Incredible Edible Identity
description
Transcript of Incredible Edible Identity
IRM Summit 2014
Incredible Edible Identity
Jamie Nelson
Jonathan Scudder
Jake Feasel
2IRM Summit 2014
Evolution To IRM
Employees
Consumers
Employees &Partners
Things
PerimeterPerimeter Federation
Perimeter-lessFederation
Cloud / SaaS
Perimeter-lessFederation
CloudSaaS
Mobility
AttributesContext
Stateless
Relationships
3IRM Summit 2014
ForgeRock Products
Context-Based Access Management
Cloud-Focused Identity
Administration
Internet Scale
Directory Services
Unifying Enterprise and Cloud Identity Infrastructure
No Touch SSO to enterprise, legacy, and custom apps
Hands-free protection of
mobile apps and APIs
Identity Relationship Management PlatformOnly Unified Platform – Only Customer-Scale Platform -- Supports any
application, device, or “thing”
FORGEROCK.COM | CONFIDENTIAL
SecureMobileSecureConnectCloudConnect
4IRM Summit 2014
ForgeRock Deployment
Por
tals
, ap
plic
atio
ns,
web
ser
vice
s, A
PI’s
• Registration & Self-Service• Auditing & Compliance• Workflow & Reporting• Native connectors• REST API
• Authentication & session• Authorization & policy• Entitlements• Federation• REST API
• Identity Store• Directory Proxy• REST API
Partners
• Reverse Proxy • App Gateway Legacy Apps
ICF
• IdentityConnector
FrameworkIden
tity
A
dm
inis
trat
ion
Acc
ess
Man
agem
ent
Iden
tity
Dat
a
• Provisioning• SSO
Cloud Apps
Consumers & Customers
Enterprise Apps
Devices & Things
• Federation
Data Centers
• HA • Replication
CloudCONNECT
SecureConnect
5IRM Summit 2014
Niche Vendor
Access Management
Provisioning
Services
Directo
ry Service
sSaaS
Bridging
Application Gateway
Mobile Enablement
Great At One Problem Space Pick One
FORGEROCK.COM | CONFIDENTIAL
6IRM Summit 2014
Niche Deployment
Por
tals
, ap
plic
atio
ns,
web
ser
vice
s, A
PI’s
• Registration & Self-Service• Auditing & Compliance• Workflow & Reporting• Native connectors• REST API
• Authentication & session• Authorization & policy• Entitlements• Federation• REST API
• Identity Store• Directory Proxy• REST API
Partners
• Reverse Proxy • App Gateway Legacy Apps
• IdentityConnector
FrameworkIden
tity
A
dm
inis
trat
ion
Acc
ess
Man
agem
ent
Iden
tity
Dat
a
• Provisioning• SSO
Cloud Apps
Consumers & Customers
Enterprise Apps
Devices & Things
• Federation
Data Centers
• HA • Replication
7IRM Summit 2014
Leading Stack VendorsAcquisition Architecture – Employee Scale – Massive TCO
Access Manager
Identity Federation
Identity Manager
Mobile Security Suite
Directory Server
Entitlements Server
Enterprise SSO
Identity Governance
Adaptive Access
Web Services Security
Enterprise AppsMobile Apps Things
8IRM Summit 2014
Stack Vendor’s Deployment
Por
tals
, ap
plic
atio
ns,
web
ser
vice
s, A
PI’s
Professional Services
Partners
Legacy Apps
Iden
tity
A
dm
inis
trat
ion
Acc
ess
Man
agem
ent
Iden
tity
Dat
a
Cloud Apps
Consumers & Customers
Enterprise Apps
Devices & Things
Data Centers
9IRM Summit 2014
Integrated Stack Components
■ Simple, Integrated, Modular, High Scale
■ ForgeRock REST (CREST)
■ Authn and Authz Filters
■ ForgeRock UI
■ OpenID Connect, OAuth, SAML2
10IRM Summit 2014
OpenAM
ForgeRock REST (Commons REST)ForgeRock REST (Commons REST)
Protected ResourcesProtected Resources
WebAgentsWeb
AgentsJavaEEAgentsJavaEEAgents
Web ServicesAgents
Web ServicesAgents
User InterfaceUser Interface
End User End User
ForgeRock UI FrameworkForgeRock UI Framework
Core ServicesCore Services
Authentication Authentication EntitlementsEntitlements Session Session AuditAuditOAuthOAuth
