Open Identity Stack Roadmap

John Barco, Ludo Poitou, Johnny Cope, Victor Ake

Product Management

2

OpenAM …

Making Secure Connections

3

OpenAM: What does it do? Access Management

Protects an organization by providing the right people with the right access at the right time

Federation Allows identity and

entitlements to be portable across autonomous domains

4

OpenAM 11.0 Highlights■ New Session Fail-Over with optimized architecture

■ OpenID Connect for developer friendly Federation

■ Developer friendly REST APIs enhancements

■ Access Management for Mobile

■ Adaptive Authentication Device Fingerprinting

■ Updated agents v3.3; New Varnish policy agent

■ IPv6 Support

■ Java 7 Support

5

Scaling for the Modern Web

10KUsers

100MUsers

5KConcurrent sessions

5MConcurrent sessions

50AuthN/Sec

2,500AuthN/Sec

6

Scalability & High Availability

7

New Session Fail-Over■ Next generation design

– Removed the need of additional components (Message queue and Berkely DB)

■ Based on OpenDJ performance and replication capabilities

■ Built for simplicity, scale and replication

■ Easy to configure and set up

8

OpenID Connect

= Identity, Authentication +

OAuth• REST-based, friendly and secure

federation, built on top of OAuth 2.0• Ideal for Mobile and lightweight devices • Full implementation in OpenAM 11.0 (all flows

including session mgmt)

9

REST Enhancements■ Authentication REST API got better

■ Not only user & password

■ Any authentication module (x.509, Multi-factor, etc)

■ Password Reset REST API

■ Customers can build their own user interface

■ REST APIs part of the OpenAM standard offering

10

OpenAM Mobile

Web App

Native App

Native App

Web App

LoginApp

RE

ST

/OA

uth2

/Ope

nID

Con

nect

■ Securely enable access to on-prem or SaaS applications from any device

■ Platform independent support for Android, iOS, and other mobile using REST APIs

■ OpenAM provides OATH and HOTP

for strong AuthN

■ Risk-based authentication to enhance security

11

Adaptive AuthenticationDevice Fingerprinting

■ Adaptive Authentication can be added when authenticating using a mobile, or desktop

■ New Device Fingerprinting feature adds additional risk assessment to validate if the device is trusted

12

Summary

Simple- Single package solution, easy to install and POC

Breadth- Most features and standards support in a single product

Flexible / Extensible- Open standard, APIs enable complete customization

Scale- Built for managing millions of user identities

OpenIDM Overview

14

OpenIDM …

Building Relationships

15

OpenIDM: What does it do? Manage Identities

Centrally manage account lifecycle, audit & report entitlements and enable self service cost savings

Embedded RESTful interface easily

integrates into modern application stacks to manage identities

16

OpenIDM 3.0 Highlights■ Roles

■ Common User Interface

■ Reference implementation for Reporting

■ Continued support of OpenICF– Google Apps, Workday, Powershell & Scripted REST– Contribution of Advanced Connectors (RACF, SAP & TAM)

■ Multi-Tenant deployment model

■ IAG coverage with BrainWave partnership

■ Emerging opportunities in BaaS & Cloud Brokers

17

Summary

Simple- Single package solution, easy to install and prove

Open- The only supported open source provisioning solution in the market

Modular & Extensible- Standards-based, embeddable featuring REST interfaces

Scale- Built for managing millions of user identities

Bridge SPE Overview

19

Bridge SPE Overview■ On-premise appliance to…

– Synchronize identities into SaaS providers– Provide SSO / IWA– …that’s super easy to setup

■ v1 uni-directional AD-to-Salesforce

■ Bi-directional support and multi-source/target

■ OEM business model

20

Bridge SPE: How does it work?■ Lightweight install

– .zip file

■ Configure source & target– Source properties & target OAuth

■ Synchronize users– Attribute Mapping

■ SSO with Kerberos / IWA

OpenDJ Overview

22

23

High Level Strategy■ Providing the Identity repository for the hybrid cloud-

enterprise.

■ Made easy for the Administrators and the developers

■ Customers want a reliable, highly available directory service that scales vertically and horizontally anywhere.

24

Ubiquitous Directories

Amazon EC2

Company IDP

Headquarter

London San Francisco

Service cloud

25

REST to LDAP

■ Provides a new way to access the directory data

■ One familiar to most developers :– HTTP / REST / JSON

■ SCIM like (and soon compliant)

■ Available embedded in OpenDJ or web application

26

Scaling for the Cloud■ Horizontal and elastic

scalability

■ Complete support for multi-tenants

27

What you need to know■ OpenDJ 2.6.0 released end of June 2013

■ OpenDJ 3.0 will come mid 2014, with Proxy services

■ REST to LDAP is a game changer.– Try it now and give us feedback.

28

Summary

Developer Friendly- LDAP, REST/JSON, WEB Services

100% Pure Java- Runs Anywhere, Embeddable

Very High Performance- For both READS and WRITES

Highly Scalable and Available- Scale to 100M+ users, Multi-Master Replication for HA / Geo Avail.

Thanks!