OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity...
Transcript of OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity...
![Page 1: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/1.jpg)
OpenAM Consortium Tokyo Japan
Feb 2014
Allan Foster CTO Office
![Page 2: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/2.jpg)
2
IRM
2013
Future
![Page 3: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/3.jpg)
3
IRM Origin Story …
![Page 4: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/4.jpg)
4
Evolution of Identity
Employees
Consumers
Employees &Partners
Things
Perimeter Perimeter Federation
Perimeter-lessFederation
Cloud / SaaS
Perimeter-lessFederation
CloudSaaS
Mobility
AttributesContext
Stateless
Relationships
![Page 5: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/5.jpg)
5
Identity Relationship Management Business Values …■ CONSUMERS & THINGS over employees only
■ ADAPTABLE over predictable
■ TOP LINE REVENUE over operating expense
■ VELOCITY over process and tools
![Page 6: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/6.jpg)
6
CONSUMERS & THINGSover employees only
![Page 7: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/7.jpg)
7
ADAPTABLE over predictable
![Page 8: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/8.jpg)
8
TOP LINE REVENUE over operating expense
![Page 9: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/9.jpg)
9
VELOCITYover process and tools
![Page 10: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/10.jpg)
10
IRM Technical Emphasis …
■ INTERNET SCALE over enterprise scale
■ DYNAMIC INTELLIGENCE over static intelligence
■ BORDERLESS over perimeter
■ MODULAR over monolithic
![Page 11: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/11.jpg)
11
INTERNET SCALE over enterprise scale
![Page 12: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/12.jpg)
12
DYNAMIC INTELLIGENCE over static intelligence
![Page 13: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/13.jpg)
13
BORDERLESSover perimeter
![Page 14: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/14.jpg)
14
MODULARover monolithic
![Page 15: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/15.jpg)
15
ForgeRock Technical Vision …
Next Generation Identity & Access
Management for the Modern Web
![Page 16: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/16.jpg)
16
Our Open Identity Stack Platform agnostic for
Enterprise, Social, Mobile, & Cloud Environments
Modular & Embeddable for Cloud Providers
Massively Scalable for External Enterprise Customers and private /public clouds
One common API to access ALL services
FORGEROCK.COM | CONFIDENTIAL
![Page 17: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/17.jpg)
17
Open Identity Stack
Commercial Open Source Identity Services
Web Services Security
Authentication
Authorization
Federation
Risk Engine
Policy Engine
Entitlements
Session Failover Strong AuthN
OpenAM
Provisioning
Password Reset
Synchronization
Workflow Password Management
Role Provisioning
OpenIDM
Directory Services
Replication
Directory Proxy
OpenDJ
Bridge SPE
Authentication Federation Provisioning Synchronization
Password ManagementWorkflow
Password Reset
FORGEROCK.COM | CONFIDENTIAL
![Page 18: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/18.jpg)
18
OpenAM “All-in-One” solution delivered
as a single application
Access to any application –Enterprise, SaaS, Social, Mobile
Flexible and extensible architecture
Social sign-on and one-time mobile password
Architected for consumer scale --+100M users
FORGEROCK.COM | CONFIDENTIAL
![Page 19: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/19.jpg)
OpenAM Key Features Benefits
■ Session Fail-Over architecture using embedded OpenDJ
■ Full Oauth 2.0 and OpenID Connect 1.0 support
■ Device Fingerprinting adaptive authentication support
■ Complete Mobile development support through REST APIs
■ OATH device and One Time Password support
■ Provides the highest level of HA to ensure users are always online
■ Latest protocols for simplified Federation and Mobile SSO
■ Adds advanced authentication module for fraud prevention
■ Create device agnostic applications for a Web or a native O/S apps
■ Use mobile phone as a second factor using either SMS or Soft-Token generator
FORGEROCK.COM | CONFIDENTIAL
![Page 20: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/20.jpg)
20
OpenIDM Lightweight provisioning built
on REST principles
Flexible architecture with pluggable workflow engine
Standards based APIs and scripting
Architected for consumer scale with +100’s of creates/second
FORGEROCK.COM | CONFIDENTIAL
![Page 21: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/21.jpg)
OpenIDM Key Features Benefits
■ Modern architectural design built on the OSGi framework
■ Purpose built for high scale consumer applications and services
■ Flexible data model and data store
■ Program business logic using Java or Groovy
■ Customizable UI using JSON and REST
■ Lightweight approach reduces deployment and development costs
■ Provides easy to implement provisioning, syncing for online services such as banking, insurance…
■ Reduces time and cost by leveraging existing model for managing data
■ Standards based languages enable faster development and zero lock in
■ Decoupled UI enables easy development of custom-tailored solutions
FORGEROCK.COM | CONFIDENTIAL
![Page 22: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/22.jpg)
22
OpenDJ Lightweight / embeddable
directory
LDAP / REST APIs
High availability & replication
Architected for massive scale -- +100M Users
FORGEROCK.COM | CONFIDENTIAL
![Page 23: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/23.jpg)
OpenDJKey Features Benefits
■ Java based architecture designed for scale and performance
■ Supports HA deployments with N-way multi-master replication
■ Developer friendly LDAP to REST Gateway developer tool
■ RESTful API developer access
■ Architecture supports the most demanding environments with high throughput
■ Enables global data center deployment for managing failover and disaster recovery
■ Exposes directory data as JSON resource enabling access for non-LDAP apps
■ Simplifies by using standard REST for managing all core functions
FORGEROCK.COM | CONFIDENTIAL
![Page 24: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/24.jpg)
24
ForgeRock Identity Bridge SPE Secure connection between On-Premise & Cloud infrastrcture
Technical Approach• Turnkey software appliance for
provisioning, federating and synching identities between enterprise customers and the services they offer
• Designed to be easily modified to match service provider's brand and application look and feel, and to seamlessly integrate with existing service offerings
Business Impact• Cloud Service Providers:
Increase service adoption by eliminating IDs and passwords.
