Hitchhikers Guide to the Identiverse - How Federated Business will Rule the World
•
12 likes•19,122 views
Hitchhikers know everything exciting happens outside the lines, like cloud, mobile, social, big data and the internet of things. The challenge of navigating today’s universe is lack of portable, automated, discoverable and scalable identity management. DON’T PANIC. This presentation from Ping Identity CTO Patrick Harding explains how a next-generation identity and access management layer encompassing the identity of people and things, passive analytics, active feedback and automated connections to partners, customers, and apps is the modern Hitchhiker’s Guide to the Identiverse. Presented at Gartner Catalyst 2013.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Hitchhikers Guide to the Identiverse - How Federated Business will Rule the World
Similar to Hitchhikers Guide to the Identiverse - How Federated Business will Rule the World (20)
More from Ping Identity
More from Ping Identity (18)
Recently uploaded
Recently uploaded (20)
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the World
- 1. Click to edit Master title style Copyright ©2013 Ping Identity Corporation.All rights reserved.1
- 2. Copyright ©2012 Ping Identity Corporation.All rights reserved.2 HOW FEDERATED BUSINESS WILL RULE THE WORLD
- 3. THE IDENTITY INDUSTRY ISABOUTTO EXPLODE
- 4. TODAY
- 5. FUTURE
- 7. Trove of medical devices found to have password problems. Surgical devices, ventilators, defibrillators, and monitors are among the equipment at risk The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the Department of Homeland Security and the Food and Drug Administration (FDA) are warning that the vulnerability could allow attackers to change critical settings and modify firmware. ZDNet – 17 June 2013 http://zd.net/17j5RGY HEADLINES WE DON’T WANT TO SEE
- 8. Copyright ©2012 Ping Identity Corporation.All rights reserved.8 OURMISSION Network Applications IDENTITY
- 9. Identiverse (i-ˈden-tə-vərs) noun The Identiverse is a more perfect digital world of people, applications, and devices that all recognize and interact with each other. When everything is identity-aware and access is ubiquitous, the Identiverse will provide superior security and freedom to realize the full potential of digital economy.
- 10. 1. Everything has an identity (apps, devices, people) 2. Authentication is multifactor (and rarely passwords) 3. APIs are Ubiquitous 4. Standards are Everywhere 5. Access is Federated 6. Privacy is Possible SIX FUNDAMENTAL PILLARS OFTHE IDENTIVERSE
- 11. Copyright ©2012 Ping Identity Corporation.All rights reserved.11 IDENTIY IS ALWAYS ON Identity becomes portable, enabled via an identity services layer that is leveraged byALL applications… much like databases and the network are today.
- 12. EMERGING BUSINESS LANDSCAPE Federated Business Mobile Ubiquity Social Integration Internet of Things
- 13. Secure Identity Layer EMERGING BUSINESS LANDSCAPE Federated Business Mobile Ubiquity Social Integration Internet of Things
- 14. Secure Identity Layer EMERGING BUSINESS LANDSCAPE Federated Business Mobile Ubiquity Social Integration Internet of Things
- 15. Federated Business Mobile Ubiquity Social Integration Internet of Things Secure Identity Layer EMERGING BUSINESS LANDSCAPE
- 16. Federated Business Mobile Ubiquity Social Integration Internet of Things Secure Identity Layer EMERGING BUSINESS LANDSCAPE
- 17. Federated Business Mobile Ubiquity Social Integration Internet of Things Secure Identity Layer EMERGING BUSINESS LANDSCAPE
- 18. Mobile Ubiquity Social Integration Internet of Things Secure Identity Layer EMERGING BUSINESS LANDSCAPE
- 19. FUNDAMENTAL TENETS TO SCALE • No more passwords • Automate as much as possible – Eliminate IT Administrative overhead – Application registration is dynamic • Ease of use – Effortless self service – Developer-friendly – IT-friendly – User-friendly
- 20. TODAY’S IDENTITY PROTOCOL LANDSCAPE SAML LDAP X.509
- 21. MODERN IDENTITY PROTOCOL STACK OAuth 2.0
- 22. MODERN IDENTITY PROTOCOL STACK OpenID Connect SCIM OAuth 2.0
- 23. Security for APIs API’S FOR IDENTITY OpenID Connect SCIM
- 24. Security for APIs User Authentication API API’S FOR IDENTITY SCIM
- 25. Security for APIs User Authentication API User Management API API’S FOR IDENTITY
- 26. Security for APIs User Authentication API User Management API API’S FOR IDENTITY (Not identity-enabled APIs)
- 27. WHAT IS ACTIONABLE? • Apps and devices need a modern identity protocol stack – Starts with Oauth 2.0, OpenID Connect and SCIM • No more passwords – Federated access by default • Ease of use means automate everything – Or enable self-service as a backup
- 28. Copyright ©2012 Ping Identity Corporation.All rights reserved.28 WHAT IS THE ANSWER TO THE ULTIMATE QUESTION OF LIFE,THE UNIVERSE AND EVERYTHING?
