Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Connected Identity : The Role of the Identity Bus

1,044 views

Published on

Connected Identity : The Role of the Identity Bus

Published in: Education
  • Be the first to comment

Connected Identity : The Role of the Identity Bus

  1. 1. Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2
  2. 2. In U.S only, mergers and acquisitions volume totaled to $865.1 billion in the first nine months of 2013, according to Dealogic
  3. 3. In Europe 58 percent transact directly with users from other businesses and/or consumers
  4. 4. In UK 65 percent transact directly with users from other businesses and/or consumers
  5. 5. Gartner predicts, by 2020, 60% of all digital identities interacting with enterprises will come from external IdPs
  6. 6. Federation Ant-patterns Identity Silos
  7. 7. Federation Ant-patterns Spaghetti Identity
  8. 8. Identity Broker Pattern Fundamental #1: Federation protocol agnostic : • Should not couple into a specific federation protocol like SAML, OpenID Connect. • Ability to connect multiple identity providers over heterogeneous identity federation protocols. • Should have ability transform ID tokens between heterogeneous federation protocols. Fifteen Fundamentals
  9. 9. Identity Broker Pattern Fifteen Fundamentals
  10. 10. Identity Broker Pattern Fundamental #2: Transport protocol agnostic : • Should not couple into a specific transport protocol – HTTP, MQTT Fifteen Fundamentals
  11. 11. Identity Broker Pattern Fifteen Fundamentals
  12. 12. Identity Broker Pattern Fundamental #3: Authentication protocol agnostic: • Should not couple into a specific authentication protocol, username/password, FIDO, OTP. • Pluggable authenticators. Fifteen Fundamentals
  13. 13. Identity Broker Pattern Fifteen Fundamentals
  14. 14. Identity Broker Pattern Fundamental #4: Claim Transformation: • Should have the ability to transform identity provider specific claims into service provider specific claims. • Simple claim transformations and complex transformations. Fifteen Fundamentals
  15. 15. Identity Broker Pattern Fifteen Fundamentals
  16. 16. Identity Broker Pattern Fundamental #5: Home Realm Discovery: • Should have the ability to find the home identity provider corresponding to the incoming federation request looking at certain attributes in the request. • Filter based routing. Fifteen Fundamentals
  17. 17. Identity Broker Pattern Fifteen Fundamentals
  18. 18. Identity Broker Pattern Fundamental #6: Multi-option Authentication: • Should have the ability present multiple login options to the user, by service provider. Fifteen Fundamentals
  19. 19. Identity Broker Pattern Fifteen Fundamentals
  20. 20. Identity Broker Pattern Fundamental #7: Multi-step Authentication: • Should have the ability present multiple step authentication (MFA) to the user, by service provider. Fifteen Fundamentals
  21. 21. Identity Broker Pattern Fifteen Fundamentals
  22. 22. Identity Broker Pattern Fundamental #8: Adaptive Authentication: • Should have the ability change the authentication options based on the context. Fifteen Fundamentals
  23. 23. Identity Broker Pattern Fifteen Fundamentals
  24. 24. Identity Broker Pattern Fundamental #9: Identity Mapping: • Should have the ability map identities between different identity providers. • User should be able to maintain multiple identities with multiple identity providers. Fifteen Fundamentals
  25. 25. Identity Broker Pattern Fifteen Fundamentals
  26. 26. Identity Broker Pattern Fundamental #10: Multiple Attribute Stores: • Should have the ability connect to multiple attribute stores and build an aggregated view of the end user identity. Fifteen Fundamentals
  27. 27. Identity Broker Pattern Fifteen Fundamentals
  28. 28. Identity Broker Pattern Fundamental #11: Just-in-time Provisioning: • Should have the ability to provision users to connected user stores in a protocol agnostic manner. Fifteen Fundamentals
  29. 29. Identity Broker Pattern Fifteen Fundamentals
  30. 30. Identity Broker Pattern Fundamental #12: Manage Identity Relationships: • Should have the ability to manage identity relationships between different entities and take authentication and authorization decisions based on that. Fifteen Fundamentals
  31. 31. Identity Broker Pattern Fifteen Fundamentals
  32. 32. Identity Broker Pattern Fundamental #13: Trust Brokering: • Each service provider should identify which identity providers it trusts. Fifteen Fundamentals
  33. 33. Identity Broker Pattern Fifteen Fundamentals
  34. 34. Identity Broker Pattern Fundamental #14: Centralized Access Control: • Who gets access to which user attribute? Which resources the user can access at the service provider? Fifteen Fundamentals
  35. 35. Identity Broker Pattern Fifteen Fundamentals
  36. 36. Identity Broker Pattern Fundamental #15: Centralized Monitoring: • Should have the ability monitor and generate statistics on each identity transaction flows through the broker. Fifteen Fundamentals
  37. 37. Identity Broker Pattern Fifteen Fundamentals
  38. 38. Identity Mediation Language http://blog.facilelogin.com/2015/05/identity-mediation-language-iml.html
  39. 39. Seven Fundamental of Future IAM By Martin Kuppinger Fundamental #1: More than humans - It’s also about Identities of things, devices, services, and apps
  40. 40. Fundamental #2: Multiple Identity Providers - We will not manage all identities internally anymore and trust will vary Seven Fundamental of Future IAM By Martin Kuppinger
  41. 41. Fundamental #3: Multiple Attribute Providers - There will no longer be a single source of truth and information on identities anymore Seven Fundamental of Future IAM By Martin Kuppinger
  42. 42. Fundamental #4: Multiple Identities - Many users will use different identities (or personas) and flexibly switch between these Seven Fundamental of Future IAM By Martin Kuppinger
  43. 43. Fundamental #5: Multiple Authenticators - There is no single authenticator that works for all Seven Fundamental of Future IAM By Martin Kuppinger
  44. 44. Fundamental #6: Identity Relationships - We must map humans to things, devices, and apps Seven Fundamental of Future IAM By Martin Kuppinger
  45. 45. Fundamental #7: Context - Identity and Access Risk varies in context Seven Fundamental of Future IAM By Martin Kuppinger
  46. 46. Thank You

×