Open Identity Stack Roadmap
John Barco, Ludo Poitou, Johnny Cope, Victor Ake
Product Management
OpenAM …

Making Secure
Connections
2
OpenAM: What does it do?


Access Management




Protects an organization
by providing the right
people with the right
...
OpenAM 11.0 Highlights
■

New Session Fail-Over with optimized architecture

■

OpenID Connect for developer friendly Fede...
Scaling for the Modern Web
10K

100M

Users

Users

5K

5M

Concurrent
sessions

Concurrent
sessions

50

2,500

AuthN/Sec...
Scalability & High Availability

6
New Session Fail-Over
■

Next generation design
– Removed the need of additional components (Message queue and
Berkely DB)...
OpenID Connect
= Identity, Authentication
+ OAuth
• REST-based, friendly and secure
federation, built on top of OAuth 2.0
...
REST Enhancements
■

Authentication REST API got better

■

Not only user & password

■

Any authentication module (x.509,...
■

■

Securely enable access to on-prem or
SaaS applications from any device
Platform independent support for
Android, iOS...
Adaptive Authentication
Device Fingerprinting
■

Adaptive Authentication can be
added when authenticating using
a mobile, ...
Summary
Simple
- Single package solution, easy to install and POC

Breadth
- Most features and standards support in a sing...
OpenIDM Overview
OpenIDM …

Building
Relationships
14
OpenIDM: What does it do?


Manage Identities




Centrally manage account
lifecycle, audit & report
entitlements and e...
OpenIDM 3.0 Highlights
■

Roles

■

Common User Interface

■

Reference implementation for Reporting

■

Continued support...
Summary
Simple
- Single package solution, easy to install and prove

Open
- The only supported open source provisioning so...
Bridge SPE Overview
Bridge SPE Overview
■

On-premise appliance to…
– Synchronize identities into SaaS providers
– Provide SSO / IWA
– …that’s...
Bridge SPE: How does it work?
■

Lightweight install
– .zip file

■

Configure source & target
– Source properties & targe...
OpenDJ Overview
22
High Level Strategy
■

Providing the Identity repository for the hybrid cloudenterprise.

■

Made easy for the Administrat...
Ubiquitous Directories

Service cloud

Amazon EC2

Company IDP

Headquarter

London

San Francisco

24
REST to LDAP
■

Provides a new way to
access the directory data

■

One familiar to most
developers :
– HTTP / REST / JSON...
Scaling for the Cloud
■

Horizontal and elastic
scalability

■

Complete support for
multi-tenants

26
What you need to know
■

OpenDJ 2.6.0 released end of June 2013

■

OpenDJ 3.0 will come mid 2014, with
Proxy services

■
...
Summary
Developer Friendly
- LDAP, REST/JSON, WEB Services

100% Pure Java
- Runs Anywhere, Embeddable

Very High Performa...
Thanks!
Upcoming SlideShare
Loading in …5
×

OIS Roadmap

1,475 views

Published on

Presented by John Barco, VP of Product Management at ForgeRock Open Identity Stack Summit, France 2013.

Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/

Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,475
On SlideShare
0
From Embeds
0
Number of Embeds
266
Actions
Shares
0
Downloads
42
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

