By Prabath Siriwardena, WSO2

Size: px
Start display at page:

Download "By Prabath Siriwardena, WSO2"

Transcription

1 By Prabath Siriwardena, WSO2

2 Why OpenID???

3 Too many passwords

4 Duplicated profiles everywhere

5 Oops..!!! My favorite user name GONE!!!

6 Why OpenID???

7 OpenID solves them all!!!

8 Single user name/password

9 Single user profile

10 Claim your URL as your user name

11 What is OpenID???

12 OpenID is a URL or an XRI

13

14

15 =prabath

16 Who gives me an OpenID???

17 OpenID Providers [OP] issue OpenIDs and maintain user profiles

18

19

20

21 Who accepts my OpenID???

22 Any web site can accept OpenIDs for sign in

23 13,196 unique web sites seen by myopenid.com to accept OpenID, by May 2008

24

25

26

27 With OpenID we simply maintain a single user name/password pair..

28

29

30

31

32

33

34

35 With OpenID we authenticate once at the OP and sign in to rest of the OpenID relying party web sites.

36 That is Single Sign On

37 OpenID facilitates decentralized single sign on

38 What is decentralized???

39 NOT - centralized

40 No central server or authority

41 Remember Microsoft Passport : That is centralized there is a central server

42 With OpenID any body can be an OpenID Provider

43 Once again What is OpenID???

44 OpenID is a URL or an XRI which facilitates decentralized single sign on

45 I enter my OpenID at the RP how come the RP knows who is my OpenID Provider???

46 The process of getting to know about the corresponding OpenID Provider from a given OpenID is known as Discovery.

47 Just type your OpenID on the browser

48

49 BUT that is not what we wanted just view source

50 <link rel="openid.server" href=" /> <link rel="openid2.provider" href=" />

51 Why there are two tags pointing to the same OpenID Provider URL???

52 openid.server OpenID 1.1 openid2.provider OpenID 2.0

53 This form of discovery is know as HTML Based Discovery

54 What is HTML Based Discovery???

55 Under HTML-Based discovery, an HTML document MUST be available at the URL of the Claimed Identifier and RP retrieves the document with an HTTP GET

56 Within the HEAD element of the document a LINK element MUST be included with attributes "rel" set to "openid2.provider" and "href" set to an OP Endpoint URL

57 That is what we noticed earlier.

58 Any other forms of Discovery other than HTML- Based???

59 XRDS-Based discovery [will be covered later ]

60 My OpenID is BUT I do NOT own that URL it s under the control of myopenid not mine

61 This type of Identifiers are known as OP-Local Identifiers

62 What is an OP-Local Identifier???

63 An alternate Identifier for an end user that is local to a particular OP and thus not necessarily under the end user's control.

64 Can I use my own URL as my OpenID???

65 Of course you can and that is known as the Claimed Identifier

66 What is a Claimed Identifier???

67 An Identifier that the end user claims to own

68 I own a URL but I am not an OpenID Provider can I still use my URL as my OpenID???

69 YES you can

70 Say, the URL I own or my claimed identifier is

71 I also have an account with myopenid and my OP Local identifier is

72 I can use my claimed identifier as my OpenID by delegating the OpenID Provider functionality to myopenid

73 <link href=' rel='openid2.provider openid.server'/> <link href='" rel='openid2.local_id openid.delegate'/>

74 With this approach we never limited to a single OpenID Provider.

75 If we lost faith on the OpenID Provider we can move to another but, still keeping the original OpenID

76 I have maintain a single user name/password pair for all my relying party web sites will OpenID make a difference for me???

77 Of course in two ways.

78 Even you have the same user name/password for all the relying party web sites still you need to maintain your profile data in different places.

79 Also, what if you lose your password? You will lose access to all your relying party web sites.

80 But, isn t it the case under OpenID as well. If you lose your password to the OpenID Provider you lose access to all relying party web sites depend on the OpenID.

81 No it s not.

82 With OpenID if it is a claimed identifier - you never lose your password.

83 I own a URL and I use it as my OpenID Claimed Identifier. What if I could not renew my domain name???? Now somebody else owns it..

84 You own an OpenID until you can claim the ownership of the URL behind it

85 You lose the ownership of the URL you lose your OpenID as well

86 BUT

87 XRI based OpenIDs solve this issue

88 You never lose the ownership of the i- number behind an XRI so, you never lose your XRI based OpenID

89 What is an XRI??? What is an i-number???

90 extensible Resource Identifier

91 A Global Unique Identifier [just as Domain Names]

92 URL, Phone Number, are concrete identifiers

93 XRI is an abstract identifier

94 Concrete identifiers represent actual resources in a network

95 Abstract identifiers are used to find concrete identifiers

96 XRI is an abstract identifier which can be mapped to concrete identifiers [e.g.: URL, ]

97 XRI syntax defines two forms of XRIs

98 i-names and i-numbers

99 i-names are human-friendly identifiers

100 =prabath

101 i-numbers are typically machinefriendly identifiers

102 =!BFC9.75B7.9B2.11C4

103 i-names, are intended to be reassignable identifiers just like domain names

104 i-numbers are intended to be persistent

105 If your OpenID is your i-number you never lose it

106 How an OpenID RP discovers an XRI based OpenID???

107 XRDS based discovery [which we did not cover earlier]

108 HTML based discovery returns an HTML page [discussed earlier]

109 XRDS based discovery returns an XRDS document

110 extensible Resource Descriptor Sequence

111 <?xml version="1.0" encoding="utf-8"?> <xrds:xrds xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0) xmlns:openid=" <XRD ref="xri://=example"> <!-- service section --> <!-- XRI resolution service --> <Service> </Service> <!-- OpenID 2.0 login service --> <Service priority="10"> </Service> <!-- OpenID 1.1 login service --> <Service priority="20"> </Service> </XRD>

