Click to edit Master title style
Copyright ©2013 Ping Identity Corporation.All rights reserved.1
Copyright ©2012 Ping Identity Corporation.All rights reserved.2
HOW FEDERATED BUSINESS
WILL RULE THE WORLD
THE IDENTITY INDUSTRY ISABOUTTO EXPLODE
TODAY
FUTURE
Trove of medical devices found to have password
problems. Surgical devices, ventilators,
defibrillators, and monitors are a...
Copyright ©2012 Ping Identity Corporation.All rights reserved.8
OURMISSION
Network
Applications
IDENTITY

Identiverse (i-ˈden-tə-vərs) noun	

The Identiverse is a more perfect digital world of people, applications, and devices t...
1.  Everything has an identity (apps, devices, people)
2.  Authentication is multifactor (and rarely passwords)
3.  APIs a...
Copyright ©2012 Ping Identity Corporation.All rights reserved.11
IDENTIY IS ALWAYS ON
Identity becomes portable, enabled v...
EMERGING BUSINESS LANDSCAPE
Federated
Business
Mobile
Ubiquity
Social
Integration
Internet of
Things
Secure Identity Layer
EMERGING BUSINESS LANDSCAPE
Federated
Business
Mobile
Ubiquity
Social
Integration
Internet of
Things
Secure Identity Layer
EMERGING BUSINESS LANDSCAPE
Federated
Business
Mobile
Ubiquity
Social
Integration
Internet of
Things
Federated
Business
Mobile
Ubiquity
Social
Integration
Internet of
Things
Secure Identity Layer
EMERGING BUSINESS LANDSCAPE
Federated
Business
Mobile
Ubiquity
Social
Integration
Internet of
Things
Secure Identity Layer
EMERGING BUSINESS LANDSCAPE
Federated
Business
Mobile
Ubiquity
Social
Integration
Internet of
Things
Secure Identity Layer
EMERGING BUSINESS LANDSCAPE
Mobile
Ubiquity
Social
Integration
Internet of
Things
Secure Identity Layer
EMERGING BUSINESS LANDSCAPE
FUNDAMENTAL TENETS TO SCALE
•  No more passwords
•  Automate as much as possible
–  Eliminate IT Administrative overhead
–...
TODAY’S IDENTITY PROTOCOL LANDSCAPE
SAML
LDAP
X.509
MODERN IDENTITY PROTOCOL STACK
OAuth 2.0
MODERN IDENTITY PROTOCOL STACK
OpenID Connect SCIM
OAuth 2.0
Security for APIs
API’S FOR IDENTITY
OpenID Connect SCIM
Security for APIs
User Authentication API
API’S FOR IDENTITY
SCIM
Security for APIs
User Authentication API User Management API
API’S FOR IDENTITY
Security for APIs
User Authentication API User Management API
API’S FOR IDENTITY
(Not identity-enabled APIs)
WHAT IS ACTIONABLE?
•  Apps and devices need a modern identity protocol
stack
–  Starts with Oauth 2.0, OpenID Connect and...
Copyright ©2012 Ping Identity Corporation.All rights reserved.28
WHAT IS THE ANSWER TO THE
ULTIMATE QUESTION OF
LIFE,THE U...
Click to edit Master title style
Copyright ©2013 Ping Identity Corporation.All rights reserved.29
THANKYOU
In the perfect ...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the World
Upcoming SlideShare
Loading in …5
×

Hitchhikers Guide to the Identiverse - How Federated Business will Rule the World

16,346 views

Published on

Hitchhikers know everything exciting happens outside the lines, like cloud, mobile, social, big data and the internet of things. The challenge of navigating today’s universe is lack of portable, automated, discoverable and scalable identity management. DON’T PANIC. This presentation from Ping Identity CTO Patrick Harding explains how a next-generation identity and access management layer encompassing the identity of people and things, passive analytics, active feedback and automated connections to partners, customers, and apps is the modern Hitchhiker’s Guide to the Identiverse. Presented at Gartner Catalyst 2013.

