1. OpenSource Identity
Management with
Apache Syncope
Viale D'Annunzio, 267 - 65127 Pescara
Partita IVA 01974100685
N. REA 143460
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
info@tirasa.net
2. Agenda
â Identity and Access Management
â Vendor Vs Open Source solutions
â Apache Syncope
â Tirasa: Apache Syncope Enterprise support
3. What's IdM about?
â Data records that contains a collection of data about a person
â âData recordâ â Account
â âA personâ â Identity
â The joint effort of business
process and IT to manage user data on systems and applications.
4. IdM technologies
â Identity Stores
â Storage of user information
â Provisioning
â Synchronize account data across identity stores and a broad
range of data formats, models, meanings and purposes
â Access Management
â Security mechanisms that take place when a user is accessing a
specific system or functionality
5. Identity Stores
â Examples
â LDAP / Active Directory
â RDBMS
â Meta and Virtual Directories
â Accounts can be created and managed in one place only
â Each application manages authentication separately
â Users may use the same password for all connected applications
6. Aren't Identity Stores enough?
â Heterogeneity of systems
â Lack of a single source of information
â HR for corporate id, Groupware for mail address, ...
â Need for a local user database
â Inconsistent policies
â Lack of workflow management
â Hidden infrastructure management cost, growing with
organization size
7. Provisioning
â Keeping identity stores as synchronized as possible
â Need to be customizable and flexible
â Priority: non-intrusiveness
â Focused on application
back-end
â Communication:
â Connectors
â Agents
15. Apache Syncope
â Inception by Tirasa in 2010
â Entered ASF incubator in February 2012
â Graduated as TLP in November 2012
â Active community
â 13 committers, 5 contributors
â ~130 mailing list subscribers, stable traffic
16. Syncope: features
â Workflow-based provisioning engine
of users and roles
â Account / Password policies
â Agentless connection
with Identity Stores
â Auditing & Reporting
â Shining admin console
â Customizable and
extensible by design
20. Syncope: connectors
â Based on ConnId, hosted at GitHub, new home of Sun's Identity Connectors
â Ready-to-use bundles:
â LDAP
â Active Directory
â Database
â CSV Directory
â SOAP
â Google Apps
â UNIX
â Write your own bundle
PPrroovviissiioonniinngg
EEnnggiinnee
AAPPII
SSPPII
Common
Code
Objects
& Utils
Using Connectors
21. Syncope: roadmap
â Security realms (multi-tenant scenarios)
â SCIM interface
â Concurrent / Asynchronous communication with
external resources
â Access Management features
â More at http://s.apache.org/SyncopeRoadmap
23. â Italian limited company established in 2011
â Small, highly skilled staff
â Deliverying IAM solutions for Sun Microsystems for 10 years
â Instructors of IdM, Access Manager and Directory Server for Sun
Microsystem's courses
â Creates and leverages Open Source tools for Enterprise
Integration
â ConnId
â Hippo Cocoon Toolkit
24. Syncope: enterprise services
â Product evaluation
â Introductory workshop
â Proof of Concept (PoC)
â Development support
â Production support
â Syncope Compliance Dashboard
â More at http://syncope.tirasa.net
25. Syncope: trying it out
â Online http://syncopedemo.tirasa.net
â Virtual Machine image
â Ubuntu Juju / Microsoft Azure
â .deb packages
â Standalone distribution
â Quickstart projects on GitHub
â Maven Archetype