112 XRDS based discovery NOT just for XRI based OpenIDs

113 XRDS based discovery can also be used for URL based OpenID discovery

114 If an URL XRDS based discovery will use Yadis protocol for discovery

115 If an XRI XRDS based discovery will use XRI resolution

116 A given XRDS document can define multiple services

117 <!-- XRI resolution service --> <Service> <ProviderID>xri://=! F83.62B1.44F.2813</ProviderID> <Type>xri://$res*auth*($v*2.0)</Type> <MediaType>application/xrds+xml</MediaType > <URI priority= 10 > > <URI priority= 15 > >

118 <!-- OpenID 2.0 login service --> <Service priority="10"> <Type> on</type> <URI> server</uri> <LocalID> ocalid> </Service>

119 <!-- OpenID 1.0 login service --> <Service priority="20"> <Type> <URI> ml</uri> <openid:delegate> </openid:delegate> </Service>

120 What attributes can my RP get from the OpenID Provider???

121 Under OpenID; attribute flow is defined under two main extensions

122 OpenID Simple Attribute Registration [SReg]

123 OpenID Attribute Exchange [Ax]

124 OpenID Simple Registration allows for very light-weight profile exchange

125 It is designed to pass nine commonly requested pieces of information when an End User goes to register a new account with a web service

126 RP can request the required/optional attributes from the OP with the Authentication request

127 nickname, , fullname, dob, gender, postcode, country, language, timezone

128 OpenID Attribute Exchange is for exchanging identity information between endpoints

129 Not limited for a predefined set of attributes

130 With AX : not just fetch attributes from the OP but also can store attributes at the OP

131 Ax defines messages for retrieval [fetch] and storage [store] of identity information

132 fetch : retrieves attribute information from an OpenID Provider

133 store : saves or updates attribute information on the OpenID Provider

134 Both messages are originated from the RP as an indirect message

135 Under Ax each attribute is identified by an URI

136 There are two popular schemas which define subject identifiers to attributes

137 &

138 Under the attribute is identified as mail

139 Under the attribute is identified as

140 myopenid.com supports

141 RP can request the required/optional attributes from the OP with the Authentication request

142 [Demo]: Attribute flow with WSO2 OpenID Demo RP

143 Why Yahoo does NOT trust my RP while all the other OpenID Providers???

144 This web site has not confirmed it s identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you certain it is legitimate.

145 Yahoo supports OpenID 2 and it does OpenID Relying Party Discovery

146 With OpenID RP Discovery, RPs should publish their valid return_to URLs in an XRDS document.

147 To get rid of Yahoo! warning the RP needs to publish this XRDS at the return_to URL.

148 RP discovery also allows any software agent to discover sites that support OpenID

149 Am I correct to say that OpenID is a phishing heaven???

150 Not really!!!

151 OpenID does NOT address the problem of phishing

152 To the same extent any of the web sites are exposed to phishing OpenID too exposed to phishing.

153 There are many approaches taken individually by OpenID Providers to protect their users against phishing.

154 Yahoo Sign In Seal

155

156 SeatBelt plugin for Firefox

157

158

159 Information Card based login

160

161

162 Login to OpenID Provider with a bookmark

163

164 Can OpenID RPs request OpenID Providers to authenticate users in a phishing resistant manner???

165 YES they can

166 OpenID Provider Authentication Policy Extension [PAPE]

167 [Demo]: PAPE demo with WSO2 OpenID Demo RP

168 How strong OpenID against Man-inthe-Middle attacks???

169 This requires explaining what OpenID Association is

170 A given OpenID relying party can be either Dumb or Smart

171 Smart relying parties maintain a shared secret key with the OpenID Provider while Dumb relying parties maintain no state

172 We talk about OpenID Associations only for Smart RPs

173 OpenID Association takes place just after Discovery and establishes Shared Secret Key between OpenID Relying Party and the OpenID Provider

174 OpenID uses Diffie-Hellman keyexchange to establish the shared secret

175 Diffie-Hellman key-exchange allows two parties to jointly establish a shared secret key over an insecure communications channel

176 Shared Secret Key is used to sign subsequent messages exchanged in between OpenID Relying Party and the OpenID Provider

177 OpenID Association is a direct communication between OpenID Provider and the RP

178 Under OpenID, HTTP POST is used for all Direct Communications

179 Still we have NOT answered the original question

180 How strong OpenID against Man-inthe-Middle attacks???

181 Associations prevent tampering of signed fields by a man in the middle except during discovery, association sessions

182 BUT if DNS resolution or the transport layer is compromised; signatures on messages are not adequate

183 How do we handle Man-in-the-Middle attacks for discovery and association sessions???

184 One solution is to build a white-list of OpenID Providers and maintain their public key certificates at the RP end

185 RP performs an XRDS-based discovery and OP returns a digitally signed XRDS document

186 RP verifies the signature

187 ALSO

188 During an Association OP can sign the field assoc_handle by it s private key and RP verifies it once received

189 How good OpenID at handling DoS attacks???

190 Within the protocol there are places where a rogue RP could launch a denial of service attack against an OP

191 This can be done by the RP repeatedly requesting associations, authentication, or verification of a signature

192 There is nothing in OpenID protocol messages that allows the OP to quickly check that it is a genuine request

193 White-listing RPs is not a good solution

194 OpenID Providers can easily use generic IP based rate-limiting and banning techniques to help combat these sorts of attacks and black list RPs

195 It s hard to remember a whole URL as an OpenID???

196 [ Source : l ]

197

198

199 Finally.

200 The complete OpenID Protocol flow

201 The end user initiates authentication (Initiation) by presenting a User- Supplied Identifier to the Relying Party via their User-Agent

202 The Relying Party performs discovery (Discovery) on the identifier and establishes the OP Endpoint URL that the end user uses for authentication

203 Association request Association response (optional) The Relying Party and the OP establish an association (Establishing Associations)

204 The OP uses an association to sign subsequent messages and the Relying Party to verify those messages

205 The Relying Party redirects the end user's User-Agent to the OP with an OpenID Authentication request (Requesting Authentication)

206 authenticate End user authenticates to the OP

207 The OP redirects the end user's User- Agent back to the Relying Party with either an assertion that authentication is approved (Positive Assertions) or a message that authentication failed (Negative Assertions).

