SlideShare uma empresa Scribd logo

Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished Engineer, CA Technologies @ Gartner AADI

CA API Management
CA API Management

Identity on the Internet is changing. Social networking has kicked off a massive change in how we integrate identity across applications. This is much more than a simple redesign of security tokens and protocols; instead it is a radical redistribution of power and control over entitlements, shifting it away from the centralized control of a cabal of directory engineers and out to the users themselves. There are compelling reasons for this shift: it enables scaling of identity administration, and it promotes rapid and agile integration of applications. These are goals shared by the enterprise, but this change has significant implications on infrastructure, people and process. Join us to learn how you can bring modern identity management into the enterprise.

1 de 39
Baixar para ler offline
Managing Iden*ty By Giving Up Control K Sco9 Morrison Dis*nguished Engineer December 2014
How Many Passwords Do You Have?
The Italian Solu*on 3 © 2014 CA. ALL RIGHTS RESERVED.
How Do We Cope With Iden8ty Prolifera8on? 4 © 2014 CA. ALL RIGHTS RESERVED.
5 Here Is The Tradi8onal Approach For Providing Iden8ty and Access Management (IAM) Classic Centralized Control © 2014 CA. ALL RIGHTS RESERVED. Identity is managed centrally Ø Formal and hierarchal Ø Geared toward employees Enterprise Network … Firewall Employee Directory Applications and Data ß IAM
This Extends Naturally To SSO 6 © 2014 CA. ALL RIGHTS RESERVED. Enterprise Network … Identity is still managed centrally Ø Formal and hierarchal Ø Administration of trust Firewall Applications and Data ß IdP IAM ß Employee Trust
7 Enterprise Internal Network © 2014 CA. ALL RIGHTS RESERVED. Classic Federa8on Message + Security Token Principal Trading Partner
8 © 2014 CA. ALL RIGHTS RESERVED. PaOern #1: SAML-­‐based Federa6on IdP Service Provider Data Authen*cate Acquire SAML token 1) Note that this demonstrates SAML browser POST profile. The ar8fact profile is harder to do through corporate firewalls Message + SAML 2) Principal
What Does It Mean To Have An Account? 9 © 2014 CA. ALL RIGHTS RESERVED. Directory Data & Objects App Server There is always something associated with an ID
What We Really Have Is A Synchroniza8on Problem 10 © 2014 CA. ALL RIGHTS RESERVED. Trading Partner Firewall Objects Partner Identities Enterprise Directory
High Administra8ve Burden 11 © 2014 CA. ALL RIGHTS RESERVED. Trading Partner Admin Principal Directory IDP Very Centralized Control ü Lots of ceremony ü Hard to set up ü Hard to maintain ü Self-service is tricky and implementation specific Relying Party
It is 2014. And We Have A Problem…
The Channel Explosion in Modern Business Tradi*onal IAM struggles to meet this challenge Cloud Mobile Devices 13 No Unified Access Model ü For employees ü For contractors ü For partners ü For apps, devices & machines ü For ? © 2014 CA. ALL RIGHTS RESERVED. Applications and Data Enterprise Network … Partners API/Service Client Laptop
14 © 2014 CA. ALL RIGHTS RESERVED. Iden*ty Is Approaching Cri*cal Mass “People Have Iden3ty” Average Number Of Online IDs 26 Ave Number of Facebook Friends 336 Today Internet Users 2.4B “Things Have Iden3ty” Things 2020 Phones, Tablets and Laptops 7.3B 26.0 B Internet users Internet World Stats Q1 2012: h9p://www.internetworldstats.com/stats.htm Internet accounts Experian July 2012: h9p://www.bbc.com/news/technology-­‐18866347 Facebook Pew Research: h9p://www.pewresearch.org/fact-­‐tank/2014/02/03/6-­‐new-­‐facts-­‐about-­‐facebook/
