SlideShare une entreprise Scribd logo

Synergies of Cloud Identity: Putting it All Together

Twobo Technologies
Twobo Technologies

Synergisticly using digital identity to securely adopt cloud computing, mobile, and social. Introduction to the "Neo Security Stack" of digital identity standards, namely OpenID Connect, OAuth, JWT, and SCIM and how to use them together.

Technologie
1  sur  17
Télécharger pour lire hors ligne
Synergies of Cloud Identity: Putting it All Together By Travis Spencer, CEO
Agenda • Impact of mobile and cloud on business • Central role of identity in coping with these changes • Using the different identity specs together to this end Copyright (C) 2012 Twobo Technologies AB
Mobile is Changing Business • 75% of mobiles in Scandinavia are smartphones; 50% in rest of Europe & US • BYOD is a foregone conclusion for most – 90% of orgs will support corporate apps on personal devices by 2014 • 80% of orgs will use tablets by next year Copyright (C) 2012 Twobo Technologies AB
Mobilizing Business Processes • Workflows are a business’s circulatory system • Automation and efficiency are critical • Mobile helps optimizes these processes Copyright (C) 2012 Twobo Technologies AB
Reusing Existing Technology • Prior technology investments will remain on the books for years • Existing data/systems must be available to mobile users and cloud services • IT organizations need to bridge the old and new technologies Copyright (C) 2012 Twobo Technologies AB
Seamless Access to Cloud Apps • Giving employees new passwords for each cloud app is not secure or scalable • 123456 is not a secure password, but cloud providers allows it! • Existing OTP tokens are not supported • Seamless cloud access is required Copyright (C) 2012 Twobo Technologies AB
Crucial Security Concerns Enterprise API Mobile Security Security Security Copyright (C) 2012 Twobo Technologies AB
Identity is Central Mobile Security MDM MAM Identity Enterprise A u API Security t Security h Z Copyright (C) 2012 Twobo Technologies AB Venn diagram by Gunnar Peterson
Neo-security Stack OpenID Connect • SCIM, SAML, OAuth, and JWT are the new standards-based cloud security stack • OAuth 2 is the new meta-protocol defining how tokens are handled • These address old requirements, solves new problems & are composed in useful ways Grandpa SAML & junior • WS- again? Copyright (C) 2012 Twobo Technologies AB
SAML + OAuth • Relay OAuth token in SAML messages • Use SAML tokens to authenticate OAuth clients or as the AS’s output token format • Use SAML SSO to authenticate users to AS Copyright (C) 2012 Twobo Technologies AB
SCIM + OAuth • Use OAuth to secure SCIM API calls • Use SCIM to create accounts needed to access APIs secured using OAuth Copyright (C) 2012 Twobo Technologies AB
Push Tokens & Pull Identities IdP/SCIM Server SP / SCIM Client User Data Get User Access token in federation message Browser Copyright (C) 2012 Twobo Technologies AB
SCIM + SAML/OIC • Carry SCIM attributes in SAML assertions (bindings for SCIM) – Enables JIT provisioning – Supplements SCIM API & schema • Provisioning accounts using SCIM API to updated before/after logon Copyright (C) 2012 Twobo Technologies AB
OpenID Connect • Builds on OAuth for profile sharing • Uses the flows optimized for user-consent scenarios • Adds identity-based inputs/outputs to core OAuth messages • Tokens are JWTs Copyright (C) 2012 Twobo Technologies AB
User Managed Access • Also extends OAuth 2 • Allows users to centrally control distribution of their identity data • Used with Personal Data Stores (PDS) to create “identity data lockers” Copyright (C) 2012 Twobo Technologies AB
Questions & Thanks @2botech @travisspencer www.2botech.com www.travisspencer.com Copyright (C) 2012 Twobo Technologies AB
Synergies of Cloud Identity: Putting it All Together

Recommandé

OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure APITwobo Technologies
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security StackTwobo Technologies
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuthTwobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleNordic APIs
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01Nordic APIs
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure APINordic APIs
 

Recommandé

OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure APITwobo Technologies
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security StackTwobo Technologies
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuthTwobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleNordic APIs
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01Nordic APIs
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure APINordic APIs
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to ScopesOAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to ScopesNordic APIs
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBrian Campbell
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.
 
Making Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsMaking Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsArmonDadgar
 
ASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITYASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITYTrâm Mai
 
Enterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsEnterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsCA API Management
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST servicesMaurice De Beijer [MVP]
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platformsTwobo Technologies
 
Designing an API
Designing an APIDesigning an API
Designing an APITwobo Technologies
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino DevelopersDominopoint - Italian Lotus User Group
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0Oracle Corporation
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteTwobo Technologies
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Judy Breedlove
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Jeremy Gray
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLpqrs1234
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesUbisecure
 

Contenu connexe

Tendances

Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to ScopesOAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to ScopesNordic APIs
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBrian Campbell
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.
 
