Presentation is loading. Please wait.

Presentation is loading. Please wait.

All Contents © 2008 Burton Group. All rights reserved. Current State of Federated Identity OASIS Open Standards Forum 2008 Friday, 3 October 2008 Gerry.

Published byMyrtle Floyd Modified over 9 years ago

Similar presentations

Presentation on theme: "All Contents © 2008 Burton Group. All rights reserved. Current State of Federated Identity OASIS Open Standards Forum 2008 Friday, 3 October 2008 Gerry."— Presentation transcript:

1 All Contents © 2008 Burton Group. All rights reserved. Current State of Federated Identity OASIS Open Standards Forum 2008 Friday, 3 October 2008 Gerry Gebel VP & Service Director – IdPS– ggebel@burtongroup.com www.burtongroup.com

2 A Few Points to Ponder State of federation is strong – but the game is changing Business models are driving up demand for federation technology – and forcing still other changes Federation and SSO services – an emerging trend to watch 2

3 After this presentation, you will… … stop federating Because business people don’t know what you are talking about 3 … realize that protocols do not equal a business process You need services and capabilities, in addition to protocols and technologies … discover that the Internet doesn’t need an identity layer Rather, it needs a relationship layer!

4 Business Trends Drive IT Trends Same as it ever was Global economy, cost-effective communications driving fundamental change to the business environment The more global things get, the more pressure to decompose big orgs Need to integrate business process across many boundaries Must interoperate, connect with security and low friction 4

5 Business Trends Drive IT Trends What a difference a year (and a financial crisis) makes Do more with less, or do less with less Plate tectonics: Business transformation, IT transformation collide SaaS gaining favor... the times they are a-changing Outsource, offshore, buy it as a service 5

6 Current Technologies and Methodologies The Expanding Identity Universe Dynamics are driving requirements where CIOs have no control 6 Scale Control Focus Small Large Massive Centralized Distributed BusinessIndividual SMB, SaaS Consumers, Social Networks Deperimeterization Outsourcing Compliance Privacy The CIO and the budget

7 Where does federation fit in here? 7

8 8 Federation and Distributed Control

9 Examine the Problem SSO: internal applications 9 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners

10 Examine the Problem SSO: hosted applications 10 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners WAM/Federation ? ?

11 Examine the Problem SSO: external users 11 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Contractors Partners AD/Kerberos?

12 Examine the Problem SSO: external users 12 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Contractors Partners Federation?

13 Examine the Problem SSO: employee off site 13 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners AD/Kerberos?

14 Examine the Problem SSO: employee off site, hosted applications 14 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners Federation?

15 Examine the Problem SSO: new options 15 Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners Federation service

16 Examine the Problem Why don’t we have SSO? Architecture limitations don’t accommodate new application types: Software as a Service Product and technology selection process failure Used RFP checklist instead of usage scenario analysis Vendor implementations limit your options Kerberos exhibits its weakness when external users are involved Microsoft Office products do not handle HTTP redirects New products or technologies may be required Hosted SSO/federation service is one possibility New approaches may be required Identity intermediaries can limit inherent friction 16

17 17 Enterprise AD forest LDAP directory services XML gateways Federation servers WAM servers Applications App servers Applications Partner sites ESSO SSL VPN Bulk feed Examine the Problem Maybe it is time to look at the business problem, instead of the technology possibilities

18 Too Much Science, Not Enough Art 18 The “science project”: connectivity is rarely straightforward Enterprise AD forest SAML assertion SAML-enabled proxy Federation product ADFS agent SharePoint 2003 Web SSO token LDAP directory ADFS Collaborator SID Attribute and group memberships 1 2 3 4 5 6 7 9 8 10 Mapping info and claims WS-Federation Web SSO server Home authentication

19 19 Growth Rates for Federation Has anyone spotted the elephant in the federation room? All right, but what if deployment rate increases? Assume enterprises can deploy 500 connections per year One customer has 34,000 point-of-sale operations And that’s just for SSO No authorization Not hub-to-hub "How long has THAT been there?" > 1,000 connections @ 24 connections / year = 42 years!! = 68 years!!

20 20 The Aesthetics of Ubiquity Your technology might be mediocre if: Adding a connection requires a project manager Adding a connection requires lab time Each connection requires a custom contract You have to coordinate your deployment with others The solution only works for the latest-and-greatest infrastructure Upgrading a server has ripple effects from end-to-end It seems reasonable to measure “connections per year”

21 21 What about that glass ceiling?

