Kantara: From IRM to Context. The World of Access Keeps Expanding App sourcing and hosting User populations App access channels SasS apps Apps in public.

Slides:

Advertisements

Similar presentations

Distributed Data Processing

Advertisements

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

The FI-WARE Project – Base Platform for Future Service Infrastructures OCTOBER 2011 Presentation at proposers day.

WSO2 Identity Server Road Map

Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.

Active Directory: Final Solution to Enterprise System Integration

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

David Besemer, CTO On Demand Data Integration with Data Virtualization.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

DESIGN OF A PLATFORM OF VIRTUAL SERVICE CONTAINERS FOR SERVICE ORIENTED CLOUD COMPUTING Carlos de Alfonso Andrés García Vicente Hernández.

Effectively Explaining the Cloud to Your Colleagues.

©2013 Microsoft Corporation. SharePoint Innovations LLC. All rights reserved. M ODULE 13 – S HARE P OINT 2010 O VERVIEW OF S HARE P OINT 2013.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Integrated Financial Applications using Intuit’s PaaS Solution George Chiramattel, Intuit.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

Building Tomorrow’s Corporate Portal David C. Hastings Director, Solutions Management

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

4 - 1 Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved. Computer Software Chapter 4.

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

Windows Role-Based Access Control Longhorn Update

VMob Mobile Marketing Platform Delivers Highly Targeted Marketing Directly into Shoppers’ Existing Smartphone Apps from the Microsoft Azure Cloud MICROSOFT.

Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.

Registries, ebXML and Web Services in short. Registry A mechanism for allowing users to announce, or discover, the availability and state of a resource:

ON YOUR TERMS Business needs * Enhanced by upcoming Azure IAAS features GoodBetterBest * * GoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBestGoodBetterBest.

Are cybersecurity threats keeping you up at night? Your people go everywhere with devices, do the apps and data they need go with them? Can you adopt.

Identity Management and Enterprise Single Sign-On (ESSO)

 Mike Martin  Architect  MEET Member  Crew Member of Azug  Windows Azure Insider  Windows Azure MVP  

With xTV, Quickly Build Your Enterprise.TV Network, a Single-Destination, Real-Time Stream of Information to Inform Customers, Employees, Partners & Investors.

Momentum. Strategy & Roadmapping Business Analysis Information Architecture Usability / User Experience Rich Media Social Media (Web 2.0) Interface Design.

WHAT WE OFFER Go-To-Market Services Microsoft Azure Brings to Life Citizen Assistance, the Tech Solution That Improves Communication Between the People.

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Transform the datacenter brought to you by [insert partner name] Speaker name 00/00/0000 Insert your Logo here.

#SummitNow Using Alfresco and Cloud Apps in Harmony 5 th November 2013 Santiago Rodríguez Antonio D. Pérez.

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD

Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.

DreamFactory for Microsoft Azure Is an Open Source REST API Platform That Enables Mobilization of Data in Minutes across Frameworks and Storage Methods.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Web SSO with Cloud Resources using AD Federation Services

Energy Management Solution

Mobile Application Solution

Access Policy - Federation March 23, 2016

Azure Active Directory - Business 2 Consumer

SaaS Application Deep Dive

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Power BI Security Best Practices

Mobile Application Solution

Energy Management Solution

ESA Single Sign On (SSO) and Federated Identity Management

Built on the Powerful Microsoft Azure Platform, iSwarm Helps Businesses Analyze Social Media Conversations, then Connect with Individuals MICROSOFT AZURE.

Matthew Levy Azure AD B2B vs B2C Matthew Levy

Technical Capabilities

Remedy Integration Strategy Leverage the power of the industry’s leading service management solution via open APIs February 2018.

