Identity Centric Architecture
Aligning SOA with NGN

Rakesh Radhakrishnan
August 29, 2007
Liberty Alliance Webcast Series
...
Agenda Topics
•   Identity enabled Sensor Networks
•   Identity enabled Programmable Networks
•   Identity enabled WiMAX &...
9 Pain Points (Mobility with Security)

- 9 Pain Points to addresses Mobility for SOA
      – Seamless Integration of diff...
9 Step Process (Mobility with Security)

-   Step 1: Reputation
-   Step 2: Rigid Authentication
-   Step 3: Random number...
• Reputation &
                        Rigid AuthN
                            AuthN
                          Confident-
...
Vertical Integration                           User & Device Centric IDS
                                                 ...
Identity enabled Sensor Networks




                           Sun Microsystems, Inc.
                          Proprieta...
Identity enabled Sensor Networks

  •   Connecting Business at the edge
  •   Solution for Warehouse Management
  •   Solu...
Identity enabled Programmable Networks




                          Sun Microsystems, Inc.
                         Propr...
Identity enabled Programmable Networks
   •   Programmable Active Grid Networks
   •   Virtualized Systems & Resources
   ...
Identity enabled Wireless Networks
(Wifi/Wimax/4G)




                           Sun Microsystems, Inc.
                 ...
Identity enabled Wireless Networks
(Wifi/Wimax)

  • Integrated Wifi Access Controllers
  • Integrated with WiMAX base sta...
Identity enabled IMS Networks/Network
Services




                          Sun Microsystems, Inc.
                      ...
Identity enabled IMS Networks/Network
Services
 •   Loose Integration with HSS
 •   HSS could potentially extent to WiMax/...
Identity enabled Enterprise Networks
(NAC)




                           Sun Microsystems, Inc.
                         ...
Identity enabled Enterprise Networks
 (NAC)
• Industry Support (CTO) Sean Convery, Identity Engines, Paul
  Sangster, Syma...
Identity enabled NG IN Services




                           Sun Microsystems, Inc.
                          Proprietar...
Identity enabled NG IN Services

•   SLEE Container Integration
•   SBB lookups
•   JEE Container Integration
•   Common S...
Identity enabled OAM&P Services




                          Sun Microsystems, Inc.
                         Proprietary ...
Identity enabled OAM&P Services

 •   OSS/J Services run on JEE Containers
 •   Additional Modules -PAM
 •   Federation
 •...
Identity enabled ESB Services




                           Sun Microsystems, Inc.
                          Proprietary ...
Identity enabled ESB Services

  •   Linking Service Registries
  •   Federation for Choreography
  •   QOS Policies
  •  ...
Identity enabled DRM Services




                           Sun Microsystems, Inc.
                          Proprietary ...
Identity enabled DRM Services
   •   Inter-operable user centric DRM leverages an IDP
   •   Federation for DRM
   •   Con...
Identity enabled ILM Services




                           Sun Microsystems, Inc.
                          Proprietary ...
Identity enabled ILM Services
   •   Harnessing Data Sprawl
   •   Common Anchor of Intelligence (Identity)
   •   Tighter...
Identity enabled UC ID Services




                           Sun Microsystems, Inc.
                          Proprietar...
Identity enabled UC ID Services
• In the Identity 2.0 space
• SXIP, DIX, LID, OpenID, OpenSSO, I-names and more
• user cen...
Vertical Integration of ID Services and
Systems




                                 Sun Microsystems, Inc.
              ...
Vertical Integration
   •   Device Centric IDS
   •   User Centric IDS
   •   Access Network Centric IDS
   •   Control Ne...
Vertical Integration
  • Profile Services
     • About users (profile and reputation)
     • About Services (profile and b...
Vertical Integration via Standards
   •   TS69
   •   XRI/XDI
   •   GUP/ENUM
   •   iName/iNumber
   •   SAML, XACML
   •...
Vertical Integration via Meta Layer
•   Morpghing into a Multi-M (media/modal/protocol) Meta System
    -   Actividentity ...
Vertical Integration                          User & Device Centric IDS
                                                  ...
Vertical Integration Target State




                                                                 2008

             ...
Vertical Integration Target State
 To achieve this target state (as depicted in the picture above) an
 Identity System (wi...
Project Liberty Slides – Business Problem -
Structural Changes in the Industry




                               Sun Micr...
Project Liberty Slides – Business Problem -
Trust, QOE and Secure




                               Sun Microsystems, Inc...
Project Liberty Slides – Business Problem -
enabler the Business of Government and Enterprise




                        ...
Project Liberty Slides – Business Problem -
Who is Who? What is What? Who gets access to
What?




