SlideShare uma empresa Scribd logo

Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"

Transferir como PPTX, PDF
ForgeRock
ForgeRock

Information is the new currency and as more “things” come online the volume of data will dramatically increase. Typically, this data is stored in multiple repositories and different personas have different levels of access. In this webinar, which was recorded on August 18th, 2015, you can learn how to answer key questions to today’s tough challenges: How do we keep sensitive data, secure it and make it accessible? How do we manage authorization policies related to this data? How do we manage entitlements for not only web apps, but also users, devices and things? ForgeRock’s Senior Software Developer, Andy Forrest, discussed the challenges and solutions surrounding Entitlements.

Software
1 de 38
Copyright © 2015 ForgeRock, all rights reserved. Entitlements: Taking Control of the Big Data Gold Rush Markus Weber Andy Forrest August 18th, 2015
Copyright © 2015 ForgeRock, all rights reserved. Achieving the Holy Grail of Identity Knowing Who's Who, What's What, and Who Gets Access to What Source: Scott McNealy, Identity Summit 2015
Copyright © 2015 ForgeRock, all rights reserved. ForgeRock Fastest-growing Open Source Identity Security Software company in the world ■ Founded 2010 with high double digit growth every year since inception ■ Over 200 full time employees ■ Over 400 customers ■ Active in over 30 countries ■ Locations: San Francisco, Vancouver (US), Bristol (UK), London (UK), Grenoble (FR), Oslo, Singapor, Düsseldorf Award winning platform driving innovation worldwide ■ Gold winner of the CEO World awards 2014 ■ Silver Winner in the 6th Annual Golden Bridge Award 2014 ■ Silver winner for the Fastest-Growing Company of the Year in Best in Biz Awards 2014 Investors: Our Origins:
Copyright © 2015 ForgeRock, all rights reserved. 275 survey respondents Research by
Copyright © 2015 ForgeRock, all rights reserved. Research by  71% using ForgeRock for THEIR customer identities (USA)  88% deploy in less than a year  65% deploy in less than 6 months  70% reach payback in less than 18 months  91% rate ForgeRock speed to deployment superior to competition  96% rate ForgeRock scalability superior to competition  92% rate ForgeRock reliability superior to competition  100% of government and financial services customers rate ForgeRock scalability superior to the competition
Copyright © 2015 ForgeRock, all rights reserved. The Platform
Copyright © 2015 ForgeRock, all rights reserved. The ForgeRock Identity Platform (Identity Management) (Access Management) (Directory Services) (Identity Gateway)
Copyright © 2015 ForgeRock, all rights reserved.Copyright © Identity Summit 2015, all rights reserved. IDENTITY MANAGEMENT Provisioning Self-Service Password Management Synchronization/Reconciliation Workflow Engine SaaS Connectors ACCESS MANAGEMENT Authentication Entitlements Management Federation Social Sign-On Adaptive Risk REST Security Token Service API & MOBILE GATEWAY API Security Mobile Security Legacy Application Security Web Services Security Password Capture and Replay DIRECTORY SERVICES Performance & Scalability High Availability Password Policy Active Directory Synchronization Identity Data Replication LDAPv3 and REST2LDAP COMMONSERVICES RESTAPI Standards UserInterface The ForgeRock Identity Platform
Copyright © 2015 ForgeRock, all rights reserved. customldapv3 User Data Stores Authentication Coarse Grained Authorization Policies SSO Session Management Federation Hub Adaptive Risk ForgeRock UI Framework Password management Audit Logging UI Layer Access Layer Business Logic Layer Services Layer Persistence layer SIEM | Reporting Tools (3rd party) Authentication Systems (out-of-the-box & 3rd party) Analytics tools (3rd party) Fine Grained Authorization Pluggable Common REST OpenID Connect OAuth2 SAMLv2 WS-* Protected Resource s Web Application Mobile Application Policy AgentFirewall Reverse Proxy REST Client Stateful StatelessSession Layer Load balancer Chip | Thing End-User UI JATO based Admin UI Policy Editor Monitoring
Copyright © 2015 ForgeRock, all rights reserved. The Near Future
Copyright © 2015 ForgeRock, all rights reserved. Return on Identity Platform Focus for Maximizing ROI API Economy IoT Scale IoT Ready Privacy & Consent Security Data Enrichment Run Anywhere