OIS Roadmap

  1. 1. Open Identity Stack Roadmap John Barco, Ludo Poitou, Johnny Cope, Victor Ake Product Management
  2. 2. OpenAM … Making Secure Connections 2
  3. 3. OpenAM: What does it do?  Access Management   Protects an organization by providing the right people with the right access at the right time Federation  Allows identity and entitlements to be portable across autonomous domains 3
  4. 4. OpenAM 11.0 Highlights ■ New Session Fail-Over with optimized architecture ■ OpenID Connect for developer friendly Federation ■ Developer friendly REST APIs enhancements ■ Access Management for Mobile ■ Adaptive Authentication Device Fingerprinting ■ Updated agents v3.3; New Varnish policy agent ■ IPv6 Support ■ Java 7 Support 4
  5. 5. Scaling for the Modern Web 10K 100M Users Users 5K 5M Concurrent sessions Concurrent sessions 50 2,500 AuthN/Sec AuthN/Sec 5
  6. 6. Scalability & High Availability 6
  7. 7. New Session Fail-Over ■ Next generation design – Removed the need of additional components (Message queue and Berkely DB) ■ Based on OpenDJ performance and replication capabilities ■ Built for simplicity, scale and replication ■ Easy to configure and set up 7
  8. 8. OpenID Connect = Identity, Authentication + OAuth • REST-based, friendly and secure federation, built on top of OAuth 2.0 • Ideal for Mobile and lightweight devices • Full implementation in OpenAM 11.0 (all flows including session mgmt) 8
  9. 9. REST Enhancements ■ Authentication REST API got better ■ Not only user & password ■ Any authentication module (x.509, Multi-factor, etc) ■ Password Reset REST API ■ Customers can build their own user interface ■ REST APIs part of the OpenAM standard offering 9
  10. 10. ■ ■ Securely enable access to on-prem or SaaS applications from any device Platform independent support for Android, iOS, and other mobile using REST APIs ■ OpenAM provides OATH and HOTP for strong AuthN ■ Native App Native App Web App Web App REST/OAuth2/OpenID Connect OpenAM Mobile Risk-based authentication to enhance security Login App 10
  11. 11. Adaptive Authentication Device Fingerprinting ■ Adaptive Authentication can be added when authenticating using a mobile, or desktop ■ New Device Fingerprinting feature adds additional risk assessment to validate if the device is trusted 11
  12. 12. Summary Simple - Single package solution, easy to install and POC Breadth - Most features and standards support in a single product Flexible / Extensible - Open standard, APIs enable complete customization Scale - Built for managing millions of user identities 12
  13. 13. OpenIDM Overview
  14. 14. OpenIDM … Building Relationships 14
  15. 15. OpenIDM: What does it do?  Manage Identities   Centrally manage account lifecycle, audit & report entitlements and enable self service cost savings Embedded  RESTful interface easily integrates into modern application stacks to manage identities 15
  16. 16. OpenIDM 3.0 Highlights ■ Roles ■ Common User Interface ■ Reference implementation for Reporting ■ Continued support of OpenICF – Google Apps, Workday, Powershell & Scripted REST – Contribution of Advanced Connectors (RACF, SAP & TAM) ■ Multi-Tenant deployment model ■ IAG coverage with BrainWave partnership ■ Emerging opportunities in BaaS & Cloud Brokers 16
  17. 17. Summary Simple - Single package solution, easy to install and prove Open - The only supported open source provisioning solution in the market Modular & Extensible - Standards-based, embeddable featuring REST interfaces Scale - Built for managing millions of user identities 17
  18. 18. Bridge SPE Overview
  19. 19. Bridge SPE Overview ■ On-premise appliance to… – Synchronize identities into SaaS providers – Provide SSO / IWA – …that’s super easy to setup ■ v1 uni-directional AD-to-Salesforce ■ Bi-directional support and multisource/target ■ OEM business model 19
  20. 20. Bridge SPE: How does it work? ■ Lightweight install – .zip file ■ Configure source & target – Source properties & target OAuth ■ Synchronize users – Attribute Mapping ■ SSO with Kerberos / IWA 20
  21. 21. OpenDJ Overview
  22. 22. 22
  23. 23. High Level Strategy ■ Providing the Identity repository for the hybrid cloudenterprise. ■ Made easy for the Administrators and the developers ■ Customers want a reliable, highly available directory service that scales vertically and horizontally anywhere. 23
  24. 24. Ubiquitous Directories Service cloud Amazon EC2 Company IDP Headquarter London San Francisco 24
  25. 25. REST to LDAP ■ Provides a new way to access the directory data ■ One familiar to most developers : – HTTP / REST / JSON ■ SCIM like (and soon compliant) ■ Available embedded in OpenDJ or web application 25
  26. 26. Scaling for the Cloud ■ Horizontal and elastic scalability ■ Complete support for multi-tenants 26
  27. 27. What you need to know ■ OpenDJ 2.6.0 released end of June 2013 ■ OpenDJ 3.0 will come mid 2014, with Proxy services ■ REST to LDAP is a game changer. – Try it now and give us feedback. 27
  28. 28. Summary Developer Friendly - LDAP, REST/JSON, WEB Services 100% Pure Java - Runs Anywhere, Embeddable Very High Performance - For both READS and WRITES Highly Scalable and Available - Scale to 100M+ users, Multi-Master Replication for HA / Geo Avail. 28
  29. 29. Thanks!

×