SlideShare a Scribd company logo

Identity Federation Patterns with WSO2 Identity Server​

WSO2
WSO2

The rapid growth of organizations, ever changing company policies, mergers and acquisitions often lead to the need for complex identity solutions that require integration with multiple heterogeneous systems. This makes traditional centralized identity management systems no longer viable. Identity federation is now adopted as a solution for such complex systems. It allows you to link multiple identities that belong to different trust domains by means of a common set of policies, practices and protocols. Join Darshana and Omindu in this webinar as they explore The challenges of introducing identity federation with use cases How to leverage identity federation patterns to overcome these challenges

Technology
1 of 35
Download to read offline
Identity Federation Patterns with WSO2 Identity Server​ June 18, 2017 Darshana Gunawardana Omindu Rathnaweera 1
2017 Summer School Webinar Series 2
About WSO2 ▪ All WSO2 products 100% free and open source ▪ Licensed under Apache 2.0 ▪ Based on WSO2 Carbon platform ▪ Componentized, modular architecture ▪ Founded in 2005 3
WSO2 Platform 4
▪ Currently in its 5th generation ▪ Latest release - WSO2 Identity Server 5.3.0 ▪ Addresses critical IAM needs both in customer IAM and workforce IAM spaces ▪ Extensive support for open standards - no vendor locking ▪ Large scale deployments over millions of users ▪ Rich eco system with 40+ connectors (https://store.wso2.com/store/assets/isconnector/list) ▪ Support for multi-tenancy ▪ Extensible product architecture to address complex IAM needs About WSO2 Identity Server 5
Identity Federation Patterns with WSO2 Identity Server 6
Agenda ▪ Need of the Identity Federation in reality ▪ Identity Federation is the solution! ▪ Capabilities of an Identity Broker ▪ Federation Problems & Patterns ▪ Q&A 7
Need of the Identity Federation in reality 8
Evolution of the web ▪ Web 1.0 Static content Limited users-sites interaction Identity was not portable ▪ Web 2.0 Interactive data Allows users-sites interaction User Centric Identity ▪ Web 3.0 Predicted content Identity of things 9
▪ For an consumer Ability to access the services with minimum effort ▪ For an enterprise Ability to quickly adopt to new business demands Adhere with complex corporate policies of, ▪ password policies ▪ strong authentication ▪ login policies etc. ▪ to comply with regulations ▪ In general: provide seamless user experience for a better productivity without compromising security IAM Requirements 10
Identity Federation is the Solution! 11
What “Identity Federation” means Connecting, a person's digital identity and attributes, stored across multiple distinct trust domains 12
Elevated Security ▪ Identity federation leverages widely adopted standard, secure and mature protocols (SAML, OpenID and OAuth) ▪ Eliminate maintaining multiple credentials ▪ Enables Single Sign-On (SSO) ▪ Can introduce Multi-Factor Authentication (MFA) Benefits of Identity Federation 13
Cost Benefits ▪ Introduce standard access control for enterprise apps with minimum effort with a shortest possible time ▪ Eliminates the requirement of implementing proprietary SSO mechanism ▪ Secure legacy apps with modern security specification without additional development effort ▪ Adaptation to latest security trends and organizational security requirements with minimum effort Benefits of Identity Federation 14
▪ Protocol Agnostic ▪ Claim Transformation ▪ Multi-option Multi-step authentication ▪ Trust brokering ▪ Home Realm Discovery ▪ Adaptive Authentication Capabilities of an Identity Broker 15
▪ Account Association ▪ Multiple Attribute Stores ▪ Just In Time Provisioning ▪ Manage Identity Relationships ▪ Centralized Access Control ▪ Centralized Monitoring & Analytics Capabilities of an Identity Broker 16
Federation Problems & Patterns 17
Problem 1: Utilize a Single Identity Across Multiple Heterogeneous Service Providers ▪ The business users need to access multiple service providers supporting multiple heterogeneous identity federation protocols. 18
Pattern 1: Identity Federation between Multiple Heterogeneous Identity Federation Protocols Pros ▪ Single Sign On ▪ Separate user authentication from application code ▪ Hides user credentials from applications ▪ Removes administrative overhead from applications ▪ Improves user experience Cons ▪ Introduce a single point where the security of the system can be breached 19
Problem 2: Consuming Multiple Services Across Different Trust Domains ▪ The business users need to utilize services beyond enterprise borders. The cross border interaction typically implies interacting with services residing under a different trust domain. The interaction may need to be done with or without having dependencies with the external trust domain entities. 20
Pattern 2.1: Inter-Domain Token Exchange ▪ Establish a trust relationship between the two Identity Providers residing in each trust domain. 21
Pattern 2.1: Inter-Domain Token Exchange Pros ▪ Flexible in maintaining trust domains ▪ Facilitates federated interactions between consumers and services across trust domains ▪ Same model can be extended to address more complex federation scenarios Cons ▪ Introduces certain level of dependency between the consumer and the Identity Provider in the other trust domain 22
Pattern 2.2: Intra-Domain Token Exchange ▪ Interact with a service developed in a federated trust domain, without any dependencies to entities in the other trust domain. 23
Pattern 2.2: Intra-Domain Token Exchange Pros ▪ Removes dependencies between consumers and service in different trust domains ▪ Can handle different token claim representations Cons ▪ Adds complexity to the mechanism used to model the trust relationship with the Identity Provider in the other trust domain ▪ Makes the services to accept messages that are not issued by the Identity Provider that they trusts 24
Problem 3: Identity Silos and Spaghetti Identity ▪ Localized groups of service providers operating in different protocols Introduces difficulties when it requires interoperability between the service provider groups ▪ Each service provider has to trust each identity provider ▪ Not scalable and hard to manage 25 Spaghetti Identity Identity Silos
Pattern 3: Identity Bus Pros ▪ Simplicity introducing new trusted domains / service providers ▪ Loosely coupled ▪ Reduces deployment complexity Cons ▪ Increased latency due to the intermediate bus ▪ Single point of failure 26
Problem 4: Need of Dynamic and Fine-Grained Authorization Policies ▪ Organizational policies may require securing services beyond typical authorization mechanisms ▪ Service provider needs to define a complex authorization policy to decide whether a given user is eligible to access a certain resource 27
▪ Federated authorization caters complex authorization requirement ▪ XACML can be used to define complex policies and evaluated authorization requests 28 Pattern 4: Federated Authorization
Pattern 4: Federated Authorization Pros ▪ Authorization implementation is decoupled from the application code base ▪ Supports securing services with complex authorization policies ▪ Avoid duplication of authorization policies across all the applications Cons ▪ Not widely adapted compared to federated authentication. 29
Problem 5: Lack of Support for Federated Authorization ▪ Even if the authentication is federated, most systems does not support authorization in a federated manner. Hence, the SP requires to persist user information up to a certain degree in order to perform authorization 30
Pattern 5.1: Federated Unidirectional Provisioning ▪ User interaction is directly with the identity provider ▪ IdP initiates the outbound provisioning for service providers ▪ Service providers receives a bare minimum amount of information. 31
Pattern 5.2: Federated Bidirectional Provisioning ▪ Built on top of unidirectional provisioning ▪ User can interact directly with either service provider or the identity provider ▪ Service provider or identity provider initiates outbound provisioning 32
Q&A 33
What next? 34
OPEN TECHNOLOGY FOR YOUR AGILE DIGITAL BUSINESS THANK YOU 35

