Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WSO2Con Asia 2014 - Bring Your Own IDentity (BYOID) Benefits and Challenges

496 views

Published on

  • Be the first to comment

  • Be the first to like this

WSO2Con Asia 2014 - Bring Your Own IDentity (BYOID) Benefits and Challenges

  1. 1. Bring  Your  Own  Iden/ty  (BYOID)   Prabath  Siriwardena  (@prabath)   Director  of  Security   WSO2  
  2. 2. Gartner  predicts,  by  the  end  of  2015,  50%   of  all  new  retail  customer  iden<<es  will  be   based  on  social  network  iden<<es.    
  3. 3. Facebook  is  only  second  to  China  and  India   in  terms  of  its  user  base.    
  4. 4. Facebook  vs.  Internet  User  vs.  World  Popula<on  
  5. 5. Facebook  vs.  China  vs.  India  
  6. 6. Enterprise  Iden<ty  ßà  Social  Iden<ty    
  7. 7. IT  consumeriza<on  is  an  emerging   topic  or  trend  for  last  few  years.  
  8. 8. The  ini<al  consumeriza<on  hype   was  focused  on  the  bring  your  own   device  (BYOD)  trend.  
  9. 9. Bring  Your  Own  Device  (BYOD)     à     Bring  Your  Own  Iden<ty  (BYOID)    
  10. 10. The  rise  of  BYOID  is  being  driven  by  users'   "iden<ty  fa<gue”.    
  11. 11.  The  analyst  firm  Quocirca  confirms  that  in  Europe  58   percent  transact  directly  with  users  from  other   businesses  and/or  consumers;  for  the  UK  alone  the   figure  is  65  percent.    
  12. 12. In  U.S  only,    mergers  and  acquisi<ons  volume  totaled   to  $865.1  billion  in  the  first  nine  months  of  2013,   according  to  Dealogic.    
  13. 13. What  drives  BYOID?    
  14. 14. SAML  2.0  /  OpenID  /  OAuth  2.0  /  OpenID  Connect    
  15. 15. SAML  1.0  à  Nov  2002  |  SAML  1.1  à  Sept  2003  |   SAML  2.0  à  2005  
  16. 16. OpenID  was  ini<ated  by  the  founder  of  LiveJournal,   Brad  Fitzpatrick.  
  17. 17. By  the  end  of  2009  –  there  were  more  than  one   billion  OpenID  accounts.  
  18. 18. OpenID  started  to  fade  due  to  OAuth  2.0     and  OpenID  Connect.  
  19. 19. OpenID  Connect  is  a  profile  built  on  top  OAuth  2.0.  
  20. 20. OAuth  is  not  about  authen<ca<on     –  but,  delegated  authoriza<on.    
  21. 21. The  standard  based  iden<ty  federa<on  is  the  entry   point  to  BYOID.  
  22. 22. Internet  Iden<ty  always  -­‐  has  an  unsolved  problem    
  23. 23. SAML  2.0  dominated  Iden<ty  Federa<on  in  last   decade  –  OpenID  Connect  and  JWT     possibly  lead  the  next.    
  24. 24. Any  iden<ty  management  system  to  qualify  to   support  BYOID  -­‐  should  simply  go  beyond  standard   support  for  Iden<ty  Federa<on  protocols.    
  25. 25. How  would  you  mediate,  transform  iden<ty  tokens   between  different  standards  or  protocols  ?    
  26. 26. WSO2  Iden<ty  Server  is  an  open  source  Iden<ty  and   En<tlement  management  server,  which  supports   SAML  2.0,  OpenID,  OAuth  2.0,  OpenID  Connect,   XACML  3.0,  SCIM,  WS-­‐Federa<on  (passive)  and  many   other  iden<ty  federa<on  palerns.  
  27. 27. Operators   Service  Providers  
  28. 28. Operators   Service  Providers   SAML  2.0   OpenID  Connect  /  SAML  2.0   OpenID  Connect  OpenID  Connect  
  29. 29. SAML  2.0   OpenID  Connect  /  SAML  2.0  
  30. 30. SAML  2.0   SAML  2.0   SAML  2.0   SAML  2.0  
  31. 31. Operators   Service  Providers  
  32. 32. 1   Scenario - 1 http://ebuy.federationdemo.com:9766/ebuy/
  33. 33. 2   OpenID  Connect   Request   Scenario - 1 1502808989  
  34. 34. 3   OpenID  Connect   Request   Scenario - 1
  35. 35. 4   <  creden?als  >   Scenario - 1 User  :  tom_imobile   Password:  tom_imobile  
  36. 36. 4   Scenario - 1
  37. 37. 5   OpenID  Connect   Response   Scenario - 1
  38. 38. 6   OpenID  Connect   Response   Scenario - 1
  39. 39. 7   Scenario - 1
  40. 40. 1   Scenario - 2 http://azone.federationdemo.com:9766/azone/ 9477808989  
  41. 41. 2   OpenID  Connect     Request   Scenario - 2
  42. 42. 3   SAML2.0  Request   Scenario - 2
  43. 43. 3   OAuth  2.0   Scenario - 2
  44. 44. 4   <  creden?als  >   Scenario - 2
  45. 45. 4   OAuth  2.0  response   Scenario - 2
  46. 46. 5   SAML2  Response   Scenario - 2
  47. 47. 6   OpenID  Connect   Response   Scenario - 2
  48. 48. 7   Scenario - 2
  49. 49. Thank  You..!!!  

×