Synergies across APIs and IAM

Synergies Across APIs and IAM

Ingredients For winning digital transformation strategy

Nov , 2017

Sagara Gunathunga - Director, WSO2

ABOUT WSO2

2

Mountain View,New York, London,Sao Paolo, Colombo

Founded in 2005Venture backed by

Cisco and Toba Capital

450 Employees;300 Engineers

400+ Customers,120 New Customers

in 2016

ProfitableBusiness since 2016

OPEN TECHNOLOGY FOR AGILE DIGITAL BUSINESS

3

Build internal and external developer ecosystems with an API marketplace.

Manage identity, security, and

privacy across your digital

business.

Make mobile and IoTdevices integral to

your digital business.

Create real-time, intelligent, actionable business insights and data products.

Platform enable your digital business with “micro-services”

and “micro-integrations”.

Digital Transformationwill decide and shape

The destiny of your business

Digital Transformation is no longer a nice to have or a differentiator, it’s about the survival of your business

Is it the Right Time to Think?

A nice to have

A differentiator

For survival

Is it Real?

Look Around You!

Is it Real?

Digitize Delivery Channels

Personalized User Experience

Highly connected business offerings

Digital Transformation

• Sales increasingly based on real user reviews and ratings than traditional marketing

• Physical stores replaced with digital channels (web stores, mobile apps, IVR solutions)

• Fast consumer response time and convenience means connectivity (e.g. Facebook, Twitter, WhatsApp)

Challenge 1 - Digitize Delivery Channels

Generic user experiences don’t work, consumers now expect

– A highly personalized experience

– Control over preferences – Relativeness of content

Challenge 2 - Personalized User Experience

Fulfill all the related business requirements at one-stop. • Save consumer time and avoid data

duplications. • Fast and efficient B2B integration. • Adoption of open business interfaces

Challenge 3 - Highly connected business offerings

Synergies Across

APIs and IAM is the right answer

API Management

Digitize Delivery Channels

Highly connected business offerings

Reality of Enterprise Systems Landscape

● Enterprise systems are complex

● Enterprise systems are bureaucratic

● Cannot afford the luxury of

complete re-write or having a clean

slate

● Comes with years of baggage

14

15

API Always Comes First

16

Present Day Enterprise Architecture

Analytics

Continuous-*

Security & Access Management API / Service discovery

Dev toolsDevops tools

Service router

API Gateway

Core Microservices Data

Container(s)

Delivery channels Digital Products

Messaging Channels Integration MicroservicesExisting Services

17

APIs are found in Every Layer

18

The modern API

● RESTful & JSON savvy - being lightweight, REST style conformant

● Well documented - Methods, operations, responses, error codes etc

● Manageable (life-cycle, version)

● Discoverable - Searchable, testable

● Measurable

● Secured - Multiple security protocol support, transformable

Key Performance Factors of an API Platform

● Security

● Rate Limiting

● Integration

● Analytics

19

API Gateway

20

Security

Rate

Limiting

Integration

Analytics

Gateway

Apps Services and

Data

Security: Identity

● Authentication

● Single Sign On

● Federation

● Authorization

21

Authenticate via Facebook to Airbnb APIs

Security: Access Delegation

● Secure Trusted Clients

● Secure Untrusted Clients

● Unsecure Clients

● System to System Auth/z

22

People Apps

Rate Limiting: Front End

● Monetization

● Burst Control

● Fair Usage Policy

● Geographical Distribution

● Distribution by Device Type

23

People Apps Gateway

Rate Limiting: Back-End

● Prevent Total Service

Outage at Peaks

● Back-End Server

Maintenance

24

Gateway

Services

and Data

Integration

25

Interface

Integration

Integration

26

Analytics: Statistical Analysis

27

Analytics: Operational

● API Latency Distribution

● Alerting on Abnormalities

● API Health

28

WSO2 API Manager

30

● Currently at version 2.1.0 with over 6 years of engineering improvements

across 15 stable releases

● Geo distributed and clustered deployments

○ In production at StubHub / Verizon / Motorola / BYU / BNY

● Same code base at WSO2 API Cloud running with four 9s uptime

● One major and 3 minor releases per year

● Automated deployment with puppet

● Containerized with Docker

Battle hardened

31

WSO2 API Manager

● Available as a single

downloadable package

● Available as a cloud / SaaS

solution

● Flexible deployment choices

● High performance gateway

● API governance, marketplace

solution

32

Cloud First or Start On-Prem

● Multi-tenanted, shared

everything

● WSO2 Hosted and managed

● Pay as you go

● Multi-region availability

● VPN tunnel to private DC

● Guaranteed uptime

● Limited options in customizing

● Privately hosted

● WSO2 managed

● Upgrades, patches installation

● Guaranteed uptime

● Full flexibility in customization

● Better control

● Self hosted

● Self managed

● Full flexibility

● Dev-ops learning curve

● Self managed upgrades

http://wso2.com/api-management/cloud/

https://docs.wso2.com/display/ManagedCl

oud/WSO2+Managed+Cloud+Documenta

tion

33

Componentized

Identity and Access Management

Personalized User Experience

Highly connected business offerings

Users onboarding

• Employees vs. customers

• Self signup

• Self signup with verification

• Approval workflows

Bring Your Own Identity (BYOI)