208 The Relying Party verifies (Verifying Assertions) the information received from the OP

209 Useful Links OpenID mailing list : 7. AxShema mail group: 8. Blogs: 9. My blog: 10.WSO2 Identity Solution download page: 11.WSO2 OpenID Demo OP : 12.WSO2 OpenID Demo RP :

210 Next Webinar. On 17 th June Introducing WSO2 ESB 1.7 Now open for registration

211 Questions you! Thank

Implementing OpenID for Your Social Networking Web Site

Implementing OpenID for Your Social Networking Web Site Implementing OpenID for Your Social Networking Web Site By David Keener http://www.keenertech.com Introduction Social networking sites are communities Communities consist of people Getting people to join

More information

OpenID. Mark Heiges Center for Tropical and Emerging Global Diseases

OpenID. Mark Heiges Center for Tropical and Emerging Global Diseases OpenID Mark Heiges Center for Tropical and Emerging Global Diseases mheiges@uga.edu Agenda what is an OpenID how OpenID works demos developer perspeccve the dark side TradiConal Sign Up, Sign On Register

More information

The implications of. Simon Willison Google Tech Talk, 25th June 2007

The implications of. Simon Willison Google Tech Talk, 25th June 2007 The implications of Simon Willison Google Tech Talk, 25th June 2007 Who here has used OpenID? Who uses it regularly? What is OpenID? OpenID is a decentralised mechanism for Single Sign On What problems

More information

RECENT ADVANCES in E-ACTIVITIES, INFORMATION SECURITY and PRIVACY. Hierarchy OpenID

RECENT ADVANCES in E-ACTIVITIES, INFORMATION SECURITY and PRIVACY. Hierarchy OpenID Hierarchy OpenID DONGHWI SHIN, INKYUN JEON, HYUNCHEOL JEONG Security Technology Team Korea Internet and Security Agency IT Venture Tower, Jungdaero 135, Songpa, Seoul Korea shindh@kisa.or.kr, ikjeun@kisa.or.kr,

More information

Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure)

Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure) Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure) Within the Secure Access device, a SiteMinder instance is a set of configuration settings that defines how the Secure Access

More information

How to Integrate CA SiteMinder with the Barracuda Web Application Firewall

How to Integrate CA SiteMinder with the Barracuda Web Application Firewall How to Integrate CA SiteMinder with the Barracuda Web Application Firewall Overview CA/Netegrity SiteMinder provides an infrastructure for centralized and secure policy management of websites. It uniquely

More information

Relying Party User Interface Recommendations

Relying Party User Interface Recommendations 1 OpenID Provider Action Buttons 1 of 6 1.3 OpenID Provider Login Popup You re logging into EXAMPL with your 1.1 Standard Register/Login call to action in navigation 1.2 Login form with button array 1.4

More information

Dell EMC Unisphere 360

Dell EMC Unisphere 360 Dell EMC Unisphere 360 Version 9.0.1 Installation Guide REV 02 Copyright 2014-2018 Dell Inc. or its subsidiaries. All rights reserved. Published October 2018 Dell believes the information in this publication

More information

ELOQUA INTEGRATION GUIDE

ELOQUA INTEGRATION GUIDE ELOQUA INTEGRATION GUIDE VERSION 2.2 APRIL 2016 DOCUMENT PURPOSE This purpose of this document is to guide clients through the process of integrating Eloqua and the WorkCast Platform and to explain the

More information

New Distribution Capability (NDC)

New Distribution Capability (NDC) Together Let s Build Airline Retailing Accountable Document Validated official document (such as any type of an airline ticket, or a Standard Traffic Document (STD) or payment voucher) that has a value

More information

MARKETO INTEGRATION GUIDE

MARKETO INTEGRATION GUIDE MARKETO INTEGRATION GUIDE VERSION 1.2 JANUARY 2016 DOCUMENT PURPOSE This purpose of this document is to guide clients through the process of integrating Marketo and the WorkCast Platform. DOCUMENT CONTROL

More information

OTP SERVER NETEGRITY SITEMINDER 6. Rev 1.0 INTEGRATION MODULE. Copyright, NordicEdge, 2005 O T P S E R V E R I N T E G R A T I O N M O D U L E

OTP SERVER NETEGRITY SITEMINDER 6. Rev 1.0 INTEGRATION MODULE. Copyright, NordicEdge, 2005 O T P S E R V E R I N T E G R A T I O N M O D U L E OTP SERVER INTEGRATION MODULE NETEGRITY SITEMINDER 6 Copyright, NordicEdge, 2005 www.nordicedge.se Copyright, 2005, NordicEdge AB Page 1 of 11 1 Introduction 1.1 OTP Server Overview Nordic Edge OTP Server

More information

Introduction to OpenID Connect. October 23, 2018 Michael B. Jones Identity Standards Architect Microsoft

Introduction to OpenID Connect. October 23, 2018 Michael B. Jones Identity Standards Architect Microsoft Introduction to OpenID Connect October 23, 2018 Michael B. Jones Identity Standards Architect Microsoft Working Together OpenID Connect What is OpenID Connect? Simple identity layer on top of OAuth 2.0

More information

Security Analysis of OpenID

Security Analysis of OpenID Security Analysis of OpenID Pavol Sovis, Florian Kohlar, Joerg Schwenk {vorname.nachname}@rub.de Ruhr-University Bochum Bochum, Germany Abstract: OpenID is a user-centric and decentralized Single Sign-On

More information

Installation Guide. Unisphere Central. Installation. Release number REV 07. October, 2015

Installation Guide. Unisphere Central. Installation. Release number REV 07. October, 2015 Unisphere Central Release number 4.0 Installation 300-013-602 REV 07 October, 2015 Introduction... 2 Environment and system requirements... 2 Network planning...4 Download Unisphere Central...6 Deploy

