CIS13: Modern Identity: Automated, Discoverable & Scalable

401 views

Published on

Patrick Harding, Chief Technology Officer, Ping Identity
To be successful, Modern Identity must target both mobile and web applications, must address the shift to an API Economy and must support applications deployed in both public and private clouds. As such, Harding will argue that Modern Identity requires an Identity Protocol stack that is embedded in every application: OAuth, OpenID Connect and SCIM. These protocols will lay the foundation for a cloud-scale Identity Layer. Further, for this identity infrastructure to scale we must eliminate administrative friction and ensure that connections are automated and self-service enablement for developers is the default.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
401
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS13: Modern Identity: Automated, Discoverable & Scalable

  1. 1. Modern  Iden)ty:   Automated,  Discoverable  &   Scalable   @patrickharding
  2. 2. Emerging  Business  Landscape   Federated   Business   Mobile   Ubiquity   Social   Integra)on   Internet  of   Things  
  3. 3. Emerging  Business  Landscape   Secure  Iden)ty  Layer   Federated   Business   Mobile   Ubiquity   Social   Integra)on   Internet  of   Things  
  4. 4. Fundamental  Tenets  to  Scale   •  Na)ve  and  Web   •  No  more  passwords   •  Automate  everything   –  Discovery   •  Ease  of  use   –  Effortless  self  service   –  Developer  Friendly   –  IT  Friendly   –  User  Friendly  
  5. 5. Todays  Iden)ty  Protocol  Landscape   SAML   LDAP   X.509  
  6. 6. Modern  Iden)ty  Protocol  Stack   OpenID  Connect   SCIM  
  7. 7. Modern  Iden)ty  Protocol  Stack   OpenID  Connect   SCIM   OAuth  2.0  
  8. 8. API’s  for  Iden)ty   User  Authen)ca)on   API   User  Management   API   Security  for  API’s  
  9. 9. API’s  for  Iden)ty   (Not  Iden)ty  enabled  API’s)   User  Authen)ca)on   API   User  Management   API   Security  for  API’s  
  10. 10. Na)ve  Mobile  SSO   •  SSO  for  Na)ve  Mobile  Apps   –  Especially  between  apps  from  different  vendors   –  Does  not  exist  today   –  Result  is  Locally  Cached  Passwords   •  Emerging:  Mobile  Authoriza)on  Agent  (AZA)   –  Leverages  OpenID  Connect   –  Working  group  forming  in  OIDF   –  Mul)-­‐vendor  par)cipa)on   •  VMWare,  MobileIron,  Enterproid    
  11. 11. Demo:  Na)ve  Mobile  SSO    
  12. 12. Federa)on  at  Scale   •  Enabling  SSO  for  10,000’s  of  applica)ons   •  Eliminate  IT  administra)ve  overhead   •  Applica)on  Registra)on   – Dynamic   – Self  Service   •  Simple  Domain  Based  IdP  Discovery  
  13. 13. Automa)on  via  MetaData  Service   •  Trust  establishment   – Trusted  3rd  Party  vs.  Peer-­‐to-­‐Peer   •  Discovery   •  Valida)on   •  Cer)fica)on  
  14. 14. Demo:  MetaData  Service   h`ps://metadata-­‐ test.openiden)tyexchange.org/openid-­‐connect  
  15. 15. Secure  Iden)ty  Layer     •  Modern  Iden)ty  Protocol  Stack   •  No  More  Passwords   •  Automate  Everything   •  Ease  of  Use      
  16. 16. Thank  You  

×