Your SlideShare is downloading. ×
0
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?

270

Published on

Nishant Kaushik, Chief Architect, Identropy …

Nishant Kaushik, Chief Architect, Identropy
Stress and nervous tension are now serious social problems in all parts of the Galaxy, and it is in order that this situation should not be in any way exacerbated that I will reveal in advance that the answer is No. But Identity is the New Perimeter and the Great Enabler of Next. Establishing that big bold idea, this session will lay out what we mean by Identity, and how attributes, relationships, identifiers, entitlements and the notion of Context fit into the ever-expanding branches of identity management like lifecycle management, provisioning, verification, compliance and federation.

Published in: Technology, Spiritual
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
270
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Is  Iden'ty  the  Answer  to  the  Great  Ques'on   of  Life,  the  Universe,  and  Everything?   Nishant  Kaushik  /  Chief  Architect   @NishantK  
  • 2. Is  Iden'ty  the  Answer  to  the  Great  Ques'on   of  Life,  the  Universe,  and  Everything?   Nishant  Kaushik  /  Chief  Architect   @NishantK  
  • 3. In  the  beginning  the  Universe   was  created.       This  has  made  a  lot  of  people   very  angry  and  has  been   widely  regarded  as  a  bad   move.  
  • 4. In  the  beginning  the  Internet   was  created   without  an  Iden'ty  layer.     This  has  made  a  lot  of  people   very  angry  and  has  been   widely  regarded  as  a  bad   move.  
  • 5. So,  What  is  Iden'ty?  
  • 6. Iden'ty  =  Context   Trust   Transparency   Convenience   Security   Privacy   Community  
  • 7. Interac've  Subjec'vity  Frameworks   “Just  as  Einstein  observed   that  space  was  not  an   absolute  but  depended  on   the  observer’s  movement  in   space,  and  that  'me  was   not  an  absolute,  but   depended  on  the  observer’s   movement  in  'me,  so  it  is   now  realized  that  numbers   are  not  absolute,  but   depend  on  the  observer’s   movement  in  restaurants.”  
  • 8. PuUng  Context  in  Context   Simplest  
  • 9. PuUng  Context  in  Context   Simple  
  • 10. PuUng  Context  in  Context   Complex  
  • 11. PuUng  Context  in  Context   Most  Complex  
  • 12. Let’s  Not  Forget   I  ache,  therefore  I  am.  
  • 13. Context  In  Ac'on:  Hiring  Amy,  Part  1   Recrui'ng  App   Social  Login   Authen'ca'on   Service   Iden'ty   Verifica'on  Service   Iden'ty  Store   Service  
  • 14. Context  In  Ac'on:  Hiring  Amy,  Part  2   Recrui'ng  App   Social  Login   Authen'ca'on   Service   A^ribute  Exchange   Service   Iden'ty  Store   Service   Authorize  Data   Release   A^ribute  Authority  
  • 15. Context  in  Ac'on:  A  Day  in  the  Life  of  Amy   Company  Portal   Social  Login   Authen'ca'on   Service   Iden'ty  Store   Service   Launch  box.net   Passive  Step-­‐up  Authen<ca<on   JIT  Provisioning  &   Federated  AuthN   A^ribute  Exchange   Service  
  • 16. Context  in  Ac'on:  A  Day  in  the  Life  of  Amy  (Alt.)   Iden'ty  Store   Service   Logs  in  with   personal  account,   then  requests   access  to  company   site   Iden'ty  Hub   Service   Authen'ca'on   Service   Step-­‐up  Authen<ca<on  via   Iden<ty  Verifica<on   Register  for  Iden<ty  Event   No<fica<ons  via     Graph  API  
  • 17. Context  in  Ac'on:  Amy  Unleashed   Recommenda'on   Service   Walks  into  retail  store  and  uses   their  Recommenda<on  Service.     Directs  service  to  the   Iden<ty  Oracle  using  her  mobile   Various   Authorita've   Sources     Iden'ty  Oracle   Service   Requests  access  to  personaliza<on   data.  User  policy  enforced  via  UMA   Log  out  &   Dispose  
  • 18. So,  What  is  Iden'ty,  Really?  
