SlideShare une entreprise Scribd logo

CIS14: Identity at Scale: Next Gen Federation Architectures

CloudIDSummit
CloudIDSummit

Hans Zandbelt, Ping Identity Overview of the challenges we face when scaling up federation infrastructures, exploring possible ways to move forward and discussing protocols and concrete deployment architectures that allow for realizing Identity at Scale.

Technologie
1  sur  15
Télécharger pour lire hors ligne
NEXT GEN FEDERATION ARCHITECTURES Identity at Scale July 21st – Cloud Identity Summit 2014 Hans Zandbelt - CTO Office – Ping Identity Copyright © 2014 Ping Identity Corp.All rights reserved. 1
Overview 1 • Challenges in Federated IDM 2 • Strategies for Scaling FIDM 3 • Now What?
•  Manual Creation/Mgmt –  1-1 –  Increasing numbers •  Authoritative/authenticated source •  Updates –  Key rollover(!) Challenges Federated Identity Today IDPSP IDPSP IDPSP
•  No overarching trust model –  compare to SSL & Server Cert PKI •  No trust model, p2p –  No way forward to the IoT •  3rd party provided trust is key –  compare to SSL CA •  Apply to / across: –  Web SSO and API Access –  mutual authentication •  Technical Trust vs. Behavioral Trust Trust Model Beyond Standards and Protocols [1] http://shop.soundingboardink.com/shop/2011/01/18/an-operational-definition-of-trust/!
Architecture Evolution 1 App Fed App Fed App Fed 2 Federation Application/Access Server App App App 3 App App App Federation Server App. Server App. Server 4 Connection Management App Fed App Fed App App App. Server Federation
Architectural Separation of Concerns • Data Layer – Protocol Runtime – Message Processing • Control Layer – Technical Trust (protocol independent) – Connection Management Copyright © 2014 Ping Identity Corp.All rights reserved. 6
Trusted Shared Service •  Single/central/shared point of connection management (trust) •  Trusted 3rd party •  From: user trust scale through 2nd party to SP/IDP trust through 3rd-party •  Compares to TLS CA or DNS(sec) root hierarchy •  Challenge: problem reduced in size, shifted up one level IDPSP IDPSP IDPSP
•  Outsource metadata management to a central inband service •  Trust proxy only, relay to peers, inhouse/outhouse •  MxN -> M+N connections •  Technical trust may be combined with organizational trust •  Accommodate for different SAML implementations & protocol translations Solution 1: Proxy IDPSP IDPSP IDPSP Proxy SPIDP
Metadata •  Outsource metadata management to a central out- of-band service •  aka. multi-party federation •  Higher Education & Research: InCommon, UK Access Federation, 50+ •  Async technical trust (M+N) •  Sync direct peer-to-peer communication (MxN) •  Metadata upload (!) Solution 2: Metadata Service IDPSP IDPSP IDPSP SAML
•  1-sided responsibility instead of mutual –  Google SAML, Salesforce SAML, OIDC Dynamic Client Registration •  MxN connections+trust, but burden shifted to 1 party –  SAML: IDP, OIDC: RP –  Shift rather than reduce Solution 3*: Self Service / Registration Copyright © 2014 Ping Identity Corp.All rights reserved. 10 IDPSP IDPSP IDPSP
Network Applications IDENTITY ¤ •  Scalable Identification •  Scalable Security –  Authentication, Privacy, Confidentiality, Integrity •  Scalable Trust •  Scalable Attribute Exchange –  schemas The Identity Layer
OpenID Connect •  Discovery & Dynamic registration –  auto-creation –  auto-update (!) •  Easier to develop, deploy, manage •  Technical trust OOTB –  except for “disconnected” domains -> metadata service •  DEMO? Copyright © 2014 Ping Identity Corp.All rights reserved. 12
•  Separate protocols for SSO and API security •  Heavyweight - in payload and processing •  Complex – develop and manage •  Manual trust bootstrapping and certificate management* (it’s alive) •  SSO and API security in one •  Lightweight – mobile •  Simple – developer friendly •  Auto client registration and key management SAML and OpenID Connect SAML OpenID Connect
Recommendations •  Adopt solutions for Scaling Federated IDM beyond 2015 or 50 connections –  Short-term: auto-updates, long-term: auto-creation –  Multi/cross protocol -> trust framework & mechanisms •  Separate Trust/Connection Management from Protocol Runtime –  control plane and data plane + trust framework •  Global solution? –  A combination of Proxy & Metadata Service & Self-Service Copyright © 2014 Ping Identity Corp.All rights reserved. 14
Thank You http://www.pingidentity.com Hans Zandbelt hzandbelt@pingidentity.com Twitter: @hanszandbelt QUESTIONS?

