Providing NextGen Identity Solutions in a Legacy World Steve “Hutch” Hutchinson SSO Service Leader, GE [email protected] @IdentityHutch
Jun 12, 2015
Providing NextGen Identity Solutions in a Legacy World
Steve “Hutch” HutchinsonSSO Service Leader, [email protected]@IdentityHutch
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 2
A disclaimer …The views and opinions expressed in this presentation are my own and do not necessarily represent the views or opinions of the General Electric Company or any of its subsidiaries.
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 3
Thanks Daniel … no pressure
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 4
A warning
SOLUTIONS AT CIS ARE NOTAS CLOSE AS THEY APPEARbut they could be closer …
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 5
SAML is dead?
0
100
200
300
400
500
2013 201420122011201020092008
SAM
L In
tegr
ation
s
Year
!
“SAML is not dead. It’s done. Which means we can use it.”
- Dale Olds at CIS2013
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 6
Getting from here to there
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 7
Where is here?
SSO LDAP
Policy Decision Point
WebServer
Web Access Management
FederationServer
Agent
Identity FederationSAML, STS, OAuth, OpenID
Virtual Directory
Interceptor Script
LDAP AuthenticationMulti-Source Directory Views
Web Agent
B2BB2C
HR SystemActive Directory
7500
+ ap
plic
ation
s
475+
Fed
erati
ons
350+
dire
ctor
ies
5 million accounts ~500,000 accounts
18 policy sets
Registration Apps
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 8
Enter FastWorks
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 9
Migration from data centers to cloudWeb
Server
PDP
Fed IdP
Agent
ShibbolethPlugin
Traditional Web Access Management
SAML
Policy& User
Stores
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 10
Bring Your Own Identity (BYOI)
Fed IdP
User Store
Web/App Server
Select IDP
ATTESTATIONNETWORK
PDP
ShibbolethPlugin
Agent
SCIM
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 11
The API economy
Web/App Server API
Registry
OAuth
Fed IdPXML Gateway
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 12
Top drivers for Identity• Migration from data centers to cloud• Bring Your Own Identity (BYOI)• API economy• Mobile devices, access anywhere• Right-sized authentication• ABAC replacing RBAC• UX improvements• Industrial internet (Internet of Things)
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 13
Barriers to new service offerings
ServiceDesign
ServiceDelivery
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 14
Building a unified, agile service team
ServiceDesign
ServiceDelivery
• Create change• Add or modify features
• Create stability• Create or enhance services
ENABLING the business!
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 15
The big wins
• Communication, communication, communication
• Eliminate finger-pointing
• Team engagement from concept to delivery
• Delivery provides feedback loop for service improvement
• Huge reduction in cycle times
Providing NextGen Identity Solutions in a Legacy World22 Jul 2014 - Page 16
Questions?
Steve “Hutch” Hutchinson
[email protected]@IdentityHutch