Software Practice Overview Identity

8/8/2019 Software Practice Overview Identity

http://slidepdf.com/reader/full/software-practice-overview-identity 1/29

Identity Mangement

OverView

Pablo LambertPráctica de Software

Sun Microsystems



Sun Proprietary/Confidential: Internal Use Only

Software

Software una Prioridad para Sun

Services Storage

Servers




Java Enterprise System

I d e n t i t y

M

a n a g e m e n

t

ApplicationPlatform B2B

ESBWebInfrastructure

Composite

Application Platform

C o m m u n i t y

A v a i l a b i l i t y

D a t a C e n t e r M a n a g e m e n t

D

e v e l o p e r T o o l s

Traditional Client•

Sun Ray, Star/OpenOffice, JavaDesktop System

Secure GlobalDesktop

Mobile Client•

Java ME

•

Java Card

Traditional Client

Sun Ray, Star/

OpenOffice, Java Desktop System

La Infraestructura para la Web 2.0




Agenda

●

Estrategia de Software

●

Identity Management

●

Access Manager




Varios Modelos de Negocio

• Source code

• Binary product

• Basic training

• Security support

• Developer programs

• Subscriptions or tradicional license

• Support• Services

• Training• Indemnification

Free and

Open

What We Sell


http://slidepdf.com/reader/full/software-practice-overview-identity 6/29Sun Proprietary/Confidential: Internal Use Only

What Is Project GlassFish?• Java EE 5 Reference Implementation

>

Included in Java EE 5 SDK

• Enterprise Quality> High availability / clustering

> Advanced administration> World record performance

•

Open Source> CDDL & GPL v2 (w/ClassPath Exception)

• Community> Sources, bug DBs, discussions at Java.Net

> Roadmaps, Architecture Documents



GlassFish Adoption

• 3.8 million downloads since July '06

•

Dozens of external committers

• Over 7,000 members

• Evans data survey of Linux usersputs GF at #3 behind JBoss and“other” (Tomcat)> JBoss and IBM fell 5% while

GlassFish / Sun increased

Feb07

Mar 07

Apr 07

May07

Jun07

Jul 07 Aug07

0

10000

20000

30000

40000

50000

60000

70000

80000

90000

100000

110000

120000

130000

140000

150000

Active Users

Joe Ottinger – Editor TheServerSide



Agenda

●


●

Identity Management

●

Access Manager



Las soluciones de administración de identidades deben de resolver múltiples necesidades de negocio.

Mejorar Acceso

y Servicios

Seguridad

Reducir Costos

Single

Sign-on

Federación

Portales

Automatización

Help

Desk

Desarrollo

Integración

Leyes

Riesgos

Internos

RiesgosExternos

Políticas

AuditoriasAuto

Servicio

Motivadores del Negocio



First Complete & Integrated SolutionSun Identity Manager



Identity Lifecycle Mgmt: Value Proposition

Enabling Enhanced Security, Reduced Costs,Improved Productivity

Sources: Gartner, Giga

•

Self-Service Password Management

–Help Desk Costs: Reduce by at least 35% with savingsup to $75 per user per call

•

Delegated Administration

–IT Security: Improve with rule and role-based delegationof privileges and comprehensive auditing and reportingof all activity

•

Identity Data Synchronization

–TCO: Deploy and maintain a single solution for handlingmeta-directory and provisioning projects

•

Automated User Provisioning

–IT Security: Ensure appropriate level of access is giveninitially and removal of all access when relationship ends

–IT Efficiency: $70,000/user savings for every 1,000managed users

–User Productivity Gains: $1,000/new employee and$350/existing employee



Identity Auditing: Value PropositionEnabling Sustainable and Repeatable Compliance

0

20

40

60

80

100

120

1 2 3 4

% users

reviewed

Stage 1, Basic Review

100% of the users beingreviewed

Stage 2, Review WithAudit Policy, reduce

reviewed users by up to40%

Stage 3, Review WithAudit Policy and On-going Audit Scans, reduces

up to 80%

Stage 4, Review onlyUpdated Users, reducesup to 90%

•

Policy based certification and manager attestation

–IT Efficiency: Reduce the time to days frommonths

•

Separation of duties checking

–IT Cost: Customers can save up to $300k

per year per system

•

Automated Remediation

–Compliance: Fix violations as they aredetected and capture approvals

•

Preventative Compliance

–Compliance: Check SOD policy atprovisioning, tie policy to user

•

Reconciliation of Expected and Actual Access

–Compliance: Compare user roles to actual

system access% of users

reviewed


http://slidepdf.com/reader/full/software-practice-overview-identity 13/29Sun Confidential: Internal Only 13SUN PROPRIETARY/CONFIDENTIAL - Sun Employees and Authorized Partners Only

