Providing NextGen Identity Solutions in a Legacy World - CIS 2014

Providing NextGen Identity Solutions in a Legacy World

Steve “Hutch” HutchinsonSSO Service Leader, GEsehutchinson@gmail.com@IdentityHutch

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 2

A disclaimer …The views and opinions expressed in this presentation are my own and do not necessarily represent the views or opinions of the General Electric Company or any of its subsidiaries.

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 3

Thanks Daniel … no pressure

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 4

A warning

SOLUTIONS AT CIS ARE NOTAS CLOSE AS THEY APPEARbut they could be closer …

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 5

SAML is dead?

0

100

200

300

400

500

2013 201420122011201020092008

SAM

L In

tegr

ation

s

Year

!

“SAML is not dead. It’s done. Which means we can use it.”

- Dale Olds at CIS2013

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 6

Getting from here to there

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 7

Where is here?

SSO LDAP

Policy Decision Point

WebServer

Web Access Management

FederationServer

Agent

Identity FederationSAML, STS, OAuth, OpenID

Virtual Directory

Interceptor Script

LDAP AuthenticationMulti-Source Directory Views

Web Agent

B2BB2C

HR SystemActive Directory

7500

+ ap

plic

ation

s

475+

Fed

erati

ons

350+

dire

ctor

ies

5 million accounts ~500,000 accounts

18 policy sets

Registration Apps

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 8

Enter FastWorks

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 9

Migration from data centers to cloudWeb

Server

PDP

Fed IdP

Agent

ShibbolethPlugin

Traditional Web Access Management

SAML

Policy& User

Stores

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 10

Bring Your Own Identity (BYOI)

Fed IdP

User Store

Web/App Server

Select IDP

ATTESTATIONNETWORK

PDP

ShibbolethPlugin

Agent

SCIM

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 11

The API economy

Web/App Server API

Registry

OAuth

Fed IdPXML Gateway

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 12

Top drivers for Identity• Migration from data centers to cloud• Bring Your Own Identity (BYOI)• API economy• Mobile devices, access anywhere• Right-sized authentication• ABAC replacing RBAC• UX improvements• Industrial internet (Internet of Things)

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 13

Barriers to new service offerings

ServiceDesign

ServiceDelivery

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 14

Building a unified, agile service team

ServiceDesign

ServiceDelivery

• Create change• Add or modify features

• Create stability• Create or enhance services

ENABLING the business!

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 15

The big wins

• Communication, communication, communication

• Eliminate finger-pointing

• Team engagement from concept to delivery

• Delivery provides feedback loop for service improvement

• Huge reduction in cycle times

Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 16

Questions?

Steve “Hutch” Hutchinson

sehutchinson@gmail.com@IdentityHutch