Federation Standards

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> We've talked about the difference between
00:00
single sign-on and federation.
00:00
Federation really ensures mutual authentication
00:00
amongst or between organizations.
00:00
But now we're going to go
00:00
into specific federation standards
00:00
that you'll see commonly in Cloud environments.
00:00
In this lesson, we want to talk about
00:00
the use of federated identity management.
00:00
We want to talk about common
00:00
federation standards and then also go into
00:00
some of the use cases where each
00:00
of the standards would commonly appear.
00:00
First and foremost, security assertion markup language,
00:00
often referred to as SAML,
00:00
is probably one of the most
00:00
ubiquitous federation standards
00:00
>> you'll see in the Cloud.
00:00
>> SAML is based on extensible markup language,
00:00
referred to as XML.
00:00
The most recent version of it is Version 2.0.
00:00
What SAML allows is it allows for verification
00:00
or validation of authorization between organizations.
00:00
The main benefit of this is that
00:00
a user may exist in organization A,
00:00
but organization B when using SAML to authenticate
00:00
that user doesn't have to create
00:00
a unique identity within
00:00
their organization for that user.
00:00
SAML creates that web of trust between the two that
00:00
facilities the verification and
00:00
validation of the user's authorization.
00:00
Then there's WS-Federation.
00:00
This one is unique in that we talk about mutual trust.
00:00
They are referred to this as a realms within
00:00
the standard refers to the trust amongst organizations.
00:00
Then there's OAuth.
00:00
OAuth is when you really see
00:00
in a lot of mobile applications.
00:00
OAuth is often used to grab
00:00
third party tools limited
00:00
access to services such as HTTP.
00:00
Then there's OpenID Connect.
00:00
This is used by developers to authenticate a user
00:00
across the various applications and websites.
00:00
We really like to think of these that the
00:00
first two are really between organizations.
00:00
OAuth is often used in the context of
00:00
mobile and OpenID Connect is
00:00
very often used within
00:00
applications and inter website communication.
00:00
Quiz question. What's the following
00:00
>> federation standards
00:00
>> is XML based?
00:00
Is it OAuth? Is it SAML?
00:00
Or is it OpenID Connect?
00:00
If you said SAML, that's correct.
00:00
SAML uses the extensible markup language, XML,
00:00
to communicate user validation of
00:00
user credentials or
00:00
authorization across various organizations.
00:00
In summary, we extended
00:00
our discussion of federated identity management,
00:00
which helps in the identity
00:00
and access management facilitate
00:00
extended across organizations or
00:00
amongst a number of trusted organizations.
00:00
We talked about the common federation standards,
00:00
SAML, WS-Federation, OAuth, and OpenID Connect.
00:00
We talked about the use cases for each of these,
00:00
such as mobile devices or websites.
00:00
Now we've extended our knowledge of
00:00
what federation is to different technologies that are
00:00
used to enable federation in Cloud applications.
00:00
I'll see you in the next lesson.
Up Next