Published in: Technology, Business
0 Comments
11 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
16,346
On SlideShare
0
From Embeds
0
Number of Embeds
47
Actions
Shares
0
Downloads
0
Comments
0
Likes
11
Embeds 0
No embeds

No notes for slide
  • Hitchhikers know everything exciting happens outside the lines, like cloud, mobile, social, big data and the internet of things.The challenge of navigating today’s universe is lack of portable, automated, discoverable and scalable identity management.DON’T PANIC. I’ll explain how a next-generation identity and access management layer encompassing the identity of:people and thingspassive analyticsactive feedbackand automated connections to partners, customers, and apps is the modern Hitchhiker’s Guide to the Identiverse.
  • As the collision of cloud-mobile-social grows to it’s inevitable conclusion, we are facing a massive explosion of internet endpoints, and a desperate future problem of securing and coordinating them.
  • Today we are at the “craftsman” stage of identity. Carefully constructed connections allow a small number of endpoints and users to be secured.
  • The future isexponential growth of
  • VINT CERF PUNTNEEDS TO BE HYBRID
  • This will be true of enterprise applications as well as (and more importantly) consumer applications. This is the path that Ping has started upon, and continues down. Consumerization of IT will likely drive consumer identity protocols into the enterprise – OpenID Connect being an example.
  • Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcIdentity must become portable to drive ease of useInternet of Things - every thing has a unique identifier
  • Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
  • Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
  • Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
  • Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
  • Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
  • Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
  • Modern Identity LandscapeTargeted at Application developersLearnt from previous attempts
  • Two pillars of scalable modern identity: SCIM and OIDCOIDC is crucial for modern identity IdP discovery – important as number of IdPS increase in the modern identity era.Applicaton registration. Provides a mechanism ernidetntiy. Scale: to enable applications (be they on mobile devices or web applications) to act on behalf of the user to do things.Finally delivers SSO via ID token for native devices (pivot to OAuth).SCIMAuthorization and SSO isn’t possible without a provisioning event. aaS vendors have service level agreements that preclude the use of the enterprise identity store. The current insanity vis-à-vis proprietary provisioning won’t scale. SCIM is modern (REST-based) and is our last best hope at scalable provisioning because it delivers a standards-based approach.
  • OpenID ConnectAuthentication API (also enables SSO)Developer calls GetUserInfo API EndpointReplace Login.jsp and the Password DBFederated Domain, Single Domains, whateverSCIMUser Management APICreate, Read, Update, DeleteDeveloper exposes API to Add, Change & Delete user accounts
  • OpenID ConnectAuthentication API (also enables SSO)Developer calls GetUserInfo API EndpointReplace Login.jsp and the Password DBFederated Domain, Single Domains, whateverSCIMUser Management APICreate, Read, Update, DeleteDeveloper exposes API to Add, Change & Delete user accounts
  • OpenID ConnectAuthentication API (also enables SSO)Developer calls GetUserInfo API EndpointReplace Login.jsp and the Password DBFederated Domain, Single Domains, whateverSCIMUser Management APICreate, Read, Update, DeleteDeveloper exposes API to Add, Change & Delete user accounts
  • Two pillars of scalable modern identity: SCIM and OIDCNot Identity Enabled API’sSCIMAuthorization and SSO isn’t possible without a provisioning event. aaS vendors have service level agreements that preclude the use of the enterprise identity store. The current insanity vis-à-vis proprietary provisioning won’t scale. SCIM is modern (REST-based) and is our last best hope at scalable provisioning because it delivers a standards-based approach.OIDC is crucial for modIdP discovery – important as number of IdpS increase in the modern identity era.Client registration. Provides a mechanism ernidetntiy. Scale:to enable applications (be they on mobile devices or web applications) to act on behalf of the user to do things.Finally delivers SSO via ID token for native devices (pivot to OAuth).Interesting crossover and linkage b/w SCIM SP and OIDC user info endpoint. Different. I’ll be working in the IETF group on this (with John’s guidance). I’ll have diagrams for CIS.
  • Hitchhikers Guide to the Identiverse - How Federated Business will Rule the World

