SlideShare a Scribd company logo

End-to-End Identity Management

WSO2
WSO2

To view recording of this webinar please use below URL: http://wso2.com/library/webinars/2016/05/end-to-end-identity-management/ In today’s rapidly evolving world, enterprise identity management has proven to be challenging due to the constant changes in associated systems, corporate policies and stakeholder requirements. Therefore, managing identities and their privileges among the systems need to be handled in a flexible manner to save resources when governing identities and controlling access. There are various specifications of industry standards in this domain making it difficult to select the correct one. Some of them may address the same problem with slight variations and some may look similar but address completely different problems. This webinar will discuss The real problems that need to be addressed when managing enterprise identity Key challenges when implementing concepts How to overcome these challenges and build a future proof identity and access management system with WSO2 Identity Server

Technology
1 of 35
Download to read offline
End-to-End Identity Management Darshana Gunawardana Senior Software Engineer Harsha Thirimanna Senior Software Engineer
WSO2 Platform
Agenda o Need of having, o Centralized authentication o Single Sign On o Provisioning o Account management o Workflow o Authorization o Federation for an enterprise
Start from the beginning o Consider a startup : “Extern Inc.” o Handful of employees o No internal apps for employees o No worries :) o After some time o Business running good o Plan to expand the business; going to recruit more o Have several internal application including HR system, email service etc.
User Accounts in all systems… Robert (An employee) Cloud email Service Username = “robert” Password = “robert-pass” Expense Management System HR System Username = “robert2” Password = “robert2-pass” Username = “robert2” Password = “robert2-pass” Username = “robert_5” Password = “K67robert2-AB-#2”
Plan for future : Centralized user store o Which type of user store? o LDAP o Active Directory o Custom user schema over JDBC Database
Connecting Internal Apps o Utilize central user store by connecting all internal apps o How to connect? o Standard authentication protocols o SAML2 SSO, OpenID Connect, OpenID, WS- Federation (passive) o Need of the fully functional Identity Provider System
Centralized Identity Provider Identity Provider (e.g. WSO2 IS) Service provider (e.g. HR System) Robert Username = “robert” Password = “robert-pass” Token Token User store Standard authentication request
All apps connected..! Robert Mail ClientUsername = “robert” Password = “robert-pass” HR System Expense Management System Username = “robert2” Password = “robert2-pass” Username = “robert” Password = “robert-pass” Username = “robert” Password = “robert-pass” Identity Provider (e.g. WSO2 IS)
User experience o Re-entering the same password too many times o Solution : Single Sign On
SSO In General : Initial login Identity provider (e.g. WSO2 IS) Service provider (e.g. HR System) User data 1. Log inrequest 2. Redirect to IDP URL 3. Request token 4. Authenticate 5. Redirect to SP with token 6. Send SAML token Session: S1
SSO In General : Subsequent logins Identity provider (e.g. WSO2 IS) Service provider 2 (e.g. Cloud Mail Service) User data 1. Log in request 2. Redirect to IDP URL 3. Request token (session: IS1) 5. Redirect to SP with token 6. Send SAML token Service provider 1 (e.g. HR System) Session: S1 4. Bypass login page Session: S2
Authentication Protocol Comparison o SAML2 o Most popular protocol with several profiles o Supports single logout o OpenID Connect o Becoming more popular o Having strong supplementary specifications set o OpenID o Deprecated by most Identity Providers o WS Federation (passive) o Widely used with .Net applications
Sync Users to applications o Many applications handles authorization internally o Authorization check as post authentication task o Need to assign relevant attributesroles o Sync application with the centralized identity repository
Provisioning Identity server Identity server Extern Inc. <<< Create User >>> Username: jane Email: jane@extern.com Cloud email service <<< Create User >>> Username: jane Password: jane123 Email: jane@extern.com <<< Create User >>> Username: jane <<< Create User >>> Username: jane@extern.com Contacts Directory Expense Management System
Enterprise Identity Bus : Provisioning o De couples inboundoutbound provisioning o Selective provisioning o Rich processing on data o Subject mapping o Claim mapping o Role mapping o Inbound provisioning : SCIM & SOAP o Outbound provisioning : SCIM & SPML o Extensibility to support any protocol
Account Management o Self Registration o PasswordUserID recovery o Update profile o Enable two factor authentication o Associate accounts o Password policy enforcement o Account locking
Expansion in Extern Inc... o Extern Inc. has acquired a new company in Europe o New division to handle sales and marketing in euro o Identity management perspective: o A new user base o Different user store repository o Plug-in to current system as a secondary user store
Multiple User Stores
Need More Control? Identity server Update roles Update claims I need to approve assignments to “Assessor” role I need to approve all claims One of us has to approve all new assessors
Get More Control with Workflows Identity server Update claims Approve claims update Assigned to “Bob”
Get More Control with Workflows (Ctd..) Identity server Update roles Approve role assignment Approve role assignment Assigned to “supervisors” role Assigned to “James”
Authorization o Authentication o Who is the user o Authorization o What user can do
What the User Can Do... Service provider 1 (SP1) /data/files /data/archives /data/visualize /data/details User = Jane User = David User = Tao
What the User Can Do... Service provider 1 (SP1) User = Jane User = David User = Tao Access control policy If user = Tao and resource = /data/archives Permit. If role = Clark and action = write Deny. If role = Manager and resource = /data/files Permit.
Authorization challenges o Authorization rules getting changed frequently o Fine grain authorization requirements o Solution : XACML o Attribute based access control standard o Rule based access control o De-facto standard for fine grain access control
XACML - Architecture /data/files /data/archives /data/visualize /data/details Policy decision Point If user = jane Permit. If role = clark and Action = write Deny. Policy Store Policy Administration Point Policy Enforcement Point (PEP) User = Tao User = David User = Jane
o WSO2 ESB o WSO2 API Manager XACML Policy Enforcement Points WSO2 ESB Proxy service Entitlement Service provider (SP) On accept On reject SendDrop Property [Set user] Property [Set resource] XACML Engine (WSO2 IS)
Connecting with external parties o Extern Inc. acquires a new company “PlusX” as a subsidiary o PlusX has their own identity provider and its own internal apps connected to that o Ability of using Extern Inc. Apps for PlusX Employees?
Connecting with external parties Identity server Extern Inc. PlusXJane wants to access ‘Contact Directory’ app hosted by company Extern Inc. You are not in my Identity Server! But I am registered in PlusX
Connecting with external parties Identity server Extern Inc. PlusX Trust local IS Trust IS in PlusX office If PlusX says “This is Jane” ,then Extern Inc. believes it. (Extern Inc. trusts PlusX IdP)
Enterprise Identity Bus : Federation o Easily connect new Identity Providers o Protocol bridging o Multi step, multi option authentication flows o Inbuilt support for Social Login o Zero changes on Service provider o Rich processing on data o Subject mapping o Claim transformation o Role transformation o Home realm discovery
Concepts in Reality o Some external contributors have access to the community portal via self registration o Employee life cycle the the company o Employee creation o Going through approval o Sync up with the required systems o SSO with all applications o Lock identity upon the resignation
Q&A
Thank You!

