Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an API-driven World

21 views

Published on

This deck will illustrate why IAM should be top of mind for your enterprise’s success, and how you can leverage it in your transformation journey.

Join us at a city near you to learn how to achieve API-driven integration agility - https://wso2.com/integration-summits-2019/

Published in: Technology
  • Be the first to comment

  • Be the first to like this

[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an API-driven World

  1. 1. INTEGRATION SUMMIT 2019 Identity and Access Management in an API-driven World Christopher Davey Senior Director, Solutions Architecture - WSO2 INTEGRATION
  2. 2. INTEGRATION SUMMIT 2019 The API-driven World
  3. 3. INTEGRATION SUMMIT 2019 The API-driven World
  4. 4. INTEGRATION SUMMIT 2019 The API-driven World
  5. 5. INTEGRATION SUMMIT 2019 The API-driven World
  6. 6. INTEGRATION SUMMIT 2019 The API-driven World
  7. 7. INTEGRATION SUMMIT 2019 The API-driven World
  8. 8. INTEGRATION SUMMIT 2019 The API-driven World
  9. 9. INTEGRATION SUMMIT 2019 IAM in The API-driven World ID Token Access Token Refresh Token
  10. 10. INTEGRATION SUMMIT 2019 OAuth2
  11. 11. INTEGRATION SUMMIT 2019 ● Authorization Code ● Implicit ● Client Credentials ● Resource Owner Password Grant types
  12. 12. INTEGRATION SUMMIT 2019 Authorization Code
  13. 13. INTEGRATION SUMMIT 2019 Implicit
  14. 14. INTEGRATION SUMMIT 2019 Client Credentials
  15. 15. INTEGRATION SUMMIT 2019 Resource Owner Password
  16. 16. INTEGRATION SUMMIT 2019 IAM in The API-driven World 1. How to onboard users ? 2. How to authenticate users ?
  17. 17. INTEGRATION SUMMIT 2019 Users Onboarding
  18. 18. INTEGRATION SUMMIT 2019 Users Onboarding X Registration Fatigue
  19. 19. INTEGRATION SUMMIT 2019 Users Onboarding - BYoID Service Provider Identity Providers
  20. 20. INTEGRATION SUMMIT 2019 Users Authentication
  21. 21. INTEGRATION SUMMIT 2019 ● Over 70% of employees reuse passwords at work ● 59% reuse their passwords everywhere ● 81% of hacking-related breaches leveraged either stolen and/or weak passwords ● The above rate has gone from 50% to 66% to 81% during the past three years (2017) ‘Passwords’ are Not Secure! Source - 2017 Verizon Data Breach Investigations Report (DBIR)
  22. 22. INTEGRATION SUMMIT 2019 Users Authentication X
  23. 23. INTEGRATION SUMMIT 2019 Use Strong Customer Authentication
  24. 24. INTEGRATION SUMMIT 2019 Multi-factor Authentication Break authentication into multiple steps and verify different authentication factors at each step.
  25. 25. INTEGRATION SUMMIT 2019 Authentication Factors 1. Knowledge ■ Something you know ■ Password, passphrase, pin, secret fact 2. Possession ■ Something you have ■ Phone, token, badge, smart card 3. Inherence ■ Something you are ■ Fingerprint, facial feature, voice
  26. 26. INTEGRATION SUMMIT 2019 Authentication Factors Step 1 Step 2
  27. 27. INTEGRATION SUMMIT 2019 90% Google users have no 2FA Multi-factor Authentication in Reality
  28. 28. INTEGRATION SUMMIT 2019 What is the Reason?
  29. 29. INTEGRATION SUMMIT 2019 Usability Security Convenience
  30. 30. INTEGRATION SUMMIT 2019 Solution ?
  31. 31. INTEGRATION SUMMIT 2019 Authentication needs to be more dynamic, responsive and context sensitive = Adaptive Authentication
  32. 32. INTEGRATION SUMMIT 2019 Use Case: Geo Velocity
  33. 33. INTEGRATION SUMMIT 2019 Use Case: An Application Request LoA
  34. 34. INTEGRATION SUMMIT 2019 Use Case: Authentication from New Devices
  35. 35. INTEGRATION SUMMIT 2019 WSO2 Identity Server Offering - Overview
  36. 36. INTEGRATION SUMMIT 2019 WSO2 Identity Server Offering - Overview Static Authentication Flow ● IdP offers static authentication flow to the user ● Multi-factor & Multi-option authentication ● In Multi-option authentication user can pick one option from each step Request-based Conditional Authentication Flow ● IdP offers dynamic authentication flow to the user ● Based on attributes of request message authentication steps will change ● HTTP message, SAML ACR, OIDC ACR
  37. 37. INTEGRATION SUMMIT 2019 WSO2 Identity Server Offering - Overview User-based Conditional Authentication Flow ● IdP offers static authentication flow to the user ● Based on attributes of identified user authentication steps will change Adaptive/Risk-based Authentication Flow ● IdP offers dynamic authentication flow to the user ● Authentication steps can be based on user behaviors, environments, history and risk score
  38. 38. INTEGRATION SUMMIT 2019 ● Basic API Security can be provided using OAuth2 and OIDC ● Everyone knows passwords are no longer secure. ● Multi-factor authentication offers a perfect solution but less adopted due to usability issues. ● Multi-factor authentication needs to be more dynamic, responsive and context sensitive, and we called it ‘Adaptive Authentication’ ● WSO2 Identity Server can support any adaptive or risk-based authentication use case. Conclusion
  39. 39. INTEGRATION SUMMIT 2019 THANK YOU wso2.com

×