SlideShare une entreprise Scribd logo

Ymens - Cloud Identity Crisis - Dev Talks 2015

Vlad Mihnea
Vlad Mihnea

Cloud Identity Crisis and the Role of the Identity Broker

Internet
1  sur  23
Télécharger pour lire hors ligne
Vlad Mihnea, R&D Manager Cloud Identity Crisis and the Identity Broker
Identity: Definition Set of information (attributes) by which an individual is definitively distinguished within a context, such as an application þ Identity Attributes: §  Physiological attributes §  Biographical information §  Issued credentials §  “Secret” information (e.g. history)
þ  Height: 192cm þ  Weight: 106kg þ  Skin Color: White þ  Eye Color: Blue þ  Hair Color: Black þ  Place of Birth: Krypton þ  Identity: Secret þ  Citizenship: Kryptonian, American þ  Base: Metropolis, Fortress of Solitude þ  Occupation: Journalist, Super Hero þ  Employer: Daily Planet, Self- employed
Superman is Clark Kent
Clark Kent is an employee of Daily Planet
Clark Kent is a social being
Clark Kent is an adopted son
Superman is also Kal El, citizen of Krypton
Superman: One User – Many Identities Login Email Credentials superman superman@superman.superman ********** Login Email Credentials kel kal.el@krypton.gov.ws ********** Login Email Credentials clark.kent clark.kent@dailyplanet.com ********** Login Email Credentials superboy1977 superboy1977@gmail.com **********
Cloud Identity Crisis: Complex & Fragmented 3 Create Delete Attribute Sync Active Directory HR (PeopleSoft, SAP) Cloud Office365, Workday, Salesforce, etc Application Owner Business Manager Users IT Helpdesk Administrator Administrator Financials SharePoint Sales Partners, customers, et
þ Complexity: One user, many identities §  If a user has more than one identity then they will deal with that complexity by having easy to remember credentials which makes them a weak link for hackers þ Fragmentation: Many apps, many systems §  If applications have separate identity systems then it becomes a manual job to maintain the integrity of the identities on that system for events such as staff changes þ Complexity & Fragmentation => Entropy §  A fragmented identity system leads to fragmented accountability, allowing suspect users to identify using unapproved applications Cloud Identity Crisis: Complex & Hybrid
Cloud Service Broker Social Sign-on Enterprise IAM Consumer B2B ````````````````````` SaaS/PaaS/IaaS On-premise / Legacy Consumer Apps •  Employees •  Contractors •  Partners Marketplace SSO IdM Billing Portal ⊆ Cloud Identity Broker
þ Service Brokers - The Cloud Marketplace §  Cloud Exchange for the enterprise and cloud services: broker service that integrates, manages and bills cloud services §  Essential to the transformation of traditional IT into IT as a Service þ Identity Brokers - The Cloud Identity Hub §  IDaaS: Enables the provisioning and life-cycle management of users across external cloud services §  Virtual Directory in the cloud that brokers identity from the enterprise to external clouds providers Cloud Service Broker ⊆ Cloud Identity Broker
2 Operations ① Provisioning ② Single Sing-On 2 Worlds ① Work ② Home 2 Directions ① Inbound ② Outbound Identity Broker: Functions
Key Features: •  Governance •  Hubris Key Features: •  “Solving the right problem” •  Enterprise-only scope Key Features: •  Agility •  Cloud friendliness •  Robustness ID Protocols: Emerging Standards have an Edge Source: TechRadar For Security Pros: Zero Trust Identity Standards, Q3 2012
ID Protocols: Relevant Jargon OAuth 2.0 §  Auth Server §  Resource Server OpenID Connect 1.0 §  OpenID Provider §  Relying Party §  User Claims §  Client Claims SAML 2.0 §  Identity Provider §  Service Provider §  Attributes §  SP Metadata §  Service Provider: A web application that provides identity information via the SCIM protocol §  Consumer: An application that uses the SCIM protocol to manage identity data maintained by the Service Provider §  Resource: The Service Provider managed artifact containing one or more attributes; e.g., User or Group SCIM
ID Protocols: Comparison OAuth 2.0 §  Not responsible for session initiation §  Collects user’s consent to share attributes §  No actual identity tokens §  No actual claims, protects APIs §  Client onboarding is static §  No session OpenID Connect 1.0 §  Initiating user’s login session §  Collects user’s consent to share attributes §  High-security identity tokens §  Distributed and aggregated claims §  Dynamic onboarding §  Session timeout SAML 2.0 §  Initiating user’s login session §  Not responsible for collecting user consent §  High-security identity tokens §  Distributed and aggregated claims §  Client onboarding is static §  Session timeout
þ  SAML þ  OpenID þ  OpenID Connect þ  OAuth þ  SPML þ  SCIM þ  WS-Federation þ  XACML Identified Standards Identified Gaps ¨  Configuration and association with an IdP is not standardized ¨  No standards or rules for mapping or transforming attributes between different domains ¨  No profiles or standard roles and related attributes ¨  No standards for attributes ¨  No audit standards for IDM systems ID Protocols: Standards & Gaps
Identity Broker & Protocols: Our Vision SOAP HTTP OpenID Connect SCIM OAuth2 OpenID OpenID Connect SCIM SAML2 Cloud Apps Social Enterprise
Superman: Identity Broker – Identity Union Global ID Local Login Email Credentials kal.el superman superman@superman.superman ********** clark.kent clark.kent@dailyplanet.com ********** superboy1977 superboy1977@gmail.com ********** kel kal.el@krypton.gov.ws **********
① Open Standards Matter ② Cloud Identity is Hybrid ③ BYOA permeates the Enterprise ④ Identity is the new Control Plane Cloud Identity: Future
Cloud Identity: Final Thoughts “So long, Superman! Your secret identity is safe with me!” The Simpsons TV Episode 1992 vlad.mihnea@ymens.com

