Using IDaaS to Enable IAM for Applications
JULY 22, 2014
2	
  
Introduction – Ken Riggio
•  VP, Software Development - Ticketing
•  B2B Identity and Access Management
•  B2C Ident...
3	
  
Introduction – Live Nation Entertainment
•  Business Segments
•  Concerts
•  Venue Owner (House of Blues, Verizon Am...
4	
  
Introduction – Ticketing
•  Clients (thousands of clients, tens of thousands of users)
•  Arenas, Stadiums, Amphithe...
5	
  
Business Objectives – Re-Architecture
•  The Old
•  17+ different systems that do the same thing…
•  Old technology ...
6	
  
Business Objectives – Core Principles
•  Increase Business Agility
•  More features, faster.
•  React quickly to new...
7	
  
Requirements – Identity and Access Management
•  B2B
•  Multiple Tenants (Clients)
•  Authentication
•  Authorizatio...
8	
  
Requirements – Identity and Access Management
•  B2C
•  Multiple Tenants (Channels with Different User Bases)
•  Aut...
9	
  
Challenges – Identity and Access Management
•  B2B
•  Data Firewall
•  Clients
•  Internal Live Nation Segments (Tic...
10	
  
Solution – Identity Bridge Service
•  Don’t Try To Read the
Diagram! ;)
•  API that abstracts and
integrates with
m...
11	
  
Solution – Identity Bridge Service
•  Ignore the Fine Print, I will walk
you through it.
•  Multiple Consuming
Appl...
12	
  
Solution – Bring it to the Cloud
•  Identity Bridge Service API (IBS)
•  Authentication
•  Authorization
•  User Ma...
13	
  
Solution – Bring it to the Cloud
IBS	
  
VERIZON	
  AMP	
  
HOB	
  
FILLMORE	
  
14	
  
Integration – Varying Client Capabilities
•  Small Clients
•  Few Employees
•  Little or No Technical Abilities
•  ...
15	
  
Integration – Client Needs
•  However, They Both Have Same Core Needs
•  User Provisioning
•  User Management
•  Au...
16	
  
Integration – Client Implementation Options
•  Small Clients
•  Use Our Web-Based “Permissioning” UI
•  Use Our App...
17	
  
Integration – Our Web-Based “Permissioning” UI
18	
  
Integration – Our Web-Based “Permissioning” UI
19	
  
Integration – A Quick Digression into Mobile
•  Issues Exist on Desktop but Mobile has Made it Worse
•  Lots of rev...
20	
  
Integration – A Quick Digression into Mobile
•  Mitigation Strategies
•  Session-based
•  No more than one concurre...
21	
  
Deployment– B2B vs B2C
•  Ultimately, There is No Functional Difference
•  We have different scaling issues though
...
Upcoming SlideShare
Loading in …5
×

CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2C Applications

649 views

Published on

Ken Riggio, Live Nation Entertainment
Discussion of Live Nation Entertainment’s approach to IDaaS,
governance, delegated administration, migration strategies,
and the multiple authentication strategies required for its web-based and mobile B2B and B2C applications

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
649
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2C Applications

