SlideShare a Scribd company logo

[WSO2Con USA 2018] Identity APIs is the New Black

WSO2
WSO2

This slide deck discusses how identity APIs have evolved over time and real-world scenarios where tough identity challenges have been successfully tackled by using them.

Technology
1 of 25
Download to read offline
Senior Technical Lead, WSO2 Identity APIs is the New Black Dulanja Liyanage
IAM Evolution
Siloed IAM - Application Bounded LDAP HR Application Payroll Application License Application AD RDB Kermit Corp John John Li JohnL
Siloed IAM - Centralized but Proprietary Payroll Application Identity Provider HR Application License Application Kermit Corp FinOrg CRM Application Kermit Proprietary Kermit Proprietary Kermit Proprietary
● Same physical user digitally represented in different siloes with different credentials ● No single sign-on across silos ● Higher probability of identity mismanagement ● Identity integrations across department/enterprise borders are difficult or impossible Problems of Siloed IAM
Centralized IAM - Standard APIs Payroll Application Identity Provider HR Application License Application Kermit Corp FinOrg CRM Application SAML SSO / SCIM / XACML OpenID Connect / SCIM / XACML WS-Fed / SCIM / XACML OpenID Connect / SCIM / XACML
Happily ever after?
Customer (is the king!) IAM ● Social login and BYOI ● Seamless experience across devices (Omnichannel) ● Privacy (Consent management) ● Ownership of user information ● Party-to-party delegation
Self Care Portal Identity Provider Retail Application Cloud OIDC OpenID Connect / SCIM / XACML Customer CRM SCIM Kermit Corp CIAM at a Glance
Business Success Seamless Experience Customer Satisfaction Identity Integrations Identity APIs
Next Big Challenge -> Identity of Things ● Dynamic device registration ● Device to device authentication ● Delegation of device access
Modern Identity APIs
User Provisioning with SCIM Self Care Portal Identity Provider Foo Org Zee Org Identity Provider Bar Org Identity Provider SCIM SCIM SCIM Inbound Outbound Inbound
SCIM 2.0 Payloads User Creation Group Creation curl --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"}," userName":"kim","password":"kimwso2","emails":[{"primary":true,"va lue":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.c om","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users curl --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups
Delegated Authorization with OAuth 2.0 Authorization Code Grant Suitable for web applications SAML Bearer Grant Suitable for apps already using SAML SSO for authentication JWT Grant Suitable for apps already using a JWT mechanism for authentication Client Credentials Grant Suitable to retrieve data not specific to end users - e.g. Weather/Stocks - and for machine-to-machine communications
Application (OAuth Client) OAuth Authorization Server 2 3 4 1 5 6 7 8 Authz Code Grant Flow OAuth Resource Server Introspect Authenticate + Consent Authz Code 302 Access Token Rq Access Token Access Token Access Token Resource Request Prerequisite Client application registered with the Authz Server manually or via Dynamic Client Registration Resource Owner
Authentication with OIDC ● OpenID Connect was created on top of OAuth 2.0 to provide an identity layer ● Introduces a new scope named “openid” ● Introduces a new token named ID Token, containing user claims ● Introduces a new endpoint named ‘userinfo’, to fetch additional user claims
OIDC Flow Application (OAuth Client) OAuth Authorization Server Resource Owner 2 3 4 1 5 6 9 OAuth Resource Server Introspect Authenticate + Consent Authz Code 302 Access Token Rq Access Token ID Token User Info Request 7 Access Token Access Token 8 Access Token Resource Request scope=openid
Party-to-party Delegation with UMA ● Developed on top of OAuth 2.0 ● Introduces an entity named ‘Requesting Party’, and two access tokens named ‘Protection API token’ (PAT) and ‘Requesting Party Token’ (RPT) ● Lots of use cases in CIAM and IoT: ○ E.g. A patient granting access to Doctor and Insurer to their health records ○ E.g. Homeowner granting rotate access of the CCTV camera to the housemaid
UMA in Action OAuth Resource Server Application (OAuth Client) Resource Owner Requesting Party Protection API Authorization API OAuth Authorization Server Register Resource Access Protected Resource Request Authorization Authorize to register resources Define policies Introspection API Validate RPT Result: RPT Result: PAT
Fine-grained Authorization with XACML ● De facto standard for attribute based access control ● Decouples authorization logic from the application code by introducing XML based policies ● Consists of 4 key components: ○ Policy Administration Point ○ Policy Decision Point ○ Policy Information Point ○ Policy Enforcement Point
Policy Store Policy Administration Point Policy Decision Point Identity Provider HR Application Policy Enforcement Point End-user Policy Information Point XACML in Action Entitlement Administrator CRUD Policies Do operation XACML Request
User Consent Management Change Consent Self Care Portal Consent Mgt API Identity Provider ConsentStorages End-user
User Data Exposure Export PII Self Care Portal PII Exposure API Identity Provider PIIStorages End-user Claims Security questions Consent receipts
THANK YOU wso2.com

