Kim Cameron Integration Imperative Cloud Computing Compliance++ Compliance++ Mergers, Supply Chain, Outsourcing, Partnering, Globalization, …

Slides:



Advertisements
Similar presentations
Identity Network Ideals – Heterogeneity & Co-existence
Advertisements

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Multi-tenant Resource Management for Instruments, Applications, and Services (The evolution of infrastructure consortiums…) Dean Flanders FMI / SystemsX.
Kantara: From IRM to Context. The World of Access Keeps Expanding App sourcing and hosting User populations App access channels SasS apps Apps in public.
Implementing and Administering AD FS
WSO2 Identity Server Road Map
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM
Identity & Access Management Conversation Karlien Vanden Eynde Product Marketing Manager.
Unlock Your Data Rich connectivity Robust data integration Enterprise-class manageability Deliver Relevant Information Intuitive design environment.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Osama Shahid ( ) Vishal ( ) BSCS-5B
The Cloud Identity Security Leader. © 2012 Ping Identity Corporation Nair the twain shall meet Enterprise Social Mobile.
First Look Clinic: What’s New for IT Professionals in Microsoft® SharePoint® Server 2013 Sayed Ali (MCTS, MCITP, MCT, MCSA, MCSE )
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Single Sign-On with Microsoft Azure
Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:
ARC304. Integration Partners Windows Azure Connect your Existing apps to the cloud Build out your business without building new datacenters Run existing.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
ON YOUR TERMS Business needs * Enhanced by upcoming Azure IAAS features GoodBetterBest * * GoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBest.
Access resources in a federation partner organization.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Entwicklung einer echten „Software-as-a-Service" App Mario Szpuszta Platform Strategy Advisor, Microsoft Corp.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Prabath Siriwardena, Director of Security, WSO2 Twitter
Cloud, big data, and mobility Your phone today probably meets the minimum requirements to run Windows Server 2003 Transformational change up.
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Web SSO with Cloud Resources using AD Federation Services
Stop Those Prying Eyes Getting to Your Data
Azure Active Directory - Business 2 Consumer
Transforming business
Introduction to Windows Azure AppFabric
Cloud Security– an overview Keke Chen
Data and Applications Security Developments and Directions
SaaS Application Deep Dive
Federated IdM Across Heterogeneous Clouding Environment
Extending Your On-Premises Apps with the Windows Azure Platform
Windows Azure AppFabric
SharePoint Online Management and Control
Azure Active Directory
Access and Information Protection Product Overview October 2013
Office 365 Identity Management
Matthew Levy Azure AD B2B vs B2C Matthew Levy
Technical Capabilities
TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Presentation transcript:

Kim Cameron Integration Imperative Cloud Computing Compliance++ Compliance++ Mergers, Supply Chain, Outsourcing, Partnering, Globalization, …

Kim Cameron The cloud cadence is the fastest way to get users new capabilities – including on-premises State-of-the-art cloud architectures provide the highest availability and scale with good TCO Significant innovation occurring on the internet; ensure headroom for your solutions

Kim Cameron In some ways, nothing new here. Just more challenging… As predicted, growing need for access while crossing boundaries Still need to be able to provision, authenticate, and authorize Still need to track, manage, and report With high-availability, high-scale, great management, low TCO, … But increasingly organizations control less of the solution Applications and developers can be in other organizations and are probably on different or new platforms Identities and profiles can be external – and need to be “validated” And the regulatory complexity is growing

Kim Cameron “Hybrid” is the Norm Current systems and applications remain critical indefinitely And you need to be able to integrate with applications in other organizations and with SaaS solutions Want to be able to deliver applications that are accessible to any device running anywhere

Enterprise Enterprise’s Customers Enterprise’s Partners Example of Microsoft Services DS FIM ADFS Sync Consumer ID (Facebook, Google, Live) Consumer ID (Facebook, Google, Live) Office 365 Exchange SharePoint OCS Office 365 Exchange SharePoint OCS InTune (device management) Windows Azure Apps Windows Azure Apps App/Service management Verified ID (DMV, banks, credit agencies) Verified ID (DMV, banks, credit agencies) Markets Sync Dir ID (Potentially not AD) ID (Potentially not AD) Heath Vault Identity Management Fed Svc SQL Azure

Kim Cameron Claims-Based Identity Organizations like RBAC, entitlements, and other policy-driven approaches The claims model provides a comprehensive foundation to enable these solutions in a distributed, cloud-friendly manner – learn more at The technology generalizes the proven mechanisms found in Kerberos, PKI, SAML, ACLs, RBAC, Entitlements, … These technologies are embedded in products from MS, IBM, Oracle, Ping as well as many existing and emerging standards Enables cross-organization collaboration and new scenarios; e.g. distributed delegation; distributed groups and role management; high-scale, capability-based access control; …

OED Definitions: An assertion is a “confident and forceful statement of fact or belief”. A claim is “an assertion of the truth of something, typically one which is disputed or in doubt”. Better than: “To state as being the case, without being able to give proof” (TD 0910) A claim is always spoken by some entity, and the fact that a claim is signed by that entity does not in itself reduce that doubt. Essence is building an infrastructure in which relying parties can deal with doubt

Need-to-know Internet: Internet services operating on behalf of ALL actors assume other services may be rogue and defend themselves Identity information released is ONLY that required for transaction to complete (proportionality). Contextual linking should be opt-in by individuals in return for benefits – not done by services or behind their backs Compliance requirement: Profile information must be isolated from natural identity Audit requirements should be proportionate to context (e.g. financial transactions, youth sites, search engines) Audit information should be visible only to auditors and only as required – not weaken overall Internet security and privacy

Clarify how identifiers relate to minimal disclosure: Wrong: Generally, identifiers, and/or attributes will uniquely characterise an entity within a particular context. Right: Identity: A representation of an entity in the form of one or more attributes that allow the entity or entities to be sufficiently distinguished within a context.

Kim Cameron Cloud directory++ that Synchronizes with and synergizes with enterprise directory Shares a logical schema with enterprise and device directories Is multi-tenant Is secure (more than lip service!) Is based on “Privacy By Design” Privacy of individuals Privacy of enterprises Supports “hybrid applications” E.g. Sharepoint Shares and supports common policy system

Directory Service Synchronization Organization Data Models Organization Data Models Service Management Service Management Authentication, Claims Transformation Multi-tenant, Extensible, Secure Identity Store OpenID SAML WS-Fed OAuth LDAP PE Filter xForm WS-Trust

Kim Cameron Identity Fabric (Look at Windows Azure ACS V2) Loosely coupled approach built on interoperable protocols and claims-based architecture Integrated authentication and authorization spanning Servers, cloud hosting environments, private clouds, extranets, and clients Authorization that enables coordinated, cross-system policies Seamless Experiences Borderless collaboration – BYOI SSO, integrated connectivity Deep integration applications Integrated device management, group policy Core Identity Fabric

Kim Cameron Developer Ecosystem Standards-based protocols for integration Great developer assets - Visual Studio and Marketplace integration Integrated Management Common management on-premises and in the cloud Common experience across directories, applications and services Enhanced self-service Core Identity Fabric