欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/ACL2, C++/F#/Lisp
Identity management
来自开放百科 - 灰狐
(版本间的差异)
小 (→文档) |
小 (→项目) |
||
(未显示1个用户的58个中间版本) | |||
第2行: | 第2行: | ||
identity management 身份管理 | identity management 身份管理 | ||
+ | |||
+ | ==简介== | ||
+ | Identity management(IdM), also known as identity and access management (IAM). | ||
+ | |||
+ | 身份管理,身份和访问管理 | ||
+ | |||
+ | ==FIDO== | ||
+ | [https://fidoalliance.org FIDO] 是世界上最大的基于标准、可扩展、可互操作的身份认证生态系统。 | ||
+ | |||
+ | 截止到 2016 年末,FIDO 联盟已成为全球最大的基于标准的,并可提供200多种认证解决方案的,可互操作的身份认证生态系统。2017 年初,Facebook 宣布也将支持 FIDO,至此Facebook全球范围内的30多亿用户均可利用 FIDO 进行身份认证。 | ||
+ | |||
+ | FIDO 联盟的使命是重新定义在线身份认证: | ||
+ | * 通过制定一套开放的、可扩展的、可互操作的技术规范,从而减少对通过密码认证用户身份的依赖。 | ||
+ | * 实施行业计划,确保全球范围内规范的成功部署。 | ||
+ | * 向公认的标准组织提交成熟的技术规范,以实现正式标准化。 | ||
+ | |||
+ | ==相关== | ||
+ | 身份管理相关标准、技术、服务: | ||
+ | *[[X.500]] | ||
+ | *[[PKI]] | ||
+ | *[[TLS]] | ||
+ | *[[OAuth]] | ||
+ | *[[SSO]] | ||
+ | *[[Active Directory]], [[Apache Directory Server]] | ||
+ | *[[OpenID]] | ||
+ | *[[Kerberos]] | ||
+ | *[[WS-Security]] | ||
+ | *[[WS-Trust]] | ||
+ | *[[SAML]] | ||
+ | *[[OWASP]] | ||
==项目== | ==项目== | ||
+ | [[文件:Keycloak-logo.png|right|Keycloak]] | ||
+ | [[文件:SPIFFE-logo.png|right|SPIFFE]] | ||
+ | [[文件:ory-logo.png|right|ORY]] | ||
+ | *[https://medevel.com/10-os-sso/ 10+ Open-source Single-Sign On (SSO) Solutions] | ||
+ | *[[SPIFFE]] | ||
+ | *[[ory|ORY]] Next-Generation Identity Infrastructure | ||
+ | *[https://github.com/dexidp/dex dex] | ||
+ | *[[WSO2 Identity Server]] | ||
+ | *[[IdentityServer]] | ||
+ | *[[Apache Syncope]] | ||
+ | *[[Apache Shiro]] | ||
*[https://github.com/apereo/cas Apereo CAS] - Enterprise Single Sign On for all | *[https://github.com/apereo/cas Apereo CAS] - Enterprise Single Sign On for all | ||
+ | *[https://github.com/cloudfoundry/uaa CloudFoundry User Account and Authentication (UAA) Server] | ||
*[[Passport.js]] | *[[Passport.js]] | ||
+ | *[[everyauth]] | ||
+ | *[[keycloak]] | ||
*[https://github.com/OAuth-Apis/apis OAuth Authorization as a Service] | *[https://github.com/OAuth-Apis/apis OAuth Authorization as a Service] | ||
*[https://github.com/spring-projects/spring-security-oauth Spring Security with OAuth] | *[https://github.com/spring-projects/spring-security-oauth Spring Security with OAuth] | ||
*[https://github.com/scribejava/scribejava ScribeJava] Simple OAuth library for Java | *[https://github.com/scribejava/scribejava ScribeJava] Simple OAuth library for Java | ||
*[https://identity-api-spec.java.net/ JSR 351: Java Identity API] | *[https://identity-api-spec.java.net/ JSR 351: Java Identity API] | ||
+ | *[[ASP.NET Core Identity]] | ||
+ | *[https://github.com/IdentityModel IdentityModel] | ||
+ | *[https://github.com/xamarin/Xamarin.Auth Xamarin.Auth] [https://github.com/xamarin/Xamarin.Social Xamarin.Social] | ||
+ | *[https://github.com/hyperledger/indy-node Hyperledger Indy] 是特别为去中心化的身份而建立的一种分布式账本。它提供了基于区块链或者其它分布式账本互操作来创建和使用独立数字身份的工具、代码库和可以重用的组件。 | ||
+ | *[https://github.com/yang-xiaodong/PlatformAuthMiddleware ASP.NET Core 身份验证中间件] [https://www.cnblogs.com/savorboard/p/5586229.html ASP.NET Core 中间件详解及项目实战] | ||
+ | *[https://github.com/nitnelave/lldap lldap] 使用 [[Rust]] 开发的轻量 [[LDAP]] 实现,lldap 拥有简洁的用户界面,可与 [[Keycloak]]、Authelia、[[Nextcloud]] 等后端集成,完成用户身份验证。 | ||
==厂商== | ==厂商== | ||
+ | *[https://www.onelogin.com/ OneLogin] Secure Access for Every User, Every App, Every Device [https://github.com/onelogin GitHub] | ||
*[https://www.okta.com/ okta] | *[https://www.okta.com/ okta] | ||
+ | *[http://www.lexisnexis.com/risk/identity/ LexisNexis] | ||
*[[Auth0]] | *[[Auth0]] | ||
+ | *[https://developers.google.com/identity/ Google Identity Platform] | ||
+ | Google 登录和身份识别 | ||
+ | *Google Sign-In: 可让用户通过他们惯用并信赖的注册系统(即 Google 帐户)快速安全地登录应用。 | ||
