Upload
wso2
View
252
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Bring Your Own Iden/ty (BYOID)
Prabath Siriwardena (@prabath) Director of Security
WSO2
Gartner predicts, by the end of 2015, 50% of all new retail customer iden<<es will be
based on social network iden<<es.
Facebook is only second to China and India in terms of its user base.
Facebook vs. Internet User vs. World Popula<on
Facebook vs. China vs. India
Enterprise Iden<ty ßà Social Iden<ty
IT consumeriza<on is an emerging topic or trend for last few years.
The ini<al consumeriza<on hype was focused on the bring your own
device (BYOD) trend.
Bring Your Own Device (BYOD) à
Bring Your Own Iden<ty (BYOID)
The rise of BYOID is being driven by users' "iden<ty fa<gue”.
The analyst firm Quocirca confirms that in Europe 58 percent transact directly with users from other
businesses and/or consumers; for the UK alone the figure is 65 percent.
In U.S only, mergers and acquisi<ons volume totaled to $865.1 billion in the first nine months of 2013,
according to Dealogic.
What drives BYOID?
SAML 2.0 / OpenID / OAuth 2.0 / OpenID Connect
SAML 1.0 à Nov 2002 | SAML 1.1 à Sept 2003 | SAML 2.0 à 2005
OpenID was ini<ated by the founder of LiveJournal, Brad Fitzpatrick.
By the end of 2009 – there were more than one billion OpenID accounts.
OpenID started to fade due to OAuth 2.0 and OpenID Connect.
OpenID Connect is a profile built on top OAuth 2.0.
OAuth is not about authen<ca<on – but, delegated authoriza<on.
The standard based iden<ty federa<on is the entry point to BYOID.
Internet Iden<ty always -‐ has an unsolved problem
SAML 2.0 dominated Iden<ty Federa<on in last decade – OpenID Connect and JWT
possibly lead the next.
Any iden<ty management system to qualify to support BYOID -‐ should simply go beyond standard
support for Iden<ty Federa<on protocols.
How would you mediate, transform iden<ty tokens between different standards or protocols ?
WSO2 Iden<ty Server is an open source Iden<ty and En<tlement management server, which supports SAML 2.0, OpenID, OAuth 2.0, OpenID Connect,
XACML 3.0, SCIM, WS-‐Federa<on (passive) and many other iden<ty federa<on palerns.
Ope
rators
Service Providers
Ope
rators
Service Providers SAML 2.0
OpenID Connect / SAML 2.0
OpenID Connect
OpenID Connect
SAML 2.0 OpenID Connect / SAML 2.0
SAML 2.0
SAML 2.0
SAML 2.0
SAML 2.0
Ope
rators
Service Providers
1 Scenario - 1
http://ebuy.federationdemo.com:9766/ebuy/
2
OpenID Connect Request
Scenario - 1
1502808989
3
OpenID Connect Request
Scenario - 1
4
< creden?als >
Scenario - 1
User : tom_imobile Password: tom_imobile
4 Scenario - 1
5
OpenID Connect Response
Scenario - 1
6
OpenID Connect Response
Scenario - 1
7 Scenario - 1
1 Scenario - 2
http://azone.federationdemo.com:9766/azone/
9477808989
2
OpenID Connect Request
Scenario - 2
3
SAML2.0 Request
Scenario - 2
3
OAuth 2.0
Scenario - 2
4
< creden?als >
Scenario - 2
4
OAuth 2.0 response
Scenario - 2
5
SAML2 Response
Scenario - 2
6
OpenID Connect Response
Scenario - 2
7 Scenario - 2
Thank You..!!!