Recommended

Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityWSO2
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security RequirementsWSO2
 
Dependency Visualization with WSO2 Governance Registry 5.2
Dependency Visualization with WSO2 Governance Registry 5.2Dependency Visualization with WSO2 Governance Registry 5.2
Dependency Visualization with WSO2 Governance Registry 5.2WSO2
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application DevelopersWSO2
 
Identity Management
Identity ManagementIdentity Management
Identity ManagementVenkatesh Jambulingam
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 
Design Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningMike Reams
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 

Recommended

Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityWSO2
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security RequirementsWSO2
 
Dependency Visualization with WSO2 Governance Registry 5.2
Dependency Visualization with WSO2 Governance Registry 5.2Dependency Visualization with WSO2 Governance Registry 5.2
Dependency Visualization with WSO2 Governance Registry 5.2WSO2
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application DevelopersWSO2
 
Identity Management
Identity ManagementIdentity Management
Identity ManagementVenkatesh Jambulingam
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 
Design Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningMike Reams
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 
Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0Haggai Philip Zagury
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBWSO2
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OpenIDFoundation
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIMTamim Khan
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud ServiceForgeRock
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OpenIDFoundation
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionAidy Tificate
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalOracleIDM
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365NCCOMMS
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
Federated Identity Architectures Integrating With The Cloud
Federated Identity Architectures Integrating With The CloudFederated Identity Architectures Integrating With The Cloud
Federated Identity Architectures Integrating With The Cloudrsnarayanan
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onCraig Dickson
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Cloud design patterns - Federated Identity & Gatekeeper
Cloud design patterns - Federated Identity & GatekeeperCloud design patterns - Federated Identity & Gatekeeper
Cloud design patterns - Federated Identity & GatekeeperRoger Chien
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
Design Pattern for Federated Single Sign-On Access
Design Pattern for Federated Single Sign-On AccessDesign Pattern for Federated Single Sign-On Access
Design Pattern for Federated Single Sign-On AccessMike Reams
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
WSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next Decade
WSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next DecadeWSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next Decade
WSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next DecadeWSO2
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2
 