Diversity!
Speed!
Look To Social Networking For Inspira8on 17 © 2014 CA. ALL RIGHTS RESERVED.
Conceptually Here Is What Happens 18 © 2014 CA. ALL RIGHTS RESERVED. 1. User posts new tweet 2. Twi>er posts tweet to Facebook on user’s behalf User ScoO TwiOer Facebook
A Bad First AOempt: Stored Passwords This is the “password an*-­‐pa9ern” 19 © 2014 CA. ALL RIGHTS RESERVED. User ScoO Send in Facebook Password Twi9er uses Facebook Password
20 © 2014 CA. ALL RIGHTS RESERVED. OK, So Let’s Try SAML User ScoO Sco9 authen*cates using his Twi9er Password Twi9er vouches it authen*cated Sco9
But There Are Problems… 21 © 2014 CA. ALL RIGHTS RESERVED. User ScoO How can we associate these different representa*ons of Sco9? Where are the limits on what Twi9er can do?
Here’s A Smarter Approach 22 © 2014 CA. ALL RIGHTS RESERVED.
Security Asser8on Markup Language (SAML) 23 © 2014 CA. ALL RIGHTS RESERVED.
24 © 2014 CA. ALL RIGHTS RESERVED. OAuth "access_token":"2YotnFZFEjr1zCsicMWpAA"!
25 © 2014 CA. ALL RIGHTS RESERVED. ID Token (From OpenID Connect) eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ4OWRmMzE3YzIyYzY3NTZkOTUyMTVk! YjQ1NTA5MjY0N2RmNWIxNmEifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY! 29tIiwiZW1haWwiOiJ0aW1icmF5QGdtYWlsLmNvbSIsImVtYWlsX3Zlcmlma! WVkIjoidHJ1ZSIsInN1YiI6IjEwNzYwNjcwMzU1ODE2MTUwNzk0NiIsImF1Z! CI6IjQwNzQwODcxODE5Mi5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsI! mF0X2hhc2giOiJyTC1jVml3OTJtYW5EUU1MdU1tTEt3IiwiYXpwIjoiNDA3N! DA4NzE4MTkyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiaWF0IjoxM! zY1MDk5MTUxLCJleHAiOjEzNjUxMDMwNTF9.GeqJOTJSMaQjo33wxM-3f5k5! FIEADqxd3K4zS0pWgWjtqwDldbpGgmxwTytgvtXKjFu7dtZx6TUXPnDhLBti! MjtkTyPGZbm65RwG0arSLqH-iDelceDR5HDABhOBqXjsi19rdnC3TAWf5Dpe! QYZt9uSSgPseGW2wh6OO5izat48! ! Source: Tim Bray, Ongoing h9ps://www.tbray.org/ongoing/When/201x/2013/04/04/ID-­‐Tokens
ID Token (cont.) It’s Just A JSON Web Token (JWT) 26 {! "issuer": "accounts.google.com",! "issued_to": "407408718192.apps.googleusercontent.com",! "audience": "407408718192.apps.googleusercontent.com",! "user_id": "10315112535234507946",! "expires_in": 3089,! "issued_at": 1365099151,! "email": "example@gmail.com",! "email_verified": true! }! © 2014 CA. ALL RIGHTS RESERVED. Source: Tim Bray, Ongoing h9ps://www.tbray.org/ongoing/When/201x/2013/04/04/ID-­‐Tokens
Here’s How 3-­‐Legged OAuth Works 27 0A3DB28…! 0A3DB28…! © 2014 CA. ALL RIGHTS RESERVED. User ScoO OAuth Client OAuth Authoriza8on & Resource Servers 2. Sco9 authen*cates using his Facebook Password 4. Twi9er uses code to acquire access token to post tweets to Facebook 1. Sco9 authen*cates using his Twi9er Password 3. Sco9 grants Twi9er limited capabili*es on Facebook
Here’s What It Looks Like When We’re Done 28 © 2014 CA. ALL RIGHTS RESERVED. Sco9 posts tweet User ScoO Tweet plus access token authorizing Twi9er to post for Sco9 OAuth Client OAuth Authoriza8on & Resource Servers I’m in Las Vegas at Gartner AADI I’m in Las Vegas at Gartner AADI
But OAuth Also Enables NASCAR-­‐style Sign On 29 © 2014 CA. ALL RIGHTS RESERVED. Taken from sears.com
