nyc identity summit business day: "identity - the future's so bright i gotta wear...


Relationship Management


Identity

Users


Identity

Identity

Identity

Identity

Identity

Identity

Identity

Identity

Identity

Identity

Identity

Identity

Users, Devices, Things & Services


Identity Management Evolves to Relationship Management

Identity Lifecycle Management Users, Devices, Things & Services


Contextual Identity


Contextual SecurityTaking Safety to the Next Level

Passwordless Authentication

Register Device for First Time

Authorize consent child purchase

Authorize family members to use account

Authorize Data to Device / Thing


Did you just request to transfer $1,000,000.

Taro is trying to purchase Footloose on Amazon .

Is that ok?

Kayoko is requesting access to your car

Are you trying to open your front door?

We noticed your are accessing our service on a iPhone. Would you like

to register this device?

Would you like to authorize purchasing Showtime on your Samsung TV?

Contextual IdentityEnriching the Experience


Contextual IdentityAuthentication, Authorization and Consent

User Managed AccessSharing X-Ray with Doctor


MicroservicesArchitecture


SOA is Dead, but Services on the Rise!

1990s and EarlyPre-SOA

Monolith to change

2000sTraditional SOA

Autonomous but coordinated

PresentMicroservices

Decoupled and Independent

PWC, Agile coding in enterprise IT: Code small and local


Service to Service InteractionAuthentication, Authorization and Consent

https://api.telstra.com/v1/mobileconnect/userinfo

Authenticate API Authorize API Calls Authenticate API


Scaling to Support Distributed Cloud ArchsStateless Architecture

• Flexible deployment option to address cloud elasticity and massive horizontal scalability

• Configuration can be on a per-realm basis

• Stateless = state information is encoded in JWT token

• Stateful = tokens persisted in the Core Token Service

OpenAM Server

OpenAM Server

OpenAM Server

AWS1 AWS2 AWS3

Microservices Client App

Distributed Cloud Environment


CloudReadiness


Hybrid Cloud – One Cloud Many Pieces


The Cloud Conundrum

No Portability! Identity Baked in and Constrained to Each Cloud!


OAuth2/OIDC OAuth2/OIDC OAuth2/OIDC

OAuth2

The Abstraction of Identity … Again


Cloud Automation


Cloud Native: Cattle versus Pets


Cloud Native: Cattle versus Pets

Cattle• Cattle are numbers• They are almost identical• When ill, get another (Kill it!)• Thousands of cattle on farm

Pets• Pets have names like “pussnboots”• They are lovingly hand raised• When ill, nursed back to health• 1 or 2 pets in house

Elastic Inelastic


Container Management & Deployment

ProductConfiguration

ProductManifests

ForgeRock Images

JavaImage

TomcatImage

…Other Images

DOCKER REPOSITORY


PlatformUbiquity


We Must Be Better

Authentication Authorization Multi-Factor Adaptive Risk Self Service Directory API Security GRC …


Unified Platform

UMA Provider Mobile OTP App Synchronization Auditing

LDAPv3 REST/JSON

Replication Access Control

Schema Management

Caching

Auditing

Monitoring

Groups

Password Policy

Active Directory Pass-

thru

Reporting

Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2

Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2

Adaptive Risk Stateless/Stateful Registration Role Provisioning Message Transformation

API Security Scripting

Built from Open Source Projects:

UMA Resource

Access Management Identity Management Identity Gateway

Directory Services

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g


Identity Relationship Management: Talkin’ Bout a Revolution

Relationship Management

CloudAutomation

CloudReadiness

PlatformUbiquity

MicroservicesArchitecture

Contextual Identity


Demo!

nyc identity summit business day: "identity - the future's so bright i gotta wear...

Software