More information

EMC Unisphere 360 for VMAX

EMC Unisphere 360 for VMAX EMC Unisphere 360 for VMAX Version 8.4.0 Installation Guide REV 01 Copyright 2014-2017 EMC Corporation All rights reserved. Published May 2017 Dell believes the information in this publication is accurate

More information

EMC Unisphere 360 for VMAX

EMC Unisphere 360 for VMAX EMC Unisphere 360 for VMAX Version 8.4.0 Online Help (PDF version) Copyright 2016-2017 EMC Corporation All rights reserved. Published May 2017 Dell believes the information in this publication is accurate

More information

USER GUIDE Cruises Section

USER GUIDE Cruises Section USER GUIDE Cruises Section CONTENTS 1. WELCOME.... CRUISE RESERVATION SYSTEM... 4.1 Quotes and availability searches... 4.1.1 Search Page... 5.1. Search Results Page and Cruise Selection... 6.1. Modifying

More information

myldtravel USER GUIDE

myldtravel USER GUIDE myldtravel USER GUIDE Rev #2 Page 2 of 37 Table of Contents 1. First-Time Login... 4 2. Introduction to the myldtravel Application... 7 3. Creating a Listing... 8 3.1 Traveller Selection... 9 3.2 Flight

More information

EMC Unisphere 360 for VMAX

EMC Unisphere 360 for VMAX EMC Unisphere 360 for VMAX Version 8.3.0 Installation Guide REV 01 Copyright 2014-2016 EMC Corporation. All rights reserved. Published in the USA. Published September 2016 EMC believes the information

More information

Integrating CA (formerly Netegrity) SiteMinder 6.0 with IBM Lotus Connections 2.0

Integrating CA (formerly Netegrity) SiteMinder 6.0 with IBM Lotus Connections 2.0 Integrating CA (formerly Netegrity) SiteMinder 6.0 with IBM Lotus Connections 2.0 Xin BJ Xu IBM Software Group, WPLC Beijing, China Xiao Feng Yu IBM Software Group, WPLC Staff Software Engineer Shanghai,

More information

API Gateway Version September Authentication and Authorization Integration Guide

API Gateway Version September Authentication and Authorization Integration Guide API Gateway Version 7.5.2 15 September 2017 Authentication and Authorization Integration Guide Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway

More information

Wishlist Auto Registration Manual

Wishlist Auto Registration Manual Wishlist Auto Registration Manual Table of Contents Use the quick navigation links below to navigate through the manual: Introduction to Wishlist Auto Registration Complete Activation Process Summary in

More information

ARINC Project Initiation/Modification (APIM)

ARINC Project Initiation/Modification (APIM) Project Initiation/Modification proposal for the AEEC Date Proposed: June 14, 2016 ARINC Project Initiation/Modification (APIM) 1.0 Name of Proposed Project APIM 16-015 eenabled Aircraft Ground Systems

More information

Supports full integration with Apollo, Galileo and Worldspan GDS.

Supports full integration with Apollo, Galileo and Worldspan GDS. FEATURES GENERAL Web-based Solution ALL TRAVELPORT GDS Supports full integration with Apollo, Galileo and Worldspan GDS. GRAPHICAL INTUITIVE WEB EXPERIENCE Intuitive web experience for both GDS expert

More information

Federated Shibboleth, OpenID, oauth, and Multifactor

Federated Shibboleth, OpenID, oauth, and Multifactor Federated Shibboleth, OpenID, oauth, and Multifactor Russell Beall Senior Programmer/Analyst University of Southern California beall@usc.edu Federated Shibboleth, OpenID, oauth, and Multifactor 1 University

More information

Baggage Reconciliation System

Baggage Reconciliation System Product Description PD-TS-105 Issue 1.0 Date January 2015 The purpose of this product description is to enable the customer to satisfy himself as to whether or not the product or service would be suitable

More information

Video Media Center - VMC 1000 Getting Started Guide

Video Media Center - VMC 1000 Getting Started Guide Video Media Center - VMC 1000 Getting Started Guide Video Media Center - VMC 1000 Getting Started Guide Trademark Information Polycom, the Polycom logo design, Video Media Center, and RSS 2000 are registered

More information

INTERNATIONAL CIVIL AVIATION ORGANIZATION AFI REGION AIM IMPLEMENTATION TASK FORCE. (Dakar, Senegal, 20 22nd July 2011)

INTERNATIONAL CIVIL AVIATION ORGANIZATION AFI REGION AIM IMPLEMENTATION TASK FORCE. (Dakar, Senegal, 20 22nd July 2011) IP-5 INTERNATIONAL CIVIL AVIATION ORGANIZATION AFI REGION AIM IMPLEMENTATION TASK FORCE (Dakar, Senegal, 20 22nd July 2011) Agenda item: Presented by: Implementation of a African Regional Centralised Aeronautical

More information

FACILITATION PANEL (FALP)

FACILITATION PANEL (FALP) International Civil Aviation Organization WORKING PAPER 23/3/16 English only FACILITATION PANEL (FALP) NINTH MEETING Montréal, 4-7 April 2016 Agenda Item 3: Amendments to Annex 9 ELECTRONIC TRAVEL SYSTEMS

More information

NDC is a response to 3 challenges that exist in today s airline distribution eco-system:

NDC is a response to 3 challenges that exist in today s airline distribution eco-system: 1 NDC is a response to 3 challenges that exist in today s airline distribution eco-system: Airlines don t have the ability to distribute their products across the travel agent channel without being,owing

More information

Employment Authorization Document (EAD) Application Guide for J-2 Dependents

Employment Authorization Document (EAD) Application Guide for J-2 Dependents Employment Authorization Document (EAD) Application Guide for J-2 Dependents Preparing the application to the U.S. Citizenship and Immigration Service (USCIS) What is the EAD? The Employment Authorization