                       ...
Project Liberty Slides – Business Problem -
Aligning with Inter-oprable Standards




                               Sun M...
Project Liberty Slides – Business Problem -
Secure delivery of Content (IPTV, Games, etc.)




                           ...
Project Liberty Slides – Business Problem -
Revenue Flow (access and usage)




                               Sun Microsy...
Project Liberty Slides – Business Problem -
Lack of a Cohesive Contrl Layer




                               Sun Microsy...
Project Liberty Slides – Business Problem -
Seperation of Concerns




                               Sun Microsystems, In...
Project Liberty Slides




                          Sun Microsystems, Inc.
                         Proprietary & Confide...
Project Liberty Slides – Business Problem -
Convergence




                               Sun Microsystems, Inc.
        ...
Project Liberty Slides – Business Problem -
Leverage Voice as an Application




                               Sun Micros...
Project Liberty Slides – Business Problem -
Privacy and Policies




                               Sun Microsystems, Inc....
Close




                      Sun Microsystems, Inc.
                     Proprietary & Confidential
                   ...
Upcoming SlideShare
Loading in …5
×

Identity Centric Architecture Aligning SOA with NGN

1,211 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,211
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Identity Centric Architecture Aligning SOA with NGN

  1. 1. Identity Centric Architecture Aligning SOA with NGN Rakesh Radhakrishnan August 29, 2007 Liberty Alliance Webcast Series http://identity-centric-architecture.blogspot.com/ Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 1 Sun Microsystems, Inc. Proprietary & Confidential
  2. 2. Agenda Topics • Identity enabled Sensor Networks • Identity enabled Programmable Networks • Identity enabled WiMAX & Wifi Networks • Identity enabled IMS Network and Network Services • Identity enabled Enterprise Networks (NAC) • Identity enabled IN Services • Identity enabled OAM&P Services (IPSF/ITSM) • Identity enabled Web Services • Identity enabled ESB Services • Identity enabled DRM Services • Identity enabled ILM • Identity enabled User Centric Microsystems, Inc. Sun Services Proprietary & Confidential Internal Use ONLY 2 Sun Microsystems, Inc. Proprietary & Confidential
  3. 3. 9 Pain Points (Mobility with Security) - 9 Pain Points to addresses Mobility for SOA – Seamless Integration of different Access Networks – Secure and Controlled integration of external SP – Integrated registration and customer service support – Common view of the static and dynamic data of the customer – Access control and content filtering – Flexible and convergent charging – Integrated environment for VAS development and management – Integrated environment for multi-device support – Management of internal and external content and DRM policy support Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 3 Sun Microsystems, Inc. Proprietary & Confidential
  4. 4. 9 Step Process (Mobility with Security) - Step 1: Reputation - Step 2: Rigid Authentication - Step 3: Random numbers/token generation - Step 4: Roles - Roles based Access Control (RBAC) - Step 5: Rules - Step 6: Resources - Step 7: Relationship - Step 8: Regulation - Step 9: Real-time Observe-ability Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 4 Sun Microsystems, Inc. Proprietary & Confidential
  5. 5. • Reputation & Rigid AuthN AuthN Confident- iality • Relationship. Integrity • Random No= Regulation and RT Token Trust Identity Distributed Relationships, System Session, Auditing and AuthN RT visual Session, • Roles, Rules and restrictions Resources Includes fine grain rights mgmt, aligned AuthZ Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 5 Sun Microsystems, Inc. Proprietary & Confidential
  6. 6. Vertical Integration User & Device Centric IDS User ID & Profile Device ID & Profile User & Device specific Policies Access & Sensor Network IDS AM Agents for Wifi, WiMAX, BPL, Cable head end, xDSL, RFID/EPC & more Core & Federated Network IDS FM integration with OAM, NG IN, HSS, HLR, NAC, FW & more Content & Service Centric IDS Integration with Service Registry Repository, ESB, DRM, Service specific Policies, & more. Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 6 Sun Microsystems, Inc. Proprietary & Confidential
  7. 7. Identity enabled Sensor Networks Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 7 Sun Microsystems, Inc. Proprietary & Confidential
