Architecting aCloud-ScaleIdentity Fabric                          by Eric OldenExecution Environments for Distributed Comp...
Outline (1/2)Introduction● Cloud benefits● Identity problemIdentity stack● Authorization● Authentication● User account man...
Outline (2/2)Identity properties● Integration● Network effect● AbstractionIdentity as a serviceConclusion
Introduction
Cloud benefitsAccess to a shared pool of configurablecomputing resources.Elastic scalabilityReliability, availability and ...
Identity problem (1/3)Its young!Not fully thrustable!                         2
Identity problem (2/3)There isnt a strategy to handle the enormousvolume of users identities.                             ...
Identity problem (3/3)Identity management is a key bottleneck tocloud adoption!                                           ...
Identity stack
AuthorizationThe problem: Authorization must envolve to adistributed model to support users outside thenetwork firewallThe...
AuthenticationThe problem: SAML adoption is not famous inthe enterprise apps worldThe solution: HTTP authentication standa...
User Account ManagementThe problem: every app performs a usermanagement differentlyThe solution: standarlization of userma...
AuditingThe problem: overcome the lack of visibility inuser accessThe solution: framework to understand theglobal jurisdic...
Cloud PlatformArchitecturalThe problem: virtualized platforms have ahuge decrease in performance with highutilization rate...
Identity properties
Integration (1/2)One-to-many federated identity model                                       10
Integration (2/2)Example:● 10,000 users that access 15 apps.● In a one-to-one model, this requires 150,000     credentials...
Network effectAs more users and apps are integrated in theidentity network, these benefits extend to othernetwork members ...
AbstractionEnterprises must be able to use more than onetype of authentication depending on the level ofrisk associated wi...
AbstractionExternalize identity functions for Web apps inpublic or private clouds.Focus on improving apps.Enterprises can ...
Identity as a service
Identity as a serviceThink less about identity technology and focuson service-level agreements and servicemanagement.Move ...
Consumerization      Consumer-based web apps                                16
ConsumerizationUnexpected viral adoption or porting an appserver to the cloud.Each identity integration point becomes astr...
Conclusions
ConclusionsFacebook has exploded in popularity, withmore than 550 million users.The support for identity sharing via OpenI...
ConclusionsAn identity access fabric linking enterprises tothe cloud is not only relevant but alsonecessary.              ...
ConclusionsAn identity fabric:● provides secure linkage between the  enterprise and the cloud.● reduces the number of iden...
Questions
References- Architecting a Cloud-Scale Identity Fabric,Eric Olden, SymplifiedImages (CC rights):http://www.flickr.com/phot...
Upcoming SlideShare
Loading in...5
×

Architecting a cloud scale identity fabric

884

Published on

(Check my blog @ http://www.marioalmeida.eu/ )

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
884
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Architecting a cloud scale identity fabric

  1. 1. Architecting aCloud-ScaleIdentity Fabric by Eric OldenExecution Environments for Distributed ComputingBy João Rosa, Mário Almeida and Alex El Baron Barcelona 23 April 2012
  2. 2. Outline (1/2)Introduction● Cloud benefits● Identity problemIdentity stack● Authorization● Authentication● User account management● Auditing● Cloud Plattaform Architecture
  3. 3. Outline (2/2)Identity properties● Integration● Network effect● AbstractionIdentity as a serviceConclusion
  4. 4. Introduction
  5. 5. Cloud benefitsAccess to a shared pool of configurablecomputing resources.Elastic scalabilityReliability, availability and flexibility. 1
  6. 6. Identity problem (1/3)Its young!Not fully thrustable! 2
  7. 7. Identity problem (2/3)There isnt a strategy to handle the enormousvolume of users identities. 3
  8. 8. Identity problem (3/3)Identity management is a key bottleneck tocloud adoption! 4
  9. 9. Identity stack
  10. 10. AuthorizationThe problem: Authorization must envolve to adistributed model to support users outside thenetwork firewallThe solution: Authorization in Depth, GroupingAccess, Distributed Federated Model 5
  11. 11. AuthenticationThe problem: SAML adoption is not famous inthe enterprise apps worldThe solution: HTTP authentication standard 6
  12. 12. User Account ManagementThe problem: every app performs a usermanagement differentlyThe solution: standarlization of usermanagement APIs 7
  13. 13. AuditingThe problem: overcome the lack of visibility inuser accessThe solution: framework to understand theglobal jurisdictional rules 8
  14. 14. Cloud PlatformArchitecturalThe problem: virtualized platforms have ahuge decrease in performance with highutilization ratesThe solution: proxy-base approach 9
  15. 15. Identity properties
  16. 16. Integration (1/2)One-to-many federated identity model 10
  17. 17. Integration (2/2)Example:● 10,000 users that access 15 apps.● In a one-to-one model, this requires 150,000 credentials (passwords).● Resetting a credential once a year via a $30 help desk results inl $4.5 million expense.If licensing, deployment, integration, andmaintenance costs are $50,000 p/connection(15 apps), the total expense would be$750,000. 11
  18. 18. Network effectAs more users and apps are integrated in theidentity network, these benefits extend to othernetwork members simply by virtue of theirbeing connected. 12
  19. 19. AbstractionEnterprises must be able to use more than onetype of authentication depending on the level ofrisk associated with an app. 13
  20. 20. AbstractionExternalize identity functions for Web apps inpublic or private clouds.Focus on improving apps.Enterprises can manage identity acrossmultiple apps more efficiently. 14
  21. 21. Identity as a service
  22. 22. Identity as a serviceThink less about identity technology and focuson service-level agreements and servicemanagement.Move from a company-owned to a service-provider-owned and operated identitymanagement approach. 15
  23. 23. Consumerization Consumer-based web apps 16
  24. 24. ConsumerizationUnexpected viral adoption or porting an appserver to the cloud.Each identity integration point becomes astress point, and each credential creates abroader attack surface and potential help deskexpense. 16
  25. 25. Conclusions
  26. 26. ConclusionsFacebook has exploded in popularity, withmore than 550 million users.The support for identity sharing via OpenID,made hundreds of millions of people suddenlyhave OpenID credentials. 17
  27. 27. ConclusionsAn identity access fabric linking enterprises tothe cloud is not only relevant but alsonecessary. 18
  28. 28. ConclusionsAn identity fabric:● provides secure linkage between the enterprise and the cloud.● reduces the number of identities and scales better.● enables full-scale cloud adoption.● provides an infrastructure service with on- demand dial-tone quality.● benefits users, administrators, vendors, and service providers in dramatic ways. 19
  29. 29. Questions
  30. 30. References- Architecting a Cloud-Scale Identity Fabric,Eric Olden, SymplifiedImages (CC rights):http://www.flickr.com/photos/mobilestreetlife/4278659537/ 1
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×