More information

Student Visa Process. CTY Summer Programs

Student Visa Process. CTY Summer Programs Student Visa Process CTY Summer Programs 2018 Presentation Content 1. Visa requirements 2. Starting the process and deadlines 3. Obtaining the I-20 form 4. Applying for the F-1 visa 5. Traveling to the

More information

2018 PSO Profile Highlights and Tips. December 18, :00 3:00 PM

2018 PSO Profile Highlights and Tips. December 18, :00 3:00 PM 2018 PSO Profile Highlights and Tips December 18, 2018 2:00 3:00 PM Call Logistics The PSOPPC will be presenting the 2018 PSO Profile Highlights and Tips. Please use the chat (Ask a Question) to submit

More information

CA SiteMinder. Agent for JBoss Guide. r12.1 SP3. Third Edition

CA SiteMinder. Agent for JBoss Guide. r12.1 SP3. Third Edition CA SiteMinder Agent for JBoss Guide r12.1 SP3 Third Edition This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

What if I just want to obtain flight schedules without making a reservation?

What if I just want to obtain flight schedules without making a reservation? http://www.omanair.com/en/faqs/booking Booking Home > Printer-friendly PDF > Booking If you have any unanswered questions about Oman Air and our services and need help, please select the appropriate category

More information

KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization

KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization This article describes how you can perform a CA SiteMinder basic set up and configuration to provide CA Wily APM authentication before deploying CA EEM for. This example describes these tasks: Configure

More information

Revalidation of RE Projects. Accreditation and Registration

Revalidation of RE Projects. Accreditation and Registration Revalidation of RE Projects Accreditation and Registration and Registration Revalidation: Accreditation and Registration Accreditation and registration are valid till 5 years from date of registration.

More information

Travel Procedures for CYSS Contract. Travel Request/Order Form (Pre-approval Process)

Travel Procedures for CYSS Contract. Travel Request/Order Form (Pre-approval Process) Travel expenses on temporary duty (TDY) should be at the best value to the Government. The JFTR/JTR provides a guide for contractors, but should be considered as the maximum allowable claim without special

More information

SENIOR CERTIFICATE EXAMINATIONS

SENIOR CERTIFICATE EXAMINATIONS SENIOR CERTIFICATE EXAMINATIONS INFORMATION TECHNOLOGY P1 2017 MARKS: 150 TIME: 3 hours This question paper consists of 21 pages. Information Technology/P1 2 DBE/2017 INSTRUCTIONS AND INFORMATION 1. This

More information

etrust SiteMinder Agent r5.5 for BEA WebLogic 9.0 etrust SiteMinder Agent for BEA WebLogic Guide

etrust SiteMinder Agent r5.5 for BEA WebLogic 9.0 etrust SiteMinder Agent for BEA WebLogic Guide etrust SiteMinder Agent r5.5 for BEA WebLogic 9.0 etrust SiteMinder Agent for BEA WebLogic Guide This documentation (the Documentation ) and related computer software program (the Software ) (hereinafter

More information

CA SiteMinder. Agent for JBoss Guide SP1

CA SiteMinder. Agent for JBoss Guide SP1 CA SiteMinder Agent for JBoss Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your

More information

Help Document for utsonmobile - Windows Phone

Help Document for utsonmobile - Windows Phone Help Document for utsonmobile - Windows Phone Indian Railway is introducing the facility of booking unreserved suburban tickets on smartphones. The application has been developed in-house by Centre for

More information

Scott Silveira, District 5 Supervisor SOCIAL MEDIA POLICIES AND PROCEDURES

Scott Silveira, District 5 Supervisor SOCIAL MEDIA POLICIES AND PROCEDURES Scott Silveira, District 5 Supervisor SOCIAL MEDIA POLICIES AND PROCEDURES PURPOSE Scott Silveira, District 5 Supervisor,recognizes a need to augment his traditional communication methods with the use

More information

MyFBO Help. Contents TRAINING ONLY

MyFBO Help. Contents TRAINING ONLY MyFBO Help Updated: July 25,2011 The online help menu works well to find most answers and explanations how to use the system. Simply click on the blue question mark symbol on the top right corner of MyFBO.com.

More information

Virginia Medicaid Web Portal Provider Maintenance Frequently Asked Questions Revised 02/20/2015. FAQ Contents. General Questions

Virginia Medicaid Web Portal Provider Maintenance Frequently Asked Questions Revised 02/20/2015. FAQ Contents. General Questions Virginia Medicaid Web Portal Provider Maintenance Frequently Asked Questions Revised 02/20/2015 FAQ Contents General Questions.......................................... Page 1 Provider Maintenance Menu...................................

More information

LS-Data. Manual. Altenrhein Luftfahrt GmbH Office Park 3 Top 312 / Postfach 90 A-1300 Wien Flughafen

LS-Data. Manual. Altenrhein Luftfahrt GmbH Office Park 3 Top 312 / Postfach 90 A-1300 Wien Flughafen LS-Data Manual Altenrhein Luftfahrt GmbH Office Park 3 Top 312 / Postfach 90 A-1300 Wien Flughafen Contents: 1. General... 2 2. Requirements... 2 3. Log In... 3 4. Cockpit crew... 4 4.1. New flight...

More information

PRIVACY POLICY KEY DEFINITIONS. Aquapark Wrocław Wrocławski Park Wodny S.A. with the registered office in Wrocław, ul. Borowska 99, Wrocław.

