Synergies across APIs and IAM
Download as PPTX, PDF1 like202 views
This document discusses synergies between APIs and identity and access management (IAM) for digital transformation. It describes how APIs can help digitize delivery channels and create highly connected business offerings, while IAM capabilities like identity management, authentication, authorization, and analytics can enable personalized user experiences. The document promotes WSO2's API management and identity server products, which provide API management, security, integration, and IAM features to help businesses transform digitally.
Synergies across APIs and IAM
- 1. Synergies Across APIs and IAM Ingredients For winning digital transformation strategy Nov , 2017 Sagara Gunathunga - Director, WSO2
- 2. ABOUT WSO2 2 Mountain View, New York, London, Sao Paolo, Colombo Founded in 2005 Venture backed by Cisco and Toba Capital 450 Employees; 300 Engineers 400+ Customers, 120 New Customers in 2016 Profitable Business since 2016
- 3. OPEN TECHNOLOGY FOR AGILE DIGITAL BUSINESS 3 Build internal and external developer ecosystems with an API marketplace. Manage identity, security, and privacy across your digital business. Make mobile and IoT devices integral to your digital business. Create real-time, intelligent, actionable business insights and data products. Platform enable your digital business with “micro-services” and “micro-integrations”.
- 4. Digital Transformation will decide and shape The destiny of your business
- 5. Digital Transformation is no longer a nice to have or a differentiator, it’s about the survival of your business Is it the Right Time to Think? A nice to have A differentiator For survival
- 6. Is it Real? Look Around You!
- 7. Is it Real?
- 8. Digitize Delivery Channels Personalized User Experience Highly connected business offerings Digital Transformation
- 9. • Sales increasingly based on real user reviews and ratings than traditional marketing • Physical stores replaced with digital channels (web stores, mobile apps, IVR solutions) • Fast consumer response time and convenience means connectivity (e.g. Facebook, Twitter, WhatsApp) Challenge 1 - Digitize Delivery Channels
- 10. Generic user experiences don’t work, consumers now expect – A highly personalized experience – Control over preferences – Relativeness of content Challenge 2 - Personalized User Experience
- 11. Fulfill all the related business requirements at one-stop. • Save consumer time and avoid data duplications. • Fast and efficient B2B integration. • Adoption of open business interfaces Challenge 3 - Highly connected business offerings
- 12. Synergies Across APIs and IAM is the right answer
- 13. API Management Digitize Delivery Channels Highly connected business offerings
- 14. Reality of Enterprise Systems Landscape ● Enterprise systems are complex ● Enterprise systems are bureaucratic ● Cannot afford the luxury of complete re-write or having a clean slate ● Comes with years of baggage 14
- 15. 15 API Always Comes First
- 16. 16 Present Day Enterprise Architecture Analytics Continuous-* Security & Access Management API / Service discovery Dev toolsDevops tools Service router API Gateway Core Microservices Data Container(s) Delivery channels Digital Products Messaging Channels Integration MicroservicesExisting Services
- 17. 17 APIs are found in Every Layer
- 18. 18 The modern API ● RESTful & JSON savvy - being lightweight, REST style conformant ● Well documented - Methods, operations, responses, error codes etc ● Manageable (life-cycle, version) ● Discoverable - Searchable, testable ● Measurable ● Secured - Multiple security protocol support, transformable
- 19. Key Performance Factors of an API Platform ● Security ● Rate Limiting ● Integration ● Analytics 19
- 21. Security: Identity ● Authentication ● Single Sign On ● Federation ● Authorization 21 Authenticate via Facebook to Airbnb APIs
- 22. Security: Access Delegation ● Secure Trusted Clients ● Secure Untrusted Clients ● Unsecure Clients ● System to System Auth/z 22 People Apps
- 23. Rate Limiting: Front End ● Monetization ● Burst Control ● Fair Usage Policy ● Geographical Distribution ● Distribution by Device Type 23 People Apps Gateway
- 24. Rate Limiting: Back-End ● Prevent Total Service Outage at Peaks ● Back-End Server Maintenance 24 Gateway Services and Data
- 26. Integration 26
- 28. Analytics: Operational ● API Latency Distribution ● Alerting on Abnormalities ● API Health 28
- 29. WSO2 API Manager
- 30. 30 ● Currently at version 2.1.0 with over 6 years of engineering improvements across 15 stable releases ● Geo distributed and clustered deployments ○ In production at StubHub / Verizon / Motorola / BYU / BNY ● Same code base at WSO2 API Cloud running with four 9s uptime ● One major and 3 minor releases per year ● Automated deployment with puppet ● Containerized with Docker Battle hardened
