Synergies Across APIs and IAM Ingredients For winning digital transformation strategy Nov , 2017 Sagara Gunathunga - Director, WSO2
Synergies Across APIs and IAM
Ingredients For winning digital transformation strategy
Nov , 2017
Sagara Gunathunga - Director, WSO2
ABOUT WSO2
2
Mountain View,New York, London,Sao Paolo, Colombo
Founded in 2005Venture backed by
Cisco and Toba Capital
450 Employees;300 Engineers
400+ Customers,120 New Customers
in 2016
ProfitableBusiness since 2016
OPEN TECHNOLOGY FOR AGILE DIGITAL BUSINESS
3
Build internal and external developer ecosystems with an API marketplace.
Manage identity, security, and
privacy across your digital
business.
Make mobile and IoTdevices integral to
your digital business.
Create real-time, intelligent, actionable business insights and data products.
Platform enable your digital business with “micro-services”
and “micro-integrations”.
Digital Transformationwill decide and shape
The destiny of your business
Digital Transformation is no longer a nice to have or a differentiator, it’s about the survival of your business
Is it the Right Time to Think?
A nice to have
A differentiator
For survival
Is it Real?
Look Around You!
Is it Real?
Digitize Delivery Channels
Personalized User Experience
Highly connected business offerings
Digital Transformation
• Sales increasingly based on real user reviews and ratings than traditional marketing
• Physical stores replaced with digital channels (web stores, mobile apps, IVR solutions)
• Fast consumer response time and convenience means connectivity (e.g. Facebook, Twitter, WhatsApp)
Challenge 1 - Digitize Delivery Channels
Generic user experiences don’t work, consumers now expect
– A highly personalized experience
– Control over preferences – Relativeness of content
Challenge 2 - Personalized User Experience
Fulfill all the related business requirements at one-stop. • Save consumer time and avoid data
duplications. • Fast and efficient B2B integration. • Adoption of open business interfaces
Challenge 3 - Highly connected business offerings
Synergies Across
APIs and IAM is the right answer
API Management
Digitize Delivery Channels
Highly connected business offerings
Reality of Enterprise Systems Landscape
● Enterprise systems are complex
● Enterprise systems are bureaucratic
● Cannot afford the luxury of
complete re-write or having a clean
slate
● Comes with years of baggage
14
15
API Always Comes First
16
Present Day Enterprise Architecture
Analytics
Continuous-*
Security & Access Management API / Service discovery
Dev toolsDevops tools
Service router
API Gateway
Core Microservices Data
Container(s)
Delivery channels Digital Products
Messaging Channels Integration MicroservicesExisting Services
17
APIs are found in Every Layer
18
The modern API
● RESTful & JSON savvy - being lightweight, REST style conformant
● Well documented - Methods, operations, responses, error codes etc
● Manageable (life-cycle, version)
● Discoverable - Searchable, testable
● Measurable
● Secured - Multiple security protocol support, transformable
Key Performance Factors of an API Platform
● Security
● Rate Limiting
● Integration
● Analytics
19
API Gateway
20
Security
Rate
Limiting
Integration
Analytics
Gateway
Apps Services and
Data
Security: Identity
● Authentication
● Single Sign On
● Federation
● Authorization
21
Authenticate via Facebook to Airbnb APIs
Security: Access Delegation
● Secure Trusted Clients
● Secure Untrusted Clients
● Unsecure Clients
● System to System Auth/z
22
People Apps
Rate Limiting: Front End
● Monetization
● Burst Control
● Fair Usage Policy
● Geographical Distribution
● Distribution by Device Type
23
People Apps Gateway
Rate Limiting: Back-End
● Prevent Total Service
Outage at Peaks
● Back-End Server
Maintenance
24
Gateway
Services
and Data
Integration
25
Interface
Integration
Integration
26
Analytics: Statistical Analysis
27
Analytics: Operational
● API Latency Distribution
● Alerting on Abnormalities
● API Health
28
WSO2 API Manager
30
● Currently at version 2.1.0 with over 6 years of engineering improvements
across 15 stable releases
● Geo distributed and clustered deployments
○ In production at StubHub / Verizon / Motorola / BYU / BNY
● Same code base at WSO2 API Cloud running with four 9s uptime
● One major and 3 minor releases per year
● Automated deployment with puppet
● Containerized with Docker
Battle hardened
31
WSO2 API Manager
● Available as a single
