Embed Size (px)
Transcript of Borderless Federated-Identity
- 1. Last Updated: July. 2014 AssociateTechnicalLead DulanjaLiyanage BorderlessFederated Iden5ty
2. 2 AboutthePresenter DulanjaisanAssociate TechnicalLeadatWSO2 mainlycontribu5ngtowards theIden5tyServerand WSO2'splaEormsecurity. Apartfromthathehasalso par5cipatedinseveralonsite customerengagements helpingthemtorealize enterpriseusecases. Email:[email protected] 3. 3 AboutWSO2 Globalenterprise,foundedin2005 byacknowledgedleadersinXML, webservicestechnologies, standardsandopensource Providesonlyopensource plaEorm-as-a-serviceforprivate, publicandhybridcloud deployments AllWSO2productsare100%open sourceandreleasedunderthe ApacheLicenseVersion2.0. IsanAc5veMemberofOASIS, CloudSecurityAlliance,OSGi Alliance,AMQPWorkingGroup, OpenIDFounda5onandW3C. DrivenbyInnova5on LaunchedrstopensourceAPI Managementsolu5onin2012 LaunchedAppFactoryin2Q2013 LaunchedEnterpriseStoreand rstopensourceMobilesolu5on in4Q2013 4. 4 WhatWSO2delivers 5. A look into the past... Highly guarded oraganization borders User registration and prole creation a MUST5 6. Welcome to the Present: Connected Businesses Megers, acquisitions and partnershipsThe analyst rm Quocirca conrms that in Europe 58 percent transact directly with users from other businesses and/or consumers; for the UK alone the gure is 65 percent.6 7. No more enterprises boundaries!7 8. The Problem? Accepting the UNKNOWN8 9. Evolution of Identity Federation...9 10. Different UserstoresUser s identity is... maintained at one domain but accessed in different domains10 11. Different Protocols SAML OpenID OAuth/OpenID Connect WS-Federation Custom11 12. SAML SAML 1.0 (2002), SAML 2.0 (2005) Single Sign On / Single Logout Widely used *aaS providers [Google Apps, Salesforce]12 13. OpenID Decentralized Single Sign On Single user prole Widely used for community & collaboration aspects OpenID is dying13 14. 14 OAuth/OpenID Connect OAuth for Identity Delegation OpenID Connect based on OAuth for authentication Securing RESTful services 15. 15 16. 16 17. 17 18. Different User preferences Social loginGartner predicts, by the end of 2015, 50% of all new retail customer identities will be based on social network identities.18 19. The Solution? An Enterprise Identity Bus Capable of connecting various IdPs and do token transformations from various protocols.19 20. Chained Collaborative Federation Single sign-on across multiple web applications supporting heterogenous standards/protocols Collaborative identity federation between multiple heterogenous identity providers Home realm discovery20 21. WSO2 Identity Server is an open source Identity and Entitlement management server, which supports SAML 2.0, OpenID, OAuth 2.0, OpenID Connect, XACML 3.0, SCIM, WS-Federation (passive) and many other identity federation patterns.21 22. WSO2 Identity Server 5.0 Architecture22 23. 23 24. Demo24 25. 25 BusinessModel 26. Contactus!