30 This demonstrates: grant-type=authorization_code! ! Note the user never sees the access token, only the client sees it. The user’s session must be managed using other means (eg: session cookie, etc) © 2014 CA. ALL RIGHTS RESERVED. Data Let’s Call This PaOern #2: Social Sign-­‐On OAuth Authoriza8on Server OAuth Client User Authen*cate Get Code Validate Code Get Access Token 1) 3) 2) Pass code to client
This Is Actually A Profound Shib In Iden8ty Mgmt The Old Enterprise The New Hybrid Enterprise 31 © 2014 CA. ALL RIGHTS RESERVED. This is the secret to achieving scale and agile federa3on
What is Really Different Here? 32 © 2014 CA. ALL RIGHTS RESERVED. • Integra8on with simple RESTful APIs • Very loose coupling • Very low ceremony • Very loose rela8onships driven by caller • Client to authoriza*on server • User to client This all adds up to a distribu3on of responsibility that scales with the number of users
But We’re Not Quite At Federa8on 33 © 2014 CA. ALL RIGHTS RESERVED. • We have simple Single Sign-­‐On • But what about aOributes? <saml:AttributeStatement> ! <saml:Attribute FriendlyName="fooAttrib" Name="SFDC_USERNAME" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> ! <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"> user101@salesforce.com </saml:AttributeValue> ! </saml:Attribute> ! </saml:AttributeStatement>! From: h9p://login.salesforce.com/help/doc/en/sso_saml_asser*on_examples.htm
This Is The Job Of OpenID Connect 34 © 2014 CA. ALL RIGHTS RESERVED. OpenID Connect Endpoint OAuth Client User Call to UserInfo endpoint for specific scope JSON structured a9ribute list of claims Eg: User’s email, First name, Last name, etc
But we s*ll have a registra*on problem This is obviously an enterprise problem, not an individual problem 35 © 2014 CA. ALL RIGHTS RESERVED. We’re Almost There Remember our earlier point about what cons*tutes an Authoriza8on Server Client Provisioning of new users They may already exist here “account”
This Is The What SCIM Is For SCIM defines user/group schema and REST endpoints for CRUD 36 © 2014 CA. ALL RIGHTS RESERVED. API for user management Authoriza8on Server Client Create New Users SCIM stands for: System for Cross-­‐domain Iden3ty Management Enterprise Administrator
Each Approach Has Its Merits • SAML Choose SAML or OAuth based on opera*onal goals 37 support is widespread © 2014 CA. ALL RIGHTS RESERVED. • Dominant for enterprise SSO and federa*on • Strong in passive (browser) profiles • Less strong in ac*ve (classic SOAP or newer RESTful APIs) profiles • Lots of central administra*on and federa*on ceremony • OAuth/OpenID Connect is growing very fast • OAuth owns RESTful APIs • The world is not just about browsers any longer • Think about rise of mobile apps • Fast to integrate, with no need to engage par*es • Irresis*ble delega*on model • Poten*al brand, regulatory, or organiza*onal issues with social login
38 © 2014 CA. ALL RIGHTS RESERVED. Summary • SAML is not going away • Your exis*ng investment is safe • It will con*nue to play a huge role in web-­‐based federa*on • But OAuth+OpenID Connect+SCIM is coming on very strong • Driven by rise of APIs and mobile devices • Don’t let anyone tell you OAuth is just another auth token scheme • It really represents a ship in power and authority
K. ScoO Morrison SVP & Dis*nguished Engineer Sco9.Morrison@ca.com @KSco9Morrison slideshare.net/CAinc linkedin.com/KSco9Morrison ca.com

