Director of SecurityPrabath Siriwardena
Bring Your Own Identity (BYOID) with WSO2 Identity Server
April 23, 2014
2
About WSO2๏ Global enterprise, founded in 2005
by acknowledged leaders in XML, web services technologies, standards and open source
๏ Provides only open source platform-as-a-service for private, public and hybrid cloud deployments
๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0.
๏ Is an Active Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Foundation and W3C.
๏ Driven by Innovation
๏ Launched first open source API Management solution in 2012
๏ Launched App Factory in 2Q 2013
๏ Launched Enterprise Store and first open source Mobile solution in 4Q 2013
3
What WSO2 delivers
4
5
Gartner predicts, by the end of 2015, 50% of all new retail customer identities will be based on
social network identities.
6
Facebook is only second to China and India in terms of its user base.
7
Facebook vs. Internet User vs. World Population
8
9
Facebook vs. China vs. India
10
Enterprise Identity Social Identity
IT consumerization is an emerging topic or trend for last few years.
11
The initial consumerization hype was focused on the bring your own device (BYOD) trend.
12
13
Bring Your Own Device (BYOD)
Bring Your Own Identity (BYOID)
The rise of BYOID is being driven by users' "identity fatigue”.
14
The analyst firm Quocirca confirms that in Europe 58 percent transact directly with users from other businesses
and/or consumers; for the UK alone the figure is 65 percent.
15
In U.S only, mergers and acquisitions volume totaled to $865.1 billion in the first nine months of 2013,
according to Dealogic.
16
17
What drives BYOID?
SAML 2.0 / OpenID / OAuth 2.0 / OpenID Connect
18
SAML 1.0 Nov 2002 | SAML 1.1 Sept 2003 | SAML 2.0 2005
19
OpenID was initiated by the founder of LiveJournal, Brad Fitzpatrick.
20
By the end of 2009 – there were more than one billion OpenID accounts.
21
OpenID started to fade due to OAuth 2.0 and OpenID Connect.
22
OpenID Connect is a profile built on top OAuth 2.0.
23
OAuth is not about authentication – but, delegated authorization.
24
The standard based identity federation is the entry point to BYOID.
25
Internet Identity always - has an unsolved problem
26
SAML 2.0 dominated Identity Federation in last decade – OpenID Connect and JWT possibly lead the next.
27
Any identity management system to qualify to support BYOID - should simply go beyond standard support for Identity Federation protocols.
28
How would you mediate, transform identity tokens between different standards or protocols ?
29
WSO2 Identity Server is an open source Identity and Entitlement management server, which supports SAML 2.0, OpenID, OAuth 2.0, OpenID Connect, XACML 3.0,
SCIM, WS-Federation (passive) and many other identity federation patterns.
30
31
Ope
rato
rsService Provid ers
32
Ope
rato
rs
Service Provid ersSAML 2.0
OpenID Connect / SAML 2.0
OpenID
Connect
OpenID
Connect
33
SAML 2.0
OpenID Connect / SAML 2.0
34
SAML 2.0
SAML 2.0
SAML 2.0
SAML 2.0
35
Ope
rato
rsService Provid ers
36
1 Scenario - 1Scenario - 1http://ebuy.federationdemo.com:9766/ebuy/
37
2
OpenID ConnectRequest
Scenario - 1Scenario - 1
1502808989
38
3
OpenID ConnectRequest
Scenario - 1Scenario - 1
39
4
< credentials >
Scenario - 1Scenario - 1
User : tom_imobile
Password: tom_imobile
40
4 Scenario - 1Scenario - 1
41
5
OpenID ConnectResponse
Scenario - 1Scenario - 1
42
6
OpenID ConnectResponse
Scenario - 1Scenario - 1
43
7 Scenario - 1Scenario - 1
44
1 Scenario - 2Scenario - 2
http://azone.federationdemo.com:9766/azone/
9477808989
45
2
OpenID Connect Request
Scenario - 2Scenario - 2
46
3
SAML2.0 Request
Scenario - 2Scenario - 2
47
3
OAuth 2.0
Scenario - 2Scenario - 2
48
4
< credentials >
Scenario - 2Scenario - 2
49
4
OAuth 2.0 response
Scenario - 2Scenario - 2
50
5
SAML2 Response
Scenario - 2Scenario - 2
51
6
OpenID ConnectResponse
Scenario - 2Scenario - 2
52
7 Scenario - 2Scenario - 2
53
Business Model