untitled

Similar documents
PowerPoint プレゼンテーション

Windows Oracle -Web - Copyright Oracle Corporation Japan, All rights reserved.

All Rights Reserved, Copyright FUJITSU LIMITED All Rights Reserved, Copyright FUJITSU LIMITED

BIG‑IP Access Policy Manager | F5 Datasheet

FirePass Edge Client TM Edge Client LAN Edge Client 7.0 Edge Client Edge Client Edge Client Edge Client Edge Client Edge Client LAN Edge Client VPN Wi

Oracle Identity Managementの概要およびアーキテクチャ

SAML

Encryption Security

FileMaker Server Getting Started Guide

"CAS を利用した Single Sign On 環境の構築"

Web Web ( (SOAP (SOAP/http (WSDL UDDI 1. 2.XML 3. (XDoS http, https SOAP XML Web/App ( App

Oracle Secure Enterprise Search 10gを使用したセキュアな検索

Oracle Service-Oriented Architecture Suite

DS_BIG-IP LTM VE_jp.indd

CA Federation ご紹介資料

スライド 1

"CAS を利用した Single Sign On 環境の構築"

1 Microsoft Windows Server 2012 Windows Server Windows Azure Hyper-V Windows Server 2012 Datacenter/Standard Hyper-V Windows Server Windo

Oracle Application Server 10g Release 3(10.1.3)Oracle HTTP Serverの概要

Office365 1, 2, 3, 3, 3 1, 2, 3 {ueda.hiroshi.4n, komura.takaaki.3v, ishii.yoshikazu.3e, tonomura.koichiro.8c,

組織変更ライブラリ

PowerPoint プレゼンテーション

アジェンダ 1. はじめに 2. TRMにおける認証基盤 3. 統合ディレクトリとしてのActive Directory 4. ディレクトリ連携としてのForefront Identity Manager

XMLを基盤とするビジネスプロトコルの動向

...5 VMware Workspace ONE Workspace ONE...14 Workspace ONE AirWatch VMware Identity Mana

FileMaker Server Getting Started Guide

CAS Yale Open Source software Authentication Authorization (nu-cas) Backend Database Authentication Authorization Powered by A

FileMaker Server 9 Getting Started Guide

<Insert Picture Here> Oracle Business Intelligence 2006/6/27

Cisco WebEx ホワイトペーパー: リアルタイムコラボレーションのパワーを解き放つ: Cisco WebEx ソリューションのセキュリティ概要

3 4 iphone BIG-IP 5 F5 BIG-IP Edge

Shibboleth Office365 Education , Office365, 8 26 Office365 Shibboleth., Shibboleth, Office365,. 1.,,,,., LMS.,,, ICT,, Google App

Cisco® ASA シリーズルーター向けDigiCert® 統合ガイド

Zurich, CH Brussels, BE Wrocław, PO Toronto, CA Ottawa, CA Herzliya, IL Almaden, US Boulder, US Detroit, US TJ Watson, US Tokyo, JP Tokyo, JP Atlanta,

IT Office 365 Microsoft Office 365 IT Office 365 IT Microsoft Office 365 IT WiPro WiPro Technologies Microsoft SharePoint 2IT Office 365 TechTarget

J2EEとMicrosoft.NETの比較

FileMaker Server Getting Started Guide

Oracle Web Conferencing Oracle Collaboration Suite 2 (9.0.4) Creation Date: May 14, 2003 Last Update: Jan 21, 2005 Version: 1.21

Office365 Education,, Google Apps Microsoft Education Office365 Education. 1 LMS ICT Google Apps for Ed

Juniper Networks Corporate PowerPoint Template

Oracle Policy Automation 10.0システム要件

TravelXMLを利用した Webサービス実証実験デモ

FileMaker Server 16 インストールおよび構成ガイド

82801pdf.pqxp

FileMaker Server 15 入門ガイド

untitled

Plan of Talk CAS CAS 2 CAS Single Sign On CAS CAS 2 CAS Aug. 19, 2005 NII p. 2/32

untitled

_02-5.ppt

wp_integrating_active_directory_ml

shio_ PDF

Part 1 IT CPU IT IT 1998 Windows NT Server 4.0, Terminal Server Edition 1 Windows Based Terminal WBT Windows CE 1 100Mbps 1Gbps LAN OS 1 PC 1 OS 2