  8. 8. Identity enabled Sensor Networks • Connecting Business at the edge • Solution for Warehouse Management • Solution for Physical Asset Tracking • Solution for Drug authentication • Solution for Transportation and Distribution • Solution for Retail Sales • Logical and Physical Authentication • Logical and Physical Authorization & Access Control • Sizzle and ECC enabled Containers • Correlating RFID with product profiles • Product Authentication Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 8 Sun Microsystems, Inc. Proprietary & Confidential
  9. 9. Identity enabled Programmable Networks Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 9 Sun Microsystems, Inc. Proprietary & Confidential
  10. 10. Identity enabled Programmable Networks • Programmable Active Grid Networks • Virtualized Systems & Resources • Provision-able Services & Software • Provisionally Compute, bandwidth and storage resource • System Service Container • Utility Model • Trusted Network Computing (TCG standard) • Encryption to devices (compute and storage) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 10 Sun Microsystems, Inc. Proprietary & Confidential
  11. 11. Identity enabled Wireless Networks (Wifi/Wimax/4G) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 11 Sun Microsystems, Inc. Proprietary & Confidential
  12. 12. Identity enabled Wireless Networks (Wifi/Wimax) • Integrated Wifi Access Controllers • Integrated with WiMAX base stations • Access Manager's support for RADIUS • AAA Services (replaced with ID/NAC) • One IDP for 20 WiMAX base stations that is part of a Mesh (or a Wifi Mesh) • Applicable to BPL as well (broadband over power line • Connectivity after Authentication (Boingo) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 12 Sun Microsystems, Inc. Proprietary & Confidential
  13. 13. Identity enabled IMS Networks/Network Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 13 Sun Microsystems, Inc. Proprietary & Confidential
  14. 14. Identity enabled IMS Networks/Network Services • Loose Integration with HSS • HSS could potentially extent to WiMax/4G • Broad NEP Support • Federation and SSO • Integrated Provisioning, SEM and Auditing • ID enabled IMS Services (location, presence, etc.) • Integrated with Telecom SOA & Web Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 14 Sun Microsystems, Inc. Proprietary & Confidential
  15. 15. Identity enabled Enterprise Networks (NAC) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 15 Sun Microsystems, Inc. Proprietary & Confidential
  16. 16. Identity enabled Enterprise Networks (NAC) • Industry Support (CTO) Sean Convery, Identity Engines, Paul Sangster, Symantec, Sanjay Uppal, Caymas Systems, Robin Matherus, Oracle & Jeff Prince, ConSentry Networks • Weave together the application and network layers of corporate networks • Trusted Network Technologies • Machine AC and User AC • NAP and NAC (access protection and admission control) • Pre-admission to the network (patch levels, anti-virus and spyware detection) • Replaces RADIUS and AAA Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 16 Sun Microsystems, Inc. Proprietary & Confidential
  17. 17. Identity enabled NG IN Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 17 Sun Microsystems, Inc. Proprietary & Confidential
  18. 18. Identity enabled NG IN Services • SLEE Container Integration • SBB lookups • JEE Container Integration • Common Security Framework • NG IN Services are device and network agnostic • Device Identities as well (TS 69) • Integrated IN Services (3G, wireline, IP, etc.) • Location, Presence, etc., are NG IN Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 18 Sun Microsystems, Inc. Proprietary & Confidential
  19. 19. Identity enabled OAM&P Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 19 Sun Microsystems, Inc. Proprietary & Confidential
  20. 20. Identity enabled OAM&P Services • OSS/J Services run on JEE Containers • Additional Modules -PAM • Federation • Session Centric Policies • Manage the Control Plane and the Service Plane • Adopted by NEP's • Integrates with RADIUS, Tacacs, AAA, etc. • Usefull for Outsourcing Models (OAM outsourcing) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 20 Sun Microsystems, Inc. Proprietary & Confidential
  21. 21. Identity enabled ESB Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 21 Sun Microsystems, Inc. Proprietary & Confidential
  22. 22. Identity enabled ESB Services • Linking Service Registries • Federation for Choreography • QOS Policies • Authentication Levels • Secure Service Broker-ing • JSR 196 Support • Aligning Identity life-cycle with Service lifecycle • Service Orchestration Aligning with Policy Execution Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 22 Sun Microsystems, Inc. Proprietary & Confidential
  23. 23. Identity enabled DRM Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 23 Sun Microsystems, Inc. Proprietary & Confidential
