Bring	
  Your	
  Own	
  Iden/ty	
  (BYOID)	
  
Prabath	
  Siriwardena	
  (@prabath)	
  
Director	
  of	
  Security	
  
WSO...
Gartner	
  predicts,	
  by	
  the	
  end	
  of	
  2015,	
  50%	
  
of	
  all	
  new	
  retail	
  customer	
  iden<<es	
  w...
Facebook	
  is	
  only	
  second	
  to	
  China	
  and	
  India	
  
in	
  terms	
  of	
  its	
  user	
  base.	
  
	
  
Facebook	
  vs.	
  Internet	
  User	
  vs.	
  World	
  Popula<on	
  
Facebook	
  vs.	
  China	
  vs.	
  India	
  
Enterprise	
  Iden<ty	
  ßà	
  Social	
  Iden<ty	
  
	
  
IT	
  consumeriza<on	
  is	
  an	
  emerging	
  
topic	
  or	
  trend	
  for	
  last	
  few	
  years.	
  
The	
  ini<al	
  consumeriza<on	
  hype	
  
was	
  focused	
  on	
  the	
  bring	
  your	
  own	
  
device	
  (BYOD)	
  tr...
Bring	
  Your	
  Own	
  Device	
  (BYOD)	
  	
  
à	
  	
  
Bring	
  Your	
  Own	
  Iden<ty	
  (BYOID)	
  
	
  
The	
  rise	
  of	
  BYOID	
  is	
  being	
  driven	
  by	
  users'	
  
"iden<ty	
  fa<gue”.	
  
	
  
 The	
  analyst	
  firm	
  Quocirca	
  confirms	
  that	
  in	
  Europe	
  58	
  
percent	
  transact	
  directly	
  with	
 ...
In	
  U.S	
  only,	
  	
  mergers	
  and	
  acquisi<ons	
  volume	
  totaled	
  
to	
  $865.1	
  billion	
  in	
  the	
  fi...
What	
  drives	
  BYOID?	
  
	
  
SAML	
  2.0	
  /	
  OpenID	
  /	
  OAuth	
  2.0	
  /	
  OpenID	
  Connect	
  
	
  
SAML	
  1.0	
  à	
  Nov	
  2002	
  |	
  SAML	
  1.1	
  à	
  Sept	
  2003	
  |	
  
SAML	
  2.0	
  à	
  2005	
  
OpenID	
  was	
  ini<ated	
  by	
  the	
  founder	
  of	
  LiveJournal,	
  
Brad	
  Fitzpatrick.	
  
By	
  the	
  end	
  of	
  2009	
  –	
  there	
  were	
  more	
  than	
  one	
  
billion	
  OpenID	
  accounts.	
  
OpenID	
  started	
  to	
  fade	
  due	
  to	
  OAuth	
  2.0	
  	
  
and	
  OpenID	
  Connect.	
  
OpenID	
  Connect	
  is	
  a	
  profile	
  built	
  on	
  top	
  OAuth	
  2.0.	
  
OAuth	
  is	
  not	
  about	
  authen<ca<on	
  	
  
–	
  but,	
  delegated	
  authoriza<on.	
  	
  
The	
  standard	
  based	
  iden<ty	
  federa<on	
  is	
  the	
  entry	
  
point	
  to	
  BYOID.	
  
Internet	
  Iden<ty	
  always	
  -­‐	
  has	
  an	
  unsolved	
  problem	
  
	
  
SAML	
  2.0	
  dominated	
  Iden<ty	
  Federa<on	
  in	
  last	
  
decade	
  –	
  OpenID	
  Connect	
  and	
  JWT	
  	
  
...
Any	
  iden<ty	
  management	
  system	
  to	
  qualify	
  to	
  
support	
  BYOID	
  -­‐	
  should	
  simply	
  go	
  bey...
How	
  would	
  you	
  mediate,	
  transform	
  iden<ty	
  tokens	
  
between	
  different	
  standards	
  or	
  protocols	...
WSO2	
  Iden<ty	
  Server	
  is	
  an	
  open	
  source	
  Iden<ty	
  and	
  