More Related Content

What's hot

Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBWSO2
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OpenIDFoundation
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIMTamim Khan
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud ServiceForgeRock
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OpenIDFoundation
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionAidy Tificate
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalOracleIDM
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365NCCOMMS
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
Federated Identity Architectures Integrating With The Cloud
Federated Identity Architectures Integrating With The CloudFederated Identity Architectures Integrating With The Cloud
Federated Identity Architectures Integrating With The Cloudrsnarayanan
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onCraig Dickson
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Cloud design patterns - Federated Identity & Gatekeeper
Cloud design patterns - Federated Identity & GatekeeperCloud design patterns - Federated Identity & Gatekeeper
Cloud design patterns - Federated Identity & GatekeeperRoger Chien
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
Design Pattern for Federated Single Sign-On Access
Design Pattern for Federated Single Sign-On AccessDesign Pattern for Federated Single Sign-On Access
Design Pattern for Federated Single Sign-On AccessMike Reams
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 

What's hot (20)

Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESB
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIM
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introduction
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
 
O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
 
Federated Identity Architectures Integrating With The Cloud
Federated Identity Architectures Integrating With The CloudFederated Identity Architectures Integrating With The Cloud
Federated Identity Architectures Integrating With The Cloud
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
 
Cloud design patterns - Federated Identity & Gatekeeper
Cloud design patterns - Federated Identity & GatekeeperCloud design patterns - Federated Identity & Gatekeeper
Cloud design patterns - Federated Identity & Gatekeeper
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
Design Pattern for Federated Single Sign-On Access
Design Pattern for Federated Single Sign-On AccessDesign Pattern for Federated Single Sign-On Access
Design Pattern for Federated Single Sign-On Access
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 

Viewers also liked

WSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next Decade
WSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next DecadeWSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next Decade
WSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next DecadeWSO2
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2
 
WSO2Con2011: Delivering the Goods? Integrated Order Management & Billing with...
WSO2Con2011: Delivering the Goods? Integrated Order Management & Billing with...WSO2Con2011: Delivering the Goods? Integrated Order Management & Billing with...
WSO2Con2011: Delivering the Goods? Integrated Order Management & Billing with...WSO2
 
Application development with WSO2 App Factory
Application development with WSO2 App Factory Application development with WSO2 App Factory
Application development with WSO2 App Factory WSO2
 
WSO2 Product Release Webinar: WSO2 Application Server 5.3
WSO2 Product Release Webinar: WSO2 Application Server 5.3WSO2 Product Release Webinar: WSO2 Application Server 5.3
WSO2 Product Release Webinar: WSO2 Application Server 5.3WSO2
 
WSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
WSO2Con EU 2016: Reinforcing Your Enterprise with Security ArchitecturesWSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
WSO2Con EU 2016: Reinforcing Your Enterprise with Security ArchitecturesWSO2
 
The Private API Economy
The Private API EconomyThe Private API Economy
The Private API EconomyWSO2
 
Alchemy of the API Economy
Alchemy of the API EconomyAlchemy of the API Economy
Alchemy of the API EconomyWSO2
 
Cloud Identity Webinar
Cloud Identity WebinarCloud Identity Webinar
Cloud Identity WebinarWSO2
 
WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...
WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...
WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...WSO2
 
Open Source Middleware for the Cloud: WSO2 Stratos
Open Source Middleware for the Cloud: WSO2 StratosOpen Source Middleware for the Cloud: WSO2 Stratos
Open Source Middleware for the Cloud: WSO2 StratosWSO2
 
Identity and Entitlement Management Concepts
Identity and Entitlement Management Concepts Identity and Entitlement Management Concepts
Identity and Entitlement Management Concepts WSO2
 
Bring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerBring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerWSO2
 
WSO2Con ASIA 2016: WSO2 Cloud Strategy Update
WSO2Con ASIA 2016: WSO2 Cloud Strategy UpdateWSO2Con ASIA 2016: WSO2 Cloud Strategy Update
WSO2Con ASIA 2016: WSO2 Cloud Strategy UpdateWSO2
 
WSO2Con USA 2017: Identity Solution Patterns
WSO2Con USA 2017: Identity Solution PatternsWSO2Con USA 2017: Identity Solution Patterns
WSO2Con USA 2017: Identity Solution PatternsWSO2
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2
 
2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?WSO2
 
WSO2Con USA 2017: Hybrid Cloud and Container Architecture with Zero Touch Aut...
WSO2Con USA 2017: Hybrid Cloud and Container Architecture with Zero Touch Aut...WSO2Con USA 2017: Hybrid Cloud and Container Architecture with Zero Touch Aut...
WSO2Con USA 2017: Hybrid Cloud and Container Architecture with Zero Touch Aut...WSO2
 
WSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery ChannelWSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery ChannelWSO2
 

Viewers also liked (20)

WSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next Decade
WSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next DecadeWSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next Decade
WSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next Decade
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release Webinar
 
WSO2Con2011: Delivering the Goods? Integrated Order Management & Billing with...
WSO2Con2011: Delivering the Goods? Integrated Order Management & Billing with...WSO2Con2011: Delivering the Goods? Integrated Order Management & Billing with...
WSO2Con2011: Delivering the Goods? Integrated Order Management & Billing with...
 
Application development with WSO2 App Factory
Application development with WSO2 App Factory Application development with WSO2 App Factory
Application development with WSO2 App Factory
 
Git beyond basics
Git beyond basicsGit beyond basics
Git beyond basics
 
WSO2 Product Release Webinar: WSO2 Application Server 5.3
WSO2 Product Release Webinar: WSO2 Application Server 5.3WSO2 Product Release Webinar: WSO2 Application Server 5.3
WSO2 Product Release Webinar: WSO2 Application Server 5.3
 
WSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
WSO2Con EU 2016: Reinforcing Your Enterprise with Security ArchitecturesWSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
WSO2Con EU 2016: Reinforcing Your Enterprise with Security Architectures
 
The Private API Economy
The Private API EconomyThe Private API Economy
The Private API Economy
 
Alchemy of the API Economy
Alchemy of the API EconomyAlchemy of the API Economy
Alchemy of the API Economy
 
Cloud Identity Webinar
Cloud Identity WebinarCloud Identity Webinar
Cloud Identity Webinar
 
WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...
WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...
WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...
 
Open Source Middleware for the Cloud: WSO2 Stratos
Open Source Middleware for the Cloud: WSO2 StratosOpen Source Middleware for the Cloud: WSO2 Stratos
Open Source Middleware for the Cloud: WSO2 Stratos
 
Identity and Entitlement Management Concepts
Identity and Entitlement Management Concepts Identity and Entitlement Management Concepts
Identity and Entitlement Management Concepts
 
Bring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerBring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity Server
 
WSO2Con ASIA 2016: WSO2 Cloud Strategy Update
WSO2Con ASIA 2016: WSO2 Cloud Strategy UpdateWSO2Con ASIA 2016: WSO2 Cloud Strategy Update
WSO2Con ASIA 2016: WSO2 Cloud Strategy Update
 
WSO2Con USA 2017: Identity Solution Patterns
WSO2Con USA 2017: Identity Solution PatternsWSO2Con USA 2017: Identity Solution Patterns
WSO2Con USA 2017: Identity Solution Patterns
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
 
2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?2016 Year End Webinar - Are You Ready for Digital Transformation?
2016 Year End Webinar - Are You Ready for Digital Transformation?
 
WSO2Con USA 2017: Hybrid Cloud and Container Architecture with Zero Touch Aut...
WSO2Con USA 2017: Hybrid Cloud and Container Architecture with Zero Touch Aut...WSO2Con USA 2017: Hybrid Cloud and Container Architecture with Zero Touch Aut...
WSO2Con USA 2017: Hybrid Cloud and Container Architecture with Zero Touch Aut...
 
WSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery ChannelWSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery Channel
 

Similar to End-to-End Identity Management

Persistant Cookies and LDAP Injection
Persistant Cookies and LDAP InjectionPersistant Cookies and LDAP Injection
Persistant Cookies and LDAP InjectionMaulikLakhani
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World MongoDB
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB
 
Deloitte Resume December 2016
Deloitte Resume December 2016Deloitte Resume December 2016
Deloitte Resume December 2016Modesta Key
 
SplunkApplicationLoggingBestPractices_Template_2.3.pdf
SplunkApplicationLoggingBestPractices_Template_2.3.pdfSplunkApplicationLoggingBestPractices_Template_2.3.pdf
SplunkApplicationLoggingBestPractices_Template_2.3.pdfTuynNguyn819213
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfNordic APIs
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...NCCOMMS
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ KiranKiran Kumar
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAnthony Clendenen
 
Lightning Component - Components, Actions and Events
Lightning Component - Components, Actions and EventsLightning Component - Components, Actions and Events
Lightning Component - Components, Actions and EventsDurgesh Dhoot
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity ManagementRadovan Semancik
 

Similar to End-to-End Identity Management (20)

Persistant Cookies and LDAP Injection
Persistant Cookies and LDAP InjectionPersistant Cookies and LDAP Injection
Persistant Cookies and LDAP Injection
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World
 
Sso every where
Sso every whereSso every where
Sso every where
 
Waqas Resume - IT(System) Admin
Waqas Resume - IT(System) AdminWaqas Resume - IT(System) Admin
Waqas Resume - IT(System) Admin
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day One
 
Deloitte Resume December 2016
Deloitte Resume December 2016Deloitte Resume December 2016
Deloitte Resume December 2016
 
Data security and compliancy in Office 365
Data security and compliancy in Office 365Data security and compliancy in Office 365
Data security and compliancy in Office 365
 
SplunkApplicationLoggingBestPractices_Template_2.3.pdf
SplunkApplicationLoggingBestPractices_Template_2.3.pdfSplunkApplicationLoggingBestPractices_Template_2.3.pdf
SplunkApplicationLoggingBestPractices_Template_2.3.pdf
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 
JavaResume
JavaResumeJavaResume
JavaResume
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ Kiran
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD Deployment
 
Lightning Component - Components, Actions and Events
Lightning Component - Components, Actions and EventsLightning Component - Components, Actions and Events
Lightning Component - Components, Actions and Events
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity Management
 

More from WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

More from WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

End-to-End Identity Management

  • 1. End-to-End Identity Management Darshana Gunawardana Senior Software Engineer Harsha Thirimanna Senior Software Engineer
  • 3. Agenda o Need of having, o Centralized authentication o Single Sign On o Provisioning o Account management o Workflow o Authorization o Federation for an enterprise
  • 4. Start from the beginning o Consider a startup : “Extern Inc.” o Handful of employees o No internal apps for employees o No worries :) o After some time o Business running good o Plan to expand the business; going to recruit more o Have several internal application including HR system, email service etc.
  • 5. User Accounts in all systems… Robert (An employee) Cloud email Service Username = “robert” Password = “robert-pass” Expense Management System HR System Username = “robert2” Password = “robert2-pass” Username = “robert2” Password = “robert2-pass” Username = “robert_5” Password = “K67robert2-AB-#2”
  • 6. Plan for future : Centralized user store o Which type of user store? o LDAP o Active Directory o Custom user schema over JDBC Database
  • 7. Connecting Internal Apps o Utilize central user store by connecting all internal apps o How to connect? o Standard authentication protocols o SAML2 SSO, OpenID Connect, OpenID, WS- Federation (passive) o Need of the fully functional Identity Provider System
  • 8. Centralized Identity Provider Identity Provider (e.g. WSO2 IS) Service provider (e.g. HR System) Robert Username = “robert” Password = “robert-pass” Token Token User store Standard authentication request
  • 9. All apps connected..! Robert Mail ClientUsername = “robert” Password = “robert-pass” HR System Expense Management System Username = “robert2” Password = “robert2-pass” Username = “robert” Password = “robert-pass” Username = “robert” Password = “robert-pass” Identity Provider (e.g. WSO2 IS)
  • 10. User experience o Re-entering the same password too many times o Solution : Single Sign On
  • 11. SSO In General : Initial login Identity provider (e.g. WSO2 IS) Service provider (e.g. HR System) User data 1. Log inrequest 2. Redirect to IDP URL 3. Request token 4. Authenticate 5. Redirect to SP with token 6. Send SAML token Session: S1
  • 12. SSO In General : Subsequent logins Identity provider (e.g. WSO2 IS) Service provider 2 (e.g. Cloud Mail Service) User data 1. Log in request 2. Redirect to IDP URL 3. Request token (session: IS1) 5. Redirect to SP with token 6. Send SAML token Service provider 1 (e.g. HR System) Session: S1 4. Bypass login page Session: S2
  • 13. Authentication Protocol Comparison o SAML2 o Most popular protocol with several profiles o Supports single logout o OpenID Connect o Becoming more popular o Having strong supplementary specifications set o OpenID o Deprecated by most Identity Providers o WS Federation (passive) o Widely used with .Net applications
  • 14. Sync Users to applications o Many applications handles authorization internally o Authorization check as post authentication task o Need to assign relevant attributesroles o Sync application with the centralized identity repository
  • 15. Provisioning Identity server Identity server Extern Inc. <<< Create User >>> Username: jane Email: jane@extern.com Cloud email service <<< Create User >>> Username: jane Password: jane123 Email: jane@extern.com <<< Create User >>> Username: jane <<< Create User >>> Username: jane@extern.com Contacts Directory Expense Management System
  • 16. Enterprise Identity Bus : Provisioning o De couples inboundoutbound provisioning o Selective provisioning o Rich processing on data o Subject mapping o Claim mapping o Role mapping o Inbound provisioning : SCIM & SOAP o Outbound provisioning : SCIM & SPML o Extensibility to support any protocol
  • 17. Account Management o Self Registration o PasswordUserID recovery o Update profile o Enable two factor authentication o Associate accounts o Password policy enforcement o Account locking
  • 18. Expansion in Extern Inc... o Extern Inc. has acquired a new company in Europe o New division to handle sales and marketing in euro o Identity management perspective: o A new user base o Different user store repository o Plug-in to current system as a secondary user store
  • 20. Need More Control? Identity server Update roles Update claims I need to approve assignments to “Assessor” role I need to approve all claims One of us has to approve all new assessors
  • 21. Get More Control with Workflows Identity server Update claims Approve claims update Assigned to “Bob”
  • 22. Get More Control with Workflows (Ctd..) Identity server Update roles Approve role assignment Approve role assignment Assigned to “supervisors” role Assigned to “James”
  • 23. Authorization o Authentication o Who is the user o Authorization o What user can do
  • 24. What the User Can Do... Service provider 1 (SP1) /data/files /data/archives /data/visualize /data/details User = Jane User = David User = Tao
  • 25. What the User Can Do... Service provider 1 (SP1) User = Jane User = David User = Tao Access control policy If user = Tao and resource = /data/archives Permit. If role = Clark and action = write Deny. If role = Manager and resource = /data/files Permit.
  • 26. Authorization challenges o Authorization rules getting changed frequently o Fine grain authorization requirements o Solution : XACML o Attribute based access control standard o Rule based access control o De-facto standard for fine grain access control
  • 27. XACML - Architecture /data/files /data/archives /data/visualize /data/details Policy decision Point If user = jane Permit. If role = clark and Action = write Deny. Policy Store Policy Administration Point Policy Enforcement Point (PEP) User = Tao User = David User = Jane
  • 28. o WSO2 ESB o WSO2 API Manager XACML Policy Enforcement Points WSO2 ESB Proxy service Entitlement Service provider (SP) On accept On reject SendDrop Property [Set user] Property [Set resource] XACML Engine (WSO2 IS)
  • 29. Connecting with external parties o Extern Inc. acquires a new company “PlusX” as a subsidiary o PlusX has their own identity provider and its own internal apps connected to that o Ability of using Extern Inc. Apps for PlusX Employees?
  • 30. Connecting with external parties Identity server Extern Inc. PlusXJane wants to access ‘Contact Directory’ app hosted by company Extern Inc. You are not in my Identity Server! But I am registered in PlusX
  • 31. Connecting with external parties Identity server Extern Inc. PlusX Trust local IS Trust IS in PlusX office If PlusX says “This is Jane” ,then Extern Inc. believes it. (Extern Inc. trusts PlusX IdP)
  • 32. Enterprise Identity Bus : Federation o Easily connect new Identity Providers o Protocol bridging o Multi step, multi option authentication flows o Inbuilt support for Social Login o Zero changes on Service provider o Rich processing on data o Subject mapping o Claim transformation o Role transformation o Home realm discovery
  • 33. Concepts in Reality o Some external contributors have access to the community portal via self registration o Employee life cycle the the company o Employee creation o Going through approval o Sync up with the required systems o SSO with all applications o Lock identity upon the resignation
  • 34. Q&A