- 29. Click to edit Master title style Copyright ©2013 Ping Identity Corporation.All rights reserved.29 THANKYOU In the perfect digital world everything is identity-aware and access is ubiquitous. Help write the next chapter in the hitchhiker’s guide. HOW? Join Ping Identity’s hospitality suite and enjoy a Pan Galactic Gargle Blaster and use your NEW Up by Jawbone to log whether its effects are, “similar to having your brains smashed in by a slice of lemon wrapped round a large gold brick.” Tweet using hashtag #identiverse
Editor's Notes
- Hitchhikers know everything exciting happens outside the lines, like cloud, mobile, social, big data and the internet of things.The challenge of navigating today’s universe is lack of portable, automated, discoverable and scalable identity management.DON’T PANIC. I’ll explain how a next-generation identity and access management layer encompassing the identity of:people and thingspassive analyticsactive feedbackand automated connections to partners, customers, and apps is the modern Hitchhiker’s Guide to the Identiverse.
- As the collision of cloud-mobile-social grows to it’s inevitable conclusion, we are facing a massive explosion of internet endpoints, and a desperate future problem of securing and coordinating them.
- Today we are at the “craftsman” stage of identity. Carefully constructed connections allow a small number of endpoints and users to be secured.
- The future isexponential growth of
- VINT CERF PUNTNEEDS TO BE HYBRID
- This will be true of enterprise applications as well as (and more importantly) consumer applications. This is the path that Ping has started upon, and continues down. Consumerization of IT will likely drive consumer identity protocols into the enterprise – OpenID Connect being an example.
- Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcIdentity must become portable to drive ease of useInternet of Things - every thing has a unique identifier
- Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
- Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
- Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
- Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
- Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
- Highly dsitrbiuted nature of business – mobile, cloud, SaaS, outsorcing, PaaS, IaaSetcInternet of Things
- Modern Identity LandscapeTargeted at Application developersLearnt from previous attempts
- Two pillars of scalable modern identity: SCIM and OIDCOIDC is crucial for modern identity IdP discovery – important as number of IdPS increase in the modern identity era.Applicaton registration. Provides a mechanism ernidetntiy. Scale: to enable applications (be they on mobile devices or web applications) to act on behalf of the user to do things.Finally delivers SSO via ID token for native devices (pivot to OAuth).SCIMAuthorization and SSO isn’t possible without a provisioning event. aaS vendors have service level agreements that preclude the use of the enterprise identity store. The current insanity vis-à-vis proprietary provisioning won’t scale. SCIM is modern (REST-based) and is our last best hope at scalable provisioning because it delivers a standards-based approach.
- OpenID ConnectAuthentication API (also enables SSO)Developer calls GetUserInfo API EndpointReplace Login.jsp and the Password DBFederated Domain, Single Domains, whateverSCIMUser Management APICreate, Read, Update, DeleteDeveloper exposes API to Add, Change & Delete user accounts
- OpenID ConnectAuthentication API (also enables SSO)Developer calls GetUserInfo API EndpointReplace Login.jsp and the Password DBFederated Domain, Single Domains, whateverSCIMUser Management APICreate, Read, Update, DeleteDeveloper exposes API to Add, Change & Delete user accounts
- OpenID ConnectAuthentication API (also enables SSO)Developer calls GetUserInfo API EndpointReplace Login.jsp and the Password DBFederated Domain, Single Domains, whateverSCIMUser Management APICreate, Read, Update, DeleteDeveloper exposes API to Add, Change & Delete user accounts
- Two pillars of scalable modern identity: SCIM and OIDCNot Identity Enabled API’sSCIMAuthorization and SSO isn’t possible without a provisioning event. aaS vendors have service level agreements that preclude the use of the enterprise identity store. The current insanity vis-à-vis proprietary provisioning won’t scale. SCIM is modern (REST-based) and is our last best hope at scalable provisioning because it delivers a standards-based approach.OIDC is crucial for modIdP discovery – important as number of IdpS increase in the modern identity era.Client registration. Provides a mechanism ernidetntiy. Scale:to enable applications (be they on mobile devices or web applications) to act on behalf of the user to do things.Finally delivers SSO via ID token for native devices (pivot to OAuth).Interesting crossover and linkage b/w SCIM SP and OIDC user info endpoint. Different. I’ll be working in the IETF group on this (with John’s guidance). I’ll have diagrams for CIS.