Recomendados

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer Apps5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer AppsCA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 

Recomendados

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer Apps5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer AppsCA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerRajat Vijayvargiya
 
Trends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonTrends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonCA API Management
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...CA API Management
 
Mobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelMobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelCA Technologies
 
Single Sign-On for Mobile
Single Sign-On for MobileSingle Sign-On for Mobile
Single Sign-On for MobileCA API Management
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointCA API Management
 
The API Opportunity: Crossing the Digital Divide
The API Opportunity: Crossing the Digital DivideThe API Opportunity: Crossing the Digital Divide
The API Opportunity: Crossing the Digital DivideCA Technologies
 
Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application EconomyCA Technologies
 
Your New Digital Business & APIs
Your New Digital Business & APIs Your New Digital Business & APIs
Your New Digital Business & APIs CA API Management
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API ManagementJames Farley-Sutton
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...CA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
Lessons Learned From Four Years of API Management Implementation Success at Unum
Lessons Learned From Four Years of API Management Implementation Success at UnumLessons Learned From Four Years of API Management Implementation Success at Unum
Lessons Learned From Four Years of API Management Implementation Success at UnumCA Technologies
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014CA API Management
 
CA API Gateway
CA API GatewayCA API Gateway
CA API GatewayJames Farley-Sutton
 
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...apidays
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management SolutionCA API Management
 
Freeing the World from Slow: How Service Virtualization and the Concept of S....
Freeing the World from Slow: How Service Virtualization and the Concept of S....Freeing the World from Slow: How Service Virtualization and the Concept of S....
Freeing the World from Slow: How Service Virtualization and the Concept of S....CA Technologies
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 

Mais conteúdo relacionado

Mais procurados

Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerRajat Vijayvargiya
 
Trends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonTrends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonCA API Management
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...CA API Management
 
Mobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelMobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelCA Technologies
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointCA API Management
 
The API Opportunity: Crossing the Digital Divide
The API Opportunity: Crossing the Digital DivideThe API Opportunity: Crossing the Digital Divide
The API Opportunity: Crossing the Digital DivideCA Technologies
 
Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application EconomyCA Technologies
 
Your New Digital Business & APIs
Your New Digital Business & APIs Your New Digital Business & APIs
Your New Digital Business & APIs CA API Management
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...CA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
Lessons Learned From Four Years of API Management Implementation Success at Unum
Lessons Learned From Four Years of API Management Implementation Success at UnumLessons Learned From Four Years of API Management Implementation Success at Unum
Lessons Learned From Four Years of API Management Implementation Success at UnumCA Technologies
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014CA API Management
 
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...apidays
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management SolutionCA API Management
 
Freeing the World from Slow: How Service Virtualization and the Concept of S....
Freeing the World from Slow: How Service Virtualization and the Concept of S....Freeing the World from Slow: How Service Virtualization and the Concept of S....
Freeing the World from Slow: How Service Virtualization and the Concept of S....CA Technologies
 

Mais procurados (20)

Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps Enabler
 
Trends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop LondonTrends in Web APIs Layer 7 API Management Workshop London
Trends in Web APIs Layer 7 API Management Workshop London
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
 
Mobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelMobile Risk Analysis: Take Your Mobile App Security to the Next Level
Mobile Risk Analysis: Take Your Mobile App Security to the Next Level
 
Single Sign-On for Mobile
Single Sign-On for MobileSingle Sign-On for Mobile
Single Sign-On for Mobile
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePoint
 
The API Opportunity: Crossing the Digital Divide
The API Opportunity: Crossing the Digital DivideThe API Opportunity: Crossing the Digital Divide
The API Opportunity: Crossing the Digital Divide
 
Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy
 
Your New Digital Business & APIs
Your New Digital Business & APIs Your New Digital Business & APIs
Your New Digital Business & APIs
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Lessons Learned From Four Years of API Management Implementation Success at Unum
Lessons Learned From Four Years of API Management Implementation Success at UnumLessons Learned From Four Years of API Management Implementation Success at Unum
Lessons Learned From Four Years of API Management Implementation Success at Unum
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management Seminar
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
 
CA API Gateway
CA API GatewayCA API Gateway
CA API Gateway
 
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
apidays LIVE JAKARTA - Enterprise API management in agile integration by Ragh...
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management Solution
 
Freeing the World from Slow: How Service Virtualization and the Concept of S....
Freeing the World from Slow: How Service Virtualization and the Concept of S....Freeing the World from Slow: How Service Virtualization and the Concept of S....
Freeing the World from Slow: How Service Virtualization and the Concept of S....
 