Recommandé

WSO2Con EU 2016: Future of Integration: Next Generation ESB/Integration Server
WSO2Con EU 2016: Future of Integration: Next Generation ESB/Integration ServerWSO2Con EU 2016: Future of Integration: Next Generation ESB/Integration Server
WSO2Con EU 2016: Future of Integration: Next Generation ESB/Integration ServerWSO2
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the MeshNordic APIs
 
Transforming Retail Banking: Competitive Advantage through Microservices
Transforming Retail Banking: Competitive Advantage through MicroservicesTransforming Retail Banking: Competitive Advantage through Microservices
Transforming Retail Banking: Competitive Advantage through MicroservicesNuoDB
 
IBM InterConnect 2013 Cloud General Session: George Karidis
IBM InterConnect 2013 Cloud General Session: George KaridisIBM InterConnect 2013 Cloud General Session: George Karidis
IBM InterConnect 2013 Cloud General Session: George KaridisIBM Events
 
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration Platform
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration PlatformWSO2Con ASIA 2016: An Introduction to the WSO2 Integration Platform
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration PlatformWSO2
 
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17 IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17 Natalia Kataoka
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in ActionCloudIDSummit
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsApigee | Google Cloud
 

Recommandé

WSO2Con EU 2016: Future of Integration: Next Generation ESB/Integration Server
WSO2Con EU 2016: Future of Integration: Next Generation ESB/Integration ServerWSO2Con EU 2016: Future of Integration: Next Generation ESB/Integration Server
WSO2Con EU 2016: Future of Integration: Next Generation ESB/Integration ServerWSO2
 
APIs from the Edge to the Mesh
APIs from the Edge to the MeshAPIs from the Edge to the Mesh
APIs from the Edge to the MeshNordic APIs
 
Transforming Retail Banking: Competitive Advantage through Microservices
Transforming Retail Banking: Competitive Advantage through MicroservicesTransforming Retail Banking: Competitive Advantage through Microservices
Transforming Retail Banking: Competitive Advantage through MicroservicesNuoDB
 
IBM InterConnect 2013 Cloud General Session: George Karidis
IBM InterConnect 2013 Cloud General Session: George KaridisIBM InterConnect 2013 Cloud General Session: George Karidis
IBM InterConnect 2013 Cloud General Session: George KaridisIBM Events
 
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration Platform
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration PlatformWSO2Con ASIA 2016: An Introduction to the WSO2 Integration Platform
WSO2Con ASIA 2016: An Introduction to the WSO2 Integration PlatformWSO2
 
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17 IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17 Natalia Kataoka
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in ActionCloudIDSummit
 
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsDevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile AppsApigee | Google Cloud
 
WSO2Con EU 2016: Understanding the WSO2 API Management Platform
WSO2Con EU 2016: Understanding the WSO2 API Management PlatformWSO2Con EU 2016: Understanding the WSO2 API Management Platform
WSO2Con EU 2016: Understanding the WSO2 API Management PlatformWSO2
 
Livo presentation
Livo presentationLivo presentation
Livo presentationTamer Taşdelen
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
[WSO2 API Day Dallas 2019] Extending Service Mesh with API ManagementWSO2
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2
 
[WSO2 API Day Dallas 2019] API-Driven World
[WSO2 API Day Dallas 2019] API-Driven World[WSO2 API Day Dallas 2019] API-Driven World
[WSO2 API Day Dallas 2019] API-Driven WorldWSO2
 
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the EnterpriseWSO2
 
IntellectLink
IntellectLinkIntellectLink
IntellectLinkMarisa Saimur
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCloudIDSummit
 
Architecting SaaS
Architecting SaaSArchitecting SaaS
Architecting SaaSAxEdge Consulting
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identityNordic APIs
 
Delivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made EasyDelivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made EasyWSO2
 
OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16MikeLeszcz
 
Microintegration
MicrointegrationMicrointegration
MicrointegrationKasun Indrasiri
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingJoshuaCiccone2
 
Deep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer ArchitectureDeep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer ArchitectureWSO2
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2
 
Microservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerationsMicroservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerationsImam Uddin Ahamed - PRINCE2 ® , ITIL ®
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at ScaleCloudIDSummit
 
Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7
Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7 Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7
Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7 CA API Management
 

Contenu connexe

Tendances

WSO2Con EU 2016: Understanding the WSO2 API Management Platform
WSO2Con EU 2016: Understanding the WSO2 API Management PlatformWSO2Con EU 2016: Understanding the WSO2 API Management Platform
WSO2Con EU 2016: Understanding the WSO2 API Management PlatformWSO2
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
[WSO2 API Day Dallas 2019] Extending Service Mesh with API ManagementWSO2
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2
 
