CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2C Applications
•
0 likes•735 views
Ken Riggio, Live Nation Entertainment Discussion of Live Nation Entertainment’s approach to IDaaS, governance, delegated administration, migration strategies, and the multiple authentication strategies required for its web-based and mobile B2B and B2C applications
More Related Content
What's hot
Similar to CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2C Applications
Similar to CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2C Applications (20)
More from CloudIDSummit
More from CloudIDSummit (20)
Recently uploaded
Recently uploaded (20)
CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2C Applications
- 1. Using IDaaS to Enable IAM for Applications JULY 22, 2014
- 2. 2 Introduction – Ken Riggio • VP, Software Development - Ticketing • B2B Identity and Access Management • B2C Identity and Access Management • Consolidated System of Inventory and Catalog Management • Integration • Music Enthusiast m/ • Dungeon Master! • Computer Nerd • NOT an Identity Management Expert
- 3. 3 Introduction – Live Nation Entertainment • Business Segments • Concerts • Venue Owner (House of Blues, Verizon Amphitheater, …) • Venue Operator • Promoters • Festival Operator • Artist Nation • Artist Management • Sponsorships & Advertising • Ticketing ($1.4 Billion in Revenue, 21.7% of total)
- 4. 4 Introduction – Ticketing • Clients (thousands of clients, tens of thousands of users) • Arenas, Stadiums, Amphitheaters, Music Clubs, Concert Promoters, Professional Sport Franchises and Leagues, College Sports Teams, Performing Arts Venues, Museums, Theaters • Sales Channels (hundreds of millions of users) • Web Sites – Ticketmaster, Livenation, TicketWeb, TicketsNow, Get Me In!, TicketExchange, … (71%) • Mobile Apps (14%) • Ticket Outlets – Venue Box Offices, Walmart, Retail Kiosks, … (10%) • Telephone (5%)
- 5. 5 Business Objectives – Re-Architecture • The Old • 17+ different systems that do the same thing… • Old technology (i.e. Assembly Programs running on VAX emulator) • Monolithic Applications • Long Delivery Cycles • The New • Consolidated and Unified Experience • Primarily Java & JavaScript (Node.js) • SOA 2.0 and EDA • Continuous Integration and Continuous Delivery
- 6. 6 Business Objectives – Core Principles • Increase Business Agility • More features, faster. • React quickly to new business opportunities. • Adopt new technologies as the become available. • Technology should enable, not constrain. • Reduce Operational Expenses • Focus head count on building the future, not supporting the past.
- 7. 7 Requirements – Identity and Access Management • B2B • Multiple Tenants (Clients) • Authentication • Authorization • Access to various applications • Web Applications • Mobile Applications • Scanners (Devices) • Roles • Entitlements • User Management (Delegated Administration)
- 8. 8 Requirements – Identity and Access Management • B2C • Multiple Tenants (Channels with Different User Bases) • Authentication • Authorization • Access to Premium Services • Fraud Flags and Restrictions • Bot Mitigation • User Self Service
- 9. 9 Challenges – Identity and Access Management • B2B • Data Firewall • Clients • Internal Live Nation Segments (Ticketing v. Concerts) • Cross Tenant Entitlements • Tenant A wants to enable Tenant B to be a Promoter for Tenant A’s events. • B2C • Performance (Burst Traffic!!!) • Both • Legacy… Integration, Migration…. Dealing with the past in general!
- 10. 10 Solution – Identity Bridge Service • Don’t Try To Read the Diagram! ;) • API that abstracts and integrates with multiple identity providers. • A common API • Really wish I knew about SCIM when we started this project.
- 11. 11 Solution – Identity Bridge Service • Ignore the Fine Print, I will walk you through it. • Multiple Consuming Applications • Common Interface (IBS) • Routed to 1 or more Identity Providers based on phase of integration and migration • Bridge provider facilitates lazy migration. • Strangler Pattern
- 12. 12 Solution – Bring it to the Cloud • Identity Bridge Service API (IBS) • Authentication • Authorization • User Management • Tenant Provisioning • Session Management • IBS Eats Its Own Dog Food • Access to the API is controlled using its own authentication and authorization services. • Web-based User Interface (also protected using IBS)
- 13. 13 Solution – Bring it to the Cloud IBS VERIZON AMP HOB FILLMORE
- 14. 14 Integration – Varying Client Capabilities • Small Clients • Few Employees • Little or No Technical Abilities • Limited Resources • Big Clients • Thousands of Employees • Strong Technical Team, Potentially Have Their Own Development Teams • Have Their Own Internal Identity Solutions
- 15. 15 Integration – Client Needs • However, They Both Have Same Core Needs • User Provisioning • User Management • Authentication • Authorization • Why? • Create and Manage Events, Products, Merchandising, Pricing • Reporting • Marketing • Sales • Access Control (umm..Ticket Scanning)
- 16. 16 Integration – Client Implementation Options • Small Clients • Use Our Web-Based “Permissioning” UI • Use Our Applications and Scanners • Big Clients • Multiple Options • They Can Use Ours and do the “swivel chair” • They Can Use Our “Services” integrating with their own UI • Their Local Identity Solution can Provision Users through IBS to leverage the Ticketing application platform.
- 17. 17 Integration – Our Web-Based “Permissioning” UI
- 18. 18 Integration – Our Web-Based “Permissioning” UI
- 19. 19 Integration – A Quick Digression into Mobile • Issues Exist on Desktop but Mobile has Made it Worse • Lots of reverse engineering, de-compiling, and data extraction • Certificates, API Keys, Long Running Access Tokens, etc. have been farmed and used by bots. • Audits and Logs show “same device application” calling us thousands of times per minute trying to get access to tickets • Privacy Laws have pushed us to use device application ids, instead of actually device information as part of authentication (smaller fingerprint L). • Most companies would love the fact that people are creating automated ways of buying their stuff… For us, it’s a nightmare.
- 20. 20 Integration – A Quick Digression into Mobile • Mitigation Strategies • Session-based • No more than one concurrent session • A given token cannot be used more than once. Each response returns a new session token. • Alerts • Speed bumps • Off switch :P
- 21. 21 Deployment– B2B vs B2C • Ultimately, There is No Functional Difference • We have different scaling issues though • B2B has Constant Moderate Usage • B2C has Period Burst Usage • Options • Scale solution to handle both concurrently • Provide two physical deployments, one service B2B, the other B2C. • We chose the later.