Copyright © 2015 ForgeRock, all rights reserved. Privacy & Consent User Managed Access (UMA) • Standards based privacy and consent • Giving people the right to control access to their data across providers • Interoperable OAuth2-based protocol • Shipping as an integrated feature of OpenAM and OpenIG
Copyright © 2015 ForgeRock, all rights reserved. Internet of Things Scale Stateless Sessions • Built on new stateless sessions • JWT-based sessions • Per-Realm configuration • Enables true elastic deployment • Massive horizontal scalability ClusterSize Demand Internet Elastic Load Balancer
Copyright © 2015 ForgeRock, all rights reserved. Security Continuous Authorization OpenAM Session Contextual Change System Detects New Location System detects change during session and requests 1x password • Context based authentication and authorization • Includes the device print and request context in the policy evaluation • Custom logic easily integrated into Policy decisions with JavaScript, Groovy, or Java • REST-calls to external Policy Information Points
Copyright © 2015 ForgeRock, all rights reserved. Entitlements Taking Control of the Big Data Gold Rush Andy Forrest (@apforrest) andrew.forrest@forgerock.com
Copyright © 2015 ForgeRock, all rights reserved. “Information is the new currency”
Copyright © 2015 ForgeRock, all rights reserved. Let’s rewind a little... Subject Resource Action Environment • Authentication • Authorization
Copyright © 2015 ForgeRock, all rights reserved. What has a policy looked like? Typically used to protect a web resource: “Can Bob who is part of the admin group see the admin web page?”
Copyright © 2015 ForgeRock, all rights reserved. Policy solutions • ACLs (access control lists) - focused on the subject • RBAC (role based access control) - focused on the subject and resource - role explosion
Copyright © 2015 ForgeRock, all rights reserved. Policy characteristics • Coarse grained • Allow / deny • Inflexible • Low volume • Minimal performance demand
Copyright © 2015 ForgeRock, all rights reserved. PEP Common policy architecture Protected resource Bob PDP PAP PIPs
Copyright © 2015 ForgeRock, all rights reserved. Common policy architecture Policy agent Protected resource Bob OpenAM
Copyright © 2015 ForgeRock, all rights reserved. What’s next for policy? “Authorization is the new cool kid”
Copyright © 2015 ForgeRock, all rights reserved. IoT (Internet of Things) • Not just web pages • Richer relationships • Descriptive demand
Copyright © 2015 ForgeRock, all rights reserved. UMA (User Managed Access) • In the hands of the consumer • High scale • Decoupled • Distributed
Copyright © 2015 ForgeRock, all rights reserved. Some of the buzz • ABAC (attribute based access control) • XACML (extensible access control markup language)
Copyright © 2015 ForgeRock, all rights reserved. Future policy characteristics • Attribute based • Fine grained • Entitlements • Unknown entities • High volume • Performance speed • Outward facing
Copyright © 2015 ForgeRock, all rights reserved. What about OpenAM? “We’re the real deal”
Copyright © 2015 ForgeRock, all rights reserved. OpenAM policy • Complete REST API • Intuitive UI • Organisational structure • Expressive rules • Contextual authz • Rich entitlement decisions • Selective evaluation • Scaling and replication • XACML export/import
Copyright © 2015 ForgeRock, all rights reserved. Demo
Copyright © 2015 ForgeRock, all rights reserved. Mobile Twitter Raspberry PI OpenAM Device 1 Radio Tx Radio Rx Device 3 Radio Rx Device 2 Radio Rx Web App Policy Demo topology
Copyright © 2015 ForgeRock, all rights reserved. Demo topology
Copyright © 2015 ForgeRock, all rights reserved. DJ 2 OpenAM 2 DJ 1 OpenAM 1 Replication Cross talk 8 x 3.3GHz, 64GB 8 x 3.3GHz, 64GB Performance topology
Copyright © 2015 ForgeRock, all rights reserved.
Copyright © 2015 ForgeRock, all rights reserved. How does OpenAM continue to lead? • Continually looking to push performance • More fine grained through ABAC - generic attribute model - application rules - nested applications • Simplified UIs
Copyright © 2015 ForgeRock, all rights reserved. “Information is the new currency”
Copyright © 2015 ForgeRock, all rights reserved. IDENTITY SUMMIT SERIES 2015: EUROPE 8 October London 5 November Amsterdam 10 November Düsseldorf Visit summits.forgerock.com
Copyright © 2015 ForgeRock, all rights reserved. Q & A