[WSO2 API Day Dallas 2019] API-Driven World
[WSO2 API Day Dallas 2019] API-Driven World[WSO2 API Day Dallas 2019] API-Driven World
[WSO2 API Day Dallas 2019] API-Driven WorldWSO2
 
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the EnterpriseWSO2
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCloudIDSummit
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identityNordic APIs
 
Delivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made EasyDelivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made EasyWSO2
 
OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16MikeLeszcz
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingJoshuaCiccone2
 
Deep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer ArchitectureDeep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer ArchitectureWSO2
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 

Tendances (20)

WSO2Con EU 2016: Understanding the WSO2 API Management Platform
WSO2Con EU 2016: Understanding the WSO2 API Management PlatformWSO2Con EU 2016: Understanding the WSO2 API Management Platform
WSO2Con EU 2016: Understanding the WSO2 API Management Platform
 
Livo presentation
Livo presentationLivo presentation
Livo presentation
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
 
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
[WSO2 API Day Dallas 2019] Extending Service Mesh with API Management
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
 
[WSO2 API Day Dallas 2019] API-Driven World
[WSO2 API Day Dallas 2019] API-Driven World[WSO2 API Day Dallas 2019] API-Driven World
[WSO2 API Day Dallas 2019] API-Driven World
 
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Dallas 2019] Cloud-native Integration for the Enterprise
 
IntellectLink
IntellectLinkIntellectLink
IntellectLink
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans Zandbelt
 
Architecting SaaS
Architecting SaaSArchitecting SaaS
Architecting SaaS
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identity
 
Delivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made EasyDelivering the Promise of SOA - Enterprise Integration Made Easy
Delivering the Promise of SOA - Enterprise Integration Made Easy
 
OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16
 
Microintegration
MicrointegrationMicrointegration
Microintegration
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffing
 
Deep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer ArchitectureDeep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer Architecture
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
 
Microservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerationsMicroservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerations
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 

Similaire à CIS14: Identity at Scale: Next Gen Federation Architectures

CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at ScaleCloudIDSummit
 
Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7
Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7 Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7
Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7 CA API Management
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingAvtex
 
API Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAPI Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAkana
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computingikanow
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPROIDEA
 
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDBMongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDBMongoDB
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeSumant Tambe
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeReal-Time Innovations (RTI)
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunk
 
The Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryThe Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryOpSource
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Introduction to Event-Driven Architecture
Introduction to Event-Driven Architecture Introduction to Event-Driven Architecture
Introduction to Event-Driven Architecture Solace
 
CASE STUDY: UK NATIONAL HEALTH SERVICE
CASE STUDY: UK NATIONAL HEALTH SERVICECASE STUDY: UK NATIONAL HEALTH SERVICE
CASE STUDY: UK NATIONAL HEALTH SERVICEForgeRock
 
Hp containerized data center infrastructure monitoring solutionv.2
Hp containerized data center infrastructure monitoring solutionv.2Hp containerized data center infrastructure monitoring solutionv.2
Hp containerized data center infrastructure monitoring solutionv.2Matt Brown
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Phil Copperwheat
 
Solution day : Running infrastructure like a cloud speed and agile
Solution day : Running infrastructure like a cloud speed and agileSolution day : Running infrastructure like a cloud speed and agile
Solution day : Running infrastructure like a cloud speed and agilePT Datacomm Diangraha
 

Similaire à CIS14: Identity at Scale: Next Gen Federation Architectures (20)

CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
 
Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7
Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7 Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7
Identity in an API Economy KuppingerCole Webinar Sponsored by Layer 7
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile Computing
 
API Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of MicroservicesAPI Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of Microservices
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
 
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDBMongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/Subscribe
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/Subscribe
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT Operations
 
The Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryThe Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS Delivery
 
EasyStack True Private Cloud | Quek Keng Oei
EasyStack True Private Cloud | Quek Keng OeiEasyStack True Private Cloud | Quek Keng Oei
EasyStack True Private Cloud | Quek Keng Oei
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
Introduction to Event-Driven Architecture
Introduction to Event-Driven Architecture Introduction to Event-Driven Architecture
Introduction to Event-Driven Architecture
 
CASE STUDY: UK NATIONAL HEALTH SERVICE
CASE STUDY: UK NATIONAL HEALTH SERVICECASE STUDY: UK NATIONAL HEALTH SERVICE
CASE STUDY: UK NATIONAL HEALTH SERVICE
 
Hp containerized data center infrastructure monitoring solutionv.2
Hp containerized data center infrastructure monitoring solutionv.2Hp containerized data center infrastructure monitoring solutionv.2
Hp containerized data center infrastructure monitoring solutionv.2
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
 