Recommandé

CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
User Authentication and Cloud Authorization in the Galaxy project: https://do...
User Authentication and Cloud Authorization in the Galaxy project: https://do...User Authentication and Cloud Authorization in the Galaxy project: https://do...
User Authentication and Cloud Authorization in the Galaxy project: https://do...Vahid Jalili
 
cloud
cloudcloud
cloudcarlos1208
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveGranikos GmbH & Co. KG
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 

Recommandé

CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCloudIDSummit
 
User Authentication and Cloud Authorization in the Galaxy project: https://do...
User Authentication and Cloud Authorization in the Galaxy project: https://do...User Authentication and Cloud Authorization in the Galaxy project: https://do...
User Authentication and Cloud Authorization in the Galaxy project: https://do...Vahid Jalili
 
cloud
cloudcloud
cloudcarlos1208
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveGranikos GmbH & Co. KG
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authenticationjeremysbrown
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
Ad fs
Ad fsAd fs
Ad fsIván Sanchez Vera
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID ConnectMarcin Wolnik
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFSNatallia Makarevich
 
Vcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabadVcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabadAcutelearn Technologies
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordelguest2a1135
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
Server to Server API Security
Server to Server API SecurityServer to Server API Security
Server to Server API SecurityGanesh Ghag
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSteven Van de Craen
 
Overview of Cloud Computing
Overview of Cloud ComputingOverview of Cloud Computing
Overview of Cloud ComputingPeter R. Egli
 
Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015Software Park Thailand
 
Radványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titokRadványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titokMeetOFF
 
Docker presentation
Docker presentationDocker presentation
Docker presentationmhprogramr
 

Contenu connexe

Tendances

Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authenticationjeremysbrown
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID ConnectMarcin Wolnik
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Vcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabadVcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabadAcutelearn Technologies
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordelguest2a1135
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
Server to Server API Security
Server to Server API SecurityServer to Server API Security
Server to Server API SecurityGanesh Ghag
 

Tendances (18)

Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authentication
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
 
Ad fs
Ad fsAd fs
Ad fs
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
 
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
Presentation
PresentationPresentation
Presentation
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID Connect
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.net
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
 
Vcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabadVcloud computing course Training in hyderabad
Vcloud computing course Training in hyderabad
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordel
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
 
Server to Server API Security
Server to Server API SecurityServer to Server API Security
Server to Server API Security
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devs
 

En vedette

Overview of Cloud Computing
Overview of Cloud ComputingOverview of Cloud Computing
Overview of Cloud ComputingPeter R. Egli
 
Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015Software Park Thailand
 
Radványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titokRadványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titokMeetOFF
 
Docker presentation
Docker presentationDocker presentation
Docker presentationmhprogramr
 
Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Patrick Chanezon
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessForgeRock
 
Continuous Delivery leveraging on Docker CaaS by Adrien Blind
Continuous Delivery leveraging on Docker CaaS by Adrien BlindContinuous Delivery leveraging on Docker CaaS by Adrien Blind
Continuous Delivery leveraging on Docker CaaS by Adrien BlindDocker, Inc.
 