New to Hi! Sign Up

WelcomeSagara

Authentication

• Multi-factor authentication

• Adaptive authentication

• FIDO U2F, TOTP, SMS/Email OTP

• LDAP, Database, AD

Social Authentication

New to Hi! Sign Up

WelcomeSagara

Two-Factor Authentication

STEP 1

STEP 2

WelcomeSagara

Authorization

• Role-based

• Attribute-based

• XACML REST API

• Policy templates

Single sign-on (SSO)

• Social logins eliminate password management complexities from consumer and business side

• Out-of-the-box support for strong authentication options, such as 2-factor authentication

Welcome

Welcome

Self-service

• User portal• Password reset• Self access requests• Consent management• Profile update• Password reset• Account recovery

Monitoring and Analytics

• Login analytics

• Session analytics

• Fraud detection/prevention

WSO2 Identity Server

▪ Addresses critical IAM needs both in customer IAM and workforce IAM spaces▪ Most of the WSO2 IS deployments are to address CIAM needs ▪ Extensive support for open standards - no vendor locking▪ Large scale deployments over millions of users▪ Rich eco system with 40+ connectors

(https://store.wso2.com/store/assets/isconnector/list)▪ Support for multi-tenancy▪ Web based management console and user portal (with easily customizable theme)▪ Extensible product architecture to address complex IAM needs▪ Docker friendly deployment▪ Latest release - WSO2 Identity Server 5.3.0

WSO2 IDENTITY SERVEROverview

▪ 75+ active subscribers, 200+ instances under subscription▪ Key OEMs

○ WSO2 API Manager (Key Manager Profile)○ WSO2.Telco○ Ellucian (340 customers)○ Accenture

▪ 1000+ product downloads each month▪ 100% year to year growth of direct WSO2 IS customer base for last three

years.▪ 100% open source (both the source code and the binaries are released

under most business friendly Apache 2.0 open source license)

WSO2 IDENTITY SERVERAdoption

▪ Accounts management and identity provisioning▪ Single sign-on and identity federation▪ Identity broker▪ Fine-grained access control▪ Identity analytics

WSO2 IDENTITY SERVERFocus Areas

▪ Support for heterogenous identity stores: database, LDAP, AD ▪ Largest deployment of WSO2 IS in Saudi Arabia (4M+ users in a MS SQL

database)▪ State of Arizona uses WSO2 IS for both CIAM and workforce IAM over a

MSSQL database and AD▪ Seagate uses WSO2 IS to manage 1M+ users/customers (Oracle DB)▪ Trimble uses WSO2 IS to manage 1M+ users/customer (OpenLDAP)

ACCOUNTS MANAGEMENT & IDENTITY PROVISIONINGMultiple Identity Stores

ACCOUNTS MANAGEMENT & IDENTITY PROVISIONING

Self Service

▪ SAML 2.0▪ OpenID Connect (OAuth 2.0)▪ WS-Federation▪ CAS▪ OpenID▪ GSMA Mobile Connect

SINGLE SIGN-ON & IDENTITY FEDERATIONOpen Standards

▪ Multi-option based login▪ Multi-factor authentication▪ FIDO U2F, TOTP (Google Authenticator), OTP over SMS, OTP over

Email, Certificates, mePin, Duo Security, RSA SecurID▪ OTP over SMS is the most used one in WSO2 IS deployments▪ Nutanix uses Google Authenticator to secure access to WSO2 IS

admin console.

SINGLE SIGN-ON & IDENTITY FEDERATIONStrong Authentication

▪ Enable Social Login by service provider▪ Facebook, LinkedIn, Twitter, Google, Yahoo, Microsoft Live

SINGLE SIGN-ON & IDENTITY FEDERATIONSocial Login

IDENTITY ANALYTICSLogin Analytics

▪ Track success/failed login attempts by user/service provider/identity provider.

▪ Detect anomalous login behaviours.

IDENTITY ANALYTICSSession Analytics

▪ Track all the sessions in the system by user and the duration of the session

THANK YOU

wso2.com