Recomendados

Webinar: Customer Scale
Webinar: Customer ScaleWebinar: Customer Scale
Webinar: Customer Scale
ForgeRock
 
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud StrategyNYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
ForgeRock
 
DevOps Unleashed: Strategies that Speed Deployments
DevOps Unleashed: Strategies that Speed DeploymentsDevOps Unleashed: Strategies that Speed Deployments
DevOps Unleashed: Strategies that Speed Deployments
ForgeRock
 
The Future is Now: What’s New in ForgeRock Directory Services
The Future is Now: What’s New in ForgeRock Directory ServicesThe Future is Now: What’s New in ForgeRock Directory Services
The Future is Now: What’s New in ForgeRock Directory Services
ForgeRock
 
Taking Flexibility to the Next Level
Taking Flexibility to the Next LevelTaking Flexibility to the Next Level
Taking Flexibility to the Next Level
ForgeRock
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management
ForgeRock
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
ForgeRock
 

Recomendados

Webinar: Customer Scale
Webinar: Customer ScaleWebinar: Customer Scale
Webinar: Customer Scale
ForgeRock
 
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud StrategyNYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
ForgeRock
 
DevOps Unleashed: Strategies that Speed Deployments
DevOps Unleashed: Strategies that Speed DeploymentsDevOps Unleashed: Strategies that Speed Deployments
DevOps Unleashed: Strategies that Speed Deployments
ForgeRock
 
The Future is Now: What’s New in ForgeRock Directory Services
The Future is Now: What’s New in ForgeRock Directory ServicesThe Future is Now: What’s New in ForgeRock Directory Services
The Future is Now: What’s New in ForgeRock Directory Services
ForgeRock
 
Taking Flexibility to the Next Level
Taking Flexibility to the Next LevelTaking Flexibility to the Next Level
Taking Flexibility to the Next Level
ForgeRock
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management
ForgeRock
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
ForgeRock
 
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
ForgeRock
 
OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An Introduction
ForgeRock
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
ForgeRock
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
ForgeRock
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
Yuichi Nakamura
 
The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management
ForgeRock
 
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
ForgeRock
 
Pimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersPimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion Users
ForgeRock
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
Yuichi Nakamura
 
FIDO @ LINE - #idcon vol.24
FIDO @ LINE - #idcon vol.24FIDO @ LINE - #idcon vol.24
FIDO @ LINE - #idcon vol.24
Nov Matake
 
NIST SP 800-63-3 #idcon vol.22
NIST SP 800-63-3 #idcon vol.22NIST SP 800-63-3 #idcon vol.22
NIST SP 800-63-3 #idcon vol.22
Nov Matake
 
Webinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursWebinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New Featurs
ForgeRock
 
Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!
ForgeRock
 
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital ServicesCustomer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
ForgeRock
 
WebRTC with Java
WebRTC with JavaWebRTC with Java
WebRTC with Java
amithap07
 
Bring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerBring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity Server
WSO2
 
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans Zandbelt
CloudIDSummit
 
The Platform Big Picture
The Platform Big PictureThe Platform Big Picture
The Platform Big Picture
ForgeRock
 
Entitlements: Taking Control of the Big Data Gold Rush
Entitlements: Taking Control of the Big Data Gold RushEntitlements: Taking Control of the Big Data Gold Rush
Entitlements: Taking Control of the Big Data Gold Rush
ForgeRock
 

Mais conteúdo relacionado

Mais procurados

OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
ForgeRock
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
Bring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerBring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity Server
WSO2
 
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans Zandbelt
CloudIDSummit
 

Mais procurados (20)

IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
 
OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An Introduction
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
 
The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management
 
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
NYC Identity Summit Business Day: Identity is the Center of Everything (Mike ...
 
Pimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersPimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion Users
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
 
FIDO @ LINE - #idcon vol.24
FIDO @ LINE - #idcon vol.24FIDO @ LINE - #idcon vol.24
FIDO @ LINE - #idcon vol.24
 
NIST SP 800-63-3 #idcon vol.22
NIST SP 800-63-3 #idcon vol.22NIST SP 800-63-3 #idcon vol.22
NIST SP 800-63-3 #idcon vol.22
 
Webinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursWebinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New Featurs
 
Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!
 
