cloud identity webinar
TRANSCRIPT
Identity in the Cloud
Prabath Siriwardena
Security Architect & Product Manager(Identity Server), WSO2
Apache Axis2/Rampart committer
6 years industry experience
Founded in 2005 by acknowledgedleaders in XML, Web ServicesTechnologies & Standards and Open Source
Producing entire middleware platform 100%open source under Apache license
Business model is to sell comprehensivesupport & maintenance for our products
Venture funded by Intel Capital
Global corporation with offices in USA, UK& Sri Lanka
80+ employees and growing
WSO2 SOA Platform
WSO2 Cloud Computing
• Cloud virtual machines: software virtual machines
– WSO2 products as Amazon EC2, VMWare & KVM images
• Cloud connectors: connecting the cloud to the enterprise
– Cloud Services Gateway
– Service Accelerator
• Cloud services: SOA software as a service
– Governance as a Service
– Identity as a Service
• Cloud middleware: building multi-tenant services & applications
Engagement Model
• Quick Start– Combination of consulting, training and POC development in
one week by WSO2 on-site team working hand-in-hand with your team
• Development Support– On-going support for your engineering teams
• Production Support– Full 24x7x365 enterprise support– Regular service packs and updates to keep your system
secure and robust
IDENTITY goes hand in hand with TRUST
What makes my IDENTITY?
My AGE is part of my IDENTITY
My NAME is part of my IDENTITY
My PHONE NUMBER is part of my IDENTITY
My e-MAIL is part of my IDENTITY
My SSN is part of my IDENTITY
Who needs my IDENTITY?
My HR MANAGER
My FINANCE MANAGER
My PROJECT MANAGER
PARTNERS of my company
WHO Else ?
How do we share data related to IDENTITY ???
Directory Services AD/LDAP
Directory Services AD/LDAP
IDENTITY attributes maintained in a central repo
Directory Services AD/LDAP
IDENTITY attributes shared across multiple applications within the same domain
Directory Services AD/LDAP
Enterprise SSO can be established within participating applications
Directory Services AD/LDAP
Directory awareness at the individual application level
IDENTITY as a service
IDENTITY as a service
Integrates IDENTITY services into application development
IDENTITY as a service
Decouples IDENTITY related logic from individual application business logic
IDENTITY as a service
Decouples IDENTITY related logic from individual application business logic
IDENTITY as a service
User, IDENTITY related data externalized from the applications themselves
IDENTITY as a service
Adheres to SOA standards
IDENTITY SERVICES
IDENTITY PROVIDER
Externalize IDENTITY attributes
IDENTITY PROVIDER
Information Cards
IDENTITY PROVIDER
OpenID
IDENTITY PROVIDER
Identity Governance Framework [IGF]
Authentication
User name / password
Authentication
User centric identity : Information cards/OpenID
Authorization
Manages authorization logic
Authorization
XACML
Authorization - XACML
A general purpose authorization policy language
Provisioning
Supports administration of IDENTITY & ACCESS Management
Provisioning
Provides centralized policy administration and controls
Provisioning
SPML
Auditing
Audit all IDENTITY events
Auditing - XDAS
Distribute Audit Service
Auditing - XDAS
The principle of accountability
Auditing - XDAS
Detection of security policy violations
Identity Services
On-premise Identity Management
Moving to the cloud….
Powered By
Identity
Identity
Identity
OpenID
Identity
OpenIDInfoCard
Identity
OpenIDInfoCard
STS
Identity
OpenIDInfoCard
STSSAML2
Identity
OpenIDInfoCard
STSSAML2
OpenID
WSO2 Cloud Identity
1
Internal user tries to login to Liferay / Drupal running on intranet
1
WSO2 Cloud Identity
2
OpenID relying party plug-in redirects the user to WSO2 Cloud Identity OpenID provider for authentication
2
1
WSO2 Cloud Identity
3
After authentication user redirected back to Liferay / Drupal
3
2
1
Identity
OpenIDInfoCard
STSSAML2
SAML 2.0
Entitlement
OpenIDInfoCard
STSSAML2
Entitlement
XACML
Thank You…!!!
http://wso2.com
http://wso2.com/about/contact