Destaque

Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataCA API Management
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer appsCA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Rails 3 and OAuth for Barcamp Tampa
Rails 3 and OAuth for Barcamp TampaRails 3 and OAuth for Barcamp Tampa
Rails 3 and OAuth for Barcamp TampaBryce Kerley
 
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...CA API Management
 
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...CA API Management
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherTwobo Technologies
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platformsTwobo Technologies
 
Gestion des APIs avec Azure API Management - Samir AREZKI
Gestion des APIs avec Azure API Management - Samir AREZKIGestion des APIs avec Azure API Management - Samir AREZKI
Gestion des APIs avec Azure API Management - Samir AREZKISamir Arezki ☁
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 
Developing Connected Applications with Amazon Web Services IoT
Developing Connected Applications with Amazon Web Services IoTDeveloping Connected Applications with Amazon Web Services IoT
Developing Connected Applications with Amazon Web Services IoTAmazon Web Services
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 

Destaque (20)

Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your Data
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST services
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Rails 3 and OAuth for Barcamp Tampa
Rails 3 and OAuth for Barcamp TampaRails 3 and OAuth for Barcamp Tampa
Rails 3 and OAuth for Barcamp Tampa
 
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
 
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...
Self-Replication, Strandbeest, and the Game of Life What von Neumann, Jansen,...
 
Synergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All TogetherSynergies of Cloud Identity: Putting it All Together
Synergies of Cloud Identity: Putting it All Together
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platforms
 
Gestion des APIs avec Azure API Management - Samir AREZKI
Gestion des APIs avec Azure API Management - Samir AREZKIGestion des APIs avec Azure API Management - Samir AREZKI
Gestion des APIs avec Azure API Management - Samir AREZKI
 
Designing an API
Designing an APIDesigning an API
Designing an API
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuth
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
 
Developing Connected Applications with Amazon Web Services IoT
Developing Connected Applications with Amazon Web Services IoTDeveloping Connected Applications with Amazon Web Services IoT
Developing Connected Applications with Amazon Web Services IoT
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
 

Semelhante a Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished Engineer, CA Technologies @ Gartner AADI

Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud CA API Management
 
Keith Casey - Transform the customer experience with a modern customer identi...
Keith Casey - Transform the customer experience with a modern customer identi...Keith Casey - Transform the customer experience with a modern customer identi...
Keith Casey - Transform the customer experience with a modern customer identi...SaaStock
 
SAP TechEd 2010 Rich Internet Applications for the Enterprise
SAP TechEd 2010 Rich Internet Applications for the EnterpriseSAP TechEd 2010 Rich Internet Applications for the Enterprise
SAP TechEd 2010 Rich Internet Applications for the EnterpriseAnne Kathrine Petterøe
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM Patrick Harding
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingDr. Wilfred Lin (Ph.D.)
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014Andrew Ames
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays
 
Advanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and FutureAdvanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and FutureSecureAuth
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps EraMike Kavis
 
Accelerating breakthrough business technologies in atlanta, tag featured spea...
Accelerating breakthrough business technologies in atlanta, tag featured spea...Accelerating breakthrough business technologies in atlanta, tag featured spea...
Accelerating breakthrough business technologies in atlanta, tag featured spea...Melanie Brandt
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Jeremy Gray
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...CA Technologies
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...CA API Management
 
Simplified Identity Management and Governance from One UI — The CA Identity S...
Simplified Identity Management and Governance from One UI — The CA Identity S...Simplified Identity Management and Governance from One UI — The CA Identity S...
Simplified Identity Management and Governance from One UI — The CA Identity S...CA Technologies
 
Bridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On GapBridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On GapOracleIDM
 

Semelhante a Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished Engineer, CA Technologies @ Gartner AADI (20)

Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud
 
Keith Casey - Transform the customer experience with a modern customer identi...
Keith Casey - Transform the customer experience with a modern customer identi...Keith Casey - Transform the customer experience with a modern customer identi...
Keith Casey - Transform the customer experience with a modern customer identi...
 
SAP TechEd 2010 Rich Internet Applications for the Enterprise
SAP TechEd 2010 Rich Internet Applications for the EnterpriseSAP TechEd 2010 Rich Internet Applications for the Enterprise
SAP TechEd 2010 Rich Internet Applications for the Enterprise
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everything
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
 
Advanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and FutureAdvanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and Future
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps Era
 
Webinar hiware
Webinar hiwareWebinar hiware
Webinar hiware
 
Accelerating breakthrough business technologies in atlanta, tag featured spea...
Accelerating breakthrough business technologies in atlanta, tag featured spea...Accelerating breakthrough business technologies in atlanta, tag featured spea...
Accelerating breakthrough business technologies in atlanta, tag featured spea...
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
 
Simplified Identity Management and Governance from One UI — The CA Identity S...
Simplified Identity Management and Governance from One UI — The CA Identity S...Simplified Identity Management and Governance from One UI — The CA Identity S...
Simplified Identity Management and Governance from One UI — The CA Identity S...
 
Bridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On GapBridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On Gap
 

Mais de CA API Management

API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
 
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ... Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...CA API Management
 
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014CA API Management
 
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...CA API Management
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?CA API Management
 
Mapping the API Landscape - Mike Amundsen, Director of API Architecture
Mapping the API Landscape - Mike Amundsen, Director of API ArchitectureMapping the API Landscape - Mike Amundsen, Director of API Architecture
Mapping the API Landscape - Mike Amundsen, Director of API ArchitectureCA API Management
 
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...CA API Management
 
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...CA API Management
 

Mais de CA API Management (11)

API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ... Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
 
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
 
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?
 
Mapping the API Landscape - Mike Amundsen, Director of API Architecture
Mapping the API Landscape - Mike Amundsen, Director of API ArchitectureMapping the API Landscape - Mike Amundsen, Director of API Architecture
Mapping the API Landscape - Mike Amundsen, Director of API Architecture
 
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
 
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
 

Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished Engineer, CA Technologies @ Gartner AADI

  • 1. Managing Iden*ty By Giving Up Control K Sco9 Morrison Dis*nguished Engineer December 2014
  • 2. How Many Passwords Do You Have?
  • 3. The Italian Solu*on 3 © 2014 CA. ALL RIGHTS RESERVED.
  • 4. How Do We Cope With Iden8ty Prolifera8on? 4 © 2014 CA. ALL RIGHTS RESERVED.
  • 5. 5 Here Is The Tradi8onal Approach For Providing Iden8ty and Access Management (IAM) Classic Centralized Control © 2014 CA. ALL RIGHTS RESERVED. Identity is managed centrally Ø Formal and hierarchal Ø Geared toward employees Enterprise Network … Firewall Employee Directory Applications and Data ß IAM
  • 6. This Extends Naturally To SSO 6 © 2014 CA. ALL RIGHTS RESERVED. Enterprise Network … Identity is still managed centrally Ø Formal and hierarchal Ø Administration of trust Firewall Applications and Data ß IdP IAM ß Employee Trust
  • 7. 7 Enterprise Internal Network © 2014 CA. ALL RIGHTS RESERVED. Classic Federa8on Message + Security Token Principal Trading Partner
  • 8. 8 © 2014 CA. ALL RIGHTS RESERVED. PaOern #1: SAML-­‐based Federa6on IdP Service Provider Data Authen*cate Acquire SAML token 1) Note that this demonstrates SAML browser POST profile. The ar8fact profile is harder to do through corporate firewalls Message + SAML 2) Principal
  • 9. What Does It Mean To Have An Account? 9 © 2014 CA. ALL RIGHTS RESERVED. Directory Data & Objects App Server There is always something associated with an ID
  • 10. What We Really Have Is A Synchroniza8on Problem 10 © 2014 CA. ALL RIGHTS RESERVED. Trading Partner Firewall Objects Partner Identities Enterprise Directory
  • 11. High Administra8ve Burden 11 © 2014 CA. ALL RIGHTS RESERVED. Trading Partner Admin Principal Directory IDP Very Centralized Control ü Lots of ceremony ü Hard to set up ü Hard to maintain ü Self-service is tricky and implementation specific Relying Party
  • 12. It is 2014. And We Have A Problem…
