• Share
  • Email
  • Embed
  • Like
  • Private Content
WSO2Con US 2013 - Identity Management Best Practices with WSO2 Identity Server
 

WSO2Con US 2013 - Identity Management Best Practices with WSO2 Identity Server

on

  • 489 views

 

Statistics

Views

Total Views
489
Views on SlideShare
453
Embed Views
36

Actions

Likes
2
Downloads
28
Comments
0

1 Embed 36

http://wso2.com 36

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    WSO2Con US 2013 - Identity Management Best Practices with WSO2 Identity Server WSO2Con US 2013 - Identity Management Best Practices with WSO2 Identity Server Presentation Transcript

    • Identity Management Best Practices with WSO2 Identity Server Johann Dilantha Nallathamby WSO2 Senior Software Engineer
    • The Computing Troika Three disrupting forces of the new information age Mobile Desktop Notebooks Tablets Smart Phones BYOD MDM Social Security Cloud Public Private Hybrid On Premise Internal users Partners Customers Prospects Leads BYOI
    • The Connected Business ● ● ● ● ● ● ● Extended Enterprise Globalization Agile business processes Dynamic organizational policies Economies of Scale Innovation Identity explosion
    • The Traditional Approach to Security
    • The Traditional Approach to Federation Federation Partner 1 Directory Consumer Service 1 Federation Partner 2 Directory Consumer Service 2 Federation Partner 3 Directory Consumer Service 3
    • The New Approach to Federation Identity as a Service model Federation Partner 1 Directory Federation Partner 2 Directory Federation Partner 3 Directory Consumer Service 1 Identity As a Service Consumer Service 2 Consumer Service 3
    • Identity Management Tools and Practices ● ● ● ● ● Versatile authentication Context based access management Identity Provisioning Identity Delegation Identity Federation
    • Versatile Authentication Policy?? Consumer Service Authentication What you know Passwords Secret questions What you have Tokens SAML X509 Kerberos OTP Cards What you are Fingerprint Retina Face Recognition
    • Context Based Access Control XACML ● ● ● ● Policy based Declarative Externalized Fine Grained XACML Authorization Context Subject Resource Action Environment Consumer Service
    • Auditing Log files Business Activity Monitor Audit Context Subject Resource Action Environment Complex Event Processor Consumer Service
    • Enforcing AAA ● ● Factor out the authentication, authorization and auditing Examples:     ● Axis2 handlers WSO2 ESB mediators Synapse handlers Java Servlet Filters Consumer Service Agents exist to be deployed Authentication Authorization Audit Consumer Service Consumer Service
    • Identity Provisioning ● ●  Proprietary APIs are not going to work SPML is kind of dead SCIM is widely adopted by major cloud vendors - Simple RESTful interactions with JSON payload
    • Identity Delegation ● WS-Trust Protected Resource Security Token Service (STS) 3 2 4 1 Domain B WS-Trust Client Domain A
    • Identity Delegation ● OAuth2
    • Identity Federation “The agreements, standards and technologies that make Identity and Entitlements portable across autonomous domains” - Burton Group ● ● ● ● ● ● ● OpenID SAML2 Web SSO WS-Federation Passive Requester Profile WS-Trust WS-Federation Active Requester Profile Assertion Profiles for OAuth2 OpenIDConnect
    • Identity and Attribute Federation ● ● Identity Federation  Account mapping  Account linking  Pseudonym - Transient - Persistent  Out-of-band Attribute Federation  Mapping user attributes names of one system to another  Mapping user attribute values of one system to another - E.g. role mappings between IdP roles and Shared roles for SaaS applications
    • Branding and customizing the User View – My Identity ●
    • Branding and customizing the User View – Login, Consent and Error pages
    • WSO2 Identity Server Reference Deployment Pattern 1 DMZ Green Zone WSO2 IS WSO2 IS Application Server Application Server External User Directory Internal User Directory
    • WSO2 Identity Server Reference Deployment Pattern 2 DMZ Green Zone WSO2 IS WSO2 IS Application Server Yellow Zone User Directory
    • Thank You