Download presentation
Presentation is loading. Please wait.
Published byDylan Miller Modified over 8 years ago
1
Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2
2
In U.S only, mergers and acquisitions volume totaled to $865.1 billion in the first nine months of 2013, according to Dealogic
3
In Europe 58 percent transact directly with users from other businesses and/or consumers
4
In UK 65 percent transact directly with users from other businesses and/or consumers
5
Gartner predicts, by 2020, 60% of all digital identities interacting with enterprises will come from external IdPs
7
Federation Ant-patterns Identity Silos
8
Federation Ant-patterns Spaghetti Identity
9
Identity Broker Pattern Fundamental #1: Federation protocol agnostic : Should not couple into a specific federation protocol like SAML, OpenID Connect. Ability to connect multiple identity providers over heterogeneous identity federation protocols. Should have ability transform ID tokens between heterogeneous federation protocols. Fifteen Fundamentals
10
Identity Broker Pattern Fifteen Fundamentals
11
Identity Broker Pattern Fundamental #2: Transport protocol agnostic : Should not couple into a specific transport protocol – HTTP, MQTT Fifteen Fundamentals
12
Identity Broker Pattern Fifteen Fundamentals
13
Identity Broker Pattern Fundamental #3: Authentication protocol agnostic: Should not couple into a specific authentication protocol, username/password, FIDO, OTP. Pluggable authenticators. Fifteen Fundamentals
14
Identity Broker Pattern Fifteen Fundamentals
15
Identity Broker Pattern Fundamental #4: Claim Transformation: Should have the ability to transform identity provider specific claims into service provider specific claims. Simple claim transformations and complex transformations. Fifteen Fundamentals
16
Identity Broker Pattern Fifteen Fundamentals
17
Identity Broker Pattern Fundamental #5: Home Realm Discovery: Should have the ability to find the home identity provider corresponding to the incoming federation request looking at certain attributes in the request. Filter based routing. Fifteen Fundamentals
18
Identity Broker Pattern Fifteen Fundamentals
19
Identity Broker Pattern Fundamental #6: Multi-option Authentication: Should have the ability present multiple login options to the user, by service provider. Fifteen Fundamentals
20
Identity Broker Pattern Fifteen Fundamentals
21
Identity Broker Pattern Fundamental #7: Multi-step Authentication: Should have the ability present multiple step authentication (MFA) to the user, by service provider. Fifteen Fundamentals
22
Identity Broker Pattern Fifteen Fundamentals
23
Identity Broker Pattern Fundamental #8: Adaptive Authentication: Should have the ability change the authentication options based on the context. Fifteen Fundamentals
24
Identity Broker Pattern Fifteen Fundamentals
25
Identity Broker Pattern Fundamental #9: Identity Mapping: Should have the ability map identities between different identity providers. User should be able to maintain multiple identities with multiple identity providers. Fifteen Fundamentals
26
Identity Broker Pattern Fifteen Fundamentals
27
Identity Broker Pattern Fundamental #10: Multiple Attribute Stores: Should have the ability connect to multiple attribute stores and build an aggregated view of the end user identity. Fifteen Fundamentals
28
Identity Broker Pattern Fifteen Fundamentals
29
Identity Broker Pattern Fundamental #11: Just-in-time Provisioning: Should have the ability to provision users to connected user stores in a protocol agnostic manner. Fifteen Fundamentals
30
Identity Broker Pattern Fifteen Fundamentals
31
Identity Broker Pattern Fundamental #12: Manage Identity Relationships: Should have the ability to manage identity relationships between different entities and take authentication and authorization decisions based on that. Fifteen Fundamentals
32
Identity Broker Pattern Fifteen Fundamentals
33
Identity Broker Pattern Fundamental #13: Trust Brokering: Each service provider should identify which identity providers it trusts. Fifteen Fundamentals
34
Identity Broker Pattern Fifteen Fundamentals
35
Identity Broker Pattern Fundamental #14: Centralized Access Control: Who gets access to which user attribute? Which resources the user can access at the service provider? Fifteen Fundamentals
36
Identity Broker Pattern Fifteen Fundamentals
37
Identity Broker Pattern Fundamental #15: Centralized Monitoring: Should have the ability monitor and generate statistics on each identity transaction flows through the broker. Fifteen Fundamentals
38
Identity Broker Pattern Fifteen Fundamentals
39
Identity Mediation Language http://blog.facilelogin.com/2015/05/identity-mediation-language-iml.html
40
Seven Fundamental of Future IAM By Martin Kuppinger Fundamental #1: More than humans - It’s also about Identities of things, devices, services, and apps
41
Fundamental #2: Multiple Identity Providers - We will not manage all identities internally anymore and trust will vary Seven Fundamental of Future IAM By Martin Kuppinger
42
Fundamental #3: Multiple Attribute Providers - There will no longer be a single source of truth and information on identities anymore Seven Fundamental of Future IAM By Martin Kuppinger
43
Fundamental #4: Multiple Identities - Many users will use different identities (or personas) and flexibly switch between these Seven Fundamental of Future IAM By Martin Kuppinger
44
Fundamental #5: Multiple Authenticators - There is no single authenticator that works for all Seven Fundamental of Future IAM By Martin Kuppinger
45
Fundamental #6: Identity Relationships - We must map humans to things, devices, and apps Seven Fundamental of Future IAM By Martin Kuppinger
46
Fundamental #7: Context - Identity and Access Risk varies in context Seven Fundamental of Future IAM By Martin Kuppinger
47
Thank You
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.