- 31. 31 WSO2 API Manager ● Available as a single downloadable package ● Available as a cloud / SaaS solution ● Flexible deployment choices ● High performance gateway ● API governance, marketplace solution
- 32. 32 Cloud First or Start On-Prem ● Multi-tenanted, shared everything ● WSO2 Hosted and managed ● Pay as you go ● Multi-region availability ● VPN tunnel to private DC ● Guaranteed uptime ● Limited options in customizing ● Privately hosted ● WSO2 managed ● Upgrades, patches installation ● Guaranteed uptime ● Full flexibility in customization ● Better control ● Self hosted ● Self managed ● Full flexibility ● Dev-ops learning curve ● Self managed upgrades http://wso2.com/api-management/cloud/ https://docs.wso2.com/display/ManagedCl oud/WSO2+Managed+Cloud+Documenta tion
- 33. 33 Componentized
- 34. Identity and Access Management Personalized User Experience Highly connected business offerings
- 35. Users onboarding • Employees vs. customers • Self signup • Self signup with verification • Approval workflows
- 36. Bring Your Own Identity (BYOI) New to Hi! Sign Up Welcome Sagara
- 37. Authentication • Multi-factor authentication • Adaptive authentication • FIDO U2F, TOTP, SMS/Email OTP • LDAP, Database, AD
- 38. Social Authentication New to Hi! Sign Up Welcome Sagara
- 39. Two-Factor Authentication STEP 1 STEP 2 Welcome Sagara
- 40. Authorization • Role-based • Attribute-based • XACML REST API • Policy templates
- 41. Single sign-on (SSO) • Social logins eliminate password management complexities from consumer and business side • Out-of-the-box support for strong authentication options, such as 2-factor authentication Welcome Welcome
- 42. Self-service • User portal • Password reset • Self access requests • Consent management • Profile update • Password reset • Account recovery
- 43. Monitoring and Analytics • Login analytics • Session analytics • Fraud detection/prevention
- 45. ▪ Addresses critical IAM needs both in customer IAM and workforce IAM spaces ▪ Most of the WSO2 IS deployments are to address CIAM needs ▪ Extensive support for open standards - no vendor locking ▪ Large scale deployments over millions of users ▪ Rich eco system with 40+ connectors (https://store.wso2.com/store/assets/isconnector/list) ▪ Support for multi-tenancy ▪ Web based management console and user portal (with easily customizable theme) ▪ Extensible product architecture to address complex IAM needs ▪ Docker friendly deployment ▪ Latest release - WSO2 Identity Server 5.3.0 WSO2 IDENTITY SERVER Overview
- 46. ▪ 75+ active subscribers, 200+ instances under subscription ▪ Key OEMs ○ WSO2 API Manager (Key Manager Profile) ○ WSO2.Telco ○ Ellucian (340 customers) ○ Accenture ▪ 1000+ product downloads each month ▪ 100% year to year growth of direct WSO2 IS customer base for last three years. ▪ 100% open source (both the source code and the binaries are released under most business friendly Apache 2.0 open source license) WSO2 IDENTITY SERVER Adoption
- 47. ▪ Accounts management and identity provisioning ▪ Single sign-on and identity federation ▪ Identity broker ▪ Fine-grained access control ▪ Identity analytics WSO2 IDENTITY SERVER Focus Areas
- 48. ▪ Support for heterogenous identity stores: database, LDAP, AD ▪ Largest deployment of WSO2 IS in Saudi Arabia (4M+ users in a MS SQL database) ▪ State of Arizona uses WSO2 IS for both CIAM and workforce IAM over a MSSQL database and AD ▪ Seagate uses WSO2 IS to manage 1M+ users/customers (Oracle DB) ▪ Trimble uses WSO2 IS to manage 1M+ users/customer (OpenLDAP) ACCOUNTS MANAGEMENT & IDENTITY PROVISIONING Multiple Identity Stores
- 49. ACCOUNTS MANAGEMENT & IDENTITY PROVISIONING Self Service
- 50. ▪ SAML 2.0 ▪ OpenID Connect (OAuth 2.0) ▪ WS-Federation ▪ CAS ▪ OpenID ▪ GSMA Mobile Connect SINGLE SIGN-ON & IDENTITY FEDERATION Open Standards
- 51. ▪ Multi-option based login ▪ Multi-factor authentication ▪ FIDO U2F, TOTP (Google Authenticator), OTP over SMS, OTP over Email, Certificates, mePin, Duo Security, RSA SecurID ▪ OTP over SMS is the most used one in WSO2 IS deployments ▪ Nutanix uses Google Authenticator to secure access to WSO2 IS admin console. SINGLE SIGN-ON & IDENTITY FEDERATION Strong Authentication
- 52. ▪ Enable Social Login by service provider ▪ Facebook, LinkedIn, Twitter, Google, Yahoo, Microsoft Live SINGLE SIGN-ON & IDENTITY FEDERATION Social Login
- 53. IDENTITY ANALYTICS Login Analytics ▪ Track success/failed login attempts by user/service provider/identity provider. ▪ Detect anomalous login behaviours.
- 54. IDENTITY ANALYTICS Session Analytics ▪ Track all the sessions in the system by user and the duration of the session