It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.

By Kim Cameron

Enterprise Centric Identity:Tying together all the activities and attributes of a single entity into a readily accessible (and reportable and auditable) form.

••

Internet usage on mobile devices surpasses PCs in 2014

Worldwide mobile device shipment is 10 times that of PCs (Desktops and Notebooks)

•–––

•–

•–

•

•••••••••

•••

–––––

By 2020, 70% of businesses will use attribute-based access control (ABAC) to protect critical

assets.

••••

•

•

––

•–

•

• Separation of concerns between Application layer and the Identity layer

• No universal standard• Can’t modify the service providers as well as the

Identity Providers

https://docs.wso2.com/display/IS510/Architecture

• Federation protocol agnostic• Authentication protocol agnostic• Complex authentication

– Multi-option– multi-step– Step-up authentication– Adaptive authentication

• Trust brokering

• Manage Identity relationships• Multiple attribute providers• Claim transformation

– Claim mapping, aggregation and derivation• Authorization policies• Provisioning

– Rule based Just-In-Time provisioning• Centralized monitoring

Identity Mediation Language (IML)

Build a high performance, light weight mediation engine based on a declarative, domain-specific language that will, reduce time and cost to build cross-domain Identity federations between heterogenous identity protocols.