  • 19. (De)Construc'ng  Iden'ty   A^ribute:  A  property  of  a  subject  that  may  have  zero  or   more  values   Hair  Color:  Blond   Age:  31   Name:  Janet  Munroe  Title:  VP,  Engineering   Loca'on:  40.783147,  -­‐73.971277   Mobile:  212-­‐555-­‐2962   Roles:  Github  Admin,  SOX12,   Developer,  …  
  • 20. (De)Construc'ng  Iden'ty   A^ribute  Asser'on:  A  statement  that  conveys   informa'on  about  a^ributes  of  a  subject  
  • 21. (De)Construc'ng  Iden'ty   A^ribute  Authority:  A  system  en'ty  that  produces   a^ribute  asser'ons  
  • 22. (De)Construc'ng  Iden'ty   Claim:  An  a^ribute  asser'on  made  by  one  en'ty  about   another  en'ty  
  • 23. (De)Construc'ng  Iden'ty   Iden'fier:  A  representa'on  mapped  to  a  subject  en'ty   that  uniquely  refers  to  it   589-25-6029 465-05-6873 034-39-7383 945-27-4834 437-52-0358 576-23-2957 085-72-2068
  • 24. Rela'onships  Bring  it  all  Together  
  • 25. So,  What’s  a  Magrathean  to  do?   For  Applica'ons,  it’s  been  a  DIY  world,  baby!  
  • 26. So,  What’s  a  Magrathean  to  do?   For  Applica'ons,  it’s  been  a  DIY  world,  baby!   User  Tables   Roles  &  Policies   Registra'on  Processes   User  Administra'on   Profile  Management   Security  Enforcement  
  • 27. Enterprises  have  a  Problem  on  their  Hands   @NishantK  //  @Identropy  
  • 28. Businesses  have  a  Problem  on  their  Hands  
  • 29. Users  have  a  Problem  on  their  Hands  
  • 30. Enter  Iden'ty  &  Access  Management   “The  History  of  every  major  Galac'c  Civiliza'on  tends   to  pass  through  three  dis'nct  and  recognizable  phases,   those  of  Survival,  Inquiry  and  Sophis'ca'on,  otherwise   known  as  the  How,  Why  and  Where  phases.”    
  • 31. Enter  Iden'ty  &  Access  Management   “The  History  of  every  major  Galac'c  Civiliza'on  tends   to  pass  through  three  dis'nct  and  recognizable  phases,   those  of  Survival,  Inquiry  and  Sophis'ca'on,  otherwise   known  as  the  How,  Why  and  Where  phases.”     The  Goal   • Reduce  security  risks  while  empowering  users   • Ensure  compliance  with  corporate  policies  and  regulatory  requirements   • Drama'cally  reduce  the  cost  of  providing  and  managing  access  to  valuable  corporate  resources   • Increase  produc'vity  and  opera'onal  efficiency   • Enable  IT  to  be  more  responsive  to  evolving  business  requirements  
  • 32. Let’s  Look  at  the  “I”  in  IAM  
  • 33. Iden'ty  Management  as  Coordinator   Iden'ty  Management   Who,  What,  When,   Where,  Why   SaaS  Apps   On-­‐Prem  Apps   Partner  Apps   Authorita've   Sources   Self  and  Administra've   Sources   Social  Iden''es   Business,  Security  &   Compliance  Policies   Other  Assets  
  • 34. Iden'ty  Management  as  Coordinator   Iden'ty  Management   Who,  What,  When,   Where,  Why   SaaS  Apps   On-­‐Prem  Apps   Authorita've   Sources   Self  and  Administra've   Sources   Social  Iden''es   Business,  Security  &   Compliance  Policies   Partner  Apps   Other  Assets  
  • 35. Lifecycle  of  an  Enterprise  Iden'ty   Joiner  →  Mover  →  Leaver  Processes   Registra'on   Termina'on   Access  De-­‐Provisioning   Access  Provisioning   Rou'ne  Updates  Enable/Disable   Compliance   Policies   Business  &   Security  Policies  
  • 36. Iden'ty  Registra'on   “The  Guide  is  defini've.  Reality  is   frequently  inaccurate.”  
  • 37. The  Typical  Employee  On-­‐Boarding   ID  Store   Iden'ty  Provider   Trust   HR  Applica'on   A^ribute  Authority  
  • 38. The  Typical  Contractor  On-­‐Boarding   ID  Store   Iden'ty  Provider   Trust   Contractor  Database/Spreadsheet   A^ribute  Authority  
  • 39. Adding  Automa'on   HR  Applica'on   Trust   A^ribute  Authori'es   Contractor  DB   ID  Store   Iden'ty  Provider   Provisioning  System  
  • 40. Transi'oning  to  an  Online  World   System(s)  of  Record   ID  Store   Iden'ty  Provider   Trust   A^ribute  Authori'es   Provisioning  System   Recrui'ng/Registra'on  App   Self-­‐Asserted  Claims  
  • 41. Iden'ty  Proofing   System  of  Record   ID  Store   Provisioning  System   Recrui'ng/Registra'on  App   Iden'ty  Proofing  Service   A^ribute  Authori'es   Self-­‐Asserted  Claims  
  • 42. Iden'ty  Proofing   ID  Store   User  Registra'on  Portal   Iden'ty  Proofing  Service   A^ribute  Authori'es   Self-­‐Asserted  Claims  
  • 43. Social  Iden'ty  Proofing   ID  Store   User  Registra'on  Portal   Iden'ty  Proofing  Service   Risk  Score  
  • 44. Access  Provisioning  &  De-­‐Provisioning   “To  summarize  the  summary  of  the   summary:  people  are  a  problem.”  