Recommended

Talk Microservices to Me: The Role of IAM in Microservice Architecture
Talk Microservices to Me: The Role of IAM in Microservice ArchitectureTalk Microservices to Me: The Role of IAM in Microservice Architecture
Talk Microservices to Me: The Role of IAM in Microservice ArchitectureWSO2
 
42Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.142Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.1WSO2
 
API-first Integration for Microservices
API-first Integration for MicroservicesAPI-first Integration for Microservices
API-first Integration for MicroservicesWSO2
 
OBIE Directory Integration - A Technical Deep Dive
OBIE Directory Integration - A Technical Deep DiveOBIE Directory Integration - A Technical Deep Dive
OBIE Directory Integration - A Technical Deep DiveWSO2
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...WSO2
 
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...WSO2
 
Strong Customer Authentication - All Your Questions Answered
Strong Customer Authentication - All Your Questions AnsweredStrong Customer Authentication - All Your Questions Answered
Strong Customer Authentication - All Your Questions AnsweredWSO2
 
Identity Hub’s Role in Social Logins
Identity Hub’s Role in Social LoginsIdentity Hub’s Role in Social Logins
Identity Hub’s Role in Social LoginsWSO2
 

Recommended

Talk Microservices to Me: The Role of IAM in Microservice Architecture
Talk Microservices to Me: The Role of IAM in Microservice ArchitectureTalk Microservices to Me: The Role of IAM in Microservice Architecture
Talk Microservices to Me: The Role of IAM in Microservice ArchitectureWSO2
 
42Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.142Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.1WSO2
 
API-first Integration for Microservices
API-first Integration for MicroservicesAPI-first Integration for Microservices
API-first Integration for MicroservicesWSO2
 
OBIE Directory Integration - A Technical Deep Dive
OBIE Directory Integration - A Technical Deep DiveOBIE Directory Integration - A Technical Deep Dive
OBIE Directory Integration - A Technical Deep DiveWSO2
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...WSO2
 
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...WSO2
 
Strong Customer Authentication - All Your Questions Answered
Strong Customer Authentication - All Your Questions AnsweredStrong Customer Authentication - All Your Questions Answered
Strong Customer Authentication - All Your Questions AnsweredWSO2
 
Identity Hub’s Role in Social Logins
Identity Hub’s Role in Social LoginsIdentity Hub’s Role in Social Logins
Identity Hub’s Role in Social LoginsWSO2
 
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2WSO2
 
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...WSO2
 
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...WSO2
 
Best Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingBest Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingWSO2
 
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...WSO2
 
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the EnterpriseWSO2
 
Which ap is which business models_ a real-world guide for banks in sri lanka
Which ap is which business models_ a real-world guide for banks in sri lankaWhich ap is which business models_ a real-world guide for banks in sri lanka
Which ap is which business models_ a real-world guide for banks in sri lankaWSO2
 
OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16MikeLeszcz
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureWSO2
 
Open source iam value, benefits, and risks
Open source iam value, benefits, and risksOpen source iam value, benefits, and risks
Open source iam value, benefits, and risksWSO2
 
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...WSO2
 
API Management for GraphQL
API Management for GraphQLAPI Management for GraphQL
API Management for GraphQLWSO2
 
[WSO2Con Asia 2018] APIs and Microservices
[WSO2Con Asia 2018] APIs and Microservices[WSO2Con Asia 2018] APIs and Microservices
[WSO2Con Asia 2018] APIs and MicroservicesWSO2
 
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API ManagerWSO2
 
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou00zzj
 
Digital Transformation with Mobile Connect: Enhancing your Customer Experience
Digital Transformation with Mobile Connect: Enhancing your Customer ExperienceDigital Transformation with Mobile Connect: Enhancing your Customer Experience
Digital Transformation with Mobile Connect: Enhancing your Customer ExperienceWSO2
 
How to Build a Scalable, Distributed, Multi-Cloud API Architecture on Kubernetes
How to Build a Scalable, Distributed, Multi-Cloud API Architecture on KubernetesHow to Build a Scalable, Distributed, Multi-Cloud API Architecture on Kubernetes
How to Build a Scalable, Distributed, Multi-Cloud API Architecture on KubernetesWSO2
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new Features
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new FeaturesMigrate to the Latest WSO2 Micro Integrator to Unlock All-new Features
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new FeaturesWSO2
 
[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices ArchitectureWSO2
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 

More Related Content

What's hot

Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2WSO2
 
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...WSO2
 
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...WSO2
 
Best Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingBest Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingWSO2
 