Recommended

Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
WSO2
 
ThousandEyes Overview
ThousandEyes Overview ThousandEyes Overview
ThousandEyes Overview
ThousandEyes
 
The Salesforce Advantage: Understanding the Why (August 17, 2015)
The Salesforce Advantage: Understanding the Why (August 17, 2015)The Salesforce Advantage: Understanding the Why (August 17, 2015)
The Salesforce Advantage: Understanding the Why (August 17, 2015)
Salesforce Partners
 
Building microservices sample application
Building microservices sample applicationBuilding microservices sample application
Building microservices sample application
Anil Allewar
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
Srikanth Kappagantula
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security Strategy
SmartBear
 
API Governance
API Governance API Governance
API Governance
Sunil Kuchipudi
 
Apex Design Patterns
Apex Design PatternsApex Design Patterns
Apex Design Patterns
Salesforce Developers
 

Recommended

Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
WSO2
 
ThousandEyes Overview
ThousandEyes Overview ThousandEyes Overview
ThousandEyes Overview
ThousandEyes
 
The Salesforce Advantage: Understanding the Why (August 17, 2015)
The Salesforce Advantage: Understanding the Why (August 17, 2015)The Salesforce Advantage: Understanding the Why (August 17, 2015)
The Salesforce Advantage: Understanding the Why (August 17, 2015)
Salesforce Partners
 
