Your SlideShare is downloading. ×
Current State of Federated Identity Standards and Implementations
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Current State of Federated Identity Standards and Implementations

518
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
518
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Federation technology supports a distributed control model Applications aren’t necessarily in the data center Workforce, partners, customers are distributed Business economics demand it Distributed control has resulted in more demand for federation, despite shortcomings highlighted at Catalyst 2007
  • Image source: http://flickr.com/photos/manu-claude/359902860/ Technology advancements in the past year Sun Fedlets and virtual federations Ping Federate Auto-Connect Needs improvement Provisioning or activating access on partner sites Federation protocols are very ‘scripted’ Lack flexibility if user changes navigation habits Peer to peer federation is not scalable to hundreds or thousands of partners – hosted federation services are a viable alternative Federation for SOA applications: can the browser federation infrastructure support web services environments? In summary, federation protocols and products are just the building blocks that can enable inter and intra organization connectivity
  • Transcript

    • 1. Current State of Federated Identity OASIS Open Standards Forum 2008 Friday, 3 October 2008 Gerry Gebel VP & Service Director – IdPS ggebel@ burtongroup.com www.burtongroup.com
    • 2. A Few Points to Ponder
      • State of federation is strong – but the game is changing
      • Business models are driving up demand for federation technology – and forcing still other changes
      • Federation and SSO services – an emerging trend to watch
    • 3. After this presentation, you will…
      • … stop federating
        • Because business people don’t know what you are talking about
      • … realize that protocols do not equal a business process
        • You need services and capabilities, in addition to protocols and technologies
      • … discover that the Internet doesn’t need an identity layer
        • Rather, it needs a relationship layer!
    • 4. Business Trends Drive IT Trends
      • Same as it ever was
        • Global economy, cost-effective communications driving fundamental change to the business environment
          • The more global things get, the more pressure to decompose big orgs
          • Need to integrate business process across many boundaries
          • Must interoperate, connect with security and low friction
    • 5. Business Trends Drive IT Trends
      • What a difference a year (and a financial crisis) makes
        • Do more with less, or do less with less
          • Plate tectonics: Business transformation, IT transformation collide
          • SaaS gaining favor . . . the times they are a-changing
          • Outsource, offshore, buy it as a service
    • 6. The Expanding Identity Universe
      • Dynamics are driving requirements where CIOs have no control
      Scale Control Focus Small Large Massive Centralized Distributed Business Individual Current Technologies and Methodologies SMB, SaaS Consumers, Social Networks Deperimeterization Outsourcing Compliance Privacy The CIO and the budget
    • 7. Where does federation fit in here?
    • 8. Federation and Distributed Control
    • 9. Examine the Problem
      • SSO: internal applications
      Employees Applications AD/Kerberos WAM/Federation SaaS Partner Employees Contractors Partners
    • 10. Examine the Problem
      • SSO: hosted applications
      Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners WAM/Federation WAM/Federation ? ?
    • 11. Examine the Problem
      • SSO: external users
      Employees SaaS Partner Applications AD/Kerberos WAM/Federation Contractors Partners AD/Kerberos?
    • 12. Examine the Problem
      • SSO: external users
      Employees SaaS Partner Applications AD/Kerberos WAM/Federation Contractors Partners Federation?
    • 13. Examine the Problem
      • SSO: employee off site
      Employees SaaS Partner Applications AD/Kerberos WAM/Federation Contractors Partners Employees AD/Kerberos?
    • 14. Examine the Problem
      • SSO: employee off site, hosted applications
      Employees SaaS Partner Applications AD/Kerberos WAM/Federation Contractors Partners Employees Federation?
    • 15. Examine the Problem
      • SSO: new options
      Employees SaaS Partner Applications AD/Kerberos WAM/Federation Employees Contractors Partners Federation service
    • 16. Examine the Problem
      • Why don’t we have SSO?