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...WSO2
 
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the EnterpriseWSO2
 
Which ap is which business models_ a real-world guide for banks in sri lanka
Which ap is which business models_ a real-world guide for banks in sri lankaWhich ap is which business models_ a real-world guide for banks in sri lanka
Which ap is which business models_ a real-world guide for banks in sri lankaWSO2
 
OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16MikeLeszcz
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureWSO2
 
Open source iam value, benefits, and risks
Open source iam value, benefits, and risksOpen source iam value, benefits, and risks
Open source iam value, benefits, and risksWSO2
 
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...WSO2
 
API Management for GraphQL
API Management for GraphQLAPI Management for GraphQL
API Management for GraphQLWSO2
 
[WSO2Con Asia 2018] APIs and Microservices
[WSO2Con Asia 2018] APIs and Microservices[WSO2Con Asia 2018] APIs and Microservices
[WSO2Con Asia 2018] APIs and MicroservicesWSO2
 
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API ManagerWSO2
 
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou00zzj
 
Digital Transformation with Mobile Connect: Enhancing your Customer Experience
Digital Transformation with Mobile Connect: Enhancing your Customer ExperienceDigital Transformation with Mobile Connect: Enhancing your Customer Experience
Digital Transformation with Mobile Connect: Enhancing your Customer ExperienceWSO2
 
How to Build a Scalable, Distributed, Multi-Cloud API Architecture on Kubernetes
How to Build a Scalable, Distributed, Multi-Cloud API Architecture on KubernetesHow to Build a Scalable, Distributed, Multi-Cloud API Architecture on Kubernetes
How to Build a Scalable, Distributed, Multi-Cloud API Architecture on KubernetesWSO2
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new Features
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new FeaturesMigrate to the Latest WSO2 Micro Integrator to Unlock All-new Features
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new FeaturesWSO2
 
[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices ArchitectureWSO2
 

What's hot (20)

Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
Frictionless Adoption of Payment Services Directive (PSD2) with WSO2
 
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
 
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
[WSO2 Integration Summit Stuttgart 2019] Role of Integration in an API Driven...
 
Best Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingBest Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated Testing
 
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
 
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
 
Which ap is which business models_ a real-world guide for banks in sri lanka
Which ap is which business models_ a real-world guide for banks in sri lankaWhich ap is which business models_ a real-world guide for banks in sri lanka
Which ap is which business models_ a real-world guide for banks in sri lanka
 
OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking Architecture
 
Open source iam value, benefits, and risks
Open source iam value, benefits, and risksOpen source iam value, benefits, and risks
Open source iam value, benefits, and risks
 
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
 
API Management for GraphQL
API Management for GraphQLAPI Management for GraphQL
API Management for GraphQL
 
[WSO2Con Asia 2018] APIs and Microservices
[WSO2Con Asia 2018] APIs and Microservices[WSO2Con Asia 2018] APIs and Microservices
[WSO2Con Asia 2018] APIs and Microservices
 
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
 
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
 
Digital Transformation with Mobile Connect: Enhancing your Customer Experience
Digital Transformation with Mobile Connect: Enhancing your Customer ExperienceDigital Transformation with Mobile Connect: Enhancing your Customer Experience
Digital Transformation with Mobile Connect: Enhancing your Customer Experience
 
How to Build a Scalable, Distributed, Multi-Cloud API Architecture on Kubernetes
How to Build a Scalable, Distributed, Multi-Cloud API Architecture on KubernetesHow to Build a Scalable, Distributed, Multi-Cloud API Architecture on Kubernetes
How to Build a Scalable, Distributed, Multi-Cloud API Architecture on Kubernetes
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new Features
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new FeaturesMigrate to the Latest WSO2 Micro Integrator to Unlock All-new Features
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new Features
 
[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture
 

Similar to [WSO2Con USA 2018] Identity APIs is the New Black

[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 
Federation Services
Federation ServicesFederation Services
Federation ServicesEmpowerID
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsStefan Weber
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018MOnCloud
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Synacts
 
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET CoreVladimir Bychkov
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsStefan Weber
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CloudIDSummit
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Donald Malloy
 
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 

Similar to [WSO2Con USA 2018] Identity APIs is the New Black (20)

[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
Federation Services
Federation ServicesFederation Services
Federation Services
 
SSO Manager
SSO ManagerSSO Manager
SSO Manager
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application Permissions
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud Identity
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated Permissions
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2
 