22 Interoperability 22 What if there was a similar program for XACML? Just asking…

23 Products BMC CA Entrust Evidian IBM Microsoft Novell Oracle Ping Identity RSA Siemens Sun Symlabs Edge Federation Cisco Forum Sys IBM Layer 7 Vordel Fed Services Covisint FuGen Solutions Symplified TriCipher EduServ Federation Marketplace

24 Open Source Options 24

25 Working on that scalability problem… 25

26 Expanding Federations 26

27 Federating Federations 27

28 SaaS Federations 28

29 SSO+ as a Service 29

30 Identity Aggregators 30  Single point of integration for all Nordic e-ID systems  Expanding into other regions…

31 Looking Ahead What is the impact of: User centric identity approaches Of course, this is in name only User centric becomes a reality when business models support it OpenID First party identity systems are not very interesting from a business perspective… Information Cards Unlike OpenID, info cards have a real security model But the market is not responding OSIS, Information Card Foundation, Identity Commons, Higgins, Identity Metasystem Interop TC, etc Can someone please explain this to me? 31

32 In Review State of federation is strong – but the game is changing Business models are driving up demand for federation technology – and forcing still other changes Federation and SSO services – an emerging trend to watch 32

33 33 Current State of Federated Identity References Burton Group’s Identity and Privacy Strategies In Search of the Internet Identity System: Contrasting the Federation Approaches of SAML, WS-SX, and OpenID Federation’s Future in the Balance: Teetering Between Ubiquity and Mediocrity Business and Legal issues in Federations A Relationship Layer for the Web… and Enterprises, Too

34 34 Current State of Federation Technology References Burton Group’s Identity and Privacy Strategies In Search of the Internet Identity System: Contrasting the Federation Approaches of SAML, WS-SX, and OpenID Federation’s Future in the Balance: Teetering Between Ubiquity and Mediocrity Business and Legal issues in Federations Information Card Landscape A Relationship Layer for the Web… And Enterprises, Too

Download ppt "All Contents © 2008 Burton Group. All rights reserved. Current State of Federated Identity OASIS Open Standards Forum 2008 Friday, 3 October 2008 Gerry."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Ray Ozzie Chief Software Architect. Applications and Solutions Cloud Infrastructure Services Live Platform Services Global Foundation Services Services.

Ray Ozzie Chief Software Architect. Applications and Solutions Cloud Infrastructure Services Live Platform Services Global Foundation Services Services.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
All Contents © 2003 Burton Group. All rights reserved. Identity Management Market Update Prepared for Cal State Universities Mike Neuenschwander senior.

All Contents © 2003 Burton Group. All rights reserved. Identity Management Market Update Prepared for Cal State Universities Mike Neuenschwander senior.
Kim Cameron Integration Imperative Cloud Computing Compliance++ Compliance++ Mergers, Supply Chain, Outsourcing, Partnering, Globalization, …

Kim Cameron Integration Imperative Cloud Computing Compliance++ Compliance++ Mergers, Supply Chain, Outsourcing, Partnering, Globalization, …
DRAGOLJUB NESIC 08/12/2013 DOES IDENTITY MANAGENT REALLY HAVE TO BE DIFFICULT?

DRAGOLJUB NESIC 08/12/2013 DOES IDENTITY MANAGENT REALLY HAVE TO BE DIFFICULT?
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Kantara: From IRM to Context. The World of Access Keeps Expanding App sourcing and hosting User populations App access channels SasS apps Apps in public.

Kantara: From IRM to Context. The World of Access Keeps Expanding App sourcing and hosting User populations App access channels SasS apps Apps in public.
Eric Raff. Usergroup up

Eric Raff. Usergroup up
Securing Insecure Prabath Siriwardena, WSO2 Twitter

Securing Insecure Prabath Siriwardena, WSO2 Twitter
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number 09-017 Norman F. Brickman, Roger.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
Understanding Active Directory

Understanding Active Directory
Sharepoint 2007  An integrated suite of server capabilities can help improve organizational effectiveness by providing various processes.  Provides.

Sharepoint 2007  An integrated suite of server capabilities can help improve organizational effectiveness by providing various processes.  Provides.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Similar presentations

Ads by Google