Download - Identity Relationship Management - The Right Approach for a Complex Digital World Webinar
© 2016 ForgeRock. All rights reserved.
Identity Relationship Management The Future's So Bright, I Gotta Wear Shades
Daniel Raskin, SVP Product Management Chris Kawalek, Director of Product Marketing
© 2016 ForgeRock. All rights reserved.
Relationship Management
© 2016 ForgeRock. All rights reserved.
Iden%ty
Users
© 2016 ForgeRock. All rights reserved.
Iden%ty
Iden%ty
Iden%ty
Iden%ty
Iden%ty
Iden%ty
Iden%ty
Iden%ty
Iden%ty
Iden%ty
Iden%ty
Iden%ty
Users, Devices, Things & Services
© 2016 ForgeRock. All rights reserved.
Identity Management Evolves to Relationship Management
Identity Lifecycle Management Users, Devices, Things & Services
© 2016 ForgeRock. All rights reserved.
Contextual Identity
© 2016 ForgeRock. All rights reserved.
Contextual Security Taking Safety to the Next Level
Passwordless Authentication
Register Device for First Time
Authorise consent child purchase
Authorise family members to use account
Authorise Data to Device / Thing
© 2016 ForgeRock. All rights reserved.
Did you just request to transfer $1,000,000.
Taro is trying to purchase Footloose on Amazon .
Is that ok?
Kayoko is reques%ng access to your car
Are you trying to open your front door?
We no%ced your are accessing our service on a iPhone. Would you like to register this device?
Would you like to authorise purchasing Show%me on your Samsung TV?
Contextual Identity Enriching the Experience
© 2016 ForgeRock. All rights reserved.
Contextual Identity Authentication, Authorisation and Consent
User Managed Access Sharing X-Ray with Doctor
© 2016 ForgeRock. All rights reserved.
Microservice Architecture
© 2016 ForgeRock. All rights reserved.
SOA is Dead, but Services on the Rise!
1990s and Early Pre-SOA
Monolith to change
2000s Traditional SOA
Autonomous but coordinated
Present Microservices
Decoupled and Independent
PWC, Agile coding in enterprise IT: Code small and local
© 2016 ForgeRock. All rights reserved.
Service to Service Interaction Authentication, Authorisation and Consent
https://api.chucknorris.com/categories/nerdy
Authenticate API Authorise API Calls Authenticate API
© 2016 ForgeRock. All rights reserved.
Scaling to Support Distributed Cloud Archs Stateless Architecture
• Flexible deployment option to address cloud elasticity and massive horizontal scalability
• Configuration can be on a per-realm basis
• Stateless = state information is encoded in JWT token
• Stateful = tokens persisted in the Core Token Service
OpenAM Server
OpenAM Server
OpenAM Server
AWS1 AWS2 AWS3
Microservices Client App
Distributed Cloud Environment
© 2016 ForgeRock. All rights reserved.
Cloud Readiness
© 2016 ForgeRock. All rights reserved.
Hybrid Cloud – One Cloud Many Pieces
© 2016 ForgeRock. All rights reserved.
The Cloud Conundrum
No Portability! Identity Baked in and Constrained to Each Cloud!
© 2016 ForgeRock. All rights reserved.
OAuth2/OIDC OAuth2/OIDC OAuth2/OIDC OAuth2
The Abstraction of Identity … Again
© 2016 ForgeRock. All rights reserved.
Cloud Automation
© 2016 ForgeRock. All rights reserved.
Cloud Native: Cattle versus Pets
© 2016 ForgeRock. All rights reserved.
Cloud Native: Cattle versus Pets
Cattle • Cattle are numbers • They are almost identical • When ill, get another (Kill it!) • Thousands of cattle on farm
Pets • Pets have names like “pussnboots” • They are lovingly hand raised • When ill, nursed back to health • 1 or 2 pets in house
Elastic Inelastic
© 2016 ForgeRock. All rights reserved.
Container Management & Deployment
Product Configuration
Product Manifests
ForgeRock Images
Java Image
Tomcat Image
…
Other Images
DOCKER REPOSITORY
© 2016 ForgeRock. All rights reserved.
Platform Ubiquity
© 2016 ForgeRock. All rights reserved.
We Must Be Better
Authen%ca%on Authoriza%on Mul%-‐Factor Adap%ve Risk Self Service Directory API Security GRC …
© 2016 ForgeRock. All rights reserved.
Unified Platform
UMA Provider Mobile OTP App Synchronization Auditing
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Auditing
Monitoring
Groups
Password Policy
Active Directory Pass-thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Role Provisioning Message Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Directory Services
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2016 ForgeRock. All rights reserved.
Identity Relationship Management: Talkin’ Bout a Revolution
Relationship Management
Cloud Automation
Cloud Readiness
Platform Ubiquity
Microservice Architecture
Contextual Identity
© 2016 ForgeRock. All rights reserved.
Demo!