Solution day : Running infrastructure like a cloud speed and agile
Solution day : Running infrastructure like a cloud speed and agileSolution day : Running infrastructure like a cloud speed and agile
Solution day : Running infrastructure like a cloud speed and agile
 

Plus de CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 
CIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin WiltonCIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin WiltonCloudIDSummit
 

Plus de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 
CIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin WiltonCIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin Wilton
 

Dernier

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Dernier (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

CIS14: Identity at Scale: Next Gen Federation Architectures

  • 1. NEXT GEN FEDERATION ARCHITECTURES Identity at Scale July 21st – Cloud Identity Summit 2014 Hans Zandbelt - CTO Office – Ping Identity Copyright © 2014 Ping Identity Corp.All rights reserved. 1
  • 2. Overview 1 • Challenges in Federated IDM 2 • Strategies for Scaling FIDM 3 • Now What?
  • 3. •  Manual Creation/Mgmt –  1-1 –  Increasing numbers •  Authoritative/authenticated source •  Updates –  Key rollover(!) Challenges Federated Identity Today IDPSP IDPSP IDPSP
  • 4. •  No overarching trust model –  compare to SSL & Server Cert PKI •  No trust model, p2p –  No way forward to the IoT •  3rd party provided trust is key –  compare to SSL CA •  Apply to / across: –  Web SSO and API Access –  mutual authentication •  Technical Trust vs. Behavioral Trust Trust Model Beyond Standards and Protocols [1] http://shop.soundingboardink.com/shop/2011/01/18/an-operational-definition-of-trust/!
  • 5. Architecture Evolution 1 App Fed App Fed App Fed 2 Federation Application/Access Server App App App 3 App App App Federation Server App. Server App. Server 4 Connection Management App Fed App Fed App App App. Server Federation
  • 6. Architectural Separation of Concerns • Data Layer – Protocol Runtime – Message Processing • Control Layer – Technical Trust (protocol independent) – Connection Management Copyright © 2014 Ping Identity Corp.All rights reserved. 6
  • 7. Trusted Shared Service •  Single/central/shared point of connection management (trust) •  Trusted 3rd party •  From: user trust scale through 2nd party to SP/IDP trust through 3rd-party •  Compares to TLS CA or DNS(sec) root hierarchy •  Challenge: problem reduced in size, shifted up one level IDPSP IDPSP IDPSP
  • 8. •  Outsource metadata management to a central inband service •  Trust proxy only, relay to peers, inhouse/outhouse •  MxN -> M+N connections •  Technical trust may be combined with organizational trust •  Accommodate for different SAML implementations & protocol translations Solution 1: Proxy IDPSP IDPSP IDPSP Proxy SPIDP
  • 9. Metadata •  Outsource metadata management to a central out- of-band service •  aka. multi-party federation •  Higher Education & Research: InCommon, UK Access Federation, 50+ •  Async technical trust (M+N) •  Sync direct peer-to-peer communication (MxN) •  Metadata upload (!) Solution 2: Metadata Service IDPSP IDPSP IDPSP SAML
  • 10. •  1-sided responsibility instead of mutual –  Google SAML, Salesforce SAML, OIDC Dynamic Client Registration •  MxN connections+trust, but burden shifted to 1 party –  SAML: IDP, OIDC: RP –  Shift rather than reduce Solution 3*: Self Service / Registration Copyright © 2014 Ping Identity Corp.All rights reserved. 10 IDPSP IDPSP IDPSP
  • 11. Network Applications IDENTITY ¤ •  Scalable Identification •  Scalable Security –  Authentication, Privacy, Confidentiality, Integrity •  Scalable Trust •  Scalable Attribute Exchange –  schemas The Identity Layer
  • 12. OpenID Connect •  Discovery & Dynamic registration –  auto-creation –  auto-update (!) •  Easier to develop, deploy, manage •  Technical trust OOTB –  except for “disconnected” domains -> metadata service •  DEMO? Copyright © 2014 Ping Identity Corp.All rights reserved. 12
  • 13. •  Separate protocols for SSO and API security •  Heavyweight - in payload and processing •  Complex – develop and manage •  Manual trust bootstrapping and certificate management* (it’s alive) •  SSO and API security in one •  Lightweight – mobile •  Simple – developer friendly •  Auto client registration and key management SAML and OpenID Connect SAML OpenID Connect
  • 14. Recommendations •  Adopt solutions for Scaling Federated IDM beyond 2015 or 50 connections –  Short-term: auto-updates, long-term: auto-creation –  Multi/cross protocol -> trust framework & mechanisms •  Separate Trust/Connection Management from Protocol Runtime –  control plane and data plane + trust framework •  Global solution? –  A combination of Proxy & Metadata Service & Self-Service Copyright © 2014 Ping Identity Corp.All rights reserved. 14