Mais conteúdo relacionado
Semelhante a Scalable Identity Relationship Management (20)
Scalable Identity Relationship Management
- 1. Corey Lander
Dave Bennett
Jim Lombardi
Hadi Ahmadi
Seyed Ahmadinejad
Derek Small
Scalable Identity Relationship Management
A Solution using Neo4j at EnerNoc
© 2018 Nulli Secundus Inc.
- 2. 2© 2018 Nulli Secundus Inc.
Nulli - Everyone. Every thing. Everywhere. TM
- 3. © 2018 Nulli Secundus Inc. 3
EnerNOC - Changing the Way the World Uses Energy
- 4. ▪ EnerNOC provides software services that work with data collected from
IoT platforms
▪ EnerNOC manages a complex mesh of interrelated users, services and
things (IoT entities).
© 2018 Nulli Secundus Inc. 4
EnerNOC Problem Definition
- 5. ▪ How to enforce licenses?
▪ Highly granular access management
▪ Sophisticated resource protection policies
▪ Flexible licensing model
© 2018 Nulli Secundus Inc. 5
EnerNOC Problem Definition
- 6. ▪ How to enforce licenses?
▪ Highly granular access management
▪ Sophisticated resource protection policies
▪ Flexible licensing model
▪ Solution: Scalable Identity Relationship Management System
© 2018 Nulli Secundus Inc. 6
EnerNOC Problem Definition
- 7. © 2018 Nulli Secundus Inc.
Schema-less
7
Why Graphs?
Expressive
Traversable
Refactorable
- 8. ▪ Data Structures and Algorithms – 1983 by A. V. Aho, J. D. Ullman, J. E.
Hopcroft:
© 2018 Nulli Secundus Inc. 8
Why Graphs?
“In problems arising in computer science, mathematics,
engineering, and many other disciplines we often need
to represent arbitrary relationships among data
objects. Directed and undirected graphs are natural
models of such relationships.”
- 9. © 2018 Nulli Secundus Inc. 9
Province City City Building Building Floor Floor Sensor
Brand Product line Product line Sensor type Sensor type Sensor
Why Graphs?
- 10. © 2018 Nulli Secundus Inc. 10
Province City City Building Building Floor Floor Sensor
Brand Product line Product line Sensor type Sensor type Sensor
Why Graphs?
- 12. ▪ Who can perform what actions on what resources under which conditions?
© 2018 Nulli Secundus Inc. 12
Identity & Access Management (IAM)
- 13. ▪ Identify entities (people, buildings, sensors, services, etc.)
▪ Provisioning
▪ Authentication
▪ Control access to entities
▪ Access policies
▪ Enforcement points
© 2018 Nulli Secundus Inc. 13
Identity & Access Management (IAM)
- 14. ▪ Identify entities
▪ Provisioning
▪ Authentication
▪ Control access to entities
▪ Access policies
▪ Enforcement points
© 2018 Nulli Secundus Inc. 14
https://neo4j.com/blog/other-graph-database-technologies/
Identity & Access Management (IAM)
- 15. © 2018 Nulli Secundus Inc. 15
Graph modelEnerNOC Base Data Model
- 18. © 2018 Nulli Secundus Inc. 18
Access policy evaluation
User
- 19. ▪ Graph database
▪ Neo4j™
▪ Authentication and authorization servers
▪ ForgeRock™ OpenAM and OpenDJ
▪ Authorization enforcement
▪ ForgeRock OpenIG
▪ Identity provisioning
▪ ForgeRock OpenIDM
© 2018 Nulli Secundus Inc. 19
IAM Components
- 21. © 2018 Nulli Secundus Inc. 21
Summary
▪ EnerNOC used graphs for modeling complex and variable relationships
between entities
▪ IAM nodes provide fine grained access to services
▪ Use ForgeRock Identity Platform to leverage the power of the graph