  • 13. The Channel Explosion in Modern Business Tradi*onal IAM struggles to meet this challenge Cloud Mobile Devices 13 No Unified Access Model ü For employees ü For contractors ü For partners ü For apps, devices & machines ü For ? © 2014 CA. ALL RIGHTS RESERVED. Applications and Data Enterprise Network … Partners API/Service Client Laptop
  • 14. 14 © 2014 CA. ALL RIGHTS RESERVED. Iden*ty Is Approaching Cri*cal Mass “People Have Iden3ty” Average Number Of Online IDs 26 Ave Number of Facebook Friends 336 Today Internet Users 2.4B “Things Have Iden3ty” Things 2020 Phones, Tablets and Laptops 7.3B 26.0 B Internet users Internet World Stats Q1 2012: h9p://www.internetworldstats.com/stats.htm Internet accounts Experian July 2012: h9p://www.bbc.com/news/technology-­‐18866347 Facebook Pew Research: h9p://www.pewresearch.org/fact-­‐tank/2014/02/03/6-­‐new-­‐facts-­‐about-­‐facebook/
  • 17. Look To Social Networking For Inspira8on 17 © 2014 CA. ALL RIGHTS RESERVED.
  • 18. Conceptually Here Is What Happens 18 © 2014 CA. ALL RIGHTS RESERVED. 1. User posts new tweet 2. Twi>er posts tweet to Facebook on user’s behalf User ScoO TwiOer Facebook
  • 19. A Bad First AOempt: Stored Passwords This is the “password an*-­‐pa9ern” 19 © 2014 CA. ALL RIGHTS RESERVED. User ScoO Send in Facebook Password Twi9er uses Facebook Password
  • 20. 20 © 2014 CA. ALL RIGHTS RESERVED. OK, So Let’s Try SAML User ScoO Sco9 authen*cates using his Twi9er Password Twi9er vouches it authen*cated Sco9
  • 21. But There Are Problems… 21 © 2014 CA. ALL RIGHTS RESERVED. User ScoO How can we associate these different representa*ons of Sco9? Where are the limits on what Twi9er can do?
  • 22. Here’s A Smarter Approach 22 © 2014 CA. ALL RIGHTS RESERVED.
  • 23. Security Asser8on Markup Language (SAML) 23 © 2014 CA. ALL RIGHTS RESERVED.
  • 24. 24 © 2014 CA. ALL RIGHTS RESERVED. OAuth "access_token":"2YotnFZFEjr1zCsicMWpAA"!
  • 25. 25 © 2014 CA. ALL RIGHTS RESERVED. ID Token (From OpenID Connect) eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ4OWRmMzE3YzIyYzY3NTZkOTUyMTVk! YjQ1NTA5MjY0N2RmNWIxNmEifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY! 29tIiwiZW1haWwiOiJ0aW1icmF5QGdtYWlsLmNvbSIsImVtYWlsX3Zlcmlma! WVkIjoidHJ1ZSIsInN1YiI6IjEwNzYwNjcwMzU1ODE2MTUwNzk0NiIsImF1Z! CI6IjQwNzQwODcxODE5Mi5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsI! mF0X2hhc2giOiJyTC1jVml3OTJtYW5EUU1MdU1tTEt3IiwiYXpwIjoiNDA3N! DA4NzE4MTkyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiaWF0IjoxM! zY1MDk5MTUxLCJleHAiOjEzNjUxMDMwNTF9.GeqJOTJSMaQjo33wxM-3f5k5! FIEADqxd3K4zS0pWgWjtqwDldbpGgmxwTytgvtXKjFu7dtZx6TUXPnDhLBti! MjtkTyPGZbm65RwG0arSLqH-iDelceDR5HDABhOBqXjsi19rdnC3TAWf5Dpe! QYZt9uSSgPseGW2wh6OO5izat48! ! Source: Tim Bray, Ongoing h9ps://www.tbray.org/ongoing/When/201x/2013/04/04/ID-­‐Tokens
  • 26. ID Token (cont.) It’s Just A JSON Web Token (JWT) 26 {! "issuer": "accounts.google.com",! "issued_to": "407408718192.apps.googleusercontent.com",! "audience": "407408718192.apps.googleusercontent.com",! "user_id": "10315112535234507946",! "expires_in": 3089,! "issued_at": 1365099151,! "email": "example@gmail.com",! "email_verified": true! }! © 2014 CA. ALL RIGHTS RESERVED. Source: Tim Bray, Ongoing h9ps://www.tbray.org/ongoing/When/201x/2013/04/04/ID-­‐Tokens
  • 27. Here’s How 3-­‐Legged OAuth Works 27 0A3DB28…! 0A3DB28…! © 2014 CA. ALL RIGHTS RESERVED. User ScoO OAuth Client OAuth Authoriza8on & Resource Servers 2. Sco9 authen*cates using his Facebook Password 4. Twi9er uses code to acquire access token to post tweets to Facebook 1. Sco9 authen*cates using his Twi9er Password 3. Sco9 grants Twi9er limited capabili*es on Facebook
  • 28. Here’s What It Looks Like When We’re Done 28 © 2014 CA. ALL RIGHTS RESERVED. Sco9 posts tweet User ScoO Tweet plus access token authorizing Twi9er to post for Sco9 OAuth Client OAuth Authoriza8on & Resource Servers I’m in Las Vegas at Gartner AADI I’m in Las Vegas at Gartner AADI