• Enterprise: Eliminate copious amounts of time onboarding new cloud services.
Ease adoption of cloud services and reduce enterprise / cloud friction
FORGEROCK.COM | CONFIDENTIAL
![Page 25: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/25.jpg)
Identity Bridge SPEKey Features Benefits
Simple wizard based administration
User provisioning engine with account reconciliation
Federated SSO using SAML
Designed as a software appliance
Windows support for SSO to SaaS service
Flexible configuration
■ Enables 15 minute setup and configuration
Instantly add and remove users and sync in changes in real-time
Single Sign-on using SAML-based for secure connections
Deploys with any IAM Infrastructure in the DMZ
Leverages standard Integrated Windows AuthN and Kerboros
Can be customized for many different SaaS and data stores
FORGEROCK.COM | CONFIDENTIAL
![Page 26: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/26.jpg)
26
Our IRM Platform …
ForgeRock Open Identity
Stack
![Page 27: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/27.jpg)
27
ForgeRock TodayBuilding Relationships Across the Web
PEOPLE DEVELOPMENT
Create users / things
Delete users / things
Synchronization
Password Management
Workflow
SYSTEMS
Authentication
Coarse-grained Authorization
Fine-grained Authorization
Federated SSO
Web Services Security
CONTEXT
IP Risk-based Authentication
Device Fingerprinting
One-Time Mobile Password
Strong Authentication
Modular Services
Common REST
Session Failover
Data Replication
THINGS
Enterprise Apps
Mobile Apps
Social Apps
IP-Connected Devices
Bridge for Cloud Providers
FORGEROCK.COM | CONFIDENTIAL
![Page 28: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/28.jpg)
28
ForgeRock TomorrowBuilding Relationships Across the Web
PEOPLE DEVELOPMENT
Create users / things
Delete users / things
Synchronization
Password Management
Workflow
SYSTEMS
Authentication
Coarse-grained Authorization
Federated SSO
CONTEXT
IP Risk-based Authentication
Device Fingerprinting
One-Time Mobile Password
Strong Authentication
Risk Analytics
Modular Services
THINGS
Enterprise Apps
Mobile Apps
Social Apps
IP-Connected Devices
Role-based Provisioning
Simplified Social Sign-On
Risk-Based Authentication
Bridge for Enterprises
Mobile Security Gateway
REST Token Service
Entitlements
Common REST
Monitoring
Multi-Tenant
Performance
Bridge for SFDC
Bridge for Enterprises
![Page 29: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/29.jpg)
29
ForgeRock Roadmap
2014
20151H2014OpenIDM: Role-based ProvisioningOpenDJ: Identity ProxyOpenAM: Simplified Social Sign-on 2
2H2014Bridge Enterprise Edition (NEW)Mobile Identity Management Phase 1 (NEW)
2014 STACK ROADMAP
2015 STACK ROADMAPOpenDJ: Virtual DirectoryOpenAM: Knowledge-based AuthenticationRisk Analytics (NEW)Mobile Identity Management Phase 2 (NEW)
FORGEROCK.COM | CONFIDENTIAL
![Page 30: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/30.jpg)
30
ForgeRock Momentum• 800% sales growth from
Q4FY12 to Q4FY13• 207% sequential sales growth
from Q3FY13 to Q4FY13• Average deal size is up 166%
Year over Year.• Revenue continues to be
distributed evenly between North America and European markets.
Business is Skyrocketing
![Page 31: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/31.jpg)
31
Marquee Customers
FORGEROCK.COM | MARQUEE CUSTOMERS
![Page 32: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/32.jpg)
32
Government of Norway
“OpenAM’s simple, secure access to government services played a large part in the success of the eGovernmentinitiative”
TOR ALVIK, COOAgency for Public Management & eGoverment
5 million citizens access • Over 1 million concurrent users • 500k businesses access
Providing 4M citizens access to 300+ Government services
Tax Office
Health Economics
Agency
Water & Energy
Directorate
Labor & Welfare
Agency
FORGEROCK.COM | CONFIDENTIAL
![Page 33: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/33.jpg)
33
Norway(5M Citizens)
Government Success …
Belgium(11M Citizens)
Canada(35M Citizens)
New Zealand(650K citizens)
New Caledonia(256K Citizens
The Vatican(~1000 Citizens)
Enabling Government Services Globally!
FORGEROCK.COM | CONFIDENTIAL
![Page 34: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/34.jpg)
34
Toyota User PortalAuthenticating more than people—cars & devices included
AutomobileAuthentication
Application & Data Synchronization
1 2
Powered by ForgeRock
FORGEROCK.COM | CONFIDENTIAL
![Page 35: OpenAM Consortium Tokyo Japan Feb 2014 · Open Identity Stack. Commercial Open Source Identity Services. Web Services Security. Authentication. Authorization. Federation. ... “All-in-One”](https://reader034.fdocuments.in/reader034/viewer/2022042416/5f31cb310b2fcf2aba2f7411/html5/thumbnails/35.jpg)
Thank You!