Joomla Continuous Delivery with Docker
Joomla Continuous Delivery with DockerJoomla Continuous Delivery with Docker
Joomla Continuous Delivery with DockerJirayut Nimsaeng
 
Docker, Containers and the Future of Application Delivery
Docker, Containers and the Future of Application DeliveryDocker, Containers and the Future of Application Delivery
Docker, Containers and the Future of Application DeliveryDocker, Inc.
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelSarah Moore
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 

En vedette (11)

Overview of Cloud Computing
Overview of Cloud ComputingOverview of Cloud Computing
Overview of Cloud Computing
 
Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015Cloud Computing Opportunities for SMEs Towards AEC 2015
Cloud Computing Opportunities for SMEs Towards AEC 2015
 
Radványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titokRadványi Tibor: Fényérték.hu - a közösségi titok
Radványi Tibor: Fényérték.hu - a közösségi titok
 
Docker presentation
Docker presentationDocker presentation
Docker presentation
 
Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
 
Continuous Delivery leveraging on Docker CaaS by Adrien Blind
Continuous Delivery leveraging on Docker CaaS by Adrien BlindContinuous Delivery leveraging on Docker CaaS by Adrien Blind
Continuous Delivery leveraging on Docker CaaS by Adrien Blind
 
Joomla Continuous Delivery with Docker
Joomla Continuous Delivery with DockerJoomla Continuous Delivery with Docker
Joomla Continuous Delivery with Docker
 
Docker, Containers and the Future of Application Delivery
Docker, Containers and the Future of Application DeliveryDocker, Containers and the Future of Application Delivery
Docker, Containers and the Future of Application Delivery
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 

Similaire à Ymens - Cloud Identity Crisis - Dev Talks 2015

OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Amazon Web Services
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCloudIDSummit
 
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptx
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptxTrack 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptx
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptxAmazon Web Services
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New BlackWSO2
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018MOnCloud
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Andrew Hughes
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
ESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationEdin Kapic
 
Identity, Security and XML Web Services
Identity, Security and XML Web ServicesIdentity, Security and XML Web Services
Identity, Security and XML Web ServicesJorgen Thelin
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentForgeRock
 

Similaire à Ymens - Cloud Identity Crisis - Dev Talks 2015 (20)

OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSO
 
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptx
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptxTrack 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptx
Track 5 Session 6_ BLC01 透過 Amazon Managed Blockchain 與 Amazon QLDB 打造區塊鍊應用.pptx
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign Identity
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
 
.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
ESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and Authorization
 
Identity, Security and XML Web Services
Identity, Security and XML Web ServicesIdentity, Security and XML Web Services
Identity, Security and XML Web Services
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration Component
 

Dernier

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...SUHANI PANDEY
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceEscorts Call Girls
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceDelhi Call girls
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...SUHANI PANDEY
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...nilamkumrai
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 

Dernier (20)