+ | *Firebase Authentication: 轻松通过各家提供商验证并管理用户,无需服务器端代码。 | ||
+ | *Smart Lock: 使用户自动登录您的应用。 | ||
+ | *Instance ID: 为每个由用户、应用和设备组成的特定组合分配唯一标识符,以实现更准确的跟踪。 | ||
+ | [https://firebase.google.com/docs/auth/ Firebase Authentication] 提供后端服务、易用 SDK 和现成 UI 库来向应用验证用户的身份。 | ||
==文档== | ==文档== | ||
+ | *[http://docs.huihoo.com/redhat/summit/2017/L103188-Up-and-running-with-Red-Hat-identity-management.pdf Up and running with Red Hat identity management] | ||
+ | *[http://docs.huihoo.com/hpcc/2016-North-American-Healthcare-Identity-Management-Technology-Innovation-Award.pdf 2016 North American Healthcare Identity Management Technology Innovation Award] | ||
+ | *[http://docs.huihoo.com/javaone/2015/BOF2326-Open-Source-Identity-and-Access-Management-Expert-Panel-Part-4.pdf Open Source Identity and Access Management Expert Panel, Part 4] | ||
*[http://docs.huihoo.com/javaone/2015/CON3568-Federated-RBAC-Fortress-OAuth2-Oltu-JWT-Java-EE-and-JASPIC.pptx Federated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPIC] | *[http://docs.huihoo.com/javaone/2015/CON3568-Federated-RBAC-Fortress-OAuth2-Oltu-JWT-Java-EE-and-JASPIC.pptx Federated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPIC] | ||
*[http://docs.huihoo.com/javaone/2015/CON3659-Finally-the-Java-EE-Security-API-JSR-375.pdf Finally, the Java EE Security API (JSR 375)] | *[http://docs.huihoo.com/javaone/2015/CON3659-Finally-the-Java-EE-Security-API-JSR-375.pdf Finally, the Java EE Security API (JSR 375)] | ||
+ | *[http://docs.huihoo.com/javaone/2015/BOF3666-How-Would-You-Improve-the-Java-EE-Security-API.pdf How Would You Improve the Java EE Security API?] | ||
==图集== | ==图集== | ||
<gallery> | <gallery> | ||
+ | image:Trust-Over-IP.png|Trust Over IP | ||
+ | image:identity-concept.jpg|身份概念 | ||
image:IDaaS-Gartner-June-2015.png|Gartner魔力象限 | image:IDaaS-Gartner-June-2015.png|Gartner魔力象限 | ||
+ | image:Okta-Leader_Gartner-Magic-Quadrant-Access-Management-2019.png|Gartner魔力象限 | ||
+ | image:identity-and-access-management.png|Identity和Access管理 | ||
+ | image:open-source-identity-ecosystem.png|开源Identity生态 | ||
+ | image:Identity-Management-and-Compliance-in-OpenShift.png|in OpenShift | ||
+ | image:Vault-on-DCOS.png|Vault证书管理 | ||
+ | image:vault-authentication-backends.png|Vault身份认证 | ||
+ | image:Vault-Deployment-Reference-Architecture.png|Vault部署 | ||
+ | image:aspnetcore-identity-architecture-diagram.png|ASP.NET Core | ||
+ | image:ory-ecosystem.png|ORY生态 | ||
+ | image:Eclipse-SCAVA-Authentication-Flow.png|Eclipse SCAVA验证 | ||
+ | image:Authentication-with-Cilium-Service-Mesh.png|Cilium Service Mesh验证 | ||
+ | image:FIDO-Platform-and-browser-support.jpeg|FIDO | ||
</gallery> | </gallery> | ||
==链接== | ==链接== | ||
+ | *[https://isovalent.com/blog/post/2022-05-03-servicemesh-security Next-Generation Mutual Authentication with Cilium Service Mesh] | ||
+ | *[https://www.ibm.com/blogs/security-identity-access/ Identity & Access @ IBM Security] [https://www.ibm.com/cn-zh/products/verify-for-workforce-iam Cloud Identity: IDaaS Family] [https://www.ibm.com/cn-zh/products/verify-access Access Management family] [https://www.ibm.com/cn-zh/products/identity-governance-and-intelligence Identity Governance and Administration Family] | ||
+ | *[https://www.cnblogs.com/savorboard/p/aspnetcore-identity.html ASP.NET Core 之 Identity 入门(一)(二)(三) ] | ||
+ | *[https://www.secrss.com/articles/25162 美国网络安全:NIST身份和访问管理 (IAM)] | ||
[[category:identity]] | [[category:identity]] | ||
+ | [[category:security]] | ||
+ | [[category:gougou]] |
2022年9月12日 (一) 00:15的最后版本
您可以在Wikipedia上了解到此条目的英文信息 Identity management Thanks, Wikipedia. |
identity management 身份管理
目录 |
[编辑] 简介
Identity management(IdM), also known as identity and access management (IAM).