En<tlement	
  management	
  server,	
  which...
Operators	
  
Service	
  Providers	
  
Operators	
  
Service	
  Providers	
  
SAML	
  2.0	
  
OpenID	
  Connect	
  /	
  SAML	
  2.0	
  
OpenID	
  Connect	
  Open...
SAML	
  2.0	
  
OpenID	
  Connect	
  /	
  SAML	
  2.0	
  
SAML	
  2.0	
  
SAML	
  2.0	
  
SAML	
  2.0	
  
SAML	
  2.0	
  
Operators	
  
Service	
  Providers	
  
1	
  
Scenario - 1
http://ebuy.federationdemo.com:9766/ebuy/
2	
  
OpenID	
  Connect	
  
Request	
  
Scenario - 1
1502808989	
  
3	
  
OpenID	
  Connect	
  
Request	
  
Scenario - 1
4	
  
<	
  creden?als	
  >	
  
Scenario - 1
User	
  :	
  tom_imobile	
  
Password:	
  tom_imobile	
  
4	
  
Scenario - 1
5	
  
OpenID	
  Connect	
  
Response	
  
Scenario - 1
6	
  
OpenID	
  Connect	
  
Response	
  
Scenario - 1
7	
  
Scenario - 1
1	
  
Scenario - 2
http://azone.federationdemo.com:9766/azone/
9477808989	
  
2	
  
OpenID	
  Connect	
  	
  
Request	
  
Scenario - 2
3	
  
SAML2.0	
  Request	
  
Scenario - 2
3	
  
OAuth	
  2.0	
  
Scenario - 2
4	
  
<	
  creden?als	
  >	
  
Scenario - 2
4	
  
OAuth	
  2.0	
  response	
  
Scenario - 2
5	
  
SAML2	
  Response	
  
Scenario - 2
6	
  
OpenID	
  Connect	
  
Response	
  
Scenario - 2
7	
  
Scenario - 2
Thank	
  You..!!!	
  
WSO2Con Asia 2014 - Bring Your Own IDentity (BYOID) Benefits and Challenges
WSO2Con Asia 2014 - Bring Your Own IDentity (BYOID) Benefits and Challenges
Upcoming SlideShare
Loading in...5
×

WSO2Con Asia 2014 - Bring Your Own IDentity (BYOID) Benefits and Challenges

292

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
292
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
82
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WSO2Con Asia 2014 - Bring Your Own IDentity (BYOID) Benefits and Challenges