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 

Ymens - Cloud Identity Crisis - Dev Talks 2015

  • 1. Vlad Mihnea, R&D Manager Cloud Identity Crisis and the Identity Broker
  • 2.
  • 3. Identity: Definition Set of information (attributes) by which an individual is definitively distinguished within a context, such as an application þ Identity Attributes: §  Physiological attributes §  Biographical information §  Issued credentials §  “Secret” information (e.g. history)
  • 4. þ  Height: 192cm þ  Weight: 106kg þ  Skin Color: White þ  Eye Color: Blue þ  Hair Color: Black þ  Place of Birth: Krypton þ  Identity: Secret þ  Citizenship: Kryptonian, American þ  Base: Metropolis, Fortress of Solitude þ  Occupation: Journalist, Super Hero þ  Employer: Daily Planet, Self- employed
  • 6. Clark Kent is an employee of Daily Planet
  • 7. Clark Kent is a social being
  • 8. Clark Kent is an adopted son
  • 9. Superman is also Kal El, citizen of Krypton
  • 10. Superman: One User – Many Identities Login Email Credentials superman superman@superman.superman ********** Login Email Credentials kel kal.el@krypton.gov.ws ********** Login Email Credentials clark.kent clark.kent@dailyplanet.com ********** Login Email Credentials superboy1977 superboy1977@gmail.com **********
  • 11. Cloud Identity Crisis: Complex & Fragmented 3 Create Delete Attribute Sync Active Directory HR (PeopleSoft, SAP) Cloud Office365, Workday, Salesforce, etc Application Owner Business Manager Users IT Helpdesk Administrator Administrator Financials SharePoint Sales Partners, customers, et
  • 12. þ Complexity: One user, many identities §  If a user has more than one identity then they will deal with that complexity by having easy to remember credentials which makes them a weak link for hackers þ Fragmentation: Many apps, many systems §  If applications have separate identity systems then it becomes a manual job to maintain the integrity of the identities on that system for events such as staff changes þ Complexity & Fragmentation => Entropy §  A fragmented identity system leads to fragmented accountability, allowing suspect users to identify using unapproved applications Cloud Identity Crisis: Complex & Hybrid
  • 13. Cloud Service Broker Social Sign-on Enterprise IAM Consumer B2B ````````````````````` SaaS/PaaS/IaaS On-premise / Legacy Consumer Apps •  Employees •  Contractors •  Partners Marketplace SSO IdM Billing Portal ⊆ Cloud Identity Broker
  • 14. þ Service Brokers - The Cloud Marketplace §  Cloud Exchange for the enterprise and cloud services: broker service that integrates, manages and bills cloud services §  Essential to the transformation of traditional IT into IT as a Service þ Identity Brokers - The Cloud Identity Hub §  IDaaS: Enables the provisioning and life-cycle management of users across external cloud services §  Virtual Directory in the cloud that brokers identity from the enterprise to external clouds providers Cloud Service Broker ⊆ Cloud Identity Broker
  • 15. 2 Operations ① Provisioning ② Single Sing-On 2 Worlds ① Work ② Home 2 Directions ① Inbound ② Outbound Identity Broker: Functions
  • 16. Key Features: •  Governance •  Hubris Key Features: •  “Solving the right problem” •  Enterprise-only scope Key Features: •  Agility •  Cloud friendliness •  Robustness ID Protocols: Emerging Standards have an Edge Source: TechRadar For Security Pros: Zero Trust Identity Standards, Q3 2012
  • 17. ID Protocols: Relevant Jargon OAuth 2.0 §  Auth Server §  Resource Server OpenID Connect 1.0 §  OpenID Provider §  Relying Party §  User Claims §  Client Claims SAML 2.0 §  Identity Provider §  Service Provider §  Attributes §  SP Metadata §  Service Provider: A web application that provides identity information via the SCIM protocol §  Consumer: An application that uses the SCIM protocol to manage identity data maintained by the Service Provider §  Resource: The Service Provider managed artifact containing one or more attributes; e.g., User or Group SCIM
  • 18. ID Protocols: Comparison OAuth 2.0 §  Not responsible for session initiation §  Collects user’s consent to share attributes §  No actual identity tokens §  No actual claims, protects APIs §  Client onboarding is static §  No session OpenID Connect 1.0 §  Initiating user’s login session §  Collects user’s consent to share attributes §  High-security identity tokens §  Distributed and aggregated claims §  Dynamic onboarding §  Session timeout SAML 2.0 §  Initiating user’s login session §  Not responsible for collecting user consent §  High-security identity tokens §  Distributed and aggregated claims §  Client onboarding is static §  Session timeout
  • 19. þ  SAML þ  OpenID þ  OpenID Connect þ  OAuth þ  SPML þ  SCIM þ  WS-Federation þ  XACML Identified Standards Identified Gaps ¨  Configuration and association with an IdP is not standardized ¨  No standards or rules for mapping or transforming attributes between different domains ¨  No profiles or standard roles and related attributes ¨  No standards for attributes ¨  No audit standards for IDM systems ID Protocols: Standards & Gaps
  • 20. Identity Broker & Protocols: Our Vision SOAP HTTP OpenID Connect SCIM OAuth2 OpenID OpenID Connect SCIM SAML2 Cloud Apps Social Enterprise
  • 21. Superman: Identity Broker – Identity Union Global ID Local Login Email Credentials kal.el superman superman@superman.superman ********** clark.kent clark.kent@dailyplanet.com ********** superboy1977 superboy1977@gmail.com ********** kel kal.el@krypton.gov.ws **********
  • 22. ① Open Standards Matter ② Cloud Identity is Hybrid ③ BYOA permeates the Enterprise ④ Identity is the new Control Plane Cloud Identity: Future
  • 23. Cloud Identity: Final Thoughts “So long, Superman! Your secret identity is safe with me!” The Simpsons TV Episode 1992 vlad.mihnea@ymens.com