downloadable package
● Available as a cloud / SaaS
solution
● Flexible deployment choices
● High performance gateway
● API governance, marketplace
solution
32
Cloud First or Start On-Prem
● Multi-tenanted, shared
everything
● WSO2 Hosted and managed
● Pay as you go
● Multi-region availability
● VPN tunnel to private DC
● Guaranteed uptime
● Limited options in customizing
● Privately hosted
● WSO2 managed
● Upgrades, patches installation
● Guaranteed uptime
● Full flexibility in customization
● Better control
● Self hosted
● Self managed
● Full flexibility
● Dev-ops learning curve
● Self managed upgrades
http://wso2.com/api-management/cloud/
https://docs.wso2.com/display/ManagedCl
oud/WSO2+Managed+Cloud+Documenta
tion
33
Componentized
Identity and Access Management
Personalized User Experience
Highly connected business offerings
Users onboarding
• Employees vs. customers
• Self signup
• Self signup with verification
• Approval workflows
Bring Your Own Identity (BYOI)
New to Hi! Sign Up
WelcomeSagara
Authentication
• Multi-factor authentication
• Adaptive authentication
• FIDO U2F, TOTP, SMS/Email OTP
• LDAP, Database, AD
Social Authentication
New to Hi! Sign Up
WelcomeSagara
Two-Factor Authentication
STEP 1
STEP 2
WelcomeSagara
Authorization
• Role-based
• Attribute-based
• XACML REST API
• Policy templates
Single sign-on (SSO)
• Social logins eliminate password management complexities from consumer and business side
• Out-of-the-box support for strong authentication options, such as 2-factor authentication
Welcome
Welcome
Self-service
• User portal• Password reset• Self access requests• Consent management• Profile update• Password reset• Account recovery
Monitoring and Analytics
• Login analytics
• Session analytics
• Fraud detection/prevention
WSO2 Identity Server
▪ Addresses critical IAM needs both in customer IAM and workforce IAM spaces▪ Most of the WSO2 IS deployments are to address CIAM needs ▪ Extensive support for open standards - no vendor locking▪ Large scale deployments over millions of users▪ Rich eco system with 40+ connectors
(https://store.wso2.com/store/assets/isconnector/list)▪ Support for multi-tenancy▪ Web based management console and user portal (with easily customizable theme)▪ Extensible product architecture to address complex IAM needs▪ Docker friendly deployment▪ Latest release - WSO2 Identity Server 5.3.0
WSO2 IDENTITY SERVEROverview
▪ 75+ active subscribers, 200+ instances under subscription▪ Key OEMs
○ WSO2 API Manager (Key Manager Profile)○ WSO2.Telco○ Ellucian (340 customers)○ Accenture
▪ 1000+ product downloads each month▪ 100% year to year growth of direct WSO2 IS customer base for last three
years.▪ 100% open source (both the source code and the binaries are released
under most business friendly Apache 2.0 open source license)
WSO2 IDENTITY SERVERAdoption
▪ Accounts management and identity provisioning▪ Single sign-on and identity federation▪ Identity broker▪ Fine-grained access control▪ Identity analytics
WSO2 IDENTITY SERVERFocus Areas
▪ Support for heterogenous identity stores: database, LDAP, AD ▪ Largest deployment of WSO2 IS in Saudi Arabia (4M+ users in a MS SQL
database)▪ State of Arizona uses WSO2 IS for both CIAM and workforce IAM over a
MSSQL database and AD▪ Seagate uses WSO2 IS to manage 1M+ users/customers (Oracle DB)▪ Trimble uses WSO2 IS to manage 1M+ users/customer (OpenLDAP)
ACCOUNTS MANAGEMENT & IDENTITY PROVISIONINGMultiple Identity Stores
ACCOUNTS MANAGEMENT & IDENTITY PROVISIONING
Self Service
▪ SAML 2.0▪ OpenID Connect (OAuth 2.0)▪ WS-Federation▪ CAS▪ OpenID▪ GSMA Mobile Connect
SINGLE SIGN-ON & IDENTITY FEDERATIONOpen Standards
▪ Multi-option based login▪ Multi-factor authentication▪ FIDO U2F, TOTP (Google Authenticator), OTP over SMS, OTP over
Email, Certificates, mePin, Duo Security, RSA SecurID▪ OTP over SMS is the most used one in WSO2 IS deployments▪ Nutanix uses Google Authenticator to secure access to WSO2 IS
admin console.
SINGLE SIGN-ON & IDENTITY FEDERATIONStrong Authentication
▪ Enable Social Login by service provider▪ Facebook, LinkedIn, Twitter, Google, Yahoo, Microsoft Live
SINGLE SIGN-ON & IDENTITY FEDERATIONSocial Login
IDENTITY ANALYTICSLogin Analytics
▪ Track success/failed login attempts by user/service provider/identity provider.
▪ Detect anomalous login behaviours.
IDENTITY ANALYTICSSession Analytics
▪ Track all the sessions in the system by user and the duration of the session
THANK YOU
wