Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
SAML CCOW Work Item: Task 2
Identity Network Ideals – Heterogeneity & Co-existence
NRL Security Architecture: A Web Services-Based Solution
Defining a Pragmatic and Practical SOA Focused Enterprise Architecture
Functional component terminology - thoughts C. Tilton.
Securing Insecure Prabath Siriwardena, WSO2 Twitter
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
WSO2 Identity Server Road Map
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,
Innovative Foundation For an Open Source API Management Platform Asanka
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Web Service Standards, Security & Management Chris Peiris
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Identity Management Report By Jean Carreon and Marlon Gonzales.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Copyright ©2012 Ping Identity Corporation. All rights reserved.1.
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
Enforcement mechanisms for distributed authorization across domains in UMA – aka “UMA trust” Eve Maler | 22 Aug 2012 draft.
Data Warehousing Data Mining Privacy. Reading Bhavani Thuraisingham, Murat Kantarcioglu, and Srinivasan Iyer Extended RBAC-design and implementation.
An XML based Security Assertion Markup Language
AUTHORS: MIKE P. PAPAZOGLOU WILLEM-JAN VAN DEN HEUVEL PRESENTED BY: MARGARETA VAMOS Service oriented architectures: approaches, technologies and research.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
Windows CardSpace Martin Parry Developer Evangelist Microsoft
Comments on SAML Attribute Mgmt Protocol Contribution to OASIS Security Services TC Phil Hunt & Prateek Mishra
Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.
Geo-distributed Messaging with RabbitMQ
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Identity Management and Enterprise Single Sign-On (ESSO)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Providing web services to mobile users: The architecture design of an m-service portal Minder Chen - Dongsong Zhang - Lina Zhou Presented by: Juan M. Cubillos.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Secure Mobile Development with NetIQ Access Manager
Prabath Siriwardena, Director of Security, WSO2 Twitter
Networks ∙ Services ∙ People Jean Marie THIA GN4-1 Symposium, Vienna A case study GÉANT AuthN / AuthZ 9 march 2016 Solutions Architect -
Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.
WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.
Access Policy - Federation March 23, 2016
Secure Single Sign-On Across Security Domains
Open standard based Identity Provisioning for Cloud
Introduction to Windows Azure AppFabric
Federation made simple
Identity Federations - Overview
ACS Functionality.
Community AAI with Check-In
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
Shibboleth 2.0 IdP Training: Introduction
Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.
STR -11 What if Saas tools work together, what would this mean for IBM #engageug.
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2

In U.S only, mergers and acquisitions volume totaled to $865.1 billion in the first nine months of 2013, according to Dealogic

In Europe 58 percent transact directly with users from other businesses and/or consumers

In UK 65 percent transact directly with users from other businesses and/or consumers

Gartner predicts, by 2020, 60% of all digital identities interacting with enterprises will come from external IdPs

Federation Ant-patterns Identity Silos

Federation Ant-patterns Spaghetti Identity

Identity Broker Pattern Fundamental #1: Federation protocol agnostic : Should not couple into a specific federation protocol like SAML, OpenID Connect. Ability to connect multiple identity providers over heterogeneous identity federation protocols. Should have ability transform ID tokens between heterogeneous federation protocols. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #2: Transport protocol agnostic : Should not couple into a specific transport protocol – HTTP, MQTT Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #3: Authentication protocol agnostic: Should not couple into a specific authentication protocol, username/password, FIDO, OTP. Pluggable authenticators. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #4: Claim Transformation: Should have the ability to transform identity provider specific claims into service provider specific claims. Simple claim transformations and complex transformations. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #5: Home Realm Discovery: Should have the ability to find the home identity provider corresponding to the incoming federation request looking at certain attributes in the request. Filter based routing. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #6: Multi-option Authentication: Should have the ability present multiple login options to the user, by service provider. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #7: Multi-step Authentication: Should have the ability present multiple step authentication (MFA) to the user, by service provider. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #8: Adaptive Authentication: Should have the ability change the authentication options based on the context. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #9: Identity Mapping: Should have the ability map identities between different identity providers. User should be able to maintain multiple identities with multiple identity providers. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #10: Multiple Attribute Stores: Should have the ability connect to multiple attribute stores and build an aggregated view of the end user identity. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #11: Just-in-time Provisioning: Should have the ability to provision users to connected user stores in a protocol agnostic manner. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #12: Manage Identity Relationships: Should have the ability to manage identity relationships between different entities and take authentication and authorization decisions based on that. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #13: Trust Brokering: Each service provider should identify which identity providers it trusts. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #14: Centralized Access Control: Who gets access to which user attribute? Which resources the user can access at the service provider? Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Broker Pattern Fundamental #15: Centralized Monitoring: Should have the ability monitor and generate statistics on each identity transaction flows through the broker. Fifteen Fundamentals

Identity Broker Pattern Fifteen Fundamentals

Identity Mediation Language

Seven Fundamental of Future IAM By Martin Kuppinger Fundamental #1: More than humans - It’s also about Identities of things, devices, services, and apps

Fundamental #2: Multiple Identity Providers - We will not manage all identities internally anymore and trust will vary Seven Fundamental of Future IAM By Martin Kuppinger

Fundamental #3: Multiple Attribute Providers - There will no longer be a single source of truth and information on identities anymore Seven Fundamental of Future IAM By Martin Kuppinger

Fundamental #4: Multiple Identities - Many users will use different identities (or personas) and flexibly switch between these Seven Fundamental of Future IAM By Martin Kuppinger

Fundamental #5: Multiple Authenticators - There is no single authenticator that works for all Seven Fundamental of Future IAM By Martin Kuppinger

Fundamental #6: Identity Relationships - We must map humans to things, devices, and apps Seven Fundamental of Future IAM By Martin Kuppinger

Fundamental #7: Context - Identity and Access Risk varies in context Seven Fundamental of Future IAM By Martin Kuppinger

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.