    1. Click to edit Master title style Copyright ©2013 Ping Identity Corporation.All rights reserved.1
    2. Copyright ©2012 Ping Identity Corporation.All rights reserved.2 HOW FEDERATED BUSINESS WILL RULE THE WORLD
    3. THE IDENTITY INDUSTRY ISABOUTTO EXPLODE
    4. TODAY
    5. FUTURE
    6. Trove of medical devices found to have password problems. Surgical devices, ventilators, defibrillators, and monitors are among the equipment at risk The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the Department of Homeland Security and the Food and Drug Administration (FDA) are warning that the vulnerability could allow attackers to change critical settings and modify firmware. ZDNet – 17 June 2013 http://zd.net/17j5RGY HEADLINES WE DON’T WANT TO SEE
    7. Copyright ©2012 Ping Identity Corporation.All rights reserved.8 OURMISSION Network Applications IDENTITY 
    8. Identiverse (i-ˈden-tə-vərs) noun The Identiverse is a more perfect digital world of people, applications, and devices that all recognize and interact with each other. When everything is identity-aware and access is ubiquitous, the Identiverse will provide superior security and freedom to realize the full potential of digital economy.
    9. 1.  Everything has an identity (apps, devices, people) 2.  Authentication is multifactor (and rarely passwords) 3.  APIs are Ubiquitous 4.  Standards are Everywhere 5.  Access is Federated 6.  Privacy is Possible SIX FUNDAMENTAL PILLARS OFTHE IDENTIVERSE
    10. Copyright ©2012 Ping Identity Corporation.All rights reserved.11 IDENTIY IS ALWAYS ON Identity becomes portable, enabled via an identity services layer that is leveraged byALL applications… much like databases and the network are today.
    11. EMERGING BUSINESS LANDSCAPE Federated Business Mobile Ubiquity Social Integration Internet of Things
    12. Secure Identity Layer EMERGING BUSINESS LANDSCAPE Federated Business Mobile Ubiquity Social Integration Internet of Things
    13. Secure Identity Layer EMERGING BUSINESS LANDSCAPE Federated Business Mobile Ubiquity Social Integration Internet of Things
    14. Federated Business Mobile Ubiquity Social Integration Internet of Things Secure Identity Layer EMERGING BUSINESS LANDSCAPE
    15. Federated Business Mobile Ubiquity Social Integration Internet of Things Secure Identity Layer EMERGING BUSINESS LANDSCAPE
    16. Federated Business Mobile Ubiquity Social Integration Internet of Things Secure Identity Layer EMERGING BUSINESS LANDSCAPE
    17. Mobile Ubiquity Social Integration Internet of Things Secure Identity Layer EMERGING BUSINESS LANDSCAPE
    18. FUNDAMENTAL TENETS TO SCALE •  No more passwords •  Automate as much as possible –  Eliminate IT Administrative overhead –  Application registration is dynamic •  Ease of use –  Effortless self service –  Developer-friendly –  IT-friendly –  User-friendly
    19. TODAY’S IDENTITY PROTOCOL LANDSCAPE SAML LDAP X.509
    20. MODERN IDENTITY PROTOCOL STACK OAuth 2.0
    21. MODERN IDENTITY PROTOCOL STACK OpenID Connect SCIM OAuth 2.0
    22. Security for APIs API’S FOR IDENTITY OpenID Connect SCIM
    23. Security for APIs User Authentication API API’S FOR IDENTITY SCIM
    24. Security for APIs User Authentication API User Management API API’S FOR IDENTITY
    25. Security for APIs User Authentication API User Management API API’S FOR IDENTITY (Not identity-enabled APIs)
    26. WHAT IS ACTIONABLE? •  Apps and devices need a modern identity protocol stack –  Starts with Oauth 2.0, OpenID Connect and SCIM •  No more passwords –  Federated access by default •  Ease of use means automate everything –  Or enable self-service as a backup
    27. Copyright ©2012 Ping Identity Corporation.All rights reserved.28 WHAT IS THE ANSWER TO THE ULTIMATE QUESTION OF LIFE,THE UNIVERSE AND EVERYTHING?
    28. Click to edit Master title style Copyright ©2013 Ping Identity Corporation.All rights reserved.29 THANKYOU In the perfect digital world everything is identity-aware and access is ubiquitous. Help write the next chapter in the hitchhiker’s guide. HOW? Join Ping Identity’s hospitality suite and enjoy a Pan Galactic Gargle Blaster and use your NEW Up by Jawbone to log whether its effects are, “similar to having your brains smashed in by a slice of lemon wrapped round a large gold brick.” Tweet using hashtag #identiverse

    ×