PRIVACY POLICY KEY DEFINITIONS. Aquapark Wrocław Wrocławski Park Wodny S.A. with the registered office in Wrocław, ul. Borowska 99, Wrocław. Shall enter into force on the 25th May 2018, PRIVACY POLICY Aquapark Wrocław shall endeavour to protect privacy of persons who use our services. This document has been implemented to comply with rules

More information

WHAT S NEW in 7.9 RELEASE NOTES

WHAT S NEW in 7.9 RELEASE NOTES 7.9 RELEASE NOTES January 2015 Table of Contents Session Usability...3 Smarter Bookmarks... 3 Multi-Tabbed Browsing... 3 Session Time Out Pop Up... 4 Batch No Show Processing...5 Selecting a Guarantee

More information

CA SITEMINDER OVERVIEW

CA SITEMINDER OVERVIEW info@tutionbooks.com CA SITEMINDER OVERVIEW www.tutionbooks.com Session Overview 1 2 3 4 Concept of application Security Requirement of Siteminder Features of siteminder Basic of request to access an application

More information

Introduction of FAR 117 and Q Software Enhancements

Introduction of FAR 117 and Q Software Enhancements December 2, 2013 13-04 Introduction of FAR 117 and Q4 2013 Software Enhancements Table of Contents Introduction... 2 PBS Buffers... 2 Software Enhancements... 2 Max Reserve Above... 2 History and Explanation...2

More information

Book Upto 12 tickets in a month by linking Aadhaar

Book Upto 12 tickets in a month by linking Aadhaar Book Upto 12 tickets in a month by linking Aadhaar Now users are allowed to book upto 12 tickets in a month, if users get themselves verified through their Aadhaar number along with at least one passenger

More information

CA SiteMinder. Agent for JBoss Guide 12.51

CA SiteMinder. Agent for JBoss Guide 12.51 CA SiteMinder Agent for JBoss Guide 12.51 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation ), is for your

More information

IRCTCC RAIL CONNECT ANDROID APP

IRCTCC RAIL CONNECT ANDROID APP IRCTCC RAIL CONNECT ANDROID APP USER GUIDE NOTE: Document is subject to change. Detailed terms and conditions available on IRCTC website www.irctc.co.in 1 P a g e INDEX Sino Content 1 Launch Screen 2 Login

More information

Amadeus Selling Platform Timatic User Guide

Amadeus Selling Platform Timatic User Guide Amadeus Selling Platform Timatic User Guide amadeus.com YOUR USE OF THIS DOCUMENTATION IS SUBJECT TO THESE TERMS Use of this documentation You are authorised to view, copy, or print the documentation for

More information

Angel Flight Information Database System AFIDS

Angel Flight Information Database System AFIDS Pilot s Getting Started Guide Angel Flight Information Database System AFIDS Contents Login Instructions... 3 If you already have a username and password... 3 If you do not yet have a username and password...

More information

Policies and Procedures

Policies and Procedures Mass HIway Massachusetts Health Information Highway Statewide Health Information Exchange Policies and Procedures Version 2 December 1, 2014 The Mass HIway is operated by the Commonwealth of Massachusetts'

More information

COMPETITION SPECIFIC RULES

COMPETITION SPECIFIC RULES COMPETITION SPECIFIC RULES 28 th January 4 th February 2018 Organised on Behalf of: The New Zealand Hang Gliding and Paragliding Association Inc. These Competition Specific Rules are to be used in conjunction

More information

The Improvement of Airline Tickets Selling Process

The Improvement of Airline Tickets Selling Process The Improvement of Airline Tickets Selling Process Duran Li (103034466) Department of Industrial Engineering and Engineering Management, National Tsing Hua University, Taiwan Abstract. The process of a

More information

1. MICE Offer Log In page MICE605-_-CXHP-_-XX

1. MICE Offer Log In page   MICE605-_-CXHP-_-XX MICE IBE BOOKING STEPS 1. MICE Offer Log In page http://www.cathaypacific.com/cpa/en_intl/offerspromotions/micelogin?cm_mmc=mice-hk-_- MICE605-_-CXHP-_-XX 1.1 Log in with your Marco Polo Club or Asia Miles

More information

Q. Can I book personal travel on the site? - The Concur site is to be used exclusively for business related travel.

Q. Can I book personal travel on the site? - The Concur site is to be used exclusively for business related travel. Concur Travel FAQ Q. What will I use Concur Travel for? - Concur Travel is Hill-Rom s online booking tool for all of your business travel needs. It works with Travel and Transport and allows you to see

More information

FREQUENTLY ASKED QUESTION November 2014

FREQUENTLY ASKED QUESTION November 2014 FREQUENTLY ASKED QUESTION November 2014 This document is intended to answer common questions in regards to KT Online, our online booking tool for Flights, Hotels and Eurostar, powered by Atriis. We want

More information

Employment Authorization Document (EAD) Application Guide for J-2 Dependents

Employment Authorization Document (EAD) Application Guide for J-2 Dependents Employment Authorization Document (EAD) Application Guide for J-2 Dependents Preparing the application to the U.S. Citizenship and Immigration Service (USCIS) What is the EAD? The Employment Authorization

More information

PASSENGER JOURNEY. Our vision: a seamless, secure and efficient walking pace journey that is highly personalized throughout.

PASSENGER JOURNEY. Our vision: a seamless, secure and efficient walking pace journey that is highly personalized throughout. NEXTT JOURNEY Our vision: a seamless, secure and efficient walking pace journey that is highly personalized throughout. 00 THROUGHOUT THE JOURNEY IDENTITY MANAGEMENT Biometrics are used to confirm identity

More information

Operations Manual. FS Airlines Client User Guide Supplement A. Flight Operations Department

Operations Manual. FS Airlines Client User Guide Supplement A. Flight Operations Department Restricted Circulation Edition 1.0 For use by KORYO Air & KORYO Connect Pi Operations Manual FS Airlines Client User Guide Supplement 1. 1022 14A This manual has been approved by and issued on behalf of:

More information

IATA AIRPORT HANDLING PRODUCTS MANUAL

IATA AIRPORT HANDLING PRODUCTS MANUAL 06 March, 2018 IATA AIRPORT HANDLING PRODUCTS MANUAL Document Filetype: PDF 508.63 KB 0 IATA AIRPORT HANDLING PRODUCTS MANUAL The latest version of IATA Airport Handling Manual 31st is currently unknown.

