Post on 11-May-2015
description
Open Identity Stack Roadmap
John Barco, Ludo Poitou, Johnny Cope, Victor Ake
Product Management
2
OpenAM …
Making Secure Connections
3
OpenAM: What does it do? Access Management
Protects an organization by providing the right people with the right access at the right time
Federation Allows identity and
entitlements to be portable across autonomous domains
4
OpenAM 11.0 Highlights■ New Session Fail-Over with optimized architecture
■ OpenID Connect for developer friendly Federation
■ Developer friendly REST APIs enhancements
■ Access Management for Mobile
■ Adaptive Authentication Device Fingerprinting
■ Updated agents v3.3; New Varnish policy agent
■ IPv6 Support
■ Java 7 Support
5
Scaling for the Modern Web
10KUsers
100MUsers
5KConcurrent sessions
5MConcurrent sessions
50AuthN/Sec
2,500AuthN/Sec
6
Scalability & High Availability
7
New Session Fail-Over■ Next generation design
– Removed the need of additional components (Message queue and Berkely DB)
■ Based on OpenDJ performance and replication capabilities
■ Built for simplicity, scale and replication
■ Easy to configure and set up
8
OpenID Connect
= Identity, Authentication +
OAuth• REST-based, friendly and secure
federation, built on top of OAuth 2.0• Ideal for Mobile and lightweight devices • Full implementation in OpenAM 11.0 (all flows
including session mgmt)
9
REST Enhancements■ Authentication REST API got better
■ Not only user & password
■ Any authentication module (x.509, Multi-factor, etc)
■ Password Reset REST API
■ Customers can build their own user interface
■ REST APIs part of the OpenAM standard offering
10
OpenAM Mobile
Web App
Native App
Native App
Web App
LoginApp
RE
ST
/OA
uth2
/Ope
nID
Con
nect
■ Securely enable access to on-prem or SaaS applications from any device
■ Platform independent support for Android, iOS, and other mobile using REST APIs
■ OpenAM provides OATH and HOTP
for strong AuthN
■ Risk-based authentication to enhance security
11
Adaptive AuthenticationDevice Fingerprinting
■ Adaptive Authentication can be added when authenticating using a mobile, or desktop
■ New Device Fingerprinting feature adds additional risk assessment to validate if the device is trusted
12
Summary
Simple- Single package solution, easy to install and POC
Breadth- Most features and standards support in a single product
Flexible / Extensible- Open standard, APIs enable complete customization
Scale- Built for managing millions of user identities
OpenIDM Overview
14
OpenIDM …
Building Relationships
15
OpenIDM: What does it do? Manage Identities
Centrally manage account lifecycle, audit & report entitlements and enable self service cost savings
Embedded RESTful interface easily
integrates into modern application stacks to manage identities
16
OpenIDM 3.0 Highlights■ Roles
■ Common User Interface
■ Reference implementation for Reporting
■ Continued support of OpenICF– Google Apps, Workday, Powershell & Scripted REST– Contribution of Advanced Connectors (RACF, SAP & TAM)
■ Multi-Tenant deployment model
■ IAG coverage with BrainWave partnership
■ Emerging opportunities in BaaS & Cloud Brokers
17
Summary
Simple- Single package solution, easy to install and prove
Open- The only supported open source provisioning solution in the market
Modular & Extensible- Standards-based, embeddable featuring REST interfaces
Scale- Built for managing millions of user identities
Bridge SPE Overview
19
Bridge SPE Overview■ On-premise appliance to…
– Synchronize identities into SaaS providers– Provide SSO / IWA– …that’s super easy to setup
■ v1 uni-directional AD-to-Salesforce
■ Bi-directional support and multi-source/target
■ OEM business model
20
Bridge SPE: How does it work?■ Lightweight install
– .zip file
■ Configure source & target– Source properties & target OAuth
■ Synchronize users– Attribute Mapping
■ SSO with Kerberos / IWA
OpenDJ Overview
22
23
High Level Strategy■ Providing the Identity repository for the hybrid cloud-
enterprise.
■ Made easy for the Administrators and the developers
■ Customers want a reliable, highly available directory service that scales vertically and horizontally anywhere.
24
Ubiquitous Directories
Amazon EC2
Company IDP
Headquarter
London San Francisco
Service cloud
25
REST to LDAP
■ Provides a new way to access the directory data
■ One familiar to most developers :– HTTP / REST / JSON
■ SCIM like (and soon compliant)
■ Available embedded in OpenDJ or web application
26
Scaling for the Cloud■ Horizontal and elastic
scalability
■ Complete support for multi-tenants
27
What you need to know■ OpenDJ 2.6.0 released end of June 2013
■ OpenDJ 3.0 will come mid 2014, with Proxy services
■ REST to LDAP is a game changer.– Try it now and give us feedback.
28
Summary
Developer Friendly- LDAP, REST/JSON, WEB Services
100% Pure Java- Runs Anywhere, Embeddable
Very High Performance- For both READS and WRITES
Highly Scalable and Available- Scale to 100M+ users, Multi-Master Replication for HA / Geo Avail.
Thanks!