WSO2Con US 2013 - Identity Management Best Practices with WSO2 Identity Server

1,232 views

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,232
On SlideShare
0
From Embeds
0
Number of Embeds
106
Actions
Shares
0
Downloads
67
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

WSO2Con US 2013 - Identity Management Best Practices with WSO2 Identity Server

  1. 1. Identity Management Best Practices with WSO2 Identity Server Johann Dilantha Nallathamby WSO2 Senior Software Engineer
  2. 2. The Computing Troika Three disrupting forces of the new information age Mobile Desktop Notebooks Tablets Smart Phones BYOD MDM Social Security Cloud Public Private Hybrid On Premise Internal users Partners Customers Prospects Leads BYOI
  3. 3. The Connected Business ● ● ● ● ● ● ● Extended Enterprise Globalization Agile business processes Dynamic organizational policies Economies of Scale Innovation Identity explosion
  4. 4. The Traditional Approach to Security
  5. 5. The Traditional Approach to Federation Federation Partner 1 Directory Consumer Service 1 Federation Partner 2 Directory Consumer Service 2 Federation Partner 3 Directory Consumer Service 3
  6. 6. The New Approach to Federation Identity as a Service model Federation Partner 1 Directory Federation Partner 2 Directory Federation Partner 3 Directory Consumer Service 1 Identity As a Service Consumer Service 2 Consumer Service 3
  7. 7. Identity Management Tools and Practices ● ● ● ● ● Versatile authentication Context based access management Identity Provisioning Identity Delegation Identity Federation
  8. 8. Versatile Authentication Policy?? Consumer Service Authentication What you know Passwords Secret questions What you have Tokens SAML X509 Kerberos OTP Cards What you are Fingerprint Retina Face Recognition
  9. 9. Context Based Access Control XACML ● ● ● ● Policy based Declarative Externalized Fine Grained XACML Authorization Context Subject Resource Action Environment Consumer Service
  10. 10. Auditing Log files Business Activity Monitor Audit Context Subject Resource Action Environment Complex Event Processor Consumer Service
  11. 11. Enforcing AAA ● ● Factor out the authentication, authorization and auditing Examples:     ● Axis2 handlers WSO2 ESB mediators Synapse handlers Java Servlet Filters Consumer Service Agents exist to be deployed Authentication Authorization Audit Consumer Service Consumer Service
  12. 12. Identity Provisioning ● ●  Proprietary APIs are not going to work SPML is kind of dead SCIM is widely adopted by major cloud vendors - Simple RESTful interactions with JSON payload
  13. 13. Identity Delegation ● WS-Trust Protected Resource Security Token Service (STS) 3 2 4 1 Domain B WS-Trust Client Domain A
  14. 14. Identity Delegation ● OAuth2
  15. 15. Identity Federation “The agreements, standards and technologies that make Identity and Entitlements portable across autonomous domains” - Burton Group ● ● ● ● ● ● ● OpenID SAML2 Web SSO WS-Federation Passive Requester Profile WS-Trust WS-Federation Active Requester Profile Assertion Profiles for OAuth2 OpenIDConnect
  16. 16. Identity and Attribute Federation ● ● Identity Federation  Account mapping  Account linking  Pseudonym - Transient - Persistent  Out-of-band Attribute Federation  Mapping user attributes names of one system to another  Mapping user attribute values of one system to another - E.g. role mappings between IdP roles and Shared roles for SaaS applications
  17. 17. Branding and customizing the User View – My Identity ●
  18. 18. Branding and customizing the User View – Login, Consent and Error pages
  19. 19. WSO2 Identity Server Reference Deployment Pattern 1 DMZ Green Zone WSO2 IS WSO2 IS Application Server Application Server External User Directory Internal User Directory
  20. 20. WSO2 Identity Server Reference Deployment Pattern 2 DMZ Green Zone WSO2 IS WSO2 IS Application Server Yellow Zone User Directory
  21. 21. Thank You

×