OpenSource Identity Management with
Apache Syncope

Viale D'Annunzio, 267 - 65127 PescaraPartita IVA 01974100685
N. REA 143460Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.netinfo@tirasa.net

Agenda

Identity and Access Management

Vendor Vs Open Source solutions

Apache Syncope

Tirasa: Apache Syncope Enterprise support

What's IdM about?

Data records that contains a collection of data about a personData record Account

A person Identity

The joint effort of business
process and IT to manage user data on systems and applications.

IdM technologies

Identity StoresStorage of user information

ProvisioningSynchronize account data across identity stores and a broad range of data formats, models, meanings and purposes

Access ManagementSecurity mechanisms that take place when a user is accessing a specific system or functionality

Identity Stores

ExamplesLDAP / Active Directory

RDBMS

Meta and Virtual Directories

Accounts can be created and managed in one place only

Each application manages authentication separatelyUsers may use the same password for all connected applications

Aren't Identity Stores enough?

Heterogeneity of systems

Lack of a single source of informationHR for corporate id, Groupware for mail address, ...

Need for a local user database

Inconsistent policies

Lack of workflow management

Hidden infrastructure management cost, growing with organization size

Provisioning

Keeping identity stores as synchronized as possible

Need to be customizable and flexible

Priority: non-intrusiveness

Focused on application
back-end

Communication:Connectors

Agents

Identity Lifecycle

Access Management

Mediator to all access to all applications

Focused on application front-end

AspectsAuthentication (Single SignOn)

Authorization

Federation (SAML, Liberty, OAuth, OpenID, ...)

Mainly applicable to web applications

Difficult integration with pre-existing apps

IdM in practice: before...

IdM in practice: ...after!

Vendor products

Oracle (with addition of ex-Sun suite)

Novell

IBM (Tivoli)

Microsoft (Forefront)

Niche playersPing

NetIQ

SailPoint

Quest (now Dell)

Open Source non-ASF products

Identity Stores

Access Management

Provisioning

Open Source ASF projects

Identity StoresApache Directory

ProvisioningApache Syncope

Access ManagementApache Shiro

Apache Syncope

Inception by Tirasa in 2010

Entered ASF incubator in February 2012

Graduated as TLP in November 2012

Active community13 committers, 5 contributors

~130 mailing list subscribers, stable traffic

Syncope: features

Workflow-based provisioning engine
of users and roles

Account / Password policies

Agentless connection
with Identity Stores

Auditing & Reporting

Shining admin console

Customizable and
extensible by design

Syncope: architecture

Syncope: mapping

Syncope and the external world

Syncope: connectors

Based on ConnId, hosted at GitHub, new home of Sun's Identity Connectors

Ready-to-use bundles:LDAP

Active Directory

Database

CSV Directory

SOAP

Google Apps

UNIX

Write your own bundle

Syncope: roadmap

Security realms (multi-tenant scenarios)

SCIM interface

Concurrent / Asynchronous communication with external resources

Access Management features

More at http://s.apache.org/SyncopeRoadmap

Syncope: (some) success stories

Italian limited company established in 2011

Small, highly skilled staffDeliverying IAM solutions for Sun Microsystems for 10 years

Instructors of IdM, Access Manager and Directory Server for Sun Microsystem's courses

Creates and leverages Open Source tools for Enterprise IntegrationConnId

Hippo Cocoon Toolkit

Product evaluationIntroductory workshop

Proof of Concept (PoC)

Development support

Production support

Syncope Compliance Dashboard

More at http://syncope.tirasa.net

Syncope: enterprise services

Syncope: trying it out

Online http://syncopedemo.tirasa.net

Virtual Machine image

Ubuntu Juju / Microsoft Azure

.deb packages

Standalone distribution

Quickstart projects on GitHub

Maven Archetype

Questions?