  1. 1. Using IDaaS to Enable IAM for Applications JULY 22, 2014
  2. 2. 2   Introduction – Ken Riggio •  VP, Software Development - Ticketing •  B2B Identity and Access Management •  B2C Identity and Access Management •  Consolidated System of Inventory and Catalog Management •  Integration •  Music Enthusiast m/ •  Dungeon Master! •  Computer Nerd •  NOT an Identity Management Expert
  3. 3. 3   Introduction – Live Nation Entertainment •  Business Segments •  Concerts •  Venue Owner (House of Blues, Verizon Amphitheater, …) •  Venue Operator •  Promoters •  Festival Operator •  Artist Nation •  Artist Management •  Sponsorships & Advertising •  Ticketing ($1.4 Billion in Revenue, 21.7% of total)
  4. 4. 4   Introduction – Ticketing •  Clients (thousands of clients, tens of thousands of users) •  Arenas, Stadiums, Amphitheaters, Music Clubs, Concert Promoters, Professional Sport Franchises and Leagues, College Sports Teams, Performing Arts Venues, Museums, Theaters •  Sales Channels (hundreds of millions of users) •  Web Sites – Ticketmaster, Livenation, TicketWeb, TicketsNow, Get Me In!, TicketExchange, … (71%) •  Mobile Apps (14%) •  Ticket Outlets – Venue Box Offices, Walmart, Retail Kiosks, … (10%) •  Telephone (5%)
  5. 5. 5   Business Objectives – Re-Architecture •  The Old •  17+ different systems that do the same thing… •  Old technology (i.e. Assembly Programs running on VAX emulator) •  Monolithic Applications •  Long Delivery Cycles •  The New •  Consolidated and Unified Experience •  Primarily Java & JavaScript (Node.js) •  SOA 2.0 and EDA •  Continuous Integration and Continuous Delivery
  6. 6. 6   Business Objectives – Core Principles •  Increase Business Agility •  More features, faster. •  React quickly to new business opportunities. •  Adopt new technologies as the become available. •  Technology should enable, not constrain. •  Reduce Operational Expenses •  Focus head count on building the future, not supporting the past.
  7. 7. 7   Requirements – Identity and Access Management •  B2B •  Multiple Tenants (Clients) •  Authentication •  Authorization •  Access to various applications •  Web Applications •  Mobile Applications •  Scanners (Devices) •  Roles •  Entitlements •  User Management (Delegated Administration)
  8. 8. 8   Requirements – Identity and Access Management •  B2C •  Multiple Tenants (Channels with Different User Bases) •  Authentication •  Authorization •  Access to Premium Services •  Fraud Flags and Restrictions •  Bot Mitigation •  User Self Service
  9. 9. 9   Challenges – Identity and Access Management •  B2B •  Data Firewall •  Clients •  Internal Live Nation Segments (Ticketing v. Concerts) •  Cross Tenant Entitlements •  Tenant A wants to enable Tenant B to be a Promoter for Tenant A’s events. •  B2C •  Performance (Burst Traffic!!!) •  Both •  Legacy… Integration, Migration…. Dealing with the past in general!
  10. 10. 10   Solution – Identity Bridge Service •  Don’t Try To Read the Diagram! ;) •  API that abstracts and integrates with multiple identity providers. •  A common API •  Really wish I knew about SCIM when we started this project.
  11. 11. 11   Solution – Identity Bridge Service •  Ignore the Fine Print, I will walk you through it. •  Multiple Consuming Applications •  Common Interface (IBS) •  Routed to 1 or more Identity Providers based on phase of integration and migration •  Bridge provider facilitates lazy migration. •  Strangler Pattern
  12. 12. 12   Solution – Bring it to the Cloud •  Identity Bridge Service API (IBS) •  Authentication •  Authorization •  User Management •  Tenant Provisioning •  Session Management •  IBS Eats Its Own Dog Food •  Access to the API is controlled using its own authentication and authorization services. •  Web-based User Interface (also protected using IBS)
  13. 13. 13   Solution – Bring it to the Cloud IBS   VERIZON  AMP   HOB   FILLMORE  
  14. 14. 14   Integration – Varying Client Capabilities •  Small Clients •  Few Employees •  Little or No Technical Abilities •  Limited Resources •  Big Clients •  Thousands of Employees •  Strong Technical Team, Potentially Have Their Own Development Teams •  Have Their Own Internal Identity Solutions
  15. 15. 15   Integration – Client Needs •  However, They Both Have Same Core Needs •  User Provisioning •  User Management •  Authentication •  Authorization •  Why? •  Create and Manage Events, Products, Merchandising, Pricing •  Reporting •  Marketing •  Sales •  Access Control (umm..Ticket Scanning)
  16. 16. 16   Integration – Client Implementation Options •  Small Clients •  Use Our Web-Based “Permissioning” UI •  Use Our Applications and Scanners •  Big Clients •  Multiple Options •  They Can Use Ours and do the “swivel chair” •  They Can Use Our “Services” integrating with their own UI •  Their Local Identity Solution can Provision Users through IBS to leverage the Ticketing application platform.
  17. 17. 17   Integration – Our Web-Based “Permissioning” UI
  18. 18. 18   Integration – Our Web-Based “Permissioning” UI
  19. 19. 19   Integration – A Quick Digression into Mobile •  Issues Exist on Desktop but Mobile has Made it Worse •  Lots of reverse engineering, de-compiling, and data extraction •  Certificates, API Keys, Long Running Access Tokens, etc. have been farmed and used by bots. •  Audits and Logs show “same device application” calling us thousands of times per minute trying to get access to tickets •  Privacy Laws have pushed us to use device application ids, instead of actually device information as part of authentication (smaller fingerprint L). •  Most companies would love the fact that people are creating automated ways of buying their stuff… For us, it’s a nightmare.
  20. 20. 20   Integration – A Quick Digression into Mobile •  Mitigation Strategies •  Session-based •  No more than one concurrent session •  A given token cannot be used more than once. Each response returns a new session token. •  Alerts •  Speed bumps •  Off switch :P
  21. 21. 21   Deployment– B2B vs B2C •  Ultimately, There is No Functional Difference •  We have different scaling issues though •  B2B has Constant Moderate Usage •  B2C has Period Burst Usage •  Options •  Scale solution to handle both concurrently •  Provide two physical deployments, one service B2B, the other B2C. •  We chose the later.

×