  24. 24. Identity enabled DRM Services • Inter-operable user centric DRM leverages an IDP • Federation for DRM • Content to Service agnostic • Device and Access Network agnostic • Important for IPTV and VOD services • Disintermediation • Adoption by AT&T (SBC) in the US • Proposed at ATIS • Potential for leveraging XACML 3.x Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 24 Sun Microsystems, Inc. Proprietary & Confidential
  25. 25. Identity enabled ILM Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 25 Sun Microsystems, Inc. Proprietary & Confidential
  26. 26. Identity enabled ILM Services • Harnessing Data Sprawl • Common Anchor of Intelligence (Identity) • Tighter Control makes information accessible • Identity Aware Data • Foundation for ID enabled SOA • Meta Layer – OMG's MDA Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 26 Sun Microsystems, Inc. Proprietary & Confidential
  27. 27. Identity enabled UC ID Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 27 Sun Microsystems, Inc. Proprietary & Confidential
  28. 28. Identity enabled UC ID Services • In the Identity 2.0 space • SXIP, DIX, LID, OpenID, OpenSSO, I-names and more • user centric, • XRI/XDI or URI based, • Distributed identity system for the developer community. • Industry specific identity initiatives as well - such as E-NUM for Telco, E-HR for Healthcare, and more that uses unique identifiers and industry specific profile (identity schema) • Identity discovery services such as YADIS • Ruby in Rails on Web Containers for OpenID • OpenID as a SAML assertion Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 28 Sun Microsystems, Inc. Proprietary & Confidential
  29. 29. Vertical Integration of ID Services and Systems Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 29 Sun Microsystems, Inc. Proprietary & Confidential
  30. 30. Vertical Integration • Device Centric IDS • User Centric IDS • Access Network Centric IDS • Control Network Centric IDS • Enterprise Network Centric IDS (NAC, etc,) • Service Centric IDS • Information/Data Centric IDS • Content Centric IDS (DRM) • And more. Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 30 Sun Microsystems, Inc. Proprietary & Confidential
  31. 31. Vertical Integration • Profile Services • About users (profile and reputation) • About Services (profile and behaviours) • About Devices (profile and context) • About content (profile and drm) • About data (meta-data and ilm) •This intelligence actually need not be SILO'd, it can be integrated through; -consolidation (virtual mapping), -federation (linking), -correlation (linking based on policies), -aggregation (using it as a core reusable SBB/IDSP within an EA), and, Sun Microsystems, Inc. -trailing (indexing), xri, etc. Internal Use ONLY& Confidential Proprietary & Confidential Sun Microsystems, Inc. Proprietary 31
  32. 32. Vertical Integration via Standards • TS69 • XRI/XDI • GUP/ENUM • iName/iNumber • SAML, XACML • Federation (liberty) • Trusted Network Computing • OSE • DevID • PubID/ConID • RFID/EP • IPSF and ITSM (for QOSSun Microsystems, Inc. and SLA) • ITU-FG and LibertyMicrosystems, Inc. Proprietary & Confidential Sun Concordia & Confidential Proprietary Internal Use ONLY 32
  33. 33. Vertical Integration via Meta Layer • Morpghing into a Multi-M (media/modal/protocol) Meta System - Actividentity for integrating logical and physical asset security with the Identity System. - Approva for integrating, streamlining and automating compliant provisioning processes with the Identity System. - Bridgestream for integrating roles management solution with the Identity System. - Bonsai Networks for integrating Wifi (& Wimax) Service Managers with the Identity System. - Consul for integrating privileged user monitoring and auditing with the Identity System. - Leapstone for integrating Service Brokering and Subscriber information with the Identity System. - Locationnet platform for GIS engine and location application engine integration with the Identity System. - Lucents VOIP platform integration with Identity (& Directory) System. - Mobicents SLEE and other SLEE platforms integration for policies, profiles, etc., with the Identity System. - Passlogix for integrating simplified enterprise & desktop SSO (non web applications) with the Identity System. - Pronto Networks for integrating wireless SDP (service delivery platform) with the Identity System. - Vaau for integrating role engineering, identity auditing and identity certification with the Identity System. - Verimatrix for integrating with OMC DRM via disintermediation (d15n- implied) with the Identity System. - Virsa for integrating continuous compliance and real time insights with the Identity System. - Nominum for Secure Sharing and Managing ENUM profile (iName and iNumber as well) - Layer 7 for integrating with XML firewall – security co-processing with ESB - IDE NetBeans for integrating with a development Microsystems, Inc. Sun tool Proprietary & Confidential 33 - Appium for Profile sharing Internal Use ONLY Sun Microsystems, Inc. Proprietary & Confidential