HotFixInfo_ xls

RSA Access Manager

Microsoft Azure Microsoft Corporation Global Blackbelt Sales Japan OSS TSP Rio Fujita

2

WS_EOS_user_Web

DATA SHEET Optimization BIG-IP Local Traffic Manager TM BIG-IP Local Traffic Manager ( BIG-IP LTM) BIG-IP LTM WAN LAN BIG-IP LTM F5 TMOS Apri

学認とOffice 365 の 認証連携

<Documents Title Here>

Dell Global Infrastructure Consulting Services Unified Communications Solution July 2010

Transcription:

WS-Federation Federation PKI shosuz@microsoft.com Agenda WS-Federation Federation Active Directory ADFS) CWID2005 CWID2005-

Windows Windows Kerberos 5/LDAP X.509/Smartcard/PKI VPN/802.1x/RADIUS SSPI/SPNEGO Passport/ / (Web) Exchange Web Windows Windows Windows Server System 390/AS400 (Host Integration Server) ERP (BizTalk, SharePoint ESSO) Third-Party Windows IIS Web Unix/J2EE (Services for Unix, LDAP) Windows

, () M&A / / PKI PKI ID PKI PKI PKI PKI Factor Authentication PKI /

ID ID Internet ( ) 1 ID & Web ID ID ID

ID & Web ID Web WS-Federation Federation

WS-Federation Cross-organization, organization, multi-vendor interoperability BEA, IBM, Microsoft, RSA, VeriSign Web (Browser) Web - https (Smart) SOAP Web - SOAP ADFS v1 ADFS v2 HTTP SOAP HTTP SOAP ADFS ID A : () () () () B

ADFSv1 in W2K03 R2 (Passive) (Passive) WS-Federation Federation WS-Trust HTTP HTTP HTTPS HTTPS proof of possession () : Requesting Browser Requestor s STS GET to resource app Target Resource Target s STS 302 Redirect to target s STS Detect home realm 302 Redirect to requestor s STS Login POST to return identity token POST to return resource token 200 Response from resource app

ADFS ADFS SOAP/XML (Active) WS-Federation Federation WS-Trust SOAP SOAP proof of possession : WS-Policy Requesting Service Requestor s STS Target Service Target s STS Acquire policy Request token Return token Acquire policy Request token Return token Send secured request Return secured response

Active Directory Web PKI WS WS-Federation PKI) WS-Federation SSL) : Active Directory SAML Federation Trust : ( ) : ( ) SAML Web

Web Web WS-* * Web Web Active Directory ID Windows Communication Foundation (WCF Indigo ) Composable Web Web InfoCards Windows ID ID ID InfoCards WS-* WCF Active Directory IT Active Directory (ADFS) (Windows Server 2003 R2 ) ( Beta 2 )

Active Directory / / / Web (WS-*) Web ADFS Active Directory (2K 2K3 2K3 ADAM) (FS) STS (security token service) FS (FS-P) UI Web SSO HTTPS LPC/Web NT & ACL ASP.NET IsInRole() RBAC ASP.NET API Windows /LDAP

ADFS Windows 2000 Server or Windows Server 2003 Active Directory or ADAM ( ) ( ) DMZ DMZ SSL Web ADFS Web (FS) ASP.NET v2 Windows Server 2003 R2 IIS v6 FS / () (STS) Kerberos LDAP Active Directory or ADAM LDAP AD/ADAM Security Assertion Markup Language (SAML) SAML FS FS-P SSO FS FS-P ID/ ID/ LDAP

(FS-P) ASP.NET v2 Windows Server 2003 R2 IIS v6 FS 1 FS Web POST SSO UI Windows SSL SSO FS ADFS Web SSO Windows Server 2003 R2 IIS v6 IIS 2 ADFS Web Agent ISAPI Extensions ADFS Web Agent Authentication Service ISAPI (Windows Server 2003 R2 IISv6 ) URL GET Web SSO Windows NT (AD ) Web ASP.NET GenericPrincipal IsInRole() () ADFS Web SSO

