Bechtel On OpenID and OAuth from Cloud Identity Summit

4,514 views
4,438 views

Published on

Christian Reilly, Manager of Global Systems Engineering and Brian Ward, Manager of Integration Services make a good case for how to use OpenID and OAuth in an extended enterprise environment. Bechtel is a $30B business with 44,000 employees.

See slide 13 for a description of Identity 2.0, and BYOI (Bring Your Own Identity) provided by Janrain Engage: www.janrain.com

Published in: Business
1 Comment
2 Likes
Statistics
Notes
  • Christian Reilly, Manager of Global Systems Engineering and Brian Ward, Manager of Integration Services make a good case for how to use OpenID and OAuth in an extended enterprise environment. Bechtel is a $30B business with 44,000 employees.

    See slide 13 for a description of Identity 2.0, and BYOI (Bring Your Own Identity) provided by Janrain Engage: www.janrain.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
4,514
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
59
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Bechtel On OpenID and OAuth from Cloud Identity Summit

  1. 1. Identity in the Bechtel Cloud Why and how one of the most successful Engineering & Construction companies rebuilt their digital world….. Christian Reilly – Manager of Global Systems Engineering Brian D Ward – Manager of Integration Services
  2. 2. Information Evolution & Business Change Introducing the Project Services Network
  3. 3. Our business model is evolving to be more complex and distributed. GRAY Our two main challenges are related to:   Geography Our projects are executed in ZONE many and distributed locations   People Our resource model includes permanent and temporary employees, as well as vendors, customers, partners, and competitors
  4. 4. Current Position
  5. 5. Square pegs and round holes…. How much pain would you like?
  6. 6.   Active Directory – separate internal and external forests   Integrated Authentication, Kerberos Constrained Delegation, Reverse Proxy   Complex trust models & ICC’s   Application mix from Bechtel, Client, Partner, Competitor   Wide variety of application architectures
  7. 7. Core Apps: TimeCard, SAP, Intranet File Shares Mail Printers Desktop SaaS Bridge SaaS Internet Access AD Other apps (long tail)
  8. 8.   High degree of operational complexity   Poor visibility into what people are accessing what resource   Inflexible model slows down deployment of services and applications to projects   Difficult to accommodate new user communities (which change daily)   Not readily adaptable to SaaS offerings
  9. 9. Why is it so easy in The Cloud? And yet so hard in the Enterprise?
  10. 10.   Realizations –  “Castle and Moat” approach to security is dead –  Our Windows-centric approach has significant technical and operational constraints –  Authentication/Authorization are the key problems to solve   Resolutions –  We need a completely new approach –  Make all applications/services SaaS –  Make Bechtel a SaaS Provider (wow) –  Replace, not augment, the current model
  11. 11.   Identity “2.0” –  A new identity model – identities for life –  BYOI with OpenID (Janrain), Federation –  Anyone can have an account –  Self Registration based on relationships   Authorization –  Integrated into SAP –  Attribute store – single source of truth, replacement for groups –  Coarse grained authz performed by Ping  –  Fine grained done in apps for now, centrally later
  12. 12.   Integration –  SAML / OpenToken integration for all deployed applications –  Citrix integration with credential translation for legacy application support –  Two-legged OAuth STS for web services   Services –  New application stacks (SaaS-style) –  File / Print / Internet Access authentication replacement –  New desktop model – BYOD
  13. 13. Core Apps: TimeCard, SAP, Intranet File Shares Mail Printers Browser SaaS Identity Internet Access Array Other apps (long tail)
  14. 14.   Simplicity –  Built for the “Internet” not for the “Enterprise” –  No “internal” vs. “external” architectural constraints –  Moving away from managing every user account   Agility –  Modular framework of security, UI and services –  Applications decoupled from infrastructure –  No vendor lock in via open standards/open source –  Able to accommodate SaaS and new identity pools natively (with added hope for Geneva)
  15. 15.   Affordability –  Lower overall operational cost –  “B3” approach allows greater flexibility in cost management –  New vendors embrace new commercial models   Security –  Standards based security –  Single point of entry & logging –  Secured by policy not by topology (secure the data and not the device) –  Easily allow any user access to any data in a controlled life cycle
  16. 16. Why can’t we just buy this…hint, hint ? Unraveling years of LAN / WAN based legacy is, well, damn hard.
  17. 17.   Facts –  SaaS integration quickly becoming a commodity –  Federation and/or OpenID fills in the moat –  SaaS moves you out of the castle in the “Metro”   Key Questions –  What does the enterprise have left? –  How long is the tail for traditional enterprises?   Challenges –  Authorization is THE game to win –  Push provisioning is, at best, an interim solution –  A central model with standards-based interfaces is desperately needed
  18. 18. Questions & Answers Or if you’re too shy, grab one of us later….

×