borderless federated-identity
TRANSCRIPT
Last Updated: July. 2014
Associate Technical Lead Dulanja Liyanage
Borderless Federated Iden5ty
2
About the Presenter
๏ Dulanja is an Associate Technical Lead at WSO2 mainly contribu5ng towards the Iden5ty Server and WSO2's plaEorm security. Apart from that he has also par5cipated in several onsite customer engagements helping them to realize enterprise use cases.
๏ Email: [email protected]
3
About WSO2 ๏ Global enterprise, founded in 2005
by acknowledged leaders in XML, web services technologies, standards and open source
๏ Provides only open source plaEorm-‐as-‐a-‐service for private, public and hybrid cloud deployments
๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0.
๏ Is an Ac5ve Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Founda5on and W3C.
๏ Driven by Innova5on
๏ Launched first open source API Management solu5on in 2012
๏ Launched App Factory in 2Q 2013
๏ Launched Enterprise Store and first open source Mobile solu5on in 4Q 2013
4
What WSO2 delivers
A look into the past...
• Highly guarded oraganization borders
• User registration and profile creation a MUST
5
Welcome to the Present: Connected Businesses
• Megers, acquisitions and partnerships
The analyst firm Quocirca confirms that in Europe 58 percent transact directly with users from other businesses and/or consumers; for the UK alone the figure is 65 percent.
6
No more enterprises boundaries!
7
The Problem? Accepting the UNKNOWN
8
Evolution of Identity Federation...
9
Different Userstores
User’s identity is...
• maintained at one domain
• but accessed in different domains
10
Different Protocols
• SAML
• OpenID
• OAuth/OpenID Connect
• WS-Federation
• Custom 11
SAML
• SAML 1.0 (2002), SAML 2.0 (2005)
• Single Sign On / Single Logout
• Widely used *aaS providers [Google Apps, Salesforce]
12
OpenID
• Decentralized Single Sign On
• Single user profile
• Widely used for community & collaboration aspects
• OpenID is dying
13
14
OAuth/OpenID Connect
• OAuth for Identity Delegation
• OpenID Connect based on OAuth for authentication
• Securing RESTful services
15
16
17
Different User preferences
• Social login
Gartner predicts, by the end of 2015, 50% of all new retail customer identities will be based on social network identities.
18
The Solution?
• An Enterprise Identity Bus
• Capable of connecting various IdPs and do token transformations from various protocols.
19
Chained Collaborative Federation
• Single sign-on across multiple web applications supporting heterogenous standards/protocols
• Collaborative identity federation between multiple heterogenous identity providers
• Home realm discovery
20
WSO2 Identity Server is an open source Identity and Entitlement management server, which supports SAML 2.0, OpenID, OAuth 2.0, OpenID Connect, XACML 3.0, SCIM, WS-Federation (passive) and many other identity federation patterns.
21
WSO2 Identity Server 5.0 Architecture
22
23
Demo
24
25
Business Model
Contact us !