Presentation is loading. Please wait.

Presentation is loading. Please wait.

Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2.

Similar presentations


Presentation on theme: "Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2."— Presentation transcript:

1 Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2

2 In U.S only, mergers and acquisitions volume totaled to $865.1 billion in the first nine months of 2013, according to Dealogic

3 In Europe 58 percent transact directly with users from other businesses and/or consumers

4 In UK 65 percent transact directly with users from other businesses and/or consumers

5 Gartner predicts, by 2020, 60% of all digital identities interacting with enterprises will come from external IdPs

6

7 Federation Ant-patterns Identity Silos

8 Federation Ant-patterns Spaghetti Identity

9 Identity Broker Pattern Fundamental #1: Federation protocol agnostic : Should not couple into a specific federation protocol like SAML, OpenID Connect. Ability to connect multiple identity providers over heterogeneous identity federation protocols. Should have ability transform ID tokens between heterogeneous federation protocols. Fifteen Fundamentals

10 Identity Broker Pattern Fifteen Fundamentals

11 Identity Broker Pattern Fundamental #2: Transport protocol agnostic : Should not couple into a specific transport protocol – HTTP, MQTT Fifteen Fundamentals

12 Identity Broker Pattern Fifteen Fundamentals

13 Identity Broker Pattern Fundamental #3: Authentication protocol agnostic: Should not couple into a specific authentication protocol, username/password, FIDO, OTP. Pluggable authenticators. Fifteen Fundamentals

14 Identity Broker Pattern Fifteen Fundamentals

15 Identity Broker Pattern Fundamental #4: Claim Transformation: Should have the ability to transform identity provider specific claims into service provider specific claims. Simple claim transformations and complex transformations. Fifteen Fundamentals

16 Identity Broker Pattern Fifteen Fundamentals

17 Identity Broker Pattern Fundamental #5: Home Realm Discovery: Should have the ability to find the home identity provider corresponding to the incoming federation request looking at certain attributes in the request. Filter based routing. Fifteen Fundamentals

18 Identity Broker Pattern Fifteen Fundamentals

19 Identity Broker Pattern Fundamental #6: Multi-option Authentication: Should have the ability present multiple login options to the user, by service provider. Fifteen Fundamentals

20 Identity Broker Pattern Fifteen Fundamentals

21 Identity Broker Pattern Fundamental #7: Multi-step Authentication: Should have the ability present multiple step authentication (MFA) to the user, by service provider. Fifteen Fundamentals

22 Identity Broker Pattern Fifteen Fundamentals

23 Identity Broker Pattern Fundamental #8: Adaptive Authentication: Should have the ability change the authentication options based on the context. Fifteen Fundamentals

24 Identity Broker Pattern Fifteen Fundamentals

25 Identity Broker Pattern Fundamental #9: Identity Mapping: Should have the ability map identities between different identity providers. User should be able to maintain multiple identities with multiple identity providers. Fifteen Fundamentals

26 Identity Broker Pattern Fifteen Fundamentals

27 Identity Broker Pattern Fundamental #10: Multiple Attribute Stores: Should have the ability connect to multiple attribute stores and build an aggregated view of the end user identity. Fifteen Fundamentals

28 Identity Broker Pattern Fifteen Fundamentals

29 Identity Broker Pattern Fundamental #11: Just-in-time Provisioning: Should have the ability to provision users to connected user stores in a protocol agnostic manner. Fifteen Fundamentals

30 Identity Broker Pattern Fifteen Fundamentals

31 Identity Broker Pattern Fundamental #12: Manage Identity Relationships: Should have the ability to manage identity relationships between different entities and take authentication and authorization decisions based on that. Fifteen Fundamentals

32 Identity Broker Pattern Fifteen Fundamentals

33 Identity Broker Pattern Fundamental #13: Trust Brokering: Each service provider should identify which identity providers it trusts. Fifteen Fundamentals

34 Identity Broker Pattern Fifteen Fundamentals

35 Identity Broker Pattern Fundamental #14: Centralized Access Control: Who gets access to which user attribute? Which resources the user can access at the service provider? Fifteen Fundamentals

36 Identity Broker Pattern Fifteen Fundamentals

37 Identity Broker Pattern Fundamental #15: Centralized Monitoring: Should have the ability monitor and generate statistics on each identity transaction flows through the broker. Fifteen Fundamentals

38 Identity Broker Pattern Fifteen Fundamentals

39 Identity Mediation Language http://blog.facilelogin.com/2015/05/identity-mediation-language-iml.html

40 Seven Fundamental of Future IAM By Martin Kuppinger Fundamental #1: More than humans - It’s also about Identities of things, devices, services, and apps

41 Fundamental #2: Multiple Identity Providers - We will not manage all identities internally anymore and trust will vary Seven Fundamental of Future IAM By Martin Kuppinger

42 Fundamental #3: Multiple Attribute Providers - There will no longer be a single source of truth and information on identities anymore Seven Fundamental of Future IAM By Martin Kuppinger

43 Fundamental #4: Multiple Identities - Many users will use different identities (or personas) and flexibly switch between these Seven Fundamental of Future IAM By Martin Kuppinger

44 Fundamental #5: Multiple Authenticators - There is no single authenticator that works for all Seven Fundamental of Future IAM By Martin Kuppinger

45 Fundamental #6: Identity Relationships - We must map humans to things, devices, and apps Seven Fundamental of Future IAM By Martin Kuppinger

46 Fundamental #7: Context - Identity and Access Risk varies in context Seven Fundamental of Future IAM By Martin Kuppinger

47 Thank You


Download ppt "Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2."

Similar presentations


Ads by Google