need to know" to "need to share" paradigm requires a new focus on security and authorization in a dynamic perimeter. This dynamic perimeter spans hybrid...

One of the many advantages of claims-based architectures is that they abstract away the details of their components, including where things are hosted. As long as services and identity providers are network-addressable, they can live on-premises and in the cloud and easily move between the two environment without changing the emerging properties of the system. The immediate advantage is that existing identity providers, typically on-premises, are readily available for the new applications in...