CIS13: How to Build a Federated Identity Service on Identity and Context Virtualization
CIS13: Identity is the New Currency
-
Upload
cloudidsummit -
Category
Technology
-
view
227 -
download
1
Transcript of CIS13: Identity is the New Currency
©2005-9 Arctec Group
About the speaker
• Gunnar Peterson – Managing Principal, Arctec Group – Twitter @oneraindrop – Editor Build Security In software security column for IEEE Security & Privacy Journal
(www.computer.org/security) – Primary and contributing author for DHS/CERT Build Security In portal on Web Services
security, Identity, and Risk management (https://buildsecurityin.us-cert.gov/daisy/bsi/home.html)
– Project lead, OWASP Top Ten Web Services, OWASP XML Security Gateway Evaluation Criteria project Associate editor Information Security Bulletin (www.chi-publishing.com)
– Contributor Web Application Firewall Evaluation Criteria (http://www.webappsec.org/projects/wafec/)
– IANS Faculty member – Securosis Contirbuting Analyst – Microsoft MVP – Visiting Scientist, Carnegie Mellon University, Software Engineering Institute – Blog: (http://1raindrop.typepad.com) – Slides/presentations (http://www.arctecgroup.net/articles.htm)
Some things we do today
1. Up front integration Automated Provisioning Stronger authentication
2. Backend integration Force reauthentication Integration to fine grained authorization
3. Keep malicious actors at bay TLS/SSL OAuth revocation
©2005-9 Arctec Group
©2005-9 Arctec Group
• …”let’s collectively build security in” – Gunnar Peterson
• Blog: http://1raindrop.typepad.com • Web: http://www.arctecgroup.net • Twitter: @oneraindrop • Email: [email protected]
“Everything we think of as a computer today is really just a device that connects to the big computer that we are all collec;vely building”