More information

User Guide and Reference Information

User Guide and Reference Information User Guide and Reference Information Table of Contents Welcome to Hyatt Privé...3 Access the Hyatt Privé website...5 Explore our properties...8 Book with our Hyatt Privé rate...12 View your reservations...19

More information

Concur Travel-Frequently Asked Questions

Concur Travel-Frequently Asked Questions Concur Travel-Frequently Asked Questions Click Links to Navigate User & Profile Assistance First Time Logging into Concur Travel & Expense Forgot Password System is slow Smartphone Access Air Car Hotel-Navigational

More information

CONTRACT OF TRANSPORTATION

CONTRACT OF TRANSPORTATION CONTRACT OF TRANSPORTATION 1. DEFINITIONS For the purpose of the present conditions, it is understood what follows for each of the terms listed below: 1.1 Ticket or Transportation Ticket is the document

More information

West Virginia Provider Enrollment and Revalidation General FAQ. Date of Publication: 01/19/2016 Document Version: 1.0

West Virginia Provider Enrollment and Revalidation General FAQ. Date of Publication: 01/19/2016 Document Version: 1.0 West Virginia Provider Enrollment and Revalidation General FAQ Date of Publication: 01/19/2016 Document Version: 1.0 General Topics: In this document, please find a number of Frequently Asked Questions

More information

etrust SiteMinder Agent r6.0 for IBM WebSphere

etrust SiteMinder Agent r6.0 for IBM WebSphere etrust SiteMinder Agent r6.0 for IBM WebSphere SiteMinder Agent for IBM WebSphere Guide r6.0 This documentation (the Documentation ) and related computer software program (the Software ) (hereinafter collectively

More information

Frequently asked questions (FAQ)

Frequently asked questions (FAQ) Frequently asked questions (FAQ) Content 1. Subscription 2. Connectivity 3. Data (General) 4. Air carrier traffic 5. Traffic by Flight Stage (TFS) 6. Air carrier finances 7. Airport traffic 8. On-Flight

More information

Concur Travel - Frequently Asked Questions

Concur Travel - Frequently Asked Questions Concur Travel - Frequently Asked Questions Click on the question to navigate to the answer. What should I do the first time I log into Concur Travel & Expense? What do I do if I forgot my password? Why

More information

New Distribution Capability

New Distribution Capability New Distribution Capability Commercial User Guide Last updated: May 17 May 2017 Page 1 Contents Disclaimer... 3 Executive Summary... 4 What s new in this version?... 5 Definitions... 6 1. Introduction...

More information

PRAJWAL KHADGI Department of Industrial and Systems Engineering Northern Illinois University DeKalb, Illinois, USA

PRAJWAL KHADGI Department of Industrial and Systems Engineering Northern Illinois University DeKalb, Illinois, USA SIMULATION ANALYSIS OF PASSENGER CHECK IN AND BAGGAGE SCREENING AREA AT CHICAGO-ROCKFORD INTERNATIONAL AIRPORT PRAJWAL KHADGI Department of Industrial and Systems Engineering Northern Illinois University

More information

FAA Update. Dakota-Minnesota (DMA) Airports District Office. Federal Aviation Administration. Presented to: By: Date: Minnesota Council of Airports

FAA Update. Dakota-Minnesota (DMA) Airports District Office. Federal Aviation Administration. Presented to: By: Date: Minnesota Council of Airports FAA Update Dakota-Minnesota (DMA) Airports District Office Presented to: By: Date: Minnesota Council of Airports Chris Hugunin April 15, 2015 FY 2014 DMA ADO Total AIP Funding $107.2 Million / 136 Grants

More information

User Guide for E-Rez

User Guide for E-Rez User Guide for E-Rez Table of Contents Section 1 Using E-Rez... 3 Security & Technical Requirements... 3 Logging on to E-Rez... 4 Verify Your Profile... 4 Section 2 Travel Center... 5 Familiarize yourself

More information

Homeland Security Investigations. IMAGE Form I-9 Training

Homeland Security Investigations. IMAGE Form I-9 Training Homeland Security Investigations IMAGE Form I-9 Training 1 The Employment Eligibility Verification Form I-9 (Form I-9) Immigration Reform and Control Act of 1986 Requires employers to utilize the Form

More information

GUIDELINES FOR THE ADMINISTRATION OF SANCTIONS AGAINST SLOT MISUSE IN IRELAND

GUIDELINES FOR THE ADMINISTRATION OF SANCTIONS AGAINST SLOT MISUSE IN IRELAND GUIDELINES FOR THE ADMINISTRATION OF SANCTIONS AGAINST SLOT MISUSE IN IRELAND October 2017 Version 2 1. BACKGROUND 1.1 Article 14.5 of Council Regulation (EEC) No 95/93, as amended by Regulation (EC) No

More information

1. Please tell us about new features, functions or information that you made available on the new website for the first time?

1. Please tell us about new features, functions or information that you made available on the new website for the first time? 1 of 6 6/21/2010 10:35 AM 1. Please tell us about new features, functions or information that you made available on the new website for the first time? USCIS Response: Where to Start Widget: There are

More information

Putting NDC into Practice: Reference Architecture and Technology Providers. Author: Hanna Schaal. Senior Consultant.