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 

More from WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

More from WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

[WSO2Con USA 2018] Identity APIs is the New Black

  • 1. Senior Technical Lead, WSO2 Identity APIs is the New Black Dulanja Liyanage
  • 3. Siloed IAM - Application Bounded LDAP HR Application Payroll Application License Application AD RDB Kermit Corp John John Li JohnL
  • 4. Siloed IAM - Centralized but Proprietary Payroll Application Identity Provider HR Application License Application Kermit Corp FinOrg CRM Application Kermit Proprietary Kermit Proprietary Kermit Proprietary
  • 5. ● Same physical user digitally represented in different siloes with different credentials ● No single sign-on across silos ● Higher probability of identity mismanagement ● Identity integrations across department/enterprise borders are difficult or impossible Problems of Siloed IAM
  • 6. Centralized IAM - Standard APIs Payroll Application Identity Provider HR Application License Application Kermit Corp FinOrg CRM Application SAML SSO / SCIM / XACML OpenID Connect / SCIM / XACML WS-Fed / SCIM / XACML OpenID Connect / SCIM / XACML
  • 8. Customer (is the king!) IAM ● Social login and BYOI ● Seamless experience across devices (Omnichannel) ● Privacy (Consent management) ● Ownership of user information ● Party-to-party delegation
  • 9. Self Care Portal Identity Provider Retail Application Cloud OIDC OpenID Connect / SCIM / XACML Customer CRM SCIM Kermit Corp CIAM at a Glance
  • 10. Business Success Seamless Experience Customer Satisfaction Identity Integrations Identity APIs
  • 11. Next Big Challenge -> Identity of Things ● Dynamic device registration ● Device to device authentication ● Delegation of device access
  • 13. User Provisioning with SCIM Self Care Portal Identity Provider Foo Org Zee Org Identity Provider Bar Org Identity Provider SCIM SCIM SCIM Inbound Outbound Inbound
  • 14. SCIM 2.0 Payloads User Creation Group Creation curl --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"}," userName":"kim","password":"kimwso2","emails":[{"primary":true,"va lue":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.c om","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users curl --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups
  • 15. Delegated Authorization with OAuth 2.0 Authorization Code Grant Suitable for web applications SAML Bearer Grant Suitable for apps already using SAML SSO for authentication JWT Grant Suitable for apps already using a JWT mechanism for authentication Client Credentials Grant Suitable to retrieve data not specific to end users - e.g. Weather/Stocks - and for machine-to-machine communications
  • 16. Application (OAuth Client) OAuth Authorization Server 2 3 4 1 5 6 7 8 Authz Code Grant Flow OAuth Resource Server Introspect Authenticate + Consent Authz Code 302 Access Token Rq Access Token Access Token Access Token Resource Request Prerequisite Client application registered with the Authz Server manually or via Dynamic Client Registration Resource Owner
  • 17. Authentication with OIDC ● OpenID Connect was created on top of OAuth 2.0 to provide an identity layer ● Introduces a new scope named “openid” ● Introduces a new token named ID Token, containing user claims ● Introduces a new endpoint named ‘userinfo’, to fetch additional user claims
  • 18. OIDC Flow Application (OAuth Client) OAuth Authorization Server Resource Owner 2 3 4 1 5 6 9 OAuth Resource Server Introspect Authenticate + Consent Authz Code 302 Access Token Rq Access Token ID Token User Info Request 7 Access Token Access Token 8 Access Token Resource Request scope=openid
  • 19. Party-to-party Delegation with UMA ● Developed on top of OAuth 2.0 ● Introduces an entity named ‘Requesting Party’, and two access tokens named ‘Protection API token’ (PAT) and ‘Requesting Party Token’ (RPT) ● Lots of use cases in CIAM and IoT: ○ E.g. A patient granting access to Doctor and Insurer to their health records ○ E.g. Homeowner granting rotate access of the CCTV camera to the housemaid
  • 20. UMA in Action OAuth Resource Server Application (OAuth Client) Resource Owner Requesting Party Protection API Authorization API OAuth Authorization Server Register Resource Access Protected Resource Request Authorization Authorize to register resources Define policies Introspection API Validate RPT Result: RPT Result: PAT
  • 21. Fine-grained Authorization with XACML ● De facto standard for attribute based access control ● Decouples authorization logic from the application code by introducing XML based policies ● Consists of 4 key components: ○ Policy Administration Point ○ Policy Decision Point ○ Policy Information Point ○ Policy Enforcement Point
  • 22. Policy Store Policy Administration Point Policy Decision Point Identity Provider HR Application Policy Enforcement Point End-user Policy Information Point XACML in Action Entitlement Administrator CRUD Policies Do operation XACML Request
  • 23. User Consent Management Change Consent Self Care Portal Consent Mgt API Identity Provider ConsentStorages End-user
  • 24. User Data Exposure Export PII Self Care Portal PII Exposure API Identity Provider PIIStorages End-user Claims Security questions Consent receipts