1 / 7

Gluu CEO Mike Schwartz to host SXSW session on digital auth

Gluu CEO Mike Schwartz will host an hour-long session at SXSW Interactive to discuss the modern renaissance taking place in the world of digital authentication.

gluu
Download Presentation

Gluu CEO Mike Schwartz to host SXSW session on digital auth

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Gluu CEO Mike Schwartz will host an hour-long session at SXSW Interactive to discuss the modern renaissance taking place in the world of digital authentication. The session, titled “Who Are You? From Meat to Electrons and Back Again,” will cover the latest and greatest ways that websites and mobile application are identifying people. “It’s an age old problem: How do you prove your identity?” said Schwartz. “Most commonly on the Internet, it’s username and password. But 80% of the Internet’s security breaches have been traced to bad passwords, and until recently, anything better meant expensive hardware tokens, or complex digital certificates. Luckily, authentication is experiencing a renaissance.” New technologies are making it easier, more secure, and even less expensive to authenticate a person. As the figurative ‘front door’ to network services, multi-factor authentication has become an increasingly important digital security practice to defend against unauthorized access, frauds, border intrusion, and more. Gluu CEO Mike Schwartz to host SXSW session on digital authentication

  2. “The multi-factor authentication market is expected to exceed $5 billion within 3 years, and the use of strong authentication is now becoming commonplace even for consumer services like Google and Yahoo,” said Schwartz. “In order for Internet security to improve in a significant way, the use of strong authentication will need to become ubiquitous among both people and websites and applications.” In addition to discussing new methods of digital authentication and the rapid changes taking place online, Schwartz will look to answer and address the following questions in his session: How hard is it for my website to implement strong authentication? How hard is it for people to use it? How much does it cost? Is there any open source or free strong authentication mechanisms?

  3. What is the difference between two-factor and two-step authentication? How can a two-step authentication help my website improve security? Session Details: Title: Who Are You? From Meat to Electrons and Back Again Date: March 10, 2014 Time: 5:00-6:00pm Central Standard Time Where: Sheraton Austin Hotel at the Capital Link: http://www.gluu.co/who-are-you About Gluu: Gluu provides build, operate, and transfer services to organizations that want to deploy the Gluu Server stack for single sign-on, strong authentication, and web access management. A subscription to Gluu Server Operate, Gluu’s flagship service, enables an organization to quickly deploy and more easily operate one or more Gluu Server instances for their Internet domain, on the IAAS platform of their choice, to enable centralized authentication and access management using open standards such as SAML and OAuth2.

  4. “OpenID Connect Scopes” enable the federation to group the user claims. If a federation has defined custom user claims, they may also need to define OpenID Connect scopes to include these additional claims. Client Claim Schema Sometimes policy can be driven by attributes of the website. For example, if certain websites are classified as “research,” the IDP may have a different default attribute release policy. UMA Scopes UMA scopes are typically URLs that identify federation standards for policy evaluation. For example, the federation could define a scope “http://myFederation.org/uma/scopes/finance” (“Finance Scope”) In this way Relying Parties could submit a standard query to any authorization server to find out if that person has that permission. The policies behind this permission may vary from Participant to Participant. Participant A might specify that someone is authorized for the Finance Scope if they are in a certain Active Directory Group. Participant B may set the policy for Finance Scope based on network address and time of day. The benefit of the federation standard scope is that applications can make the same request to different authorization servers, requiring less one-off security solutions.

  5. SAML Proxy A SAML proxy can make it easier for a federation to roll out new websites to its IDP participants. In meshed federations, the IDP must explicitly trust the SP and release attributes. If you have thousands of IDPs in your network, it becomes hard to rollout new websites… as each IDP would have to update their configuration to add SSO. Sometimes this is desirable… especially if there is little trust in the federation to manage content. However, if the federation is trusted, using a proxy to connect to certain websites can enable people to access new content without their home identity provider having to do any incremental work. Rules Charter This document provides the governance for the federation including the policies, rules, and financial arrangements. Participation Agreement This document is signed by the identity providers and relying parties. In some cases, an organization may be both..

  6. It also details the policies and procedures. Furthermore the Participation agreement defines the level of assurance of the authentication provided by identity providers, and the level of protection for personal data afforded by the relying parties. It can also be a good place to provide guidelines for security incident handling, threat data sharing, and other inter-domain security processes. User Banner – Consent Somewhere the person using the federated credentials has to agree to the rules. The best place to do this is at authentication time, so the person knows what he is getting into when he uses the federated credentials to access websites and mobile applications. Steering Committee Like any collaborative organization, you need to find the people who can help drive adoption in their respective communities. The steering committee should help with the formation of the Charter, provide feedback on the agreements, lead the integrations of the federation in their home organizations, and have a desire to evangelize the benefits of cooperation to industry peers.

  7. Communication Plan This is “marketing” for the federation. The federation may want to produce white papers, webinars, case studies, posters, conferences, regional training sessions, newsletters and other activities to get the word out about the federation. The communication plan should be a long term plan to both keep participants up-to-date, and to recruit new participants from the ecosystem. It sounds like a long to-do list, but like any journey, the hardest part is the first step. If you want some help along the way, you may want to schedule a meeting with Gluu. We are helping to catalyze several federations around the globe. Article Resource:-http://thegluuserver.blogspot.in/2014/01/go-west-young-federation.html

More Related