Putting NDC into Practice: Reference Architecture and Technology Providers. Author: Hanna Schaal. Senior Consultant. 2015 Putting NDC into Practice: Reference Architecture and Technology Providers Author: Copyright @ 2015 PROLOGIS AG All rights reserved. This study or any portion thereof may not be reproduced or Hanna

More information

CA SiteMinder Web Services Security

CA SiteMinder Web Services Security CA SiteMinder Web Services Security WSS Agent for IBM WebSphere Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as

More information

Comfort Pro A Hotel. User Manual

Comfort Pro A Hotel. User Manual Comfort Pro A Hotel User Manual Contents ComfortPro A Hotel 5 Software Features............................................................6 Scope of Delivery.............................................................7

More information

Aer Lingus Case Study - AeroDocs deployment to Aer Lingus. Aer Lingus cuts CASK with AeroDocs

Aer Lingus Case Study - AeroDocs deployment to Aer Lingus. Aer Lingus cuts CASK with AeroDocs Aer Lingus Case Study - AeroDocs deployment to Aer Lingus Aer Lingus cuts CASK with AeroDocs Paul Stanley, EFB Project Manager, Aer Lingus and Capt. Eamon Kierans, Manager Flight Ops Compliance, Aer Lingus

More information

myldtravel USER GUIDE

myldtravel USER GUIDE myldtravel USER GUIDE Page 2 of 32 Welcome to myidtravel a self service tool that allows you to book travel on other airlines at a discount rate based on standby travel. And by end of Summer 2017 you will

More information

TRAVEL AGENT NEW USER MANUAL

TRAVEL AGENT NEW USER MANUAL TRAVEL AGENT NEW USER MANUAL WE LC O M E TO HO M EP O R T TR AVE L AGE NT POR TA L Your one-stop destination for all Royal Caribbean s tools of the trade. WHY SHO ULD I SIGN- U P FO R HO M E PO R T? HomePort

More information

Who s Eyeing your Forms I-9

Who s Eyeing your Forms I-9 Agenda Who s Eyeing your Forms I-9 Background Completing Revised Form I-9 www.uscis.gov/i-9central Storage and Retention Resources Dave Basham 2 Immigrant and Employee Rights Section (IER) The anti-discrimination

More information

Aviation ICT Forum 2014

Aviation ICT Forum 2014 Aviation ICT Forum 2014 More ground to break Shaping the future. Together 16 17 October 2014 Panel Name: Biometrics: Securing future passenger self service at the airport Discussion points Biometrics recap

More information

Ecolabel Toolbox Synergie for CB partners. CB forum- June, 26th

Ecolabel Toolbox Synergie for CB partners. CB forum- June, 26th Ecolabel Toolbox Synergie for CB partners CB forum- June, 26th CONTENT 1. Ecolabel Toolbox features 2. Interface presentation 3. How can European partners use Ecolabel Toolbox 4. Toward dissemination in

More information

FAASafety.gov Help Manual for WINGS - Pilot Proficiency Program Federal Aviation Administration May 1, 2007

FAASafety.gov Help Manual for WINGS - Pilot Proficiency Program Federal Aviation Administration May 1, 2007 FAASafety.gov Help Manual for WINGS - Pilot Proficiency Program Federal Aviation Administration May 1, 2007 Gold Systems Inc. FAASafety.gov WINGS Pilot Proficiency Program 1 FAASafety.gov Help Manual for

More information

Your guide to making a booking

Your guide to making a booking Contents Booking online Booking offline Air Fares Explained Hotels Explained UK Rail Explained Amendments and Cancellations Creating Traveller Profiles Visa applications Booking European/International

More information

PLANNING & ADVICE. Print this page. Introducing Holland America Line Express Docs

PLANNING & ADVICE. Print this page. Introducing Holland America Line Express Docs Call your travel professional or 1-877-932-4259 For Booked Guests > Planning & Advice PLANNING & ADVICE Print this page Introducing Holland America Line Express Docs NEW: Online Check-in can now be completed

More information

Attracting tourists all year round challenges and opportunities in seasonality and responsibility

Attracting tourists all year round challenges and opportunities in seasonality and responsibility Attracting tourists all year round challenges and opportunities in seasonality and responsibility Terhi Hook, product development manager, Visit Finland 11.4.2008 Alatunniste teksti 11.4.2008 Alatunniste

More information

FOR SMALL AND MEDIUM SIZED AIRPORTS Velocity FIDS

FOR SMALL AND MEDIUM SIZED AIRPORTS Velocity FIDS is a FIDS solution for small and medium sized airports. It is available as an installed and as a cloud solution and it is multi airport solution. The package contains many use full features like a flight

More information

Order. March 2013 ISSUE,RENEWALORRE-ISSUE OF A MEDICAL CERTIFICATE 1.0 PURPOSE 2.0 REFERENCES

Order. March 2013 ISSUE,RENEWALORRE-ISSUE OF A MEDICAL CERTIFICATE 1.0 PURPOSE 2.0 REFERENCES Order TCAA-O- PEL021B March 2013 ISSUE,RENEWALORRE-ISSUE OF A MEDICAL CERTIFICATE 1.0 PURPOSE 1.1 This Order is issued to provide guidance and procedures for issue, renewal and re-issue of a Class 1, 2

More information

CA SiteMinder Federation Standalone

CA SiteMinder Federation Standalone CA SiteMinder Federation Standalone Installation and Upgrade Guide r12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as

More information

User Reference Manual

User Reference Manual User Reference Manual Of Food Licensing & Registration System (FLRS) (Version 2.0) For Food Business Operator (FBO) 1 1. Login Page Type the URL: - http://foodlicensing.fssai.gov.in and first create Username

More information

Who s Eyeing your Forms I-9

Who s Eyeing your Forms I-9 Who s Eyeing your Forms I-9 www.uscis.gov/i-9central Dave Basham Agenda Completing Revised Form I-9 Storage and Retention Resources 2 Employment Verification To comply with the employment eligibility verification

More information

Concur Travel FAQs. 5. How do I log in to Concur Travel? Visit or the link is available on the Travel page of the Compass.

Concur Travel FAQs. 5. How do I log in to Concur Travel? Visit   or the link is available on the Travel page of the Compass. General 1. What is Concur Travel? Concur Travel is a hosted, web-based system that allows users to book travel using a web browser or mobile device instead of booking travel through a travel agent. Concur

More information

WTF? ANOTHER NEW Form I-9? Compliance By September 17, Form I-9 1. Disclaimer

WTF? ANOTHER NEW Form I-9? Compliance By September 17, Form I-9 1. Disclaimer WTF? ANOTHER NEW Form I-9? Compliance By September 17, 2017 Form I-9 1 Disclaimer Immigration law can be complex and it is not possible to describe every aspect of the process. This presentation provides

More information