Building microservices sample application
Building microservices sample applicationBuilding microservices sample application
Building microservices sample application
Anil Allewar
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
Srikanth Kappagantula
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security Strategy
SmartBear
 
API Governance
API Governance API Governance
API Governance
Sunil Kuchipudi
 
Apex Design Patterns
Apex Design PatternsApex Design Patterns
Apex Design Patterns
Salesforce Developers
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
Frans Sauermann
 
Salesforce Integration Pattern Overview
Salesforce Integration Pattern OverviewSalesforce Integration Pattern Overview
Salesforce Integration Pattern Overview
Dhanik Sahni
 
HUAWEI CLOUD General Introduction-for partner.pdf
HUAWEI CLOUD General Introduction-for partner.pdfHUAWEI CLOUD General Introduction-for partner.pdf
HUAWEI CLOUD General Introduction-for partner.pdf
DanyMochtar
 
Day 1 axway apim-training
Day 1 axway apim-trainingDay 1 axway apim-training
Day 1 axway apim-training
Nextel Telecomunicações
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
Azure architecture
Azure architectureAzure architecture
Azure architecture
Amal Dev
 
Demystify Salesforce Bulk API
Demystify Salesforce Bulk APIDemystify Salesforce Bulk API
Demystify Salesforce Bulk API
Dhanik Sahni
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
Nordic APIs
 
The New Sales Navigator: Admin Training Guide
The New Sales Navigator: Admin Training GuideThe New Sales Navigator: Admin Training Guide
The New Sales Navigator: Admin Training Guide
LinkedIn Sales Solutions
 
A complete Salesforce implementation guide on how to implement Salesforce
A complete Salesforce implementation guide on how to implement SalesforceA complete Salesforce implementation guide on how to implement Salesforce
A complete Salesforce implementation guide on how to implement Salesforce
Softweb Solutions
 
Salesforce Advantage (8 Core Differentiators)
Salesforce Advantage (8 Core Differentiators)Salesforce Advantage (8 Core Differentiators)
Salesforce Advantage (8 Core Differentiators)
Salesforce Partners
 
Integration using Salesforce Canvas
Integration using Salesforce CanvasIntegration using Salesforce Canvas
Integration using Salesforce Canvas
Dhanik Sahni
 
Salesforce project
Salesforce projectSalesforce project
Salesforce project
Siddharth Chaudhary
 
Multi-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted PossibilitiesMulti-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted Possibilities
Harsh V Sehgal
 
Cloud Has Become the New Normal: TCS
Cloud Has Become the New Normal: TCS Cloud Has Become the New Normal: TCS
Cloud Has Become the New Normal: TCS
Amazon Web Services
 
Deep dive into Salesforce Connected App
Deep dive into Salesforce Connected AppDeep dive into Salesforce Connected App
Deep dive into Salesforce Connected App
Dhanik Sahni
 
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT BearerMulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Vince Soliza
 
Introduction to lightning Web Component
Introduction to lightning Web ComponentIntroduction to lightning Web Component
Introduction to lightning Web Component
Mohith Shrivastava
 
Salesforce Service Cloud automatons
Salesforce Service Cloud automatonsSalesforce Service Cloud automatons
Salesforce Service Cloud automatons
RAMNARAYAN R
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?
Evernym
 
Introduction to Kafka Cruise Control
Introduction to Kafka Cruise ControlIntroduction to Kafka Cruise Control
Introduction to Kafka Cruise Control
Jiangjie Qin
 
Leveraging federation capabilities of Identity Server for API gateway
Leveraging federation capabilities of Identity Server for API gatewayLeveraging federation capabilities of Identity Server for API gateway
Leveraging federation capabilities of Identity Server for API gateway
WSO2
 

More Related Content

What's hot

COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
Frans Sauermann
 
Salesforce Integration Pattern Overview
Salesforce Integration Pattern OverviewSalesforce Integration Pattern Overview
Salesforce Integration Pattern Overview
Dhanik Sahni
 
HUAWEI CLOUD General Introduction-for partner.pdf
HUAWEI CLOUD General Introduction-for partner.pdfHUAWEI CLOUD General Introduction-for partner.pdf
HUAWEI CLOUD General Introduction-for partner.pdf
DanyMochtar
 