  1. 1. Bring  Your  Own  Iden/ty  (BYOID)   Prabath  Siriwardena  (@prabath)   Director  of  Security   WSO2  
  2. 2. Gartner  predicts,  by  the  end  of  2015,  50%   of  all  new  retail  customer  iden<<es  will  be   based  on  social  network  iden<<es.    
  3. 3. Facebook  is  only  second  to  China  and  India   in  terms  of  its  user  base.    
  4. 4. Facebook  vs.  Internet  User  vs.  World  Popula<on  
  5. 5. Facebook  vs.  China  vs.  India  
  6. 6. Enterprise  Iden<ty  ßà  Social  Iden<ty    
  7. 7. IT  consumeriza<on  is  an  emerging   topic  or  trend  for  last  few  years.  
  8. 8. The  ini<al  consumeriza<on  hype   was  focused  on  the  bring  your  own   device  (BYOD)  trend.  
  9. 9. Bring  Your  Own  Device  (BYOD)     à     Bring  Your  Own  Iden<ty  (BYOID)    
  10. 10. The  rise  of  BYOID  is  being  driven  by  users'   "iden<ty  fa<gue”.    
  11. 11.  The  analyst  firm  Quocirca  confirms  that  in  Europe  58   percent  transact  directly  with  users  from  other   businesses  and/or  consumers;  for  the  UK  alone  the   figure  is  65  percent.    
  12. 12. In  U.S  only,    mergers  and  acquisi<ons  volume  totaled   to  $865.1  billion  in  the  first  nine  months  of  2013,   according  to  Dealogic.    
  13. 13. What  drives  BYOID?    
  14. 14. SAML  2.0  /  OpenID  /  OAuth  2.0  /  OpenID  Connect    
  15. 15. SAML  1.0  à  Nov  2002  |  SAML  1.1  à  Sept  2003  |   SAML  2.0  à  2005  
  16. 16. OpenID  was  ini<ated  by  the  founder  of  LiveJournal,   Brad  Fitzpatrick.  
  17. 17. By  the  end  of  2009  –  there  were  more  than  one   billion  OpenID  accounts.  
  18. 18. OpenID  started  to  fade  due  to  OAuth  2.0     and  OpenID  Connect.  
  19. 19. OpenID  Connect  is  a  profile  built  on  top  OAuth  2.0.  
  20. 20. OAuth  is  not  about  authen<ca<on     –  but,  delegated  authoriza<on.    
  21. 21. The  standard  based  iden<ty  federa<on  is  the  entry   point  to  BYOID.  
  22. 22. Internet  Iden<ty  always  -­‐  has  an  unsolved  problem    
  23. 23. SAML  2.0  dominated  Iden<ty  Federa<on  in  last   decade  –  OpenID  Connect  and  JWT     possibly  lead  the  next.    
  24. 24. Any  iden<ty  management  system  to  qualify  to   support  BYOID  -­‐  should  simply  go  beyond  standard   support  for  Iden<ty  Federa<on  protocols.    
  25. 25. How  would  you  mediate,  transform  iden<ty  tokens   between  different  standards  or  protocols  ?    
  26. 26. WSO2  Iden<ty  Server  is  an  open  source  Iden<ty  and   En<tlement  management  server,  which  supports   SAML  2.0,  OpenID,  OAuth  2.0,  OpenID  Connect,   XACML  3.0,  SCIM,  WS-­‐Federa<on  (passive)  and  many   other  iden<ty  federa<on  palerns.  
  27. 27. Operators   Service  Providers  
  28. 28. Operators   Service  Providers   SAML  2.0   OpenID  Connect  /  SAML  2.0   OpenID  Connect  OpenID  Connect  
  29. 29. SAML  2.0   OpenID  Connect  /  SAML  2.0  
  30. 30. SAML  2.0   SAML  2.0   SAML  2.0   SAML  2.0  
  31. 31. Operators   Service  Providers  
  32. 32. 1   Scenario - 1 http://ebuy.federationdemo.com:9766/ebuy/
  33. 33. 2   OpenID  Connect   Request   Scenario - 1 1502808989  
  34. 34. 3   OpenID  Connect   Request   Scenario - 1
  35. 35. 4   <  creden?als  >   Scenario - 1 User  :  tom_imobile   Password:  tom_imobile  
  36. 36. 4   Scenario - 1
  37. 37. 5   OpenID  Connect   Response   Scenario - 1
  38. 38. 6   OpenID  Connect   Response   Scenario - 1
  39. 39. 7   Scenario - 1
  40. 40. 1   Scenario - 2 http://azone.federationdemo.com:9766/azone/ 9477808989  
  41. 41. 2   OpenID  Connect     Request   Scenario - 2
  42. 42. 3   SAML2.0  Request   Scenario - 2
  43. 43. 3   OAuth  2.0   Scenario - 2
  44. 44. 4   <  creden?als  >   Scenario - 2
  45. 45. 4   OAuth  2.0  response   Scenario - 2
  46. 46. 5   SAML2  Response   Scenario - 2
  47. 47. 6   OpenID  Connect   Response   Scenario - 2
  48. 48. 7   Scenario - 2
  49. 49. Thank  You..!!!  
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×