Presentation is loading. Please wait.

Presentation is loading. Please wait.

Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2.

Published byDylan Miller Modified over 7 years ago

Similar presentations

Presentation on theme: "Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2."— Presentation transcript:

1 Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2

2 In U.S only, mergers and acquisitions volume totaled to $865.1 billion in the first nine months of 2013, according to Dealogic

3 In Europe 58 percent transact directly with users from other businesses and/or consumers

4 In UK 65 percent transact directly with users from other businesses and/or consumers

5 Gartner predicts, by 2020, 60% of all digital identities interacting with enterprises will come from external IdPs

6

7 Federation Ant-patterns Identity Silos

8 Federation Ant-patterns Spaghetti Identity

9 Identity Broker Pattern Fundamental #1: Federation protocol agnostic : Should not couple into a specific federation protocol like SAML, OpenID Connect. Ability to connect multiple identity providers over heterogeneous identity federation protocols. Should have ability transform ID tokens between heterogeneous federation protocols. Fifteen Fundamentals

10 Identity Broker Pattern Fifteen Fundamentals

11 Identity Broker Pattern Fundamental #2: Transport protocol agnostic : Should not couple into a specific transport protocol – HTTP, MQTT Fifteen Fundamentals

12 Identity Broker Pattern Fifteen Fundamentals

13 Identity Broker Pattern Fundamental #3: Authentication protocol agnostic: Should not couple into a specific authentication protocol, username/password, FIDO, OTP. Pluggable authenticators. Fifteen Fundamentals

14 Identity Broker Pattern Fifteen Fundamentals

15 Identity Broker Pattern Fundamental #4: Claim Transformation: Should have the ability to transform identity provider specific claims into service provider specific claims. Simple claim transformations and complex transformations. Fifteen Fundamentals

16 Identity Broker Pattern Fifteen Fundamentals

17 Identity Broker Pattern Fundamental #5: Home Realm Discovery: Should have the ability to find the home identity provider corresponding to the incoming federation request looking at certain attributes in the request. Filter based routing. Fifteen Fundamentals

18 Identity Broker Pattern Fifteen Fundamentals

19 Identity Broker Pattern Fundamental #6: Multi-option Authentication: Should have the ability present multiple login options to the user, by service provider. Fifteen Fundamentals

20 Identity Broker Pattern Fifteen Fundamentals

21 Identity Broker Pattern Fundamental #7: Multi-step Authentication: Should have the ability present multiple step authentication (MFA) to the user, by service provider. Fifteen Fundamentals

22 Identity Broker Pattern Fifteen Fundamentals

23 Identity Broker Pattern Fundamental #8: Adaptive Authentication: Should have the ability change the authentication options based on the context. Fifteen Fundamentals

24 Identity Broker Pattern Fifteen Fundamentals

25 Identity Broker Pattern Fundamental #9: Identity Mapping: Should have the ability map identities between different identity providers. User should be able to maintain multiple identities with multiple identity providers. Fifteen Fundamentals

26 Identity Broker Pattern Fifteen Fundamentals

27 Identity Broker Pattern Fundamental #10: Multiple Attribute Stores: Should have the ability connect to multiple attribute stores and build an aggregated view of the end user identity. Fifteen Fundamentals

28 Identity Broker Pattern Fifteen Fundamentals

29 Identity Broker Pattern Fundamental #11: Just-in-time Provisioning: Should have the ability to provision users to connected user stores in a protocol agnostic manner. Fifteen Fundamentals

30 Identity Broker Pattern Fifteen Fundamentals

31 Identity Broker Pattern Fundamental #12: Manage Identity Relationships: Should have the ability to manage identity relationships between different entities and take authentication and authorization decisions based on that. Fifteen Fundamentals

32 Identity Broker Pattern Fifteen Fundamentals

33 Identity Broker Pattern Fundamental #13: Trust Brokering: Each service provider should identify which identity providers it trusts. Fifteen Fundamentals

34 Identity Broker Pattern Fifteen Fundamentals

35 Identity Broker Pattern Fundamental #14: Centralized Access Control: Who gets access to which user attribute? Which resources the user can access at the service provider? Fifteen Fundamentals

36 Identity Broker Pattern Fifteen Fundamentals

37 Identity Broker Pattern Fundamental #15: Centralized Monitoring: Should have the ability monitor and generate statistics on each identity transaction flows through the broker. Fifteen Fundamentals

38 Identity Broker Pattern Fifteen Fundamentals

39 Identity Mediation Language http://blog.facilelogin.com/2015/05/identity-mediation-language-iml.html

40 Seven Fundamental of Future IAM By Martin Kuppinger Fundamental #1: More than humans - It’s also about Identities of things, devices, services, and apps

41 Fundamental #2: Multiple Identity Providers - We will not manage all identities internally anymore and trust will vary Seven Fundamental of Future IAM By Martin Kuppinger

42 Fundamental #3: Multiple Attribute Providers - There will no longer be a single source of truth and information on identities anymore Seven Fundamental of Future IAM By Martin Kuppinger

43 Fundamental #4: Multiple Identities - Many users will use different identities (or personas) and flexibly switch between these Seven Fundamental of Future IAM By Martin Kuppinger

44 Fundamental #5: Multiple Authenticators - There is no single authenticator that works for all Seven Fundamental of Future IAM By Martin Kuppinger

45 Fundamental #6: Identity Relationships - We must map humans to things, devices, and apps Seven Fundamental of Future IAM By Martin Kuppinger

46 Fundamental #7: Context - Identity and Access Risk varies in context Seven Fundamental of Future IAM By Martin Kuppinger

47 Thank You

Download ppt "Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
SAML CCOW Work Item: Task 2

SAML CCOW Work Item: Task 2
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Defining a Pragmatic and Practical SOA Focused Enterprise Architecture

Defining a Pragmatic and Practical SOA Focused Enterprise Architecture
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
Securing Insecure Prabath Siriwardena, WSO2 Twitter

Securing Insecure Prabath Siriwardena, WSO2 Twitter
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,

Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,
Innovative Foundation For an Open Source API Management Platform Asanka

Innovative Foundation For an Open Source API Management Platform Asanka
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Similar presentations

Ads by Google