Day 1 axway apim-training
Day 1 axway apim-trainingDay 1 axway apim-training
Day 1 axway apim-training
Nextel Telecomunicações
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
Azure architecture
Azure architectureAzure architecture
Azure architecture
Amal Dev
 
Demystify Salesforce Bulk API
Demystify Salesforce Bulk APIDemystify Salesforce Bulk API
Demystify Salesforce Bulk API
Dhanik Sahni
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
Nordic APIs
 
The New Sales Navigator: Admin Training Guide
The New Sales Navigator: Admin Training GuideThe New Sales Navigator: Admin Training Guide
The New Sales Navigator: Admin Training Guide
LinkedIn Sales Solutions
 
A complete Salesforce implementation guide on how to implement Salesforce
A complete Salesforce implementation guide on how to implement SalesforceA complete Salesforce implementation guide on how to implement Salesforce
A complete Salesforce implementation guide on how to implement Salesforce
Softweb Solutions
 
Salesforce Advantage (8 Core Differentiators)
Salesforce Advantage (8 Core Differentiators)Salesforce Advantage (8 Core Differentiators)
Salesforce Advantage (8 Core Differentiators)
Salesforce Partners
 
Integration using Salesforce Canvas
Integration using Salesforce CanvasIntegration using Salesforce Canvas
Integration using Salesforce Canvas
Dhanik Sahni
 
Salesforce project
Salesforce projectSalesforce project
Salesforce project
Siddharth Chaudhary
 
Multi-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted PossibilitiesMulti-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted Possibilities
Harsh V Sehgal
 
Cloud Has Become the New Normal: TCS
Cloud Has Become the New Normal: TCS Cloud Has Become the New Normal: TCS
Cloud Has Become the New Normal: TCS
Amazon Web Services
 
Deep dive into Salesforce Connected App
Deep dive into Salesforce Connected AppDeep dive into Salesforce Connected App
Deep dive into Salesforce Connected App
Dhanik Sahni
 
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT BearerMulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Vince Soliza
 
Introduction to lightning Web Component
Introduction to lightning Web ComponentIntroduction to lightning Web Component
Introduction to lightning Web Component
Mohith Shrivastava
 
Salesforce Service Cloud automatons
Salesforce Service Cloud automatonsSalesforce Service Cloud automatons
Salesforce Service Cloud automatons
RAMNARAYAN R
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?
Evernym
 

What's hot (20)

COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
 
Salesforce Integration Pattern Overview
Salesforce Integration Pattern OverviewSalesforce Integration Pattern Overview
Salesforce Integration Pattern Overview
 
HUAWEI CLOUD General Introduction-for partner.pdf
HUAWEI CLOUD General Introduction-for partner.pdfHUAWEI CLOUD General Introduction-for partner.pdf
HUAWEI CLOUD General Introduction-for partner.pdf
 
Day 1 axway apim-training
Day 1 axway apim-trainingDay 1 axway apim-training
Day 1 axway apim-training
 
Kong
KongKong
Kong
 
Azure architecture
Azure architectureAzure architecture
Azure architecture
 
Demystify Salesforce Bulk API
Demystify Salesforce Bulk APIDemystify Salesforce Bulk API
Demystify Salesforce Bulk API
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
 
The New Sales Navigator: Admin Training Guide
The New Sales Navigator: Admin Training GuideThe New Sales Navigator: Admin Training Guide
The New Sales Navigator: Admin Training Guide
 
A complete Salesforce implementation guide on how to implement Salesforce
A complete Salesforce implementation guide on how to implement SalesforceA complete Salesforce implementation guide on how to implement Salesforce
A complete Salesforce implementation guide on how to implement Salesforce
 
Salesforce Advantage (8 Core Differentiators)
Salesforce Advantage (8 Core Differentiators)Salesforce Advantage (8 Core Differentiators)
Salesforce Advantage (8 Core Differentiators)
 
Integration using Salesforce Canvas
Integration using Salesforce CanvasIntegration using Salesforce Canvas
Integration using Salesforce Canvas
 
Salesforce project
Salesforce projectSalesforce project
Salesforce project
 
Multi-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted PossibilitiesMulti-Cloud Strategy for Unrestricted Possibilities
Multi-Cloud Strategy for Unrestricted Possibilities
 
Cloud Has Become the New Normal: TCS
Cloud Has Become the New Normal: TCS Cloud Has Become the New Normal: TCS
Cloud Has Become the New Normal: TCS
 
Deep dive into Salesforce Connected App
Deep dive into Salesforce Connected AppDeep dive into Salesforce Connected App
Deep dive into Salesforce Connected App
 
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT BearerMulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
 
Introduction to lightning Web Component
Introduction to lightning Web ComponentIntroduction to lightning Web Component
Introduction to lightning Web Component
 
Salesforce Service Cloud automatons
Salesforce Service Cloud automatonsSalesforce Service Cloud automatons
Salesforce Service Cloud automatons
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?
 