  34. 34. Vertical Integration User & Device Centric IDS User ID & Profile Device ID & Profile User & Device specific Policies Access & Sensor Network IDS AM Agents for Wifi, WiMAX, BPL, Cable head end, xDSL, RFID/EPC & more Core & Federated Network IDS FM integration with OAM, NG IN, HSS, HLR, NAC, FW & more Content & Service Centric IDS Integration with Service Registry Repository, ESB, DRM, Service specific Policies, & more. Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 34 Sun Microsystems, Inc. Proprietary & Confidential
  35. 35. Vertical Integration Target State 2008 Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 35 Sun Microsystems, Inc. Proprietary & Confidential
  36. 36. Vertical Integration Target State To achieve this target state (as depicted in the picture above) an Identity System (with a the 5 integration models) has to be integrated: ● with the User (the "me") : User Centric Identity Systems (URI/XRI based, extensive profile, preferences and policies -defined by the user); ● with the Access Devices (such as TS69/OMA): Device Centric Identity Systems (for device profile, machine authentication, virus checks, client side fire wall updates, sensory devices, etc.)., ● with the Access Networks (for context, QOS capabilities of access networks, session traversals, mobility, etc.)., ● with the Core Network (for controlled invocation, federation, secure choreography, OAM&P, NG IN, Single Sign-off, auditing, etc.)., ● with the Service Networks (for NAC, RBAC, Service orchestration, ESB, programmable network elements, service profile, context, etc.)., ● and the Content Networks (for disintermediation of DRM, entitlement, content protection, content profile, content context, etc.). Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 36 Sun Microsystems, Inc. Proprietary & Confidential
  37. 37. Project Liberty Slides – Business Problem - Structural Changes in the Industry Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 37 Sun Microsystems, Inc. Proprietary & Confidential
  38. 38. Project Liberty Slides – Business Problem - Trust, QOE and Secure Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 38 Sun Microsystems, Inc. Proprietary & Confidential
  39. 39. Project Liberty Slides – Business Problem - enabler the Business of Government and Enterprise Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 39 Sun Microsystems, Inc. Proprietary & Confidential
  40. 40. Project Liberty Slides – Business Problem - Who is Who? What is What? Who gets access to What? Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 40 Sun Microsystems, Inc. Proprietary & Confidential
  41. 41. Project Liberty Slides – Business Problem - Aligning with Inter-oprable Standards Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 41 Sun Microsystems, Inc. Proprietary & Confidential
  42. 42. Project Liberty Slides – Business Problem - Secure delivery of Content (IPTV, Games, etc.) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 42 Sun Microsystems, Inc. Proprietary & Confidential
  43. 43. Project Liberty Slides – Business Problem - Revenue Flow (access and usage) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 43 Sun Microsystems, Inc. Proprietary & Confidential
  44. 44. Project Liberty Slides – Business Problem - Lack of a Cohesive Contrl Layer Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 44 Sun Microsystems, Inc. Proprietary & Confidential
  45. 45. Project Liberty Slides – Business Problem - Seperation of Concerns Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 45 Sun Microsystems, Inc. Proprietary & Confidential
  46. 46. Project Liberty Slides Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 46 Sun Microsystems, Inc. Proprietary & Confidential
  47. 47. Project Liberty Slides – Business Problem - Convergence Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 47 Sun Microsystems, Inc. Proprietary & Confidential
  48. 48. Project Liberty Slides – Business Problem - Leverage Voice as an Application Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 48 Sun Microsystems, Inc. Proprietary & Confidential
  49. 49. Project Liberty Slides – Business Problem - Privacy and Policies Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 49 Sun Microsystems, Inc. Proprietary & Confidential
  50. 50. Close Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 50 Sun Microsystems, Inc. Proprietary & Confidential

×