SlideShare a Scribd company logo

Ymens - Cloud Identity Crisis - Dev Talks 2015

Vlad Mihnea
Vlad Mihnea

Cloud Identity Crisis and the Role of the Identity Broker

Internet
1 of 23
Download to read offline
Vlad Mihnea, R&D Manager Cloud Identity Crisis and the Identity Broker
Identity: Definition Set of information (attributes) by which an individual is definitively distinguished within a context, such as an application þ Identity Attributes: §  Physiological attributes §  Biographical information §  Issued credentials §  “Secret” information (e.g. history)
þ  Height: 192cm þ  Weight: 106kg þ  Skin Color: White þ  Eye Color: Blue þ  Hair Color: Black þ  Place of Birth: Krypton þ  Identity: Secret þ  Citizenship: Kryptonian, American þ  Base: Metropolis, Fortress of Solitude þ  Occupation: Journalist, Super Hero þ  Employer: Daily Planet, Self- employed
Superman is Clark Kent
Clark Kent is an employee of Daily Planet
Clark Kent is a social being
Clark Kent is an adopted son
Superman is also Kal El, citizen of Krypton
Superman: One User – Many Identities Login Email Credentials superman superman@superman.superman ********** Login Email Credentials kel kal.el@krypton.gov.ws ********** Login Email Credentials clark.kent clark.kent@dailyplanet.com ********** Login Email Credentials superboy1977 superboy1977@gmail.com **********
Cloud Identity Crisis: Complex & Fragmented 3 Create Delete Attribute Sync Active Directory HR (PeopleSoft, SAP) Cloud Office365, Workday, Salesforce, etc Application Owner Business Manager Users IT Helpdesk Administrator Administrator Financials SharePoint Sales Partners, customers, et
þ Complexity: One user, many identities §  If a user has more than one identity then they will deal with that complexity by having easy to remember credentials which makes them a weak link for hackers þ Fragmentation: Many apps, many systems §  If applications have separate identity systems then it becomes a manual job to maintain the integrity of the identities on that system for events such as staff changes þ Complexity & Fragmentation => Entropy §  A fragmented identity system leads to fragmented accountability, allowing suspect users to identify using unapproved applications Cloud Identity Crisis: Complex & Hybrid
Cloud Service Broker Social Sign-on Enterprise IAM Consumer B2B ````````````````````` SaaS/PaaS/IaaS On-premise / Legacy Consumer Apps •  Employees •  Contractors •  Partners Marketplace SSO IdM Billing Portal ⊆ Cloud Identity Broker
þ Service Brokers - The Cloud Marketplace §  Cloud Exchange for the enterprise and cloud services: broker service that integrates, manages and bills cloud services §  Essential to the transformation of traditional IT into IT as a Service þ Identity Brokers - The Cloud Identity Hub §  IDaaS: Enables the provisioning and life-cycle management of users across external cloud services §  Virtual Directory in the cloud that brokers identity from the enterprise to external clouds providers Cloud Service Broker ⊆ Cloud Identity Broker
2 Operations ① Provisioning ② Single Sing-On 2 Worlds ① Work ② Home 2 Directions ① Inbound ② Outbound Identity Broker: Functions
Key Features: •  Governance •  Hubris Key Features: •  “Solving the right problem” •  Enterprise-only scope Key Features: •  Agility •  Cloud friendliness •  Robustness ID Protocols: Emerging Standards have an Edge Source: TechRadar For Security Pros: Zero Trust Identity Standards, Q3 2012
ID Protocols: Relevant Jargon OAuth 2.0 §  Auth Server §  Resource Server OpenID Connect 1.0 §  OpenID Provider §  Relying Party §  User Claims §  Client Claims SAML 2.0 §  Identity Provider §  Service Provider §  Attributes §  SP Metadata §  Service Provider: A web application that provides identity information via the SCIM protocol §  Consumer: An application that uses the SCIM protocol to manage identity data maintained by the Service Provider §  Resource: The Service Provider managed artifact containing one or more attributes; e.g., User or Group SCIM
ID Protocols: Comparison OAuth 2.0 §  Not responsible for session initiation §  Collects user’s consent to share attributes §  No actual identity tokens §  No actual claims, protects APIs §  Client onboarding is static §  No session OpenID Connect 1.0 §  Initiating user’s login session §  Collects user’s consent to share attributes §  High-security identity tokens §  Distributed and aggregated claims §  Dynamic onboarding §  Session timeout SAML 2.0 §  Initiating user’s login session §  Not responsible for collecting user consent §  High-security identity tokens §  Distributed and aggregated claims §  Client onboarding is static §  Session timeout
þ  SAML þ  OpenID þ  OpenID Connect þ  OAuth þ  SPML þ  SCIM þ  WS-Federation þ  XACML Identified Standards Identified Gaps ¨  Configuration and association with an IdP is not standardized ¨  No standards or rules for mapping or transforming attributes between different domains ¨  No profiles or standard roles and related attributes ¨  No standards for attributes ¨  No audit standards for IDM systems ID Protocols: Standards & Gaps
Identity Broker & Protocols: Our Vision SOAP HTTP OpenID Connect SCIM OAuth2 OpenID OpenID Connect SCIM SAML2 Cloud Apps Social Enterprise
Superman: Identity Broker – Identity Union Global ID Local Login Email Credentials kal.el superman superman@superman.superman ********** clark.kent clark.kent@dailyplanet.com ********** superboy1977 superboy1977@gmail.com ********** kel kal.el@krypton.gov.ws **********
① Open Standards Matter ② Cloud Identity is Hybrid ③ BYOA permeates the Enterprise ④ Identity is the new Control Plane Cloud Identity: Future
Cloud Identity: Final Thoughts “So long, Superman! Your secret identity is safe with me!” The Simpsons TV Episode 1992 vlad.mihnea@ymens.com