Viewers also liked

Introduction to Kafka Cruise Control
Introduction to Kafka Cruise ControlIntroduction to Kafka Cruise Control
Introduction to Kafka Cruise Control
Jiangjie Qin
 
Leveraging federation capabilities of Identity Server for API gateway
Leveraging federation capabilities of Identity Server for API gatewayLeveraging federation capabilities of Identity Server for API gateway
Leveraging federation capabilities of Identity Server for API gateway
WSO2
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
WSO2
 
Producer Performance Tuning for Apache Kafka
Producer Performance Tuning for Apache KafkaProducer Performance Tuning for Apache Kafka
Producer Performance Tuning for Apache Kafka
Jiangjie Qin
 
Handle Large Messages In Apache Kafka
Handle Large Messages In Apache KafkaHandle Large Messages In Apache Kafka
Handle Large Messages In Apache Kafka
Jiangjie Qin
 
[WSO2Con EU 2017] The Win-Win-Win of Water Authority HHNK
[WSO2Con EU 2017] The Win-Win-Win of Water Authority HHNK[WSO2Con EU 2017] The Win-Win-Win of Water Authority HHNK
[WSO2Con EU 2017] The Win-Win-Win of Water Authority HHNK
WSO2
 

Viewers also liked (6)

Introduction to Kafka Cruise Control
Introduction to Kafka Cruise ControlIntroduction to Kafka Cruise Control
Introduction to Kafka Cruise Control
 
Leveraging federation capabilities of Identity Server for API gateway
Leveraging federation capabilities of Identity Server for API gatewayLeveraging federation capabilities of Identity Server for API gateway
Leveraging federation capabilities of Identity Server for API gateway
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
 
Producer Performance Tuning for Apache Kafka
Producer Performance Tuning for Apache KafkaProducer Performance Tuning for Apache Kafka
Producer Performance Tuning for Apache Kafka
 
Handle Large Messages In Apache Kafka
Handle Large Messages In Apache KafkaHandle Large Messages In Apache Kafka
Handle Large Messages In Apache Kafka
 
[WSO2Con EU 2017] The Win-Win-Win of Water Authority HHNK
[WSO2Con EU 2017] The Win-Win-Win of Water Authority HHNK[WSO2Con EU 2017] The Win-Win-Win of Water Authority HHNK
[WSO2Con EU 2017] The Win-Win-Win of Water Authority HHNK
 

Similar to Identity Federation Patterns with WSO2 Identity Server​

Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
WSO2
 
Securing Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerSecuring Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity Server
WSO2
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Standards Customer Council
 
MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08
Computer Networking
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
ForgeRock
 
Service Mesh Talk for CTO Forum
Service Mesh Talk for CTO ForumService Mesh Talk for CTO Forum
Service Mesh Talk for CTO Forum
Rick Hightower
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Cloud Standards Customer Council
 
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
Sam Vanhoutte
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
Kumton Suttiraksiri
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CloudIDSummit
 
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Khash Nakhostin
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld
 
Webinar: Simplifying Cloud Connectivity for Your Clients
Webinar: Simplifying Cloud Connectivity for Your ClientsWebinar: Simplifying Cloud Connectivity for Your Clients
Webinar: Simplifying Cloud Connectivity for Your Clients
Global Capacity
 
Cloud Customer Architecture for Blockchain
Cloud Customer Architecture for BlockchainCloud Customer Architecture for Blockchain
Cloud Customer Architecture for Blockchain
Cloud Standards Customer Council
 
IT4651w-CC-1b-Introduction.pptx
IT4651w-CC-1b-Introduction.pptxIT4651w-CC-1b-Introduction.pptx
IT4651w-CC-1b-Introduction.pptx
nada542773
 
