Bring your own Identity (BYOID) with WSO2 Identity Server

Director of SecurityPrabath Siriwardena

Bring Your Own Identity (BYOID) with WSO2 Identity Server

April 23, 2014

2

About WSO2๏ Global enterprise, founded in 2005

by acknowledged leaders in XML, web services technologies, standards and open source

๏ Provides only open source platform-as-a-service for private, public and hybrid cloud deployments

๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0.

๏ Is an Active Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Foundation and W3C.

๏ Driven by Innovation

๏ Launched first open source API Management solution in 2012

๏ Launched App Factory in 2Q 2013

๏ Launched Enterprise Store and first open source Mobile solution in 4Q 2013

3

What WSO2 delivers

4

5

Gartner predicts, by the end of 2015, 50% of all new retail customer identities will be based on

social network identities.

6

Facebook is only second to China and India in terms of its user base.

7

Facebook vs. Internet User vs. World Population

8

9

Facebook vs. China vs. India

10

Enterprise Identity Social Identity

IT consumerization is an emerging topic or trend for last few years.

11

The initial consumerization hype was focused on the bring your own device (BYOD) trend.

12

13

Bring Your Own Device (BYOD)

Bring Your Own Identity (BYOID)

The rise of BYOID is being driven by users' "identity fatigue”.

14

The analyst firm Quocirca confirms that in Europe 58 percent transact directly with users from other businesses

and/or consumers; for the UK alone the figure is 65 percent.

15

In U.S only, mergers and acquisitions volume totaled to $865.1 billion in the first nine months of 2013,

according to Dealogic.

16

17

What drives BYOID?

SAML 2.0 / OpenID / OAuth 2.0 / OpenID Connect

18

SAML 1.0 Nov 2002 | SAML 1.1 Sept 2003 | SAML 2.0 2005

19

OpenID was initiated by the founder of LiveJournal, Brad Fitzpatrick.

20

By the end of 2009 – there were more than one billion OpenID accounts.

21

OpenID started to fade due to OAuth 2.0 and OpenID Connect.

22

OpenID Connect is a profile built on top OAuth 2.0.

23

OAuth is not about authentication – but, delegated authorization.

24

The standard based identity federation is the entry point to BYOID.

25

Internet Identity always - has an unsolved problem

26

SAML 2.0 dominated Identity Federation in last decade – OpenID Connect and JWT possibly lead the next.

27

Any identity management system to qualify to support BYOID - should simply go beyond standard support for Identity Federation protocols.

28

How would you mediate, transform identity tokens between different standards or protocols ?

29

WSO2 Identity Server is an open source Identity and Entitlement management server, which supports SAML 2.0, OpenID, OAuth 2.0, OpenID Connect, XACML 3.0,

SCIM, WS-Federation (passive) and many other identity federation patterns.

30

31

Ope

rato

rsService Provid ers

32

Ope

rato

rs

Service Provid ersSAML 2.0

OpenID Connect / SAML 2.0

OpenID

Connect

OpenID

Connect

33

SAML 2.0

OpenID Connect / SAML 2.0

34

SAML 2.0

SAML 2.0

SAML 2.0

SAML 2.0

35

Ope

rato

rsService Provid ers

36

1 Scenario - 1Scenario - 1http://ebuy.federationdemo.com:9766/ebuy/

37

2

OpenID ConnectRequest

Scenario - 1Scenario - 1

1502808989

38

3

OpenID ConnectRequest


39

4

< credentials >


User : tom_imobile

Password: tom_imobile

40

4 Scenario - 1Scenario - 1

41

5

OpenID ConnectResponse


42

6



43


44


http://azone.federationdemo.com:9766/azone/

9477808989

45

2

OpenID Connect Request


46

3

SAML2.0 Request


47

3

OAuth 2.0


48

4

< credentials >


49

4

OAuth 2.0 response


50

5

SAML2 Response


51

6



52


53

Business Model

Contact us !

http://wso2.com/contact

https://twitter.com/wso2

https://www.facebook.com/WSO2Inc

Technology

Bring your own Identity (BYOID) with WSO2 Identity Server