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital ServicesCustomer Scale: Stateless Sessions and Managing High-Volume Digital Services
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
 
WebRTC with Java
WebRTC with JavaWebRTC with Java
WebRTC with Java
 
Bring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerBring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity Server
 
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans Zandbelt
 

Semelhante a Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"

Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
ForgeRock
 
Optimizing IAM with Single Sign-On From the Cloud to On-Premise
Optimizing IAM with Single Sign-On From the Cloud to On-PremiseOptimizing IAM with Single Sign-On From the Cloud to On-Premise
Optimizing IAM with Single Sign-On From the Cloud to On-Premise
mycroftinc
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
ForgeRock
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CloudIDSummit
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
Akana
 

Semelhante a Webinar: "Entitlements: Taking Control of the Big Data Gold Rush" (20)

The Platform Big Picture
The Platform Big PictureThe Platform Big Picture
The Platform Big Picture
 
Entitlements: Taking Control of the Big Data Gold Rush
Entitlements: Taking Control of the Big Data Gold RushEntitlements: Taking Control of the Big Data Gold Rush
Entitlements: Taking Control of the Big Data Gold Rush
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
 
Optimizing IAM with Single Sign-On From the Cloud to On-Premise
Optimizing IAM with Single Sign-On From the Cloud to On-PremiseOptimizing IAM with Single Sign-On From the Cloud to On-Premise
Optimizing IAM with Single Sign-On From the Cloud to On-Premise
 
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 ReleaseThe Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
 
Java2Days - Security for JavaEE and the Cloud
Java2Days - Security for JavaEE and the CloudJava2Days - Security for JavaEE and the Cloud
Java2Days - Security for JavaEE and the Cloud
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons LearntOracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
 
NYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityNYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API Security
 
The Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity GatewayThe Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity Gateway
 
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
Wavestone forgerock banking demo
Wavestone forgerock banking demoWavestone forgerock banking demo
Wavestone forgerock banking demo
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
 

Mais de ForgeRock

ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock
 

Mais de ForgeRock (20)

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 

Último

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 

Último (20)

WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - Kanchana
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 

Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"