Recommended

CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
User Authentication and Cloud Authorization in the Galaxy project: https://do...
User Authentication and Cloud Authorization in the Galaxy project: https://do...User Authentication and Cloud Authorization in the Galaxy project: https://do...
User Authentication and Cloud Authorization in the Galaxy project: https://do...Vahid Jalili
 
cloud
cloudcloud
cloudcarlos1208
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveGranikos GmbH & Co. KG
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 

Recommended

CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
User Authentication and Cloud Authorization in the Galaxy project: https://do...
User Authentication and Cloud Authorization in the Galaxy project: https://do...User Authentication and Cloud Authorization in the Galaxy project: https://do...
User Authentication and Cloud Authorization in the Galaxy project: https://do...Vahid Jalili
 
cloud
cloudcloud
cloudcarlos1208
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveGranikos GmbH & Co. KG
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authenticationjeremysbrown
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
Ad fs
Ad fsAd fs
Ad fsIván Sanchez Vera
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID ConnectMarcin Wolnik
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFSNatallia Makarevich
 
Vcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabadVcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabadAcutelearn Technologies
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordelguest2a1135
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
Server to Server API Security
Server to Server API SecurityServer to Server API Security
Server to Server API SecurityGanesh Ghag
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSteven Van de Craen
 
Overview of Cloud Computing
Overview of Cloud ComputingOverview of Cloud Computing
Overview of Cloud ComputingPeter R. Egli
 
Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015Software Park Thailand
 
Radványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titokRadványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titokMeetOFF
 
Docker presentation
Docker presentationDocker presentation
Docker presentationmhprogramr
 

More Related Content

What's hot

Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authenticationjeremysbrown
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID ConnectMarcin Wolnik
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Vcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabadVcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabadAcutelearn Technologies
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordelguest2a1135
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
Server to Server API Security
Server to Server API SecurityServer to Server API Security
Server to Server API SecurityGanesh Ghag
 

What's hot (18)

Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authentication
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
 
Ad fs
Ad fsAd fs
Ad fs
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
 
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
Presentation
PresentationPresentation
Presentation
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID Connect
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.net
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
 
Vcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabadVcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabad
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordel
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
 
Server to Server API Security
Server to Server API SecurityServer to Server API Security
Server to Server API Security
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devs
 

Viewers also liked

Overview of Cloud Computing
Overview of Cloud ComputingOverview of Cloud Computing
Overview of Cloud ComputingPeter R. Egli
 
Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015Software Park Thailand
 
Radványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titokRadványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titokMeetOFF
 
Docker presentation
Docker presentationDocker presentation
Docker presentationmhprogramr
 
Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Patrick Chanezon
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessForgeRock
 
Continuous Delivery leveraging on Docker CaaS by Adrien Blind
Continuous Delivery leveraging on Docker CaaS by Adrien BlindContinuous Delivery leveraging on Docker CaaS by Adrien Blind
Continuous Delivery leveraging on Docker CaaS by Adrien BlindDocker, Inc.
 