  • 29. But OAuth Also Enables NASCAR-­‐style Sign On 29 © 2014 CA. ALL RIGHTS RESERVED. Taken from sears.com
  • 30. 30 This demonstrates: grant-type=authorization_code! ! Note the user never sees the access token, only the client sees it. The user’s session must be managed using other means (eg: session cookie, etc) © 2014 CA. ALL RIGHTS RESERVED. Data Let’s Call This PaOern #2: Social Sign-­‐On OAuth Authoriza8on Server OAuth Client User Authen*cate Get Code Validate Code Get Access Token 1) 3) 2) Pass code to client
  • 31. This Is Actually A Profound Shib In Iden8ty Mgmt The Old Enterprise The New Hybrid Enterprise 31 © 2014 CA. ALL RIGHTS RESERVED. This is the secret to achieving scale and agile federa3on
  • 32. What is Really Different Here? 32 © 2014 CA. ALL RIGHTS RESERVED. • Integra8on with simple RESTful APIs • Very loose coupling • Very low ceremony • Very loose rela8onships driven by caller • Client to authoriza*on server • User to client This all adds up to a distribu3on of responsibility that scales with the number of users
  • 33. But We’re Not Quite At Federa8on 33 © 2014 CA. ALL RIGHTS RESERVED. • We have simple Single Sign-­‐On • But what about aOributes? <saml:AttributeStatement> ! <saml:Attribute FriendlyName="fooAttrib" Name="SFDC_USERNAME" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> ! <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"> user101@salesforce.com </saml:AttributeValue> ! </saml:Attribute> ! </saml:AttributeStatement>! From: h9p://login.salesforce.com/help/doc/en/sso_saml_asser*on_examples.htm
  • 34. This Is The Job Of OpenID Connect 34 © 2014 CA. ALL RIGHTS RESERVED. OpenID Connect Endpoint OAuth Client User Call to UserInfo endpoint for specific scope JSON structured a9ribute list of claims Eg: User’s email, First name, Last name, etc
  • 35. But we s*ll have a registra*on problem This is obviously an enterprise problem, not an individual problem 35 © 2014 CA. ALL RIGHTS RESERVED. We’re Almost There Remember our earlier point about what cons*tutes an Authoriza8on Server Client Provisioning of new users They may already exist here “account”
  • 36. This Is The What SCIM Is For SCIM defines user/group schema and REST endpoints for CRUD 36 © 2014 CA. ALL RIGHTS RESERVED. API for user management Authoriza8on Server Client Create New Users SCIM stands for: System for Cross-­‐domain Iden3ty Management Enterprise Administrator
  • 37. Each Approach Has Its Merits • SAML Choose SAML or OAuth based on opera*onal goals 37 support is widespread © 2014 CA. ALL RIGHTS RESERVED. • Dominant for enterprise SSO and federa*on • Strong in passive (browser) profiles • Less strong in ac*ve (classic SOAP or newer RESTful APIs) profiles • Lots of central administra*on and federa*on ceremony • OAuth/OpenID Connect is growing very fast • OAuth owns RESTful APIs • The world is not just about browsers any longer • Think about rise of mobile apps • Fast to integrate, with no need to engage par*es • Irresis*ble delega*on model • Poten*al brand, regulatory, or organiza*onal issues with social login
  • 38. 38 © 2014 CA. ALL RIGHTS RESERVED. Summary • SAML is not going away • Your exis*ng investment is safe • It will con*nue to play a huge role in web-­‐based federa*on • But OAuth+OpenID Connect+SCIM is coming on very strong • Driven by rise of APIs and mobile devices • Don’t let anyone tell you OAuth is just another auth token scheme • It really represents a ship in power and authority
  • 39. K. ScoO Morrison SVP & Dis*nguished Engineer Sco9.Morrison@ca.com @KSco9Morrison slideshare.net/CAinc linkedin.com/KSco9Morrison ca.com