Bring your own Identity (BYOID) with WSO2 Identity Server
3 likes1,551 views
This document discusses Bring Your Own Identity (BYOID) using the WSO2 Identity Server. It provides background on WSO2 and describes how BYOID is driven by trends like social network integration and user fatigue with multiple identities. The WSO2 Identity Server supports key identity standards including SAML, OAuth, OpenID Connect and can mediate between different identity tokens to enable BYOID across different systems and protocols. Two scenarios demonstrate BYOID workflows between operators and service providers using various identity standards.
Bring your own Identity (BYOID) with WSO2 Identity Server
- 1. Director of Security Prabath Siriwardena Bring Your Own Iden5ty (BYOID) with WSO2 Iden5ty Server April 23, 2014
- 2. 2 About WSO2 ๏ Global enterprise, founded in 2005 by acknowledged leaders in XML, web services technologies, standards and open source ๏ Provides only open source plaKorm-‐as-‐ a-‐service for private, public and hybrid cloud deployments ๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0. ๏ Is an Ac5ve Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Founda5on and W3C. ๏ Driven by Innova5on ๏ Launched first open source API Management solu5on in 2012 ๏ Launched App Factory in 2Q 2013 ๏ Launched Enterprise Store and first open source Mobile solu5on in 4Q 2013
- 3. 3 What WSO2 delivers
- 4. 4
- 5. 5
- 6. Gartner predicts, by the end of 2015, 50% of all new retail customer iden<<es will be based on social network iden<<es. 6
- 7. Facebook is only second to China and India in terms of its user base. 7
- 8. Facebook vs. Internet User vs. World Popula<on 8
- 9. 9 Facebook vs. China vs. India
- 10. 10 Enterprise Identity ßà Social Identity
- 11. IT consumeriza<on is an emerging topic or trend for last few years. 11
- 12. The ini<al consumeriza<on hype was focused on the bring your own device (BYOD) trend. 12
- 13. 13 Bring Your Own Device (BYOD) à Bring Your Own Iden<ty (BYOID)
- 14. The rise of BYOID is being driven by users' "iden<ty fa<gue”. 14
- 15. The analyst firm Quocirca confirms that in Europe 58 percent transact directly with users from other businesses and/or consumers; for the UK alone the figure is 65 percent. 15
- 16. In U.S only, mergers and acquisi<ons volume totaled to $865.1 billion in the first nine months of 2013, according to Dealogic. 16
- 17. 17 What drives BYOID?
- 18. SAML 2.0 / OpenID / OAuth 2.0 / OpenID Connect 18
- 19. SAML 1.0 à Nov 2002 | SAML 1.1 à Sept 2003 | SAML 2.0 à 2005 19
- 20. OpenID was ini<ated by the founder of LiveJournal, Brad Fitzpatrick. 20
- 21. By the end of 2009 – there were more than one billion OpenID accounts. 21
- 22. OpenID started to fade due to OAuth 2.0 and OpenID Connect. 22
- 23. OpenID Connect is a profile built on top OAuth 2.0. 23
- 24. OAuth is not about authen<ca<on – but, delegated authoriza<on. 24
- 25. The standard based iden<ty federa<on is the entry point to BYOID. 25
- 26. Internet Iden<ty always -‐ has an unsolved problem 26
- 27. SAML 2.0 dominated Iden<ty Federa<on in last decade – OpenID Connect and JWT possibly lead the next. 27
- 28. Any iden<ty management system to qualify to support BYOID -‐ should simply go beyond standard support for Iden<ty Federa<on protocols. 28
- 29. How would you mediate, transform iden<ty tokens between different standards or protocols ? 29
- 30. WSO2 Iden<ty Server is an open source Iden<ty and En<tlement management server, which supports SAML 2.0, OpenID, OAuth 2.0, OpenID Connect, XACML 3.0, SCIM, WS-‐Federa<on (passive) and many other iden<ty federa<on palerns. 30
- 32. 32 Operators ServiceProviders SAML 2.0 OpenID Connect / SAML 2.0 OpenIDConnect OpenIDConnect
- 33. 33 SAML 2.0 OpenID Connect / SAML 2.0
- 34. 34 SAML 2.0 SAML 2.0 SAML 2.0 SAML 2.0
- 36. 36 1 Scenario - 1 http://ebuy.federationdemo.com:9766/ebuy/
- 37. 37 2 OpenID Connect Request Scenario - 1 1502808989
- 39. 39 4 < credentials > Scenario - 1 User : tom_imobile Password: tom_imobile
- 40. 40 4 Scenario - 1
- 43. 43 7 Scenario - 1
- 44. 44 1 Scenario - 2 http://azone.federationdemo.com:9766/azone/ 9477808989
- 45. 45 2 OpenID Connect Request Scenario - 2
- 46. 46 3 SAML2.0 Request Scenario - 2
- 47. 47 3 OAuth 2.0 Scenario - 2
- 48. 48 4 < credentials > Scenario - 2
- 49. 49 4 OAuth 2.0 response Scenario - 2
- 50. 50 5 SAML2 Response Scenario - 2
- 52. 52 7 Scenario - 2
- 54. Contact us !