Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Synergies of Cloud Identity: Putting it All Together


Published on

Synergisticly using digital identity to securely adopt cloud computing, mobile, and social. Introduction to the "Neo Security Stack" of digital identity standards, namely OpenID Connect, OAuth, JWT, and SCIM and how to use them together.

Published in: Technology
  • Be the first to comment

Synergies of Cloud Identity: Putting it All Together

  1. 1. Synergies of Cloud Identity: Putting it AllTogetherBy Travis Spencer, CEO
  2. 2. Agenda• Impact of mobile and cloud on business• Central role of identity in coping with these changes• Using the different identity specs together to this endCopyright (C) 2012 Twobo Technologies AB
  3. 3. Mobile is Changing Business• 75% of mobiles in Scandinavia are smartphones; 50% in rest of Europe & US• BYOD is a foregone conclusion for most – 90% of orgs will support corporate apps on personal devices by 2014• 80% of orgs will use tablets by next yearCopyright (C) 2012 Twobo Technologies AB
  4. 4. Mobilizing Business Processes• Workflows are a business’s circulatory system• Automation and efficiency are critical• Mobile helps optimizes these processesCopyright (C) 2012 Twobo Technologies AB
  5. 5. Reusing Existing Technology• Prior technology investments will remain on the books for years• Existing data/systems must be available to mobile users and cloud services• IT organizations need to bridge the old and new technologiesCopyright (C) 2012 Twobo Technologies AB
  6. 6. Seamless Access to Cloud Apps• Giving employees new passwords for each cloud app is not secure or scalable• 123456 is not a secure password, but cloud providers allows it!• Existing OTP tokens are not supported• Seamless cloud access is requiredCopyright (C) 2012 Twobo Technologies AB
  7. 7. Crucial Security Concerns Enterprise API Mobile Security Security SecurityCopyright (C) 2012 Twobo Technologies AB
  8. 8. Identity is Central Mobile Security MDM MAM Identity Enterprise A u API Security t Security h ZCopyright (C) 2012 Twobo Technologies AB Venn diagram by Gunnar Peterson
  9. 9. Neo-security Stack OpenID Connect• SCIM, SAML, OAuth, and JWT are the new standards-based cloud security stack• OAuth 2 is the new meta-protocol defining how tokens are handled• These address old requirements, solves new problems & are composed in useful ways Grandpa SAML & junior• WS- again?Copyright (C) 2012 Twobo Technologies AB
  10. 10. SAML + OAuth• Relay OAuth token in SAML messages• Use SAML tokens to authenticate OAuth clients or as the AS’s output token format• Use SAML SSO to authenticate users to ASCopyright (C) 2012 Twobo Technologies AB
  11. 11. SCIM + OAuth• Use OAuth to secure SCIM API calls• Use SCIM to create accounts needed to access APIs secured using OAuthCopyright (C) 2012 Twobo Technologies AB
  12. 12. Push Tokens & Pull IdentitiesIdP/SCIM Server SP / SCIM Client User Data Get User Access token in federation message Browser Copyright (C) 2012 Twobo Technologies AB
  13. 13. SCIM + SAML/OIC• Carry SCIM attributes in SAML assertions (bindings for SCIM) – Enables JIT provisioning – Supplements SCIM API & schema• Provisioning accounts using SCIM API to updated before/after logonCopyright (C) 2012 Twobo Technologies AB
  14. 14. OpenID Connect• Builds on OAuth for profile sharing• Uses the flows optimized for user-consent scenarios• Adds identity-based inputs/outputs to core OAuth messages• Tokens are JWTsCopyright (C) 2012 Twobo Technologies AB
  15. 15. User Managed Access• Also extends OAuth 2• Allows users to centrally control distribution of their identity data• Used with Personal Data Stores (PDS) to create “identity data lockers”Copyright (C) 2012 Twobo Technologies AB
  16. 16. Questions & Thanks@2botech@travisspencerwww.2botech.comwww.travisspencer.comCopyright (C) 2012 Twobo Technologies AB