Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kantara: From IRM to Context. The World of Access Keeps Expanding App sourcing and hosting User populations App access channels SasS apps Apps in public.

Published byAdele Gallagher Modified over 9 years ago

Similar presentations

Presentation on theme: "Kantara: From IRM to Context. The World of Access Keeps Expanding App sourcing and hosting User populations App access channels SasS apps Apps in public."— Presentation transcript:

1 Kantara: From IRM to Context

2 The World of Access Keeps Expanding App sourcing and hosting User populations App access channels SasS apps Apps in public clouds Partner apps Apps in private clouds On-premise enterprise apps Enterprise computers Enterprise-issued devices Public computers Personal devices Employees Contractors Customers Partners Members

3 The solution is Federation, Implementation is the challenge Federation Cloud Apps Federation requires A common Identity Provider (Idp) Internal Authentication and SSO ? Authorization Enterprise Identity Data Sources ??? Implementation Federated Access (SAML/Open-Id Connect) Federated Identity?

4 A Federated Identity Hub Manages Authentication and Attributes to Support the IdP AD Forest/Domain A AD Forest/Domain B Databases Internal Enterprise Apps Directories Federation Cloud Apps Identity Sources FID as reference authentication store IdP (SAML/Open-Id Connect)

5 FID for SP/RP & Cloud Apps Groups, Attributes & Profiles for Authorization AD Forest/Domain A AD Forest/Domain B Databases Internal Enterprise Apps Directories Federation Cloud Apps Identity Sources FID as attributes store RP,SP (SAML (Groups/XACML), Oauth2) IDP (SAML (Groups/XACML), Oauth2)

6 Federated Identity Service and Provisioning Legacy Applications (and respective stores) AD Sun LDAP Cloud Apps LDAP/ SQL/ SPML FID as reference store SPML SCIM Internal Systems External Systems

7 Roadmap: The Role of Identity and Context Virtualization in the Technology Food Chain

8 Besides consolidation what are the use cases? LDAP and Beyond

9 Improved writing speed changes everything SiteMinder And WAM

10 Identity is essential to security because people are at the center of activities. As such, identity is a key integration point for application. But do we really still need a hierarchical system for storage? Is the whole world already running on SQL (Relational model) Is the whole world heading toward NoSQL? Relational Path Graph Directed Graph Identity is key to security and acts as an integration point

11 But joins and distributed joins are expensive: HDAP as a profile cache Faster Slower Faster Write Update Query Search Navigation/Traversal Relational Graph/Hierarchy

12 Architecture Profile Integration Engine Profile Delivery Engine Consumer App Reads SOAP REST LDAP SQL Consumers Writes LDAP SQL SOAP REST Integration Business Rules Delivery Business Rules Commit Context Deliver Context Context Model Integration through a Canonical Model App pulls changes on demand PDE sends change notices near time PDE syncs changes in near time PDE pushes changes nightly Source pushes changes in near time PIE pulls in changes daily PIE pulls in changes near time Data Sources

13 Relationships: Provisioning CustomerAccount match based on HeadendID + House + CustomerID Serviceability Address match based on Address1, Address2, City, State, Zip, and Zip4 Representative Service Provider Back Office Data Model

14 How to extract relationships and contexts out of silos for building user profiles

15 Joins are essential enablers for linking identity to attributes and context

16 LDAP is a good protocol, but it is not web based. The closest thing to a web service for LDAP is provided by DSML, which is XML based, and outdated. The new trend is to deliver information via a REST interface. The usage of HDAP can be very broad. One crucial capability of LDAP is the ability to navigate and discover context about any given subject or identity. Navigating a directory is a form of graph and contextual discovery that allows you to have progressive disclosure of information. This is key in security, and elsewhere, but LDAP doesn't support the web service interface for delivering that information. Putting all this capability that exists in LDAP (progressive disclosure) into a REST interface, opens LDAP to the web. To put ADAP on top of any LDAP. ADAP: a REST interface to LDAP/HDAP

17 New Use Case: Contextual Search

18 Company Confidential Webster’s Definition of “Context” Latin Contextus: a joining together, origin pp of contexere “to weave together.” 1. The parts of a sentence, paragraph, discourse immediately next to or surrounding a specified word or passage and determining its exact meaning [to quote a remark out of context] (Language Representation) 2. The whole situation, background, or environment relevant to a particular event, personality, creation, etc…(Perception)

19 Company Confidential Trees as a Representation of Sentences

20 Company Confidential Trees as a Way to Represent Sentences and Context

21 Searching for HDAP on Google

Download ppt "Kantara: From IRM to Context. The World of Access Keeps Expanding App sourcing and hosting User populations App access channels SasS apps Apps in public."

Similar presentations

Distributed Data Processing

Distributed Data Processing
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.
The FI-WARE Project – Base Platform for Future Service Infrastructures OCTOBER 2011 Presentation at proposers day.

The FI-WARE Project – Base Platform for Future Service Infrastructures OCTOBER 2011 Presentation at proposers day.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.

Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies

UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Confidential FullArmor Corp. 2015 Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.

Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.

Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
David Besemer, CTO On Demand Data Integration with Data Virtualization.

David Besemer, CTO On Demand Data Integration with Data Virtualization.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

Similar presentations

Ads by Google