SlideShare uma empresa Scribd logo

Enterprise Security Requirements

WSO2
WSO2

Kermit Co. is upgrading its identity management system to address several problems: 1) employees need single sign-on across internal and cloud applications using different protocols; 2) strengthening security by adding multi-factor authentication; 3) managing external identities at scale including social logins and just-in-time provisioning; 4) exposing APIs securely and automating provisioning using rules. The WSO2 Identity Server provides an enterprise identity bus to federate identities across systems using various protocols while allowing management of internal and external identities at different assurance levels through APIs.

Tecnologia
1 de 44
Baixar para ler offline
Enterprise Security Requirements Dimtuthu Leelarathne Director, Solutions Architecture
A dozen solution patterns for common identity problems in an enterprise!
Enterprise Security Landscape Borders across systems don’t work anymore
Why? o  Open up APIs o  Bring your own identity o  Identity maintained in one domain, accessed in other domains o  Social network identities o  Bring your own device o  Ecosystems o  Mergers/Acquisitions
An IAM System
WSO2 Identity Server o  5th Generation Product o  Current version 5.1.0 (released 2015) o  Federated identity and entitlement is a key part of any distributed architecture o  Internal security threats, Partnerships o  Mergers, De-mergers o  APIs, Cloud systems o  SSO is important but need to federate and bridge across SSOs o  Open Standards for Identity are changing the industry landscape o  Based on WSO2 Carbon platform, which provides support for multi-tenancy, logging, clustering, and other common services
Identity Server Landscape
Enterprise Identity Bus
Enterprise Identity Bus (EIB)
1 Enterprise Identity Bus
What Does an EIB Do ? Bridges Tokens •  OAuth/2 •  OpenID/OpenID Connect •  SAML2 •  WS-Federation •  Kerberos, etc Claims & Claim Dialects •  Email Addresses •  Phone Numbers •  Names, etc User Stores •  SPML, SCIM, Salesforce, Google, etc •  Just in Time provisioning, inbound, outbound
A Story o  Kermit Co is an open-source product development company o  It has employees, customers, open-source community o  It has some internal systems used by employees and some external systems o  Kermit Co is going to upgrade their identity
Kermit Cooperation
Kermit Co has some internal Applications o  Employees use several systems o  Office 365 o  Redmine o  Salesforce o  Star Accounts o  Employee LDAP in Kermit Datacenter cannot be synched to Cloud
Problem o  Employees need to access cloud-based and on premise systems o  De-centralized Identities o  Password exhaustion, re-login each time à  When the employee login to one system he should login to the rest o  Different systems use different protocols – SAML 2.0, WS-Federation
SSO for Heterogeneous Systems using different Federation Protocols
Problem o  Ginger is from finance team o  Her account is hacked o  All finance data is leaked à  Need to implement Multi-Factor Authentication (MFA) o  Something you know, Something you have, Something you are o  Add FIDO and SMSOTP
MFA in Multi-Steps
Problem o  Customers need to authenticate to several system o  Website for product downloads o  JIRA for issue reporting o  Certification portal o  Partner portal o  All customers are in a different LDAP
Handling Different Types of Identities o  Technically can add to the existing WSO2 IS, but customer identities are, o  Scale is massive o  Control is not within the organization o  Self-service registration should be there o  Social identities & JIT provisioning o  Identity is low assured o  Delegated administration o  User experience must be excellent and distributed
Managing Internal/External Identities
Problem o  Need to provide social sign-up/sign-in capabilities to the website o  Facebook, Google o  When users sign up via social media Kermit wants to add the user to the External Users DB à Do just in time provisioning to the External Users DB
Identity Federation and JIT first_name FirstName given_name
Problem o  How are the external users going to manage their profile? o  All external users need to manage their own profiles by logging into the website o  Make website do direct LDAP calls? o  Use APIs in WSO2IS o  SCIM – System for Cross-domain Identity Management o  User information recover service o  User management Service I can use REST/ SOAP calls to do user management
Identity Management APIs External Users
Problem o  Kermit employees need to login to external systems – JIRA, Website & Certificate Portal o  Kermit employees are not in the external IdP à Kermit employee identities should be federated from internal IdP to external IdP and SPs
Identity Federation – Custom Authenticator
Problem o  Matrix is a marketing analytics company that does lead identification for Kermit Co o  It is file based batch process that update Kermit’s Salesforce o  Kermit Co wants to automate the process by exposing APIs o  addSQLead, getRawLeads, getUsers
Expose OAuth Protected APIs
Problem o  Kermit Infra team wants to automate provisioning o  Provisioning users to Apps o  LDAP synching + LDAP groups give same end result as provisioning o  Per-app roles needs to be managed in central LDAP. Can be quite large o  WSO2IS adaptors can be used for rule-based provisioning o  Same Control Domain à Can use either (automated provisioning and LDAP Synching) o  Different Control Domain à Use provisioning
Rule-Based User Provisioning
Problem o  Kermit HCI expert wants to avoid showing login screen on the IdP o  He wants the Login choices to be displayed on web site itself à Home Realm Identifier
Federation Hub
Kermit Co has a pretty decent Identity Infrastructure!
Gonzo Group of Companies o  Group of companies with 3 main companies o  Problem – Require centralized, highly controlled IAM program for it’s external users
Multi-tenant Identity Server
Problem o  Gonzo the group of companies wants centralized fine- grained authorization policies o  Render menu items on web site using centralized authorizations o  All internally-developed-apps should comply to centralized policy registry
Fine-grained Centralized Authorization
Problem o  Gonzo wants all distributor registrations through their website to go through an approval process
Workflows
Other Advanced Patterns https://medium.facilelogin.com/thirty-solution-patterns-with-the-wso2- identity-server-16f9fd0c0389
CONTACT US !