IDM Architecture



Identity Manager Provisioning


http://slidepdf.com/reader/full/software-practice-overview-identity 15/29Sun Confidential: Internal Only 15SUN PROPRIETARY/CONFIDENTIAL - Sun Employees and Authorized Partners Only

Virtual Identity Manager Real-Time Identity Management

•

Real-time interaction with managedresources

> Can modify operation of connected application NOW!

>

No complex replicationinfrastructure

> Ability to generate reports onnative data in resources

•

Virtual Identity Composit ion

>

Identity Manager ID

> Basic info (name, email, manager)>

List of resources

>

Key information for each resource

• Extensible storage of other attributes as required

“Virtual Identity

Manager”



Sun Confidential: Internal Only 16SUN PROPRIETARY/CONFIDENTIAL - Sun Employees and Authorized Partners Only

Dynamic WorkflowComponents



Agenda

●


●

Identity Management

●

Access Manager



Sun Java System

Access Manager

NEW GRAPHIC

Secure and scalable

access managementBenefits:●

Improve security

●

Enhance user experience

●

Increase revenue opportunities

●

Reduce administrative costs

Features:●

Standards-based single sign-on

●

Role/rule-base authorization for centralized policy enforcement

●

Federation services for enabling trusted partnerships

●

Proven scalability for largescale, dynamic service provider environments

●

Instant auditing of crit icalaccess-related information

Delivering single sign-on,access control and federation

services across intranets and extranets



Access Manager Architecture




Access ManagerHow does it work?• Intercepts access to a resource

•

Authenticates the user and, if the user

is successfully authenticated, issues atoken

• Evaluates the policies associated withthe requested resource

• If the user is authorized, allows accessto the resource, providing identity data

•

Repeats the process

>

Intercepts access to resource>

Uses token to authorize accessdepending on policy

>

Provides identity data to resource

>

Logs everything that happens

• Until session expires



Centralized Access ManagementWeb Applications

Java/.Net Applications

Enterprise Applications

Web Services

-

Authentication

- Single Sign-On-

Policy Enforcement

-

Auditing

Access Manager



Secure Web ServicesWeb Service Service Consumer

SOAP

SOAP

Trust Authority

Security Tokens




Agenda

●


●

Identity Management

●

Access Manager



Why Sun?




Deployment Success & Product Maturity



Sun Identity Management SuiteIntegrated. Integratable. Innovative.

Extended Enterprise

Everything required to manageidentities within the extendedenterprise and across collaborativenetworks—all completelyintegratable with dynamic,heterogeneous IT environments.

Collaborative Enterprise

3+ billion identities under management

Federation Manager OpenSSO

Identity Manager Access Manager Directory Server

Enterprise Edition




Sun Leads in Forrester Wave™ Forrester Wave™ User Account Provisioning

•

Sun Microsystems is a market leader for

a reason — its product delivers superior provisioning functionality with the highestease of use.

•

By a large margin, Sun Java SystemIdentity Manager came in as the mostfunction-rich solution…

•

Sun stands out as functionally superior.

•

Sun sets the gold standard for user account provisioning.

•

Ranked #1 in both current offering andmarket presence

The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarksof Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market

and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester doesnot endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on bestavailable resources. Opinions reflect judgment at the time and are subject to change.




• Leaders demonstrate balancedprogress and effort in all execution andvision categories.

•

•

Their actions raise the competitive bar

for all products in the market, and theycan change the course of the industry.

•

Magic Quadrant for User Provisioning, 1H06•

Roberta J. Witty, Ant Allan, Ray Wagner

•

25 April 2006

This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report.The Gartner report is available upon request from Sun. The Magic Quadrant is copyrighted April 2006 by Gartner, Inc. and is reused with permission. TheMagic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis o f how certain vendorsmeasure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the MagicQuadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely asa research tool, and is not meant to be a specific gu ide to action. Gartner disclaims all warranties, express or implied, with respect to this research,including any warranties of merchantability or fitness for a particular purpose.

Sun is Positioned in Leaders QuadrantGartner User Provisioning Magic Quadrant



¿Preguntas?

Software Practice Overview Identity

Documents

Transcript of Software Practice Overview Identity