ADFS SIDs Active Directory STS STS A-Corp B-Corp 1. A-Corp B-Corp 2. A-Corp Corp STS Active Directory A-Corp Corp STS Windows 3. A-Corp STS SAML B-Corp STS 4. B-Corp STS SAML B-Corp Corp ADFS API () System.Web.Security.SingleSignOn.Identity.Identity System.Web.Security.SingleSignOn.Authorization ASP.NET GenericPrincipal IsInRole IsInRole() (AzMan) AzMan AzMan API

ADFS ID Web AD ADAM ADAM IIS = Web ASP.NET (NT ) Windows (VPN ) ADFS / (HTTP 443) SSL/TLS / WS-Federation

(1) ~ B2B ~ ( ) ASP,, Active Directory ( ) B DMZ Web A (2) ~ B2E SSO ~ VPN Active Directory Active Directory A Web DMZ

(3) ~ B2C & E + BU2BU ~ ( ) Active Directory Active Directory DMZ Web A AD AD (4) ~ ~ SSO Active Directory UPN:hiroshi@act.com UPN UPN hiroshi@act.com WSS on R2 Active Directory A act.com B reso.net WSS: Windows SharePoint Services

(5) ~ ~ A B Active Directory Active Directory A B ADFS (Certificate) (SSL) (SSL) FS-P (SSL) FS (FS ) [Active Directory ] ()

AD (& ) URL UI ADFS Web IIS (Claims s aware application) (Windows NT token application)

SSO Centrify ADFS ADFS Web Web Apache, WebSphere, WebLogic, JBoss, Tomcat. Tomcat. ADFS ADFS : Web SSO ID Web SSO, // // ADFS ADFS: ; ; Active Directory ; : http://www.centrify.com/adfs Web SSO Web IIS Web SSO CWID2005 The Coalition Warrior Interoperability Demonstration (CWID )is a US programme with participation by Australia, Canada, NATO (SHAPE), New Zealand, and a the United Kingdom. Additional participants in 2005 included South Korea and some of the 'partners for peace' nations.

: 2003 11 11 19 http://www.defenselink.mil/news/nov2003/n11192003_200311198.html : 2004 1 http://www.teamultimedia.com/catalog/pb.html#pb www.teamultimedia.com/catalog/pb.html#pb-orderorder

IED 4 ID : SIPRNET CWID C41SR command, control, communications, computers, intelligence, surveillance, and reconnaissance

ISR 2 3 1 1 E ACP133 P772 P772 Microsoft Office SharePoint Portal Server 2003

Active Directory IT C2 C2JWID Microsoft Office Live Communications Server 2003 LCS LCS Windows SharePoint Services. 2 CWID 2005 Active Directory Federated Services ADFS ADFS

JWID 2004 2 NATO NATO FBI HLS HLS FEMA PSEPC / / MACA Active Directory Federation Services VoIP VoIP & Office 2003 Sharepoint SharepointMeridio K2.NET Windows Microsoft Exchange Server 2003 - DMS ACP133 & P772 - ACP145 Gateway

CWID Active Directory PKI : Trans Atlantic Secure Gateway Initiative http://www.tscp.org www.tscp.org/

Canada UK Collaboration Active Directory Data ca Federation Server Federation Server ca Collaboration Active Directory Data US ca CA PKI AUS Collaboration Active Directory Federation Server Federation Server Collaboration Active Directory Data ca Data : Canada UK 2. Collaboration AD US Active Directory Federation Server 3. Data 6. SAML Federation Server Collaboration 7. doc Data AUS Active Directory Collaboration Active Directory Data 4. Active Directory Federation Server 5. SAML () Federation Server Collaboration Active Directory Data 1.

Canada Collaboration Active Directory Data Federation Server ca UK Federation Server Collaboration ca NZ Active Directory Data US Collaboration Active Directory Data ca Federation Server Federation Server Collaboration ca AUS Federation Server Collaboration ca Active Directory Data Active Directory Data Microsoft Live Communications Server 2005 15k 100k Microsoft SQL Server Active Directory / VoIP CNN

Parlano SharePoint OODA Observe, Orient, Decide & Act : Web Web DCTS Defense Collaboration Tool Set:

Key Takeaways Active Directory ID Windows ID Web Web

2026 © docsplayer.net プライバシー | 利用規約 | フィードバック