Downloaded 17 times
Uploaded byPing Identity
Connecting The Real World With The Virtual World
The document discusses how identity management protocols like OAuth 2.0 and OpenID Connect can help connect physical devices and systems to digital networks and services by providing scalable identification, authentication, and authorization. It outlines challenges like security at scale and password overuse that these protocols help address. Examples are given of how identity solutions can enable use cases across different industries involving manufacturing, healthcare, automotive, and home automation.
More Related Content
Similar to Connecting The Real World With The Virtual World
![[WSO2Con USA 2018] Identity APIs is the New Black](https://cdn.slidesharecdn.com/ss_thumbnails/wso2conusa18identityapisisthenewblack-180718104220-thumbnail.jpg?width=640&height=640&fit=bounds)
Connecting The Real World With The Virtual World
- 1. CONNECTING THE REAL WORLDWITH THE VIRTUAL WORLD The Identity of Things EIC May 15, 2014 Hans Zandbelt – CTO Office – Ping Identity Copyright © 2014 Ping Identity Corp. All rights reserved. 1
- 2. Overview 1 • Internet- &Identity of Things 2 • Infrastructure & Protocols 3 • Now what?
- 3. • Remote tracking •Controlling functions • Routing functions • enabled by smart sensor nodes and devices Use case: Manufacturing Copyright © 2014 Ping Identity Corp. All rights reserved. 3
- 4. • integration withreal- time monitoring • Health care providers (insurers) Use case: Healthcare Copyright © 2014 Ping Identity Corp. All rights reserved. 4
- 5. • Self-driving cars •Monitoring & reporting (today) Use case: Automotive Copyright © 2014 Ping Identity Corp. All rights reserved. 5
- 6. • smart thermometers/heating • audio/videobetween ALL devices with those capabilities (phone, mobile and fixed, iPad, front door cam, TV, stereo) • integrating all electrical devices household/building Use case: Home/Building Automation Copyright © 2014 Ping Identity Corp. All rights reserved. 6
- 7. • Cloud /SaaS & Social • Mobile Ubiquity • Embedded, Wearable • Smart Meters • Industry Automation • Home Automation • Retail & Consumer Automation Internet of Things
- 8. • Security Scalability –Access & Account Mgmt • Discovery, Identification & Authentication – Devices & Clients – Services & Servers – Users • Passwords … NOOO!! Challenges
- 9. Ehm Copyright © 2014Ping Identity Corp. All rights reserved. 9
- 10. INFRASTRUCTURE Building the identity-enabledinternet of everything
- 11. Consequence Traditional firewall andenterprise domain-based security cannot deal with Cloud, Mobile & IoT – Users, Applications or Devices. IDENTITY IS THE NEW PERIMETER FIREWALL
- 12. Network Applications IDENTITY • Scalable Identification •Scalable Security – Authentication – Privacy – Confidentiality – Integrity • Scalable Trust The Identity Layer
- 13. PROTOCOLS Realizing the Identiverseand IoT infrastructure
- 14. Today’s Identity ProtocolLandscape SAML LDAP X.509
- 15. Modern Identity ProtocolStack OpenID Connect SCIM OAuth 2.0
- 16. OAUTH 2.0 A 30,000feet overview
- 17. • 3rd partyclient store user passwords • Teaches users to be indiscriminate with passwords • No multi-factor or federated authentication • No granularity • No differentiation • No revocation Drawbacks Password anti-pattern
- 18.
- 19. • Secure APIauthorization – simple & standard, secure-enough (Bearer) – for desktop, mobile, web, IoT • Delegated access – mitigates password anti- pattern • Issue tokens for granular access – Without divulging your credentials Characteristics OAuth 2.0 Protocol Framework
- 20. Open Redirect somewhere inRP website + RP website uses federated SSO for user login + SSO Token callback from IDP to website is configurable => Assume the following Intermezzo: Covert Redirect Lesson: don’t forward messages that were meant for you to anyone else…
- 21.
- 22. Emerging Business Landscape Cloud Business Mobile Ubiquity Social Integration Internetof Things Secure Identity Layer
- 23. 1. Modern identityprotocol adoption – OAuth 2.0 & OpenID Connect – Bindings to IoT 2. Password reduction – Federation : default – Strong / multi-factor – Discrete > Continuous 3. Automation – Scale and ease of use – self-service as a backup Actions
- 24. • IoT – Scale –Security – Standards • Identity Platform – Spanning Cloud and IoT – Identity Function APIs – Multi-protocol • Don’t Panic – Let’s Start Moving Today Summary
- 25. Thank You http://www.pingidentity.com Hans Zandbelt hzandbelt@pingidentity.com Twitter:@hanszandbelt Ping Identity
- 26. Client SOAP/REST API • HTTP –basic/digest… • SOAP - WS-Security/WS- Trust • REST - ? • Token-based – Obtain – Use – Validate Methods API Access Token
- 27. • Separate protocolsfor SSO and API security • Heavyweight - in payload and processing • Complex – develop and manage • Manual trust bootstrapping and certificate management • SSO and API security in one • Lightweight – mobile • Simple – developer friendly • Auto client registration and key management SAML and OpenID Connect SAML OpenID Connect
Editor's Notes
- #18 Deprecated way of dealing with API access: hand out your password to a client or third party service. Bad: store pwd, indiscriminate, no multi-factor, no granularity, no differentation, no revocation. Need something better.
- #20 Enter Oauth 2.0: a protocol for secure API authorization. Simple standard or framework, based on REST and JSON, meant for the mobile web world. Delegated authorization, tokens are issued, obtained and used to mitigate the anti-password pattern. Granular, revokable access to specified parties, without exposing your credentials.
- #27 How would you secure web apis: SOAP: WS-Security REST: nothing there yet until recently. Only passwords. What we need is a token based method to access APIs: will explain in the next slide.