  • 1. Copyright © 2015 ForgeRock, all rights reserved. Entitlements: Taking Control of the Big Data Gold Rush Markus Weber Andy Forrest August 18th, 2015
  • 2. Copyright © 2015 ForgeRock, all rights reserved. Achieving the Holy Grail of Identity Knowing Who's Who, What's What, and Who Gets Access to What Source: Scott McNealy, Identity Summit 2015
  • 3. Copyright © 2015 ForgeRock, all rights reserved. ForgeRock Fastest-growing Open Source Identity Security Software company in the world ■ Founded 2010 with high double digit growth every year since inception ■ Over 200 full time employees ■ Over 400 customers ■ Active in over 30 countries ■ Locations: San Francisco, Vancouver (US), Bristol (UK), London (UK), Grenoble (FR), Oslo, Singapor, Düsseldorf Award winning platform driving innovation worldwide ■ Gold winner of the CEO World awards 2014 ■ Silver Winner in the 6th Annual Golden Bridge Award 2014 ■ Silver winner for the Fastest-Growing Company of the Year in Best in Biz Awards 2014 Investors: Our Origins:
  • 4. Copyright © 2015 ForgeRock, all rights reserved. 275 survey respondents Research by
  • 5. Copyright © 2015 ForgeRock, all rights reserved. Research by  71% using ForgeRock for THEIR customer identities (USA)  88% deploy in less than a year  65% deploy in less than 6 months  70% reach payback in less than 18 months  91% rate ForgeRock speed to deployment superior to competition  96% rate ForgeRock scalability superior to competition  92% rate ForgeRock reliability superior to competition  100% of government and financial services customers rate ForgeRock scalability superior to the competition
  • 6. Copyright © 2015 ForgeRock, all rights reserved. The Platform
  • 7. Copyright © 2015 ForgeRock, all rights reserved. The ForgeRock Identity Platform (Identity Management) (Access Management) (Directory Services) (Identity Gateway)
  • 8. Copyright © 2015 ForgeRock, all rights reserved.Copyright © Identity Summit 2015, all rights reserved. IDENTITY MANAGEMENT Provisioning Self-Service Password Management Synchronization/Reconciliation Workflow Engine SaaS Connectors ACCESS MANAGEMENT Authentication Entitlements Management Federation Social Sign-On Adaptive Risk REST Security Token Service API & MOBILE GATEWAY API Security Mobile Security Legacy Application Security Web Services Security Password Capture and Replay DIRECTORY SERVICES Performance & Scalability High Availability Password Policy Active Directory Synchronization Identity Data Replication LDAPv3 and REST2LDAP COMMONSERVICES RESTAPI Standards UserInterface The ForgeRock Identity Platform
  • 9. Copyright © 2015 ForgeRock, all rights reserved. customldapv3 User Data Stores Authentication Coarse Grained Authorization Policies SSO Session Management Federation Hub Adaptive Risk ForgeRock UI Framework Password management Audit Logging UI Layer Access Layer Business Logic Layer Services Layer Persistence layer SIEM | Reporting Tools (3rd party) Authentication Systems (out-of-the-box & 3rd party) Analytics tools (3rd party) Fine Grained Authorization Pluggable Common REST OpenID Connect OAuth2 SAMLv2 WS-* Protected Resource s Web Application Mobile Application Policy AgentFirewall Reverse Proxy REST Client Stateful StatelessSession Layer Load balancer Chip | Thing End-User UI JATO based Admin UI Policy Editor Monitoring
  • 10. Copyright © 2015 ForgeRock, all rights reserved. The Near Future
  • 11. Copyright © 2015 ForgeRock, all rights reserved. Return on Identity Platform Focus for Maximizing ROI API Economy IoT Scale IoT Ready Privacy & Consent Security Data Enrichment Run Anywhere
  • 12. Copyright © 2015 ForgeRock, all rights reserved. Privacy & Consent User Managed Access (UMA) • Standards based privacy and consent • Giving people the right to control access to their data across providers • Interoperable OAuth2-based protocol • Shipping as an integrated feature of OpenAM and OpenIG
  • 13. Copyright © 2015 ForgeRock, all rights reserved. Internet of Things Scale Stateless Sessions • Built on new stateless sessions • JWT-based sessions • Per-Realm configuration • Enables true elastic deployment • Massive horizontal scalability ClusterSize Demand Internet Elastic Load Balancer
  • 14. Copyright © 2015 ForgeRock, all rights reserved. Security Continuous Authorization OpenAM Session Contextual Change System Detects New Location System detects change during session and requests 1x password • Context based authentication and authorization • Includes the device print and request context in the policy evaluation • Custom logic easily integrated into Policy decisions with JavaScript, Groovy, or Java • REST-calls to external Policy Information Points
  • 15. Copyright © 2015 ForgeRock, all rights reserved. Entitlements Taking Control of the Big Data Gold Rush Andy Forrest (@apforrest) andrew.forrest@forgerock.com
  • 16. Copyright © 2015 ForgeRock, all rights reserved. “Information is the new currency”
  • 17. Copyright © 2015 ForgeRock, all rights reserved. Let’s rewind a little... Subject Resource Action Environment • Authentication • Authorization
  • 18. Copyright © 2015 ForgeRock, all rights reserved. What has a policy looked like? Typically used to protect a web resource: “Can Bob who is part of the admin group see the admin web page?”
  • 19. Copyright © 2015 ForgeRock, all rights reserved. Policy solutions • ACLs (access control lists) - focused on the subject • RBAC (role based access control) - focused on the subject and resource - role explosion
  • 20. Copyright © 2015 ForgeRock, all rights reserved. Policy characteristics • Coarse grained • Allow / deny • Inflexible • Low volume • Minimal performance demand
  • 21. Copyright © 2015 ForgeRock, all rights reserved. PEP Common policy architecture Protected resource Bob PDP PAP PIPs
  • 22. Copyright © 2015 ForgeRock, all rights reserved. Common policy architecture Policy agent Protected resource Bob OpenAM
  • 23. Copyright © 2015 ForgeRock, all rights reserved. What’s next for policy? “Authorization is the new cool kid”
  • 24. Copyright © 2015 ForgeRock, all rights reserved. IoT (Internet of Things) • Not just web pages • Richer relationships • Descriptive demand
  • 25. Copyright © 2015 ForgeRock, all rights reserved. UMA (User Managed Access) • In the hands of the consumer • High scale • Decoupled • Distributed
  • 26. Copyright © 2015 ForgeRock, all rights reserved. Some of the buzz • ABAC (attribute based access control) • XACML (extensible access control markup language)
  • 27. Copyright © 2015 ForgeRock, all rights reserved. Future policy characteristics • Attribute based • Fine grained • Entitlements • Unknown entities • High volume • Performance speed • Outward facing
  • 28. Copyright © 2015 ForgeRock, all rights reserved. What about OpenAM? “We’re the real deal”
  • 29. Copyright © 2015 ForgeRock, all rights reserved. OpenAM policy • Complete REST API • Intuitive UI • Organisational structure • Expressive rules • Contextual authz • Rich entitlement decisions • Selective evaluation • Scaling and replication • XACML export/import
  • 30. Copyright © 2015 ForgeRock, all rights reserved. Demo
  • 31. Copyright © 2015 ForgeRock, all rights reserved. Mobile Twitter Raspberry PI OpenAM Device 1 Radio Tx Radio Rx Device 3 Radio Rx Device 2 Radio Rx Web App Policy Demo topology
  • 32. Copyright © 2015 ForgeRock, all rights reserved. Demo topology
  • 33. Copyright © 2015 ForgeRock, all rights reserved. DJ 2 OpenAM 2 DJ 1 OpenAM 1 Replication Cross talk 8 x 3.3GHz, 64GB 8 x 3.3GHz, 64GB Performance topology
  • 34. Copyright © 2015 ForgeRock, all rights reserved.
  • 35. Copyright © 2015 ForgeRock, all rights reserved. How does OpenAM continue to lead? • Continually looking to push performance • More fine grained through ABAC - generic attribute model - application rules - nested applications • Simplified UIs
  • 36. Copyright © 2015 ForgeRock, all rights reserved. “Information is the new currency”
  • 37. Copyright © 2015 ForgeRock, all rights reserved. IDENTITY SUMMIT SERIES 2015: EUROPE 8 October London 5 November Amsterdam 10 November Düsseldorf Visit summits.forgerock.com
  • 38. Copyright © 2015 ForgeRock, all rights reserved. Q & A