Recomendados

End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity ManagementWSO2
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud ServiceForgeRock
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OpenIDFoundation
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OpenIDFoundation
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible IdentityForgeRock
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager BasicsChekka Venkateshwar Rao
 

Recomendados

End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity ManagementWSO2
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud ServiceForgeRock
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OpenIDFoundation
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OpenIDFoundation
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible IdentityForgeRock
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager BasicsChekka Venkateshwar Rao
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateMikeLeszcz
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture ReviewForgeRock
 
OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02MikeLeszcz
 
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...Nuno Árias Silva
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM ReconciliationAidy Tificate
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...Nuno Árias Silva
 
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...MikeLeszcz
 
O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365NCCOMMS
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introductionwardell henley
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
 
Dependency Visualization with WSO2 Governance Registry 5.2
Dependency Visualization with WSO2 Governance Registry 5.2Dependency Visualization with WSO2 Governance Registry 5.2
Dependency Visualization with WSO2 Governance Registry 5.2WSO2
 
7. oracle iam11g+strategyodrom
7. oracle iam11g+strategyodrom7. oracle iam11g+strategyodrom
7. oracle iam11g+strategyodromDoina Draganescu
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
TOGAF 9 Methodology Ver1 0
TOGAF 9 Methodology Ver1 0TOGAF 9 Methodology Ver1 0
TOGAF 9 Methodology Ver1 0Maganathin Veeraragaloo
 

Mais conteúdo relacionado

Mais procurados

ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateMikeLeszcz
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture ReviewForgeRock
 
OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02MikeLeszcz
 
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...Nuno Árias Silva
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...Nuno Árias Silva
 
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...MikeLeszcz
 
O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365NCCOMMS
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introductionwardell henley
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
 
Dependency Visualization with WSO2 Governance Registry 5.2
Dependency Visualization with WSO2 Governance Registry 5.2Dependency Visualization with WSO2 Governance Registry 5.2
Dependency Visualization with WSO2 Governance Registry 5.2WSO2
 
7. oracle iam11g+strategyodrom
7. oracle iam11g+strategyodrom7. oracle iam11g+strategyodrom
7. oracle iam11g+strategyodromDoina Draganescu
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
 

Mais procurados (20)

Idm Workshop
Idm WorkshopIdm Workshop
Idm Workshop
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overview
 
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture Review
 
OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02
 
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
SPSLisbon 2017 Office 365 Multi-factor Authentication with Microsoft Azure Ac...
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM Reconciliation
 
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
TugaIT 2017 Office 365 Multi-factor authentication with Microsoft Azure Activ...
 