Joomla Continuous Delivery with Docker
Joomla Continuous Delivery with DockerJoomla Continuous Delivery with Docker
Joomla Continuous Delivery with DockerJirayut Nimsaeng
 
Docker, Containers and the Future of Application Delivery
Docker, Containers and the Future of Application DeliveryDocker, Containers and the Future of Application Delivery
Docker, Containers and the Future of Application DeliveryDocker, Inc.
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelSarah Moore
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 

Viewers also liked (11)

Overview of Cloud Computing
Overview of Cloud ComputingOverview of Cloud Computing
Overview of Cloud Computing
 
Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015
 
Radványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titokRadványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titok
 
Docker presentation
Docker presentationDocker presentation
Docker presentation
 
Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
 
Continuous Delivery leveraging on Docker CaaS by Adrien Blind
Continuous Delivery leveraging on Docker CaaS by Adrien BlindContinuous Delivery leveraging on Docker CaaS by Adrien Blind
Continuous Delivery leveraging on Docker CaaS by Adrien Blind
 
Joomla Continuous Delivery with Docker
Joomla Continuous Delivery with DockerJoomla Continuous Delivery with Docker
Joomla Continuous Delivery with Docker
 
Docker, Containers and the Future of Application Delivery
Docker, Containers and the Future of Application DeliveryDocker, Containers and the Future of Application Delivery
Docker, Containers and the Future of Application Delivery
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 

Similar to Ymens - Cloud Identity Crisis - Dev Talks 2015

OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Amazon Web Services
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCloudIDSummit
 
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptx
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptxTrack 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptx
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptxAmazon Web Services
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018MOnCloud
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Andrew Hughes
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
ESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationEdin Kapic
 
Identity, Security and XML Web Services
Identity, Security and XML Web ServicesIdentity, Security and XML Web Services
Identity, Security and XML Web ServicesJorgen Thelin
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentForgeRock
 

Similar to Ymens - Cloud Identity Crisis - Dev Talks 2015 (20)

OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSO
 
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptx
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptxTrack 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptx
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptx
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign Identity
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
 
.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
ESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and Authorization
 
Identity, Security and XML Web Services
Identity, Security and XML Web ServicesIdentity, Security and XML Web Services
Identity, Security and XML Web Services
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration Component
 

Recently uploaded

Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 

Recently uploaded (20)

Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 

Ymens - Cloud Identity Crisis - Dev Talks 2015

  • 1. Vlad Mihnea, R&D Manager Cloud Identity Crisis and the Identity Broker
  • 2.
  • 3. Identity: Definition Set of information (attributes) by which an individual is definitively distinguished within a context, such as an application þ Identity Attributes: §  Physiological attributes §  Biographical information §  Issued credentials §  “Secret” information (e.g. history)
  • 4. þ  Height: 192cm þ  Weight: 106kg þ  Skin Color: White þ  Eye Color: Blue þ  Hair Color: Black þ  Place of Birth: Krypton þ  Identity: Secret þ  Citizenship: Kryptonian, American þ  Base: Metropolis, Fortress of Solitude þ  Occupation: Journalist, Super Hero þ  Employer: Daily Planet, Self- employed
  • 6. Clark Kent is an employee of Daily Planet
  • 7. Clark Kent is a social being
  • 8. Clark Kent is an adopted son
  • 9. Superman is also Kal El, citizen of Krypton
  • 10. Superman: One User – Many Identities Login Email Credentials superman superman@superman.superman ********** Login Email Credentials kel kal.el@krypton.gov.ws ********** Login Email Credentials clark.kent clark.kent@dailyplanet.com ********** Login Email Credentials superboy1977 superboy1977@gmail.com **********
  • 11. Cloud Identity Crisis: Complex & Fragmented 3 Create Delete Attribute Sync Active Directory HR (PeopleSoft, SAP) Cloud Office365, Workday, Salesforce, etc Application Owner Business Manager Users IT Helpdesk Administrator Administrator Financials SharePoint Sales Partners, customers, et
  • 12. þ Complexity: One user, many identities §  If a user has more than one identity then they will deal with that complexity by having easy to remember credentials which makes them a weak link for hackers þ Fragmentation: Many apps, many systems §  If applications have separate identity systems then it becomes a manual job to maintain the integrity of the identities on that system for events such as staff changes þ Complexity & Fragmentation => Entropy §  A fragmented identity system leads to fragmented accountability, allowing suspect users to identify using unapproved applications Cloud Identity Crisis: Complex & Hybrid
  • 13. Cloud Service Broker Social Sign-on Enterprise IAM Consumer B2B ````````````````````` SaaS/PaaS/IaaS On-premise / Legacy Consumer Apps •  Employees •  Contractors •  Partners Marketplace SSO IdM Billing Portal ⊆ Cloud Identity Broker
  • 14. þ Service Brokers - The Cloud Marketplace §  Cloud Exchange for the enterprise and cloud services: broker service that integrates, manages and bills cloud services §  Essential to the transformation of traditional IT into IT as a Service þ Identity Brokers - The Cloud Identity Hub §  IDaaS: Enables the provisioning and life-cycle management of users across external cloud services §  Virtual Directory in the cloud that brokers identity from the enterprise to external clouds providers Cloud Service Broker ⊆ Cloud Identity Broker
  • 15. 2 Operations ① Provisioning ② Single Sing-On 2 Worlds ① Work ② Home 2 Directions ① Inbound ② Outbound Identity Broker: Functions
  • 16. Key Features: •  Governance •  Hubris Key Features: •  “Solving the right problem” •  Enterprise-only scope Key Features: •  Agility •  Cloud friendliness •  Robustness ID Protocols: Emerging Standards have an Edge Source: TechRadar For Security Pros: Zero Trust Identity Standards, Q3 2012
  • 17. ID Protocols: Relevant Jargon OAuth 2.0 §  Auth Server §  Resource Server OpenID Connect 1.0 §  OpenID Provider §  Relying Party §  User Claims §  Client Claims SAML 2.0 §  Identity Provider §  Service Provider §  Attributes §  SP Metadata §  Service Provider: A web application that provides identity information via the SCIM protocol §  Consumer: An application that uses the SCIM protocol to manage identity data maintained by the Service Provider §  Resource: The Service Provider managed artifact containing one or more attributes; e.g., User or Group SCIM
  • 18. ID Protocols: Comparison OAuth 2.0 §  Not responsible for session initiation §  Collects user’s consent to share attributes §  No actual identity tokens §  No actual claims, protects APIs §  Client onboarding is static §  No session OpenID Connect 1.0 §  Initiating user’s login session §  Collects user’s consent to share attributes §  High-security identity tokens §  Distributed and aggregated claims §  Dynamic onboarding §  Session timeout SAML 2.0 §  Initiating user’s login session §  Not responsible for collecting user consent §  High-security identity tokens §  Distributed and aggregated claims §  Client onboarding is static §  Session timeout
  • 19. þ  SAML þ  OpenID þ  OpenID Connect þ  OAuth þ  SPML þ  SCIM þ  WS-Federation þ  XACML Identified Standards Identified Gaps ¨  Configuration and association with an IdP is not standardized ¨  No standards or rules for mapping or transforming attributes between different domains ¨  No profiles or standard roles and related attributes ¨  No standards for attributes ¨  No audit standards for IDM systems ID Protocols: Standards & Gaps
  • 20. Identity Broker & Protocols: Our Vision SOAP HTTP OpenID Connect SCIM OAuth2 OpenID OpenID Connect SCIM SAML2 Cloud Apps Social Enterprise
  • 21. Superman: Identity Broker – Identity Union Global ID Local Login Email Credentials kal.el superman superman@superman.superman ********** clark.kent clark.kent@dailyplanet.com ********** superboy1977 superboy1977@gmail.com ********** kel kal.el@krypton.gov.ws **********
  • 22. ① Open Standards Matter ② Cloud Identity is Hybrid ③ BYOA permeates the Enterprise ④ Identity is the new Control Plane Cloud Identity: Future
  • 23. Cloud Identity: Final Thoughts “So long, Superman! Your secret identity is safe with me!” The Simpsons TV Episode 1992 vlad.mihnea@ymens.com