Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an API-driven World

29 views

Published on

This deck will illustrate why IAM should be top of mind for your enterprise’s success, and how you can leverage it in your transformation journey.

Join us at a city near you to learn how to achieve API-driven integration agility - https://wso2.com/integration-summits-2019/

Published in: Technology
  • Be the first to comment

  • Be the first to like this

[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an API-driven World

  1. 1. INTEGRATION SUMMIT 2019 Identity and Access Management in an API-driven World Pubudu Gunatilaka Associate Technical Lead - WSO2 Inc. INTEGRATION
  2. 2. INTEGRATION SUMMIT 2019 The API-driven World
  3. 3. INTEGRATION SUMMIT 2019 The API-driven World
  4. 4. INTEGRATION SUMMIT 2019 The API-driven World
  5. 5. INTEGRATION SUMMIT 2019 The API-driven World
  6. 6. INTEGRATION SUMMIT 2019 The API-driven World
  7. 7. INTEGRATION SUMMIT 2019 The API-driven World
  8. 8. INTEGRATION SUMMIT 2019 The API-driven World
  9. 9. INTEGRATION SUMMIT 2019 IAM in The API-driven World ID Token Access Token Refresh Token
  10. 10. INTEGRATION SUMMIT 2019 IAM in The API-driven World 1. How to onboard users ? 2. How to authenticate users ?
  11. 11. INTEGRATION SUMMIT 2019 Users Onboarding
  12. 12. INTEGRATION SUMMIT 2019 Users Onboarding X Registration Fatigue
  13. 13. INTEGRATION SUMMIT 2019 Users Onboarding - BYoID Application Identity Providers
  14. 14. INTEGRATION SUMMIT 2019 Users Authentication
  15. 15. INTEGRATION SUMMIT 2019 ● Over 70% of employees reuse passwords at work ● 59% reuse their passwords everywhere ● 81% of hacking-related breaches leveraged either stolen and/or weak passwords ● The above rate has gone from 50% to 66% to 81% during the past three years (2017) ‘Passwords’ are Not Secure! Source - 2017 Verizon Data Breach Investigations Report (DBIR)
  16. 16. INTEGRATION SUMMIT 2019 Users Authentication X
  17. 17. INTEGRATION SUMMIT 2019 How do you support ‘Strong Authentication’ ?
  18. 18. INTEGRATION SUMMIT 2019 Multi-factor Authentication Break authentication into multiple steps and verify different authentication factors at each step.
  19. 19. INTEGRATION SUMMIT 2019 Authentication Factors 1. Knowledge ■ Something you know ■ Password, passphrase, pin, secret fact 2. Possession ■ Something you have ■ Phone, token, badge, smart card 3. Inherence ■ Something you are ■ Fingerprint, facial feature, voice
  20. 20. INTEGRATION SUMMIT 2019 Authentication Factors Step 1 Step 2
  21. 21. INTEGRATION SUMMIT 2019 90% Google users have no 2FA Multi-factor Authentication in Reality
  22. 22. INTEGRATION SUMMIT 2019 What is the Problem?
  23. 23. INTEGRATION SUMMIT 2019 Usability Security Convenience
  24. 24. INTEGRATION SUMMIT 2019 Solution ?
  25. 25. INTEGRATION SUMMIT 2019 Authentication needs to be more dynamic, responsive and context sensitive = Adaptive Authentication
  26. 26. INTEGRATION SUMMIT 2019 Use Case: An Application Request LoA
  27. 27. INTEGRATION SUMMIT 2019 Use Case: Authentication From New Devices
  28. 28. INTEGRATION SUMMIT 2019 Use Case: Geo Velocity
  29. 29. INTEGRATION SUMMIT 2019 WSO2 Identity Server Offering - Overview
  30. 30. INTEGRATION SUMMIT 2019 WSO2 Identity Server Offering - Overview Static Authentication Flow ● IdP offers static authentication flow to the user ● Multi-factor & Multi-option authentication ● In Multi-option authentication user can pick one option from each step Request-based Conditional Authentication Flow ● IdP offers dynamic authentication flow to the user ● Based on attributes of request message authentication steps will change ● HTTP message, SAML ACR, OIDC ACR
  31. 31. INTEGRATION SUMMIT 2019 WSO2 Identity Server Offering - Overview User-based Conditional Authentication Flow ● IdP offers static authentication flow to the user ● Based on attributes of identified user authentication steps will change Adaptive/Risk-based Authentication Flow ● IdP offers dynamic authentication flow to the user ● Authentication steps can be based on user behaviors, environments, history and risk score
  32. 32. INTEGRATION SUMMIT 2019 ● Everyone knows passwords are no longer secure. ● Multi-factor authentication offers a perfect solution but less adopted due to usability issues. ● Multi-factor authentication needs to be more dynamic, responsive and context sensitive, and we called it ‘Adaptive Authentication’ ● WSO2 Identity Server can support any adaptive or risk-based authentication use case. Conclusions
  33. 33. INTEGRATION SUMMIT 2019 THANK YOU wso2.com

×