Core Token Service Core Token Service OpenID Connect OpenID
Connect Configuration Configuration
PolicyPolicy User Management
User Management
Secure Token Service
Secure Token ServiceXACMLXACML Federation Federation
SPIs SPIs
Authentication Plugins
Authentication Plugins
Policy PluginsPolicy Plugins
User MgmtPlugins
User MgmtPlugins
Token ServicePlugins
Token ServicePlugins
Federation Plugins
Federation Plugins
Persistence (OpenDJ)
Universal GatewayUniversal Gateway
Management Management
11IRM Summit 2014
OpenIDM OSGI OSGI
Persistence (OrientDB)
ForgeRock UI FrameworkForgeRock UI Framework
ForgeRock REST RouterForgeRock REST Router
Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)
Authentication Filter (JASPI)Authentication Filter (JASPI)
Jetty Web ServerJetty Web Server
ConfigurationConfigurationManaged Users
Managed Users Sync/ReconSync/Recon System
(Connectors)System
(Connectors)
SchedulerScheduler Task Scanner
Task ScannerAudit/LogsAudit/Logs
PolicyPolicy AuditAudit
12IRM Summit 2014
OpenDJUser InterfaceUser Interface
End User End User Management Management
ForgeRock UI FrameworkForgeRock UI Framework
ForgeRock REST ForgeRock REST
Core ServerCore Server
Replication Replication AuditingAuditingLDAPV3 LDAPV3 Caching Caching Monitoring Monitoring
Password Policy
Password Policy GroupsGroups Schema
ManagementSchema
ManagementREST2LDAPREST2LDAP Access Control Access Control
Backend ServicesBackend Services
PersistencePersistence ConnectorsConnectors LDIFLDIF MemoryMemoryChange LogChange Log
Java SDK/ LDAPv3 Java SDK/ LDAPv3
Web ApplicationWeb Application
REST2LDAPREST2LDAP
ForgeRock REST ForgeRock REST
13IRM Summit 2014
CloudConnect OSGI OSGIConfiguration WizardConfiguration Wizard
OpenIDMOpenIDM
Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)
Authentication JASPI (AD and IWA)Authentication JASPI (AD and IWA)
Jetty Web ServerJetty Web Server
Salesforce and LDAPSalesforce and LDAPOAuthOAuth FederationFederation
ForgeRock UI FrameworkForgeRock UI Framework
Reporting and ReconReporting and Recon
14IRM Summit 2014
SecureConnect
Core ProcessingCore Processing
Http ConnectorHttp Connector
HTTP ListenerHTTP Listener
ChainsChainsFiltersFilters FunctionsFunctions HandlersHandlers
ScriptingScripting AuditAudit
15IRM Summit 2014
API Strategy
Conscious, proactive designDeveloper-focused Consistent
Easy to useModern
16IRM Summit 2014
API Strategy
Conscious, proactive designDeveloper-focused Consistent
Easy to useModern
JSONREST
ROA
17IRM Summit 2014
API Strategy
18IRM Summit 2014
CREST API
19IRM Summit 2014
CREST Framework
20IRM Summit 2014
AuthN and AuthZ Filters
21IRM Summit 2014
Open Identity Stack UI Model
■ “Single-Page Web App” style
■ Single UI model for all products
■ Built on ForgeRock REST (CREST)
■ Common UIs for: – User management– Registration and Self Service– Login and Password Reset
■ Build on shared services for Authentication
22IRM Summit 2014
ForgeRock UI Library Stack
jQuery (General utlity) + jQuery UI (Widgets)
Backbone.js + Require.js (Modular MVC Architecture)
Handlebars.js (Templating)
Underscore.js (General utility)
Less.js (CSS preprocessor)
Built on ForgeRock REST and Common Services
Caters to the web developers of today
23IRM Summit 2014
Demo■ OpenAM as the IDP
■ OpenDJ as the User and Config Store
■ OpenIDM provisioning to DJ
■ Commons– ForgeRock REST in OpenAM, OpenIDM, OpenDJ– Filters protecting OpenIDM– ForgeRock UI in OpenIDM and OpenAM
24IRM Summit 2014
Questions ?