Making Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsMaking Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsArmonDadgar
 
ASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITYASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITYTrâm Mai
 
Enterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsEnterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsCA API Management
 

Tendances (8)

Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to ScopesOAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
 
Making Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsMaking Security Approachable for Developers and Operators
Making Security Approachable for Developers and Operators
 
ASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITYASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITY
 
Enterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsEnterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIs
 

En vedette

Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platformsTwobo Technologies
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteTwobo Technologies
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 

En vedette (8)

Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST services
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platforms
 
Designing an API
Designing an APIDesigning an API
Designing an API
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol Suite
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 

Similaire à Synergies of Cloud Identity: Putting it All Together

OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Judy Breedlove
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Jeremy Gray
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLpqrs1234
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesUbisecure
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftJitendra Bafna
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
RTView - Monitoring Service for SmartCloud Applications
RTView - Monitoring Service for SmartCloud ApplicationsRTView - Monitoring Service for SmartCloud Applications
RTView - Monitoring Service for SmartCloud ApplicationsSL Corporation
 
Prakhar Sood-Resume-CV
Prakhar Sood-Resume-CVPrakhar Sood-Resume-CV
Prakhar Sood-Resume-CVPrakhar Sood
 
Migrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi CloudMigrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi CloudStrata Identity
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identityNordic APIs
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04Paul Madsen
 
Connectivity for a Smarter Planet
Connectivity for a Smarter PlanetConnectivity for a Smarter Planet
Connectivity for a Smarter PlanetProlifics
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseOKsystem
 
Cidway Byod Authentication
Cidway Byod AuthenticationCidway Byod Authentication
Cidway Byod Authenticationlfilliat
 
Single Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password EliminationSingle Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password EliminationSymantec
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualVMware Tanzu
 

Similaire à Synergies of Cloud Identity: Putting it All Together (20)

OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
 
Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAML
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational Solutions
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for Microservices
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
RTView - Monitoring Service for SmartCloud Applications
RTView - Monitoring Service for SmartCloud ApplicationsRTView - Monitoring Service for SmartCloud Applications
RTView - Monitoring Service for SmartCloud Applications
 
Prakhar Sood-Resume-CV
Prakhar Sood-Resume-CVPrakhar Sood-Resume-CV
Prakhar Sood-Resume-CV
 
Migrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi CloudMigrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi Cloud
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identity
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 
Connectivity for a Smarter Planet
Connectivity for a Smarter PlanetConnectivity for a Smarter Planet
Connectivity for a Smarter Planet
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterprise
 
Cidway Byod Authentication
Cidway Byod AuthenticationCidway Byod Authentication
Cidway Byod Authentication
 
Enterprise serverless
Enterprise serverlessEnterprise serverless
Enterprise serverless
 
Single Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password EliminationSingle Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password Elimination
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty Mutual
 

Dernier

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Dernier (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Synergies of Cloud Identity: Putting it All Together

  • 1. Synergies of Cloud Identity: Putting it All Together By Travis Spencer, CEO
  • 2. Agenda • Impact of mobile and cloud on business • Central role of identity in coping with these changes • Using the different identity specs together to this end Copyright (C) 2012 Twobo Technologies AB
  • 3. Mobile is Changing Business • 75% of mobiles in Scandinavia are smartphones; 50% in rest of Europe & US • BYOD is a foregone conclusion for most – 90% of orgs will support corporate apps on personal devices by 2014 • 80% of orgs will use tablets by next year Copyright (C) 2012 Twobo Technologies AB
  • 4. Mobilizing Business Processes • Workflows are a business’s circulatory system • Automation and efficiency are critical • Mobile helps optimizes these processes Copyright (C) 2012 Twobo Technologies AB
  • 5. Reusing Existing Technology • Prior technology investments will remain on the books for years • Existing data/systems must be available to mobile users and cloud services • IT organizations need to bridge the old and new technologies Copyright (C) 2012 Twobo Technologies AB
  • 6. Seamless Access to Cloud Apps • Giving employees new passwords for each cloud app is not secure or scalable • 123456 is not a secure password, but cloud providers allows it! • Existing OTP tokens are not supported • Seamless cloud access is required Copyright (C) 2012 Twobo Technologies AB
  • 7. Crucial Security Concerns Enterprise API Mobile Security Security Security Copyright (C) 2012 Twobo Technologies AB
  • 8. Identity is Central Mobile Security MDM MAM Identity Enterprise A u API Security t Security h Z Copyright (C) 2012 Twobo Technologies AB Venn diagram by Gunnar Peterson
  • 9. Neo-security Stack OpenID Connect • SCIM, SAML, OAuth, and JWT are the new standards-based cloud security stack • OAuth 2 is the new meta-protocol defining how tokens are handled • These address old requirements, solves new problems & are composed in useful ways Grandpa SAML & junior • WS- again? Copyright (C) 2012 Twobo Technologies AB
  • 10. SAML + OAuth • Relay OAuth token in SAML messages • Use SAML tokens to authenticate OAuth clients or as the AS’s output token format • Use SAML SSO to authenticate users to AS Copyright (C) 2012 Twobo Technologies AB
  • 11. SCIM + OAuth • Use OAuth to secure SCIM API calls • Use SCIM to create accounts needed to access APIs secured using OAuth Copyright (C) 2012 Twobo Technologies AB
  • 12. Push Tokens & Pull Identities IdP/SCIM Server SP / SCIM Client User Data Get User Access token in federation message Browser Copyright (C) 2012 Twobo Technologies AB
  • 13. SCIM + SAML/OIC • Carry SCIM attributes in SAML assertions (bindings for SCIM) – Enables JIT provisioning – Supplements SCIM API & schema • Provisioning accounts using SCIM API to updated before/after logon Copyright (C) 2012 Twobo Technologies AB
  • 14. OpenID Connect • Builds on OAuth for profile sharing • Uses the flows optimized for user-consent scenarios • Adds identity-based inputs/outputs to core OAuth messages • Tokens are JWTs Copyright (C) 2012 Twobo Technologies AB
  • 15. User Managed Access • Also extends OAuth 2 • Allows users to centrally control distribution of their identity data • Used with Personal Data Stores (PDS) to create “identity data lockers” Copyright (C) 2012 Twobo Technologies AB