  • 45. Access  Provisioning  is…   …the  crea'on,  maintenance  and  deac'va'on  of  user   objects  and  user  a^ributes,  as  they  exist  in  one  or  more   systems,  directories  or  applica'ons,  in  response  to   automated  or  interac've  business  processes       Source:  h^p://en.wikipedia.org/wiki/Provisioning#User_provisioning    
  • 46. Access  Provisioning  is…   …the  crea'on,  maintenance  and  deac'va'on  of  user   objects  and  user  a^ributes,  as  they  exist  in  one  or  more   systems,  directories  or  applica'ons,  in  response  to   automated  or  interac've  business  processes       This  Covers   • Crea'ng  and  Dele'ng  User  Accounts   • Upda'ng  their  A^ributes   • Assigning  and  Removing  Privileges   • Password  Management  (Change,  Reset,  Sync,  Recovery)   Source:  h^p://en.wikipedia.org/wiki/Provisioning#User_provisioning    
  • 47. The  Basic  Manual  Approach   Employee/Contractor   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   HR  Manager   Applica'on  Admins/Helpdesk   APPROVED Access  Request   Form   Ops  Team  
  • 48. Marvin  the  Paranoid  Android  Says…   We’re  talking  about  lost  produc'vity  and  error  prone   processes.  Your  IT  staff  is  burdened  with  tasks  well   below  their  levels.  Don’t  even  begin  to  ask  me  about   handling  updates  and  moves,  what  with  the  lack  of   tracking  and  clarity  on  policies  or  processes.       And  if  someone  leaves?  I  could  tell  you  all  the  access   you  need  to  cancel  or  delete  since  you  clearly  won’t   know.  But  why  bother?  What’s  the  point,  really?    
  • 49. Tradi'onal  Provisioning  Architecture   Employee/Contractor   IT  Admins/  Developers   Consultants   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)  
  • 50. Marvin  the  Paranoid  Android  Says…   The  first  ten  million  enhancements  are  the  worst,  and   the  second  ten  million  enhancements,  they  were  the   worst  too.  The  third  ten  million  I  didn’t  enjoy  at  all.   Axer  that  I  went  into  a  bit  of  a  decline.     It’s  the  armies  of  developers  and  consultants  you   need  to  hire  in  this  job  that  really  get  you  down.  
  • 51. The  Compliance  Problem   Employee/Contractor   IT  Admins/  Developers   Consultants   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
  • 52. Marvin  the  Paranoid  Android  Says…   My  capacity  for  happiness  at  the  prospect  of…     …gathering  all  that  data  from  different  applica'ons,   running  axer  and  nagging  all  my  applica'on   administrators  and  business  owners  to  get  them  to   help  me,  then  trying  to  put  it  into  spreadsheets  that   my  managers  can  actually  use  without  rubber   stamping  them  or  wan'ng  to  throw  their  computers   down  an  elevator  shax…     …you  could  fit  into  a  matchbox  without  taking  out  the   matches  first.  
  • 53. The  Birth  of  a  New  Solu'on  Category   Employee/Contractor   IT  Admins/  Developers   Consultants   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on   Applica'on   Recer'fica'on  
  • 54. Marvin  the  Paranoid  Android  Says…   I  suppose  you  want  me  to  configure,  manage  and   maintain  two  of  these  beasts?     I’m  not  going  to  enjoy  this.  
  • 55. The  Cloud  Problem  Cometh   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on   Admins/Helpdesk   Business  Users   Manual   Fulfillment  
  • 56. Marvin  the  Paranoid  Android  Says…   You  think  you’ve  got  problems?  What  are  you   supposed  to  do  if  you  are  a  manically  depressed   robot?  
  • 57. When  SaaS  A^acks  (the  Enterprise  Market)   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   AD   Directory   Synchroniza<on  
  • 58. Marvin  the  Paranoid  Android  Says…   You  may  not  see  the  folly  of  opening  up  all  those   connec'ons  to  your  internal  IT  environment,  but  then   your  logic  circuits  don’t  compare  to  mine.     And  to  try  and  model  all  those  SaaS  apps  privileges   into  your  AD  environment  so  that  you  can  con'nue  to   give  users  a  single  management  and  request  portal?   Not  even  the  Googleplex  Star  Thinker,  which  can   calculate  the  trajectory  of  every  single  dust  par'cle   throughout  a  five-­‐week  Dangrabad  Beta  sand  blizzard   can  do  that!  