Notas do Editor

  1. Founded four years ago, by five guys who had an idea They were working for sun microsystems – very innovative. Built java & solaris etc They had a big software & hardware biz, and a huge IAM biz, globally successful Late 2000s, acquired by Oracle Oracle already had IAM. Proprietary fusion apps Sun had commercial open source, telco-scale IAM Lots of Sun IAM ppl left to found ForgeRock to continue the commercial open source portfolio under a diff name Now read slide We’ve got a lot of the SunIAM guys employed with ForgeRock now We’ve got some of the best investors in the world backing us now. Accel series A: Facebook Foundation Capital: Netflix Series A Sun Co-Founder Scott McNealy is our marquee advisor and he grew Sun into a multi-billion dollar company
  2. Introduce myself What is big data?
  3. 4 points buzz word revenue, business privacy, consumer protect Big data is essentially information, our data, collected, collated and utilised to bring value Big data is only relevant if it gives value Collect it all as you never know where the value may come Two sides, consumer and privacy, business and revenue Data is worth something to consumers and businesses and therefore needs protecting Avalanche of data
  4. authentication - proving who you say you are authorisation - verifying what you’re allowed to carry out in a given context policy?
  5. ACLs white lists / black lists all in / all out one dimension, the subject RBAC not who you are but you you’re apart of two dimensions, the subject/group, the resource employ door, door_close, door_open
  6. Elaborate each point
  7. P*P architecture Needs a few more labels How does it map to AM?
  8. Why? authentication has been the focus welcome everyone, trust no one
  9. IoT forces us to consider other types other than just web resources We need to be able to express richer rules to define the relationships between subjects and devices IoT devices are better described with attributes
  10. UMA puts policy in the hands of the consumer Now we’re talking about high scale policy management
  11. This needs a little more thought ABAC is a follow on from RBAC, the next evolution
  12. Elaborate each point
  13. Sun
  14. Elaborate each point 12/13 diff REST not only lightweight, simple and interoperable API but also eliminates the agent
  15. Demo time Main point is to demonstrate the engine via the UI
  16. 200 policies 200 sessions 10,000,000 users 20 milliseconds, 1% of two seconds maybe needs deployment diagram acceptable average web page load time
  17. Elaborate each point
  18. Tie back to presentation brief. Information is the new currency, information can take the form of big data and AM is ready to protect it.