Productive Expansion on Amazon Web Services with BlazeClan
Productive Expansion on Amazon Web Services with BlazeClan Productive Expansion on Amazon Web Services with BlazeClan
Productive Expansion on Amazon Web Services with BlazeClan
Blazeclan Technologies Private Limited
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
David Linthicum
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Cloud Standards Customer Council
 

Similar to Identity Federation Patterns with WSO2 Identity Server​ (20)

Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
 
Securing Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerSecuring Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity Server
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08MCSA 70-412 Chapter 08
MCSA 70-412 Chapter 08
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
Service Mesh Talk for CTO Forum
Service Mesh Talk for CTO ForumService Mesh Talk for CTO Forum
Service Mesh Talk for CTO Forum
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
 
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
 
Webinar: Simplifying Cloud Connectivity for Your Clients
Webinar: Simplifying Cloud Connectivity for Your ClientsWebinar: Simplifying Cloud Connectivity for Your Clients
Webinar: Simplifying Cloud Connectivity for Your Clients
 
Cloud Customer Architecture for Blockchain
Cloud Customer Architecture for BlockchainCloud Customer Architecture for Blockchain
Cloud Customer Architecture for Blockchain
 
IT4651w-CC-1b-Introduction.pptx
IT4651w-CC-1b-Introduction.pptxIT4651w-CC-1b-Introduction.pptx
IT4651w-CC-1b-Introduction.pptx
 
Productive Expansion on Amazon Web Services with BlazeClan
Productive Expansion on Amazon Web Services with BlazeClan Productive Expansion on Amazon Web Services with BlazeClan
Productive Expansion on Amazon Web Services with BlazeClan
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 

More from WSO2

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
WSO2
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
WSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
WSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
WSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2
 

More from WSO2 (20)

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 

Recently uploaded

Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 

Recently uploaded (20)

Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 

Identity Federation Patterns with WSO2 Identity Server​

  • 1. Identity Federation Patterns with WSO2 Identity Server​ June 18, 2017 Darshana Gunawardana Omindu Rathnaweera 1
  • 2. 2017 Summer School Webinar Series 2
  • 3. About WSO2 ▪ All WSO2 products 100% free and open source ▪ Licensed under Apache 2.0 ▪ Based on WSO2 Carbon platform ▪ Componentized, modular architecture ▪ Founded in 2005 3
  • 5. ▪ Currently in its 5th generation ▪ Latest release - WSO2 Identity Server 5.3.0 ▪ Addresses critical IAM needs both in customer IAM and workforce IAM spaces ▪ Extensive support for open standards - no vendor locking ▪ Large scale deployments over millions of users ▪ Rich eco system with 40+ connectors (https://store.wso2.com/store/assets/isconnector/list) ▪ Support for multi-tenancy ▪ Extensible product architecture to address complex IAM needs About WSO2 Identity Server 5
  • 7. Agenda ▪ Need of the Identity Federation in reality ▪ Identity Federation is the solution! ▪ Capabilities of an Identity Broker ▪ Federation Problems & Patterns ▪ Q&A 7
  • 8. Need of the Identity Federation in reality 8
  • 9. Evolution of the web ▪ Web 1.0 Static content Limited users-sites interaction Identity was not portable ▪ Web 2.0 Interactive data Allows users-sites interaction User Centric Identity ▪ Web 3.0 Predicted content Identity of things 9
  • 10. ▪ For an consumer Ability to access the services with minimum effort ▪ For an enterprise Ability to quickly adopt to new business demands Adhere with complex corporate policies of, ▪ password policies ▪ strong authentication ▪ login policies etc. ▪ to comply with regulations ▪ In general: provide seamless user experience for a better productivity without compromising security IAM Requirements 10
  • 12. What “Identity Federation” means Connecting, a person's digital identity and attributes, stored across multiple distinct trust domains 12
  • 13. Elevated Security ▪ Identity federation leverages widely adopted standard, secure and mature protocols (SAML, OpenID and OAuth) ▪ Eliminate maintaining multiple credentials ▪ Enables Single Sign-On (SSO) ▪ Can introduce Multi-Factor Authentication (MFA) Benefits of Identity Federation 13
  • 14. Cost Benefits ▪ Introduce standard access control for enterprise apps with minimum effort with a shortest possible time ▪ Eliminates the requirement of implementing proprietary SSO mechanism ▪ Secure legacy apps with modern security specification without additional development effort ▪ Adaptation to latest security trends and organizational security requirements with minimum effort Benefits of Identity Federation 14
  • 15. ▪ Protocol Agnostic ▪ Claim Transformation ▪ Multi-option Multi-step authentication ▪ Trust brokering ▪ Home Realm Discovery ▪ Adaptive Authentication Capabilities of an Identity Broker 15
  • 16. ▪ Account Association ▪ Multiple Attribute Stores ▪ Just In Time Provisioning ▪ Manage Identity Relationships ▪ Centralized Access Control ▪ Centralized Monitoring & Analytics Capabilities of an Identity Broker 16
  • 18. Problem 1: Utilize a Single Identity Across Multiple Heterogeneous Service Providers ▪ The business users need to access multiple service providers supporting multiple heterogeneous identity federation protocols. 18
  • 19. Pattern 1: Identity Federation between Multiple Heterogeneous Identity Federation Protocols Pros ▪ Single Sign On ▪ Separate user authentication from application code ▪ Hides user credentials from applications ▪ Removes administrative overhead from applications ▪ Improves user experience Cons ▪ Introduce a single point where the security of the system can be breached 19
  • 20. Problem 2: Consuming Multiple Services Across Different Trust Domains ▪ The business users need to utilize services beyond enterprise borders. The cross border interaction typically implies interacting with services residing under a different trust domain. The interaction may need to be done with or without having dependencies with the external trust domain entities. 20
  • 21. Pattern 2.1: Inter-Domain Token Exchange ▪ Establish a trust relationship between the two Identity Providers residing in each trust domain. 21
  • 22. Pattern 2.1: Inter-Domain Token Exchange Pros ▪ Flexible in maintaining trust domains ▪ Facilitates federated interactions between consumers and services across trust domains ▪ Same model can be extended to address more complex federation scenarios Cons ▪ Introduces certain level of dependency between the consumer and the Identity Provider in the other trust domain 22
  • 23. Pattern 2.2: Intra-Domain Token Exchange ▪ Interact with a service developed in a federated trust domain, without any dependencies to entities in the other trust domain. 23
  • 24. Pattern 2.2: Intra-Domain Token Exchange Pros ▪ Removes dependencies between consumers and service in different trust domains ▪ Can handle different token claim representations Cons ▪ Adds complexity to the mechanism used to model the trust relationship with the Identity Provider in the other trust domain ▪ Makes the services to accept messages that are not issued by the Identity Provider that they trusts 24
  • 25. Problem 3: Identity Silos and Spaghetti Identity ▪ Localized groups of service providers operating in different protocols Introduces difficulties when it requires interoperability between the service provider groups ▪ Each service provider has to trust each identity provider ▪ Not scalable and hard to manage 25 Spaghetti Identity Identity Silos
  • 26. Pattern 3: Identity Bus Pros ▪ Simplicity introducing new trusted domains / service providers ▪ Loosely coupled ▪ Reduces deployment complexity Cons ▪ Increased latency due to the intermediate bus ▪ Single point of failure 26
  • 27. Problem 4: Need of Dynamic and Fine-Grained Authorization Policies ▪ Organizational policies may require securing services beyond typical authorization mechanisms ▪ Service provider needs to define a complex authorization policy to decide whether a given user is eligible to access a certain resource 27
  • 28. ▪ Federated authorization caters complex authorization requirement ▪ XACML can be used to define complex policies and evaluated authorization requests 28 Pattern 4: Federated Authorization
  • 29. Pattern 4: Federated Authorization Pros ▪ Authorization implementation is decoupled from the application code base ▪ Supports securing services with complex authorization policies ▪ Avoid duplication of authorization policies across all the applications Cons ▪ Not widely adapted compared to federated authentication. 29
  • 30. Problem 5: Lack of Support for Federated Authorization ▪ Even if the authentication is federated, most systems does not support authorization in a federated manner. Hence, the SP requires to persist user information up to a certain degree in order to perform authorization 30
  • 31. Pattern 5.1: Federated Unidirectional Provisioning ▪ User interaction is directly with the identity provider ▪ IdP initiates the outbound provisioning for service providers ▪ Service providers receives a bare minimum amount of information. 31
  • 32. Pattern 5.2: Federated Bidirectional Provisioning ▪ Built on top of unidirectional provisioning ▪ User can interact directly with either service provider or the identity provider ▪ Service provider or identity provider initiates outbound provisioning 32
  • 35. OPEN TECHNOLOGY FOR YOUR AGILE DIGITAL BUSINESS THANK YOU 35