Last Updated: July. 2014

Associate  Technical  Lead  Dulanja  Liyanage  

Borderless  Federated  Iden5ty  

2  

About  the  Presenter  

๏  Dulanja  is  an  Associate  Technical  Lead  at  WSO2  mainly  contribu5ng  towards  the  Iden5ty  Server  and  WSO2's  plaEorm  security.  Apart  from  that  he  has  also  par5cipated  in  several  onsite  customer  engagements  helping  them  to  realize  enterprise  use  cases.    

๏  Email:  dulanja@wso2.com  

3  

About  WSO2  ๏  Global  enterprise,  founded  in  2005  

by  acknowledged  leaders  in  XML,  web  services    technologies,  standards    and  open  source  

๏  Provides  only  open  source  plaEorm-­‐as-­‐a-­‐service  for  private,  public  and  hybrid  cloud  deployments  

๏  All  WSO2  products  are  100%  open  source  and  released  under  the  Apache  License  Version  2.0.  

๏  Is  an  Ac5ve  Member  of  OASIS,  Cloud  Security  Alliance,  OSGi  Alliance,  AMQP  Working  Group,  OpenID  Founda5on  and  W3C.  

๏  Driven  by  Innova5on  

๏  Launched  first  open  source  API  Management  solu5on  in  2012  

๏  Launched  App  Factory  in  2Q  2013  

๏  Launched  Enterprise  Store  and  first  open  source  Mobile  solu5on  in  4Q  2013  

4  

What  WSO2  delivers  

A look into the past...

•  Highly guarded oraganization borders

•  User registration and profile creation a MUST

5  

Welcome to the Present: Connected Businesses

•  Megers, acquisitions and partnerships

The analyst firm Quocirca confirms that in Europe 58 percent transact directly with users from other businesses and/or consumers; for the UK alone the figure is 65 percent.

6  

No more enterprises boundaries!

7  

The Problem? Accepting the UNKNOWN

8  

Evolution of Identity Federation...

9  

Different Userstores

User’s identity is...

•  maintained at one domain

•  but accessed in different domains

10  

Different Protocols

•  SAML

•  OpenID

•  OAuth/OpenID Connect

• WS-Federation

•  Custom 11  

SAML

•  SAML 1.0 (2002), SAML 2.0 (2005)

•  Single Sign On / Single Logout

• Widely used *aaS providers [Google Apps, Salesforce]

12  

   

OpenID

•  Decentralized Single Sign On

•  Single user profile

• Widely used for community & collaboration aspects

•  OpenID is dying

13  

14  

OAuth/OpenID Connect

•  OAuth for Identity Delegation

•  OpenID Connect based on OAuth for authentication

•  Securing RESTful services

15  

16  

17  

Different User preferences

•  Social login

Gartner predicts, by the end of 2015, 50% of all new retail customer identities will be based on social network identities.

18  

The Solution?

•  An Enterprise Identity Bus

•  Capable of connecting various IdPs and do token transformations from various protocols.

19  

Chained Collaborative Federation

•  Single sign-on across multiple web applications supporting heterogenous standards/protocols

•  Collaborative identity federation between multiple heterogenous identity providers

•  Home realm discovery

20  

WSO2 Identity Server is an open source Identity and Entitlement management server, which supports SAML 2.0, OpenID, OAuth 2.0, OpenID Connect, XACML 3.0, SCIM, WS-Federation (passive) and many other identity federation patterns.

21  

WSO2 Identity Server 5.0 Architecture

22  

23  

Demo

24  

25  

Business  Model  

Contact  us  !