Presentation transcript:

Kantara: From IRM to Context

The World of Access Keeps Expanding App sourcing and hosting User populations App access channels SasS apps Apps in public clouds Partner apps Apps in private clouds On-premise enterprise apps Enterprise computers Enterprise-issued devices Public computers Personal devices Employees Contractors Customers Partners Members

The solution is Federation, Implementation is the challenge Federation Cloud Apps Federation requires A common Identity Provider (Idp) Internal Authentication and SSO ? Authorization Enterprise Identity Data Sources ??? Implementation Federated Access (SAML/Open-Id Connect) Federated Identity?

A Federated Identity Hub Manages Authentication and Attributes to Support the IdP AD Forest/Domain A AD Forest/Domain B Databases Internal Enterprise Apps Directories Federation Cloud Apps Identity Sources FID as reference authentication store IdP (SAML/Open-Id Connect)

FID for SP/RP & Cloud Apps Groups, Attributes & Profiles for Authorization AD Forest/Domain A AD Forest/Domain B Databases Internal Enterprise Apps Directories Federation Cloud Apps Identity Sources FID as attributes store RP,SP (SAML (Groups/XACML), Oauth2) IDP (SAML (Groups/XACML), Oauth2)

Federated Identity Service and Provisioning Legacy Applications (and respective stores) AD Sun LDAP Cloud Apps LDAP/ SQL/ SPML FID as reference store SPML SCIM Internal Systems External Systems

Roadmap: The Role of Identity and Context Virtualization in the Technology Food Chain

Besides consolidation what are the use cases? LDAP and Beyond

Improved writing speed changes everything SiteMinder And WAM

Identity is essential to security because people are at the center of activities. As such, identity is a key integration point for application. But do we really still need a hierarchical system for storage? Is the whole world already running on SQL (Relational model) Is the whole world heading toward NoSQL? Relational Path Graph Directed Graph Identity is key to security and acts as an integration point

But joins and distributed joins are expensive: HDAP as a profile cache Faster Slower Faster Write Update Query Search Navigation/Traversal Relational Graph/Hierarchy

Architecture Profile Integration Engine Profile Delivery Engine Consumer App Reads SOAP REST LDAP SQL Consumers Writes LDAP SQL SOAP REST Integration Business Rules Delivery Business Rules Commit Context Deliver Context Context Model Integration through a Canonical Model App pulls changes on demand PDE sends change notices near time PDE syncs changes in near time PDE pushes changes nightly Source pushes changes in near time PIE pulls in changes daily PIE pulls in changes near time Data Sources

Relationships: Provisioning CustomerAccount match based on HeadendID + House + CustomerID Serviceability Address match based on Address1, Address2, City, State, Zip, and Zip4 Representative Service Provider Back Office Data Model

How to extract relationships and contexts out of silos for building user profiles

Joins are essential enablers for linking identity to attributes and context

LDAP is a good protocol, but it is not web based. The closest thing to a web service for LDAP is provided by DSML, which is XML based, and outdated. The new trend is to deliver information via a REST interface. The usage of HDAP can be very broad. One crucial capability of LDAP is the ability to navigate and discover context about any given subject or identity. Navigating a directory is a form of graph and contextual discovery that allows you to have progressive disclosure of information. This is key in security, and elsewhere, but LDAP doesn't support the web service interface for delivering that information. Putting all this capability that exists in LDAP (progressive disclosure) into a REST interface, opens LDAP to the web. To put ADAP on top of any LDAP. ADAP: a REST interface to LDAP/HDAP

New Use Case: Contextual Search

Company Confidential Webster’s Definition of “Context” Latin Contextus: a joining together, origin pp of contexere “to weave together.” 1. The parts of a sentence, paragraph, discourse immediately next to or surrounding a specified word or passage and determining its exact meaning [to quote a remark out of context] (Language Representation) 2. The whole situation, background, or environment relevant to a particular event, personality, creation, etc…(Perception)

Company Confidential Trees as a Representation of Sentences

Company Confidential Trees as a Way to Represent Sentences and Context

Searching for HDAP on Google