        • Architecture limitations don’t accommodate new application types: Software as a Service
        • Product and technology selection process failure
          • Used RFP checklist instead of usage scenario analysis
        • Vendor implementations limit your options
          • Kerberos exhibits its weakness when external users are involved
          • Microsoft Office products do not handle HTTP redirects
        • New products or technologies may be required
          • Hosted SSO/federation service is one possibility
        • New approaches may be required
          • Identity intermediaries can limit inherent friction
    • 17. Examine the Problem
      • Maybe it is time to look at the business problem, instead of the technology possibilities
      Enterprise AD forest LDAP directory services XML gateways Federation servers WAM servers Applications App servers Applications Partner sites ESSO SSL VPN Bulk feed
    • 18. Too Much Science, Not Enough Art
      • The “science project”: connectivity is rarely straightforward
      Enterprise AD forest SAML assertion SAML-enabled proxy Federation product ADFS agent SharePoint 2003 Web SSO token LDAP directory ADFS Collaborator SID Attribute and group memberships 1 2 3 4 5 6 7 9 8 10 Mapping info and claims WS-Federation Web SSO server Home authentication
    • 19. Growth Rates for Federation
      • Has anyone spotted the elephant in the federation room?
        • All right, but what if deployment rate increases?
          • Assume enterprises can deploy 500 connections per year
          • One customer has 34,000 point-of-sale operations
        • And that’s just for SSO
          • No authorization
          • Not hub-to-hub
      > 1,000 connections @ 24 connections / year = 42 years!! = 68 years!! "How long has THAT been there?"
    • 20. The Aesthetics of Ubiquity
      • Your technology might be mediocre if:
        • Adding a connection requires a project manager
        • Adding a connection requires lab time
        • Each connection requires a custom contract
        • You have to coordinate your deployment with others
        • The solution only works for the latest-and-greatest infrastructure
        • Upgrading a server has ripple effects from end-to-end
        • It seems reasonable to measure “connections per year”
    • 21. What about that glass ceiling?
    • 22. Interoperability What if there was a similar program for XACML? Just asking…
    • 23. Federation Marketplace
      • Products
      • BMC
      • CA
      • Entrust
      • Evidian
      • IBM
      • Microsoft
      • Novell
      • Oracle
      • Ping Identity
      • RSA
      • Siemens
      • Sun
      • Symlabs
      • Edge Federation
      • Cisco
      • Forum Sys
      • IBM
      • Layer 7
      • Vordel
      • Fed Services
      • Covisint
      • FuGen Solutions
      • Symplified
      • TriCipher
      • EduServ
    • 24. Open Source Options
    • 25. Working on that scalability problem…
    • 26. Expanding Federations
    • 27. Federating Federations
    • 28. SaaS Federations
    • 29. SSO+ as a Service
    • 30. Identity Aggregators
      • Single point of integration for all Nordic e-ID systems
      • Expanding into other regions…
    • 31. Looking Ahead
      • What is the impact of:
        • User centric identity approaches
          • Of course, this is in name only
          • User centric becomes a reality when business models support it
        • OpenID
          • First party identity systems are not very interesting from a business perspective…
        • Information Cards
          • Unlike OpenID, info cards have a real security model
          • But the market is not responding
        • OSIS, Information Card Foundation, Identity Commons, Higgins, Identity Metasystem Interop TC, etc
          • Can someone please explain this to me?
    • 32. In Review
      • State of federation is strong – but the game is changing
      • Business models are driving up demand for federation technology – and forcing still other changes
      • Federation and SSO services – an emerging trend to watch
    • 33. Current State of Federated Identity
      • References
        • Burton Group’s Identity and Privacy Strategies
          • In Search of the Internet Identity System: Contrasting the Federation Approaches of SAML, WS-SX, and OpenID
          • Federation’s Future in the Balance: Teetering Between Ubiquity and Mediocrity
          • Business and Legal issues in Federations
          • A Relationship Layer for the Web… and Enterprises, Too
    • 34. Current State of Federation Technology
      • References
        • Burton Group’s Identity and Privacy Strategies
          • In Search of the Internet Identity System: Contrasting the Federation Approaches of SAML, WS-SX, and OpenID
          • Federation’s Future in the Balance: Teetering Between Ubiquity and Mediocrity
          • Business and Legal issues in Federations
          • Information Card Landscape
          • A Relationship Layer for the Web… And Enterprises, Too