providing nextgen identity solutions in a legacy world - cis 2014
DESCRIPTION
Businesses are moving quickly to take advantage of the power of the cloud, mobility, and “The Industrial Internet.” At GE, these forces are changing the authentication landscape on a constant basis. But how do enable your business to take advantage of new technology while maintaining the services they still rely on? The presenter will explain the partnership formation between design teams and service delivery teams to leverage existing infrastructure and quickly operationalize new identity services like OAuth, SCIM, and OpenID Connect while also managing a 300% increase in traditional SAML-based integrations.TRANSCRIPT
![Page 1: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/1.jpg)
Providing NextGen Identity Solutions in a Legacy World
Steve “Hutch” HutchinsonSSO Service Leader, [email protected]@IdentityHutch
![Page 2: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/2.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 2
A disclaimer …The views and opinions expressed in this presentation are my own and do not necessarily represent the views or opinions of the General Electric Company or any of its subsidiaries.
![Page 3: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/3.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 3
Thanks Daniel … no pressure
![Page 4: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/4.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 4
A warning
SOLUTIONS AT CIS ARE NOTAS CLOSE AS THEY APPEARbut they could be closer …
![Page 5: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/5.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 5
SAML is dead?
0
100
200
300
400
500
2013 201420122011201020092008
SAM
L In
tegr
ation
s
Year
!
“SAML is not dead. It’s done. Which means we can use it.”
- Dale Olds at CIS2013
![Page 6: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/6.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 6
Getting from here to there
![Page 7: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/7.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 7
Where is here?
SSO LDAP
Policy Decision Point
WebServer
Web Access Management
FederationServer
Agent
Identity FederationSAML, STS, OAuth, OpenID
Virtual Directory
Interceptor Script
LDAP AuthenticationMulti-Source Directory Views
Web Agent
B2BB2C
HR SystemActive Directory
7500
+ ap
plic
ation
s
475+
Fed
erati
ons
350+
dire
ctor
ies
5 million accounts ~500,000 accounts
18 policy sets
Registration Apps
![Page 8: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/8.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 8
Enter FastWorks
![Page 9: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/9.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 9
Migration from data centers to cloudWeb
Server
PDP
Fed IdP
Agent
ShibbolethPlugin
Traditional Web Access Management
SAML
Policy& User
Stores
![Page 10: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/10.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 10
Bring Your Own Identity (BYOI)
Fed IdP
User Store
Web/App Server
Select IDP
ATTESTATIONNETWORK
PDP
ShibbolethPlugin
Agent
SCIM
![Page 11: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/11.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 11
The API economy
Web/App Server API
Registry
OAuth
Fed IdPXML Gateway
![Page 12: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/12.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 12
Top drivers for Identity• Migration from data centers to cloud• Bring Your Own Identity (BYOI)• API economy• Mobile devices, access anywhere• Right-sized authentication• ABAC replacing RBAC• UX improvements• Industrial internet (Internet of Things)
![Page 13: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/13.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 13
Barriers to new service offerings
ServiceDesign
ServiceDelivery
![Page 14: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/14.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 14
Building a unified, agile service team
ServiceDesign
ServiceDelivery
• Create change• Add or modify features
• Create stability• Create or enhance services
ENABLING the business!
![Page 15: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/15.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 15
The big wins
• Communication, communication, communication
• Eliminate finger-pointing
• Team engagement from concept to delivery
• Delivery provides feedback loop for service improvement
• Huge reduction in cycle times
![Page 16: Providing NextGen Identity Solutions in a Legacy World - CIS 2014](https://reader035.vdocument.in/reader035/viewer/2022062706/557ad253d8b42add288b4ee6/html5/thumbnails/16.jpg)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 16
Questions?
Steve “Hutch” Hutchinson
[email protected]@IdentityHutch