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
 
O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365O365con14 - information protection and control in office 365
O365con14 - information protection and control in office 365
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introduction
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
 
Dependency Visualization with WSO2 Governance Registry 5.2
Dependency Visualization with WSO2 Governance Registry 5.2Dependency Visualization with WSO2 Governance Registry 5.2
Dependency Visualization with WSO2 Governance Registry 5.2
 
7. oracle iam11g+strategyodrom
7. oracle iam11g+strategyodrom7. oracle iam11g+strategyodrom
7. oracle iam11g+strategyodrom
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
 

Destaque

Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
E-government reference model
E-government reference modelE-government reference model
E-government reference modelAlexander SAMARIN
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
A TOGAF Case Study
A TOGAF Case StudyA TOGAF Case Study
A TOGAF Case StudySimplilearn
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
Understanding and Applying The Open Group Architecture Framework (TOGAF)
Understanding and Applying The Open Group Architecture Framework (TOGAF)Understanding and Applying The Open Group Architecture Framework (TOGAF)
Understanding and Applying The Open Group Architecture Framework (TOGAF)Nathaniel Palmer
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Craig Martin
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
Learn Togaf 9.1 in 100 slides!
Learn Togaf 9.1 in 100 slides!Learn Togaf 9.1 in 100 slides!
Learn Togaf 9.1 in 100 slides!Sam Mandebvu
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
TOGAF Reference Models
TOGAF Reference ModelsTOGAF Reference Models
TOGAF Reference ModelsPaul Sullivan
 
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewEnterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewWinton Winton
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 

Destaque (18)

Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
TOGAF 9 Methodology Ver1 0
TOGAF 9 Methodology Ver1 0TOGAF 9 Methodology Ver1 0
TOGAF 9 Methodology Ver1 0
 
E-government reference model
E-government reference modelE-government reference model
E-government reference model
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
A TOGAF Case Study
A TOGAF Case StudyA TOGAF Case Study
A TOGAF Case Study
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
 
Understanding and Applying The Open Group Architecture Framework (TOGAF)
Understanding and Applying The Open Group Architecture Framework (TOGAF)Understanding and Applying The Open Group Architecture Framework (TOGAF)
Understanding and Applying The Open Group Architecture Framework (TOGAF)
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
Learn Togaf 9.1 in 100 slides!
Learn Togaf 9.1 in 100 slides!Learn Togaf 9.1 in 100 slides!
Learn Togaf 9.1 in 100 slides!
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
TOGAF Reference Models
TOGAF Reference ModelsTOGAF Reference Models
TOGAF Reference Models
 
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewEnterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
SlideShare 101
SlideShare 101SlideShare 101
SlideShare 101
 

Semelhante a Enterprise Security Requirements

WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Identity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptIdentity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptmamathajagarlamudi2
 
Building APIs for Core Systems with Anypoint Platform
Building APIs for Core Systems with Anypoint PlatformBuilding APIs for Core Systems with Anypoint Platform
Building APIs for Core Systems with Anypoint PlatformMuleSoft
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?Scott Hoag
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itPeter De Tender
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCloudIDSummit
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityVladimir Jirasek
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...NCCOMMS
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCloudIDSummit
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Authenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isAuthenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isH Mohammed Rajjaz
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?Scott Hoag
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 
OUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrateOUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrateJon Petter Hjulstad
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONIAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONForgeRock
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365Scott Hoag
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Jeremy Gray
 

Semelhante a Enterprise Security Requirements (20)

WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Identity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptIdentity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.ppt
 
Building APIs for Core Systems with Anypoint Platform
Building APIs for Core Systems with Anypoint PlatformBuilding APIs for Core Systems with Anypoint Platform
Building APIs for Core Systems with Anypoint Platform
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy it
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
CIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSOCIS14: Creating a Federated Identity Service for Better SSO
CIS14: Creating a Federated Identity Service for Better SSO
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Authenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isAuthenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 is
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
 
OUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrateOUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrate
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONIAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018
 

Mais de WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

Mais de WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Último

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Último (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Enterprise Security Requirements