  • 59. We  Could  Try  Some  Extensions…   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
  • 60. We  Could  Try  Some  Extensions…   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
  • 61. SCIM?   Whither  the  Standardized  Solu'on?   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
  • 62. Marvin  the  Paranoid  Android  Says…   I  suppose  I  could  hang  around  and  wait  for  another   five  hundred  and  seventy-­‐six  thousand  million,  three   thousand  five  hundred  and  seventy-­‐nine  years.  
  • 63. The  Requisite  Cloud-­‐Based  Solu'on   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Cloud-­‐based   Iden'ty  Bridge  
  • 64. Marvin  the  Paranoid  Android  Says…   Here  I  am,  brain  the  size  of  a  planet  and  they  ask  me   to  build  a  bridge.  Call  that  job  sa<sfac<on?  ‘Cos  I   don’t.  
  • 65. IDaaS  Solu'ons  –  The  First  Wave   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   AD   Directory   Synchroniza<on   Cloud-­‐based  SSO   SAML  /   Oauth/   Form   Filling  
  • 66. Marvin  the  Paranoid  Android  Says…   I  could  tell  you  that  it  ignores  everything  that  is   deployed  on-­‐premises,  and  assumes  that  you   something  else  to  manage  the  iden'ty  store.  I   suppose  it  might  be  relevant  that  de-­‐provisioning  is  a   problem  area,  and  that  there  is  a  lack  of  governance   controls.  And  all  the  problems  of  directory   synchroniza'on  will  show  up  here…     …but  I  don’t  suppose  you’ll  be  very  interested  in   knowing  that.  
  • 67. IDaaS  Solu'ons  –  The  Next  Wave   Employee/Contractor   On-­‐Prem   Iden'ty  Bridge   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Cloud-­‐based   Provisioning  System  
  • 68. Marvin  the  Paranoid  Android  Says…   Good  idea,  if  you  ask  me.  It’s  brilliant.     But  they’re  not.  
  • 69. Iden'ty  Termina'on   “Very  few  ma^resses  have  ever  come  to   life  again.”  
  • 70. Typical  Enterprise  Person  Termina'on   System  of  Record   ID  Store   Internal  Applica'ons  User  Stores  
  • 71. Adding  Automa'on   System  of  Record   ID  Store   Internal  Applica'ons  User  Stores   Provisioning  System  
  • 72. Adding  Automa'on   System  of  Record   ID  Store   Internal  Applica'ons  User  Stores   Provisioning  System   •  Account  Reten'on  Period   •  Re'rees   •  Rehires   •  Scheduled  Termina'on  with   Warning  and  Extensions  
  • 73. The  Myth  of  SSO-­‐Based  De-­‐Provisioning   System  of  Record   ID  Store   Internal  Applica'ons  (SSO)  User  Stores   SSO  System  
  • 74. Marvin  the  Paranoid  Android  Says…   They’ve  spent  the  last  five  years  building  it.  They  think   they’ve  got  it  right  but  they  haven’t.  First  off,  the   meter  on  those  accounts  is  s'll  running.  And  they’re   ac've,  which  means  they  can  be  logged  into.  And  they   can  be  exploited  in  ways  that  circumvent  SSO.  And  did   no  one  stop  to  consider  mobile  access?     There’s  nothing  I  can  do.  It’s  on  an  independent  circuit   from  the  others.  
  • 75. The  Future  is  Pull  
  • 76. From  “Owning”  The  Iden'ty…  
  • 77. …  To  “Bring  Your  Own”  Iden'ty  
  • 78. Where  Iden'ty  Is  A  Many  Layered  Thing   Identity Verification API Integrations Socially Verified Identities Federatio nIdentity Brokers
  • 79. A  Pull-­‐Based  Iden'ty  Model   Employee/Contractor   On-­‐Prem   Iden'ty  Bridge   A^ribute  Authori'es   IDaaS  Pla{orm   JIT  Provisioning   AXribute  Request   Change  No<fica<on   De-­‐Provisioning  Push   Bring  Your  Own  Iden<ty  
  • 80. A  Final  Thought   “Here's  an  interes'ng  li^le  no'on.  Did  you   realize  that  most  people's  lives  are   governed  by  telephone  numbers?”  
  • 81. Connect,  Discuss   blog.talkingiden'ty.com   @NishantK   Learn  More   Identropy.com   @Identropy  

×