身份管理,身份和访问管理
[编辑] FIDO
FIDO 是世界上最大的基于标准、可扩展、可互操作的身份认证生态系统。
截止到 2016 年末,FIDO 联盟已成为全球最大的基于标准的,并可提供200多种认证解决方案的,可互操作的身份认证生态系统。2017 年初,Facebook 宣布也将支持 FIDO,至此Facebook全球范围内的30多亿用户均可利用 FIDO 进行身份认证。
FIDO 联盟的使命是重新定义在线身份认证:
- 通过制定一套开放的、可扩展的、可互操作的技术规范,从而减少对通过密码认证用户身份的依赖。
- 实施行业计划,确保全球范围内规范的成功部署。
- 向公认的标准组织提交成熟的技术规范,以实现正式标准化。
[编辑] 相关
身份管理相关标准、技术、服务:
- X.500
- PKI
- TLS
- OAuth
- SSO
- Active Directory, Apache Directory Server
- OpenID
- Kerberos
- WS-Security
- WS-Trust
- SAML
- OWASP
[编辑] 项目
- 10+ Open-source Single-Sign On (SSO) Solutions
- SPIFFE
- ORY Next-Generation Identity Infrastructure
- dex
- WSO2 Identity Server
- IdentityServer
- Apache Syncope
- Apache Shiro
- Apereo CAS - Enterprise Single Sign On for all
- CloudFoundry User Account and Authentication (UAA) Server
- Passport.js
- everyauth
- keycloak
- OAuth Authorization as a Service
- Spring Security with OAuth
- ScribeJava Simple OAuth library for Java
- JSR 351: Java Identity API
- ASP.NET Core Identity
- IdentityModel
- Xamarin.Auth Xamarin.Social
- Hyperledger Indy 是特别为去中心化的身份而建立的一种分布式账本。它提供了基于区块链或者其它分布式账本互操作来创建和使用独立数字身份的工具、代码库和可以重用的组件。
- ASP.NET Core 身份验证中间件 ASP.NET Core 中间件详解及项目实战
- lldap 使用 Rust 开发的轻量 LDAP 实现,lldap 拥有简洁的用户界面,可与 Keycloak、Authelia、Nextcloud 等后端集成,完成用户身份验证。
[编辑] 厂商
- OneLogin Secure Access for Every User, Every App, Every Device GitHub
- okta
- LexisNexis
- Auth0
- Google Identity Platform
Google 登录和身份识别
- Google Sign-In: 可让用户通过他们惯用并信赖的注册系统(即 Google 帐户)快速安全地登录应用。
- Firebase Authentication: 轻松通过各家提供商验证并管理用户,无需服务器端代码。
- Smart Lock: 使用户自动登录您的应用。
- Instance ID: 为每个由用户、应用和设备组成的特定组合分配唯一标识符,以实现更准确的跟踪。
Firebase Authentication 提供后端服务、易用 SDK 和现成 UI 库来向应用验证用户的身份。
[编辑] 文档
- Up and running with Red Hat identity management
- 2016 North American Healthcare Identity Management Technology Innovation Award
- Open Source Identity and Access Management Expert Panel, Part 4
- Federated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPIC
- Finally, the Java EE Security API (JSR 375)
- How Would You Improve the Java EE Security API?
[编辑] 图集
[编辑] 链接
分享您的观点