Gluu Federation Registry Service

1
  Gluu Federation Registry Service
There has been a hoopla about what to expect out
of the Gluu Federation Registry Service heres
what you get from the Gluu Federation Registry
Service   Support for the design of a
multi-party federation that enables autonomous
domains to use SAML or OAuth2 for authentication
and authorization   Creation of a Sample
Participation Agreementwill require review and
modification by the federation host.   Creation
of initial schema for attributes, authentication,
and authorization   Deployment of the Federation
Registry application on an IAAS server or a Gluu
Server
2
Customization of the registration process to
automate the on-boarding of new application and
identity providers into the network   Functional
testing of the Federation Registry software for
identity provider and application
enrollment   Development of a operations guide
for Registry Administrators   Training for
Registry Administrators who will take over the
responsibility of vetting and approving new
identity providers and applications into the
network.   Annual subscription to support and
Monitoring of the Federation Registry
instance.     Article Resource
http//thegluuserver.blogspot.in/2013/10/gluu-fede
ration-registry-service.html
3
Think about the front door   Businesses are
advised to invest in the part of their facility
that the customer sees. With access management
systems, this is the login experience, and the
authorization experience. Frequently I remind
Gluu customers to consider the authentication
triangle, the vertices are (1) security, (2)
price and (3) usability. Each authentication
mechanism has its own unique triangle. Much
attention lately has been focused on security.
But many of the advancements have been to enable
stronger security, while at the same time
improving usability. The best kind of
authentication is the one you never see! Consumer
IDPs are looking at many contextual indicators to
figure out if an interactive authentication is
needed. Organizations should follow suit.   Try
your best, but be flexible.   If a certain
application cant use OAuth2, its ok to fallback.
There might be an old version of IIS you need to
support. Or the SaaS provider just supports SAML
its ok! Dont worry. You want to guide
applications to use open standards. SAML or even
SiteMinder is a lot better than for the website
to store credentials for the person.   Is
SiteMinder Dead   Granted SiteMinder is Dead
is sensationalist. Old SSO protocols hang around
until you disconnect the last site. That can be
some time, which is why we want the standards to
be well tested. Thats why the title of the
previous blog said Decline, not Dead. If you
have a sizable organization, and are looking at a
green field, are you installing a commercial IAM
Suite, an IDaaS, or open source? The last two
didnt even exist until a few years ago. No
matter how you slice it, monolithic IAM Suites
like CA SiteMinder are going to get a smaller
percentage of the market, and reducing prices to
get a small number of new customers might not be
offset by revenue loss from existing customers.
In rapidly growing markets, the price goes down,
the total size of the market increases, and the
initial suppliers are challenged to make a very
difficult pivot.
4
In any case, at Gluu, we think there is a bigger
opportunity to provide service to the market that
doesnt yet have a SiteMinder, than disrupting
current monolithic IAM customers. Most current
solutions are hub and spoke usually a big IDP
and lots of internal websites, some external SaaS
services, and partner sites. How many inbound
SAML connections does your average organization
support? The answer is frequently not many. Big
companies can afford commercial Access Management
/ Federation software, but their partners usually
cannot. Net-net, this means the cost of
extranet user management is either too high or
even worse, its insecure. Organizations want open
source because there is a benefit if their
partners can cost effectively upgrade their
IAM. You can substitute SiteMinder with the IAM
product of your choice, for example Oracle Access
Manager (OAM), RSA Cleartrust, or IBM Tivoli
Access Manager (TAM). Although some IAM products
also use HTTP reverse proxies, the idea is
generally the same align with the old until you
migrate existing apps. Notice in this diagram,
there are two OAuth2 Authorization Servers.
OAuth2 enables federated authorization sometimes
many parent organizations make different
policies, and application developers need to
ensure all the policies are considered. Article
Source - http//www.gluu.org/blog/how-to-move-away
-from-ca-siteminder-to-open-source-authn-authz/