  • 2. A dozen solution patterns for common identity problems in an enterprise!
  • 4. Why? o  Open up APIs o  Bring your own identity o  Identity maintained in one domain, accessed in other domains o  Social network identities o  Bring your own device o  Ecosystems o  Mergers/Acquisitions
  • 6. WSO2 Identity Server o  5th Generation Product o  Current version 5.1.0 (released 2015) o  Federated identity and entitlement is a key part of any distributed architecture o  Internal security threats, Partnerships o  Mergers, De-mergers o  APIs, Cloud systems o  SSO is important but need to federate and bridge across SSOs o  Open Standards for Identity are changing the industry landscape o  Based on WSO2 Carbon platform, which provides support for multi-tenancy, logging, clustering, and other common services
  • 11. What Does an EIB Do ? Bridges Tokens •  OAuth/2 •  OpenID/OpenID Connect •  SAML2 •  WS-Federation •  Kerberos, etc Claims & Claim Dialects •  Email Addresses •  Phone Numbers •  Names, etc User Stores •  SPML, SCIM, Salesforce, Google, etc •  Just in Time provisioning, inbound, outbound
  • 12. A Story o  Kermit Co is an open-source product development company o  It has employees, customers, open-source community o  It has some internal systems used by employees and some external systems o  Kermit Co is going to upgrade their identity
  • 14. Kermit Co has some internal Applications o  Employees use several systems o  Office 365 o  Redmine o  Salesforce o  Star Accounts o  Employee LDAP in Kermit Datacenter cannot be synched to Cloud
  • 15. Problem o  Employees need to access cloud-based and on premise systems o  De-centralized Identities o  Password exhaustion, re-login each time à  When the employee login to one system he should login to the rest o  Different systems use different protocols – SAML 2.0, WS-Federation
  • 16. SSO for Heterogeneous Systems using different Federation Protocols
  • 17. Problem o  Ginger is from finance team o  Her account is hacked o  All finance data is leaked à  Need to implement Multi-Factor Authentication (MFA) o  Something you know, Something you have, Something you are o  Add FIDO and SMSOTP
  • 19. Problem o  Customers need to authenticate to several system o  Website for product downloads o  JIRA for issue reporting o  Certification portal o  Partner portal o  All customers are in a different LDAP
  • 20. Handling Different Types of Identities o  Technically can add to the existing WSO2 IS, but customer identities are, o  Scale is massive o  Control is not within the organization o  Self-service registration should be there o  Social identities & JIT provisioning o  Identity is low assured o  Delegated administration o  User experience must be excellent and distributed
  • 22. Problem o  Need to provide social sign-up/sign-in capabilities to the website o  Facebook, Google o  When users sign up via social media Kermit wants to add the user to the External Users DB à Do just in time provisioning to the External Users DB
  • 23. Identity Federation and JIT first_name FirstName given_name
  • 24. Problem o  How are the external users going to manage their profile? o  All external users need to manage their own profiles by logging into the website o  Make website do direct LDAP calls? o  Use APIs in WSO2IS o  SCIM – System for Cross-domain Identity Management o  User information recover service o  User management Service I can use REST/ SOAP calls to do user management
  • 26. Problem o  Kermit employees need to login to external systems – JIRA, Website & Certificate Portal o  Kermit employees are not in the external IdP à Kermit employee identities should be federated from internal IdP to external IdP and SPs
  • 27. Identity Federation – Custom Authenticator
  • 28. Problem o  Matrix is a marketing analytics company that does lead identification for Kermit Co o  It is file based batch process that update Kermit’s Salesforce o  Kermit Co wants to automate the process by exposing APIs o  addSQLead, getRawLeads, getUsers
  • 30. Problem o  Kermit Infra team wants to automate provisioning o  Provisioning users to Apps o  LDAP synching + LDAP groups give same end result as provisioning o  Per-app roles needs to be managed in central LDAP. Can be quite large o  WSO2IS adaptors can be used for rule-based provisioning o  Same Control Domain à Can use either (automated provisioning and LDAP Synching) o  Different Control Domain à Use provisioning
  • 32. Problem o  Kermit HCI expert wants to avoid showing login screen on the IdP o  He wants the Login choices to be displayed on web site itself à Home Realm Identifier
  • 34. Kermit Co has a pretty decent Identity Infrastructure!
  • 35.
  • 36. Gonzo Group of Companies o  Group of companies with 3 main companies o  Problem – Require centralized, highly controlled IAM program for it’s external users
  • 38. Problem o  Gonzo the group of companies wants centralized fine- grained authorization policies o  Render menu items on web site using centralized authorizations o  All internally-developed-apps should comply to centralized policy registry
  • 40. Problem o  Gonzo wants all distributor registrations through their website to go through an approval process
  • 43.