Download - Borderless Federated-Identity

Transcript
Page 1: Borderless Federated-Identity

Last Updated: July. 2014

Associate  Technical  Lead  Dulanja  Liyanage  

Borderless  Federated  Iden5ty  

Page 2: Borderless Federated-Identity

2  

About  the  Presenter  

๏  Dulanja  is  an  Associate  Technical  Lead  at  WSO2  mainly  contribu5ng  towards  the  Iden5ty  Server  and  WSO2's  plaEorm  security.  Apart  from  that  he  has  also  par5cipated  in  several  onsite  customer  engagements  helping  them  to  realize  enterprise  use  cases.    

๏  Email:  [email protected]  

Page 3: Borderless Federated-Identity

3  

About  WSO2  ๏  Global  enterprise,  founded  in  2005  

by  acknowledged  leaders  in  XML,  web  services    technologies,  standards    and  open  source  

๏  Provides  only  open  source  plaEorm-­‐as-­‐a-­‐service  for  private,  public  and  hybrid  cloud  deployments  

๏  All  WSO2  products  are  100%  open  source  and  released  under  the  Apache  License  Version  2.0.  

๏  Is  an  Ac5ve  Member  of  OASIS,  Cloud  Security  Alliance,  OSGi  Alliance,  AMQP  Working  Group,  OpenID  Founda5on  and  W3C.  

๏  Driven  by  Innova5on  

๏  Launched  first  open  source  API  Management  solu5on  in  2012  

๏  Launched  App  Factory  in  2Q  2013  

๏  Launched  Enterprise  Store  and  first  open  source  Mobile  solu5on  in  4Q  2013  

Page 4: Borderless Federated-Identity

4  

What  WSO2  delivers  

Page 5: Borderless Federated-Identity

A look into the past...

•  Highly guarded oraganization borders

•  User registration and profile creation a MUST

5  

Page 6: Borderless Federated-Identity

Welcome to the Present: Connected Businesses

•  Megers, acquisitions and partnerships

The analyst firm Quocirca confirms that in Europe 58 percent transact directly with users from other businesses and/or consumers; for the UK alone the figure is 65 percent.

6  

Page 7: Borderless Federated-Identity

No more enterprises boundaries!

7  

Page 8: Borderless Federated-Identity

The Problem? Accepting the UNKNOWN

8  

Page 9: Borderless Federated-Identity

Evolution of Identity Federation...

9  

Page 10: Borderless Federated-Identity

Different Userstores

User’s identity is...

•  maintained at one domain

•  but accessed in different domains

10  

Page 11: Borderless Federated-Identity

Different Protocols

•  SAML

•  OpenID

•  OAuth/OpenID Connect

• WS-Federation

•  Custom 11  

Page 12: Borderless Federated-Identity

SAML

•  SAML 1.0 (2002), SAML 2.0 (2005)

•  Single Sign On / Single Logout

• Widely used *aaS providers [Google Apps, Salesforce]

12  

Page 13: Borderless Federated-Identity

   

OpenID

•  Decentralized Single Sign On

•  Single user profile

• Widely used for community & collaboration aspects

•  OpenID is dying

13  

Page 14: Borderless Federated-Identity

14  

OAuth/OpenID Connect

•  OAuth for Identity Delegation

•  OpenID Connect based on OAuth for authentication

•  Securing RESTful services

Page 15: Borderless Federated-Identity

15  

Page 16: Borderless Federated-Identity

16  

Page 17: Borderless Federated-Identity

17  

Page 18: Borderless Federated-Identity

Different User preferences

•  Social login

Gartner predicts, by the end of 2015, 50% of all new retail customer identities will be based on social network identities.

18  

Page 19: Borderless Federated-Identity

The Solution?

•  An Enterprise Identity Bus

•  Capable of connecting various IdPs and do token transformations from various protocols.

19  

Page 20: Borderless Federated-Identity

Chained Collaborative Federation

•  Single sign-on across multiple web applications supporting heterogenous standards/protocols

•  Collaborative identity federation between multiple heterogenous identity providers

•  Home realm discovery

20  

Page 21: Borderless Federated-Identity

WSO2 Identity Server is an open source Identity and Entitlement management server, which supports SAML 2.0, OpenID, OAuth 2.0, OpenID Connect, XACML 3.0, SCIM, WS-Federation (passive) and many other identity federation patterns.

21  

Page 22: Borderless Federated-Identity

WSO2 Identity Server 5.0 Architecture

22  

Page 23: Borderless Federated-Identity

23  

Page 24: Borderless Federated-Identity

Demo

24  

Page 25: Borderless Federated-Identity

25  

Business  Model  

Page 26: Borderless Federated-Identity

Contact  us  !