Hold Security have announced that the CyberVor gang (dubbed by Hold Security with “vor” meaning “thief” in Russian) has amassed over 4.5 billion records, mostly consisting of stolen credentials. 1.2 billion of these credentials appear to be unique, belonging to over half a billion e-mail addresses. To get such an impressive number of credentials, the CyberVors robbed… Continue reading 4.5 billion CyberVor records and Trusted Identity Federation
Category: Identity Management
Considering Various Active Directory and Oracle Identity Manager Integration Options
There are a number of different ways of integrating different versions of Microsoft's Active Directory (including ADFS & FIM) with different versions of Oracle's Identity Management suite. Unfortunately for the implementer there is very little published architecture best practice covering identity migration / integration. This is surprising because of both vendors' large market share and the annual… Continue reading Considering Various Active Directory and Oracle Identity Manager Integration Options
Why the Future of Identity is OpenID Connect and not SAML
This blog is part of a series comparing the implementation of identity management patterns in SAML and OpenID Connect: Identity Broker Service in OpenID Connect Identity Broker Service in SAML OpenID Connect AuthN & AuthZ Comparison of OpenID Connect with OAuth2.0 & SAML2.0 Cross Domain Identity Patterns: Chained Federation & Service Broker Future of Identity Federation is OpenID Connect Identity… Continue reading Why the Future of Identity is OpenID Connect and not SAML
Identity Broker Service in OpenID Connect: Supporting Multiple Identity Providers & Service Providers
This blog is part of a series comparing the implementation of identity management patterns in SAML and OpenID Connect: Identity Broker Service in SAML OpenID Connect AuthN & AuthZ Cross Domain Identity Patterns: Chained Federation & Service Broker Identity Broker Service in OpenID Connect In an earlier blog post (Identity Broker Service in SAML) described how to support connections between… Continue reading Identity Broker Service in OpenID Connect: Supporting Multiple Identity Providers & Service Providers
Identity Broker Service in SAML: Supporting Multiple Identity Providers & Service Providers
This blog is part of a series comparing the implementation of identity management patterns in SAML and OpenID Connect: OpenID Connect AuthN & AuthZ Cross Domain Identity Patterns: Chained Federation & Service Broker Identity Broker Service in SAML A federated organisation may have multiple distinct services (service providers) where each service is protected under a distinct trust domain. The… Continue reading Identity Broker Service in SAML: Supporting Multiple Identity Providers & Service Providers
OpenID Connect Simple Sequence Diagram
The OpenID Connect protocol, in abstract, follows the following steps. The RP (Client) sends a request to the OpenID Provider (OP). The OP authenticates the End-User and obtains authorization. The OP responds with an ID Token and usually an Access Token. The RP can send a request with the Access Token to the UserInfo Endpoint.… Continue reading OpenID Connect Simple Sequence Diagram
Comparison of OpenID Connect with OAuth2.0 & SAML2.0
The following is a high level feature comparison between OpenID Connect 1.0, OAuth 2.0 & SAML 2.0 OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to… Continue reading Comparison of OpenID Connect with OAuth2.0 & SAML2.0
NASCAR problem in authorisation server selection
An aim of OpenID Connect is to solve the problem of death by a thousand passwords by allowing the user to select their identity provider including ones that the relying party has never heard of through Dynamic Registration. A problem of allowing the user to select their identity provider is that the authentication challenge page needs… Continue reading NASCAR problem in authorisation server selection
An Identity Management System in TOGAF: How to Fit IdM to ADM?
The TOGAF Architecture Development Method (ADM) is designed to be sufficiently generic to cover all types of IT programmes. This generalism means that the ADM method can support both organisation and governmental identity management projects. This blog post, as part of a series on identity management in TOGAF, shall cover the best fit of the… Continue reading An Identity Management System in TOGAF: How to Fit IdM to ADM?
An Identity Management System in TOGAF: stakeholders, concerns, views & viewpoints
This article is how I would deliver an Identity Management architecture and implementation in accordance with the Open Group's TOGAF architecture development method. This post is based on my personal experience as a digital enterprise architect and as a solution architect implementing indenting management, master data management and security systems. I intend this to be… Continue reading An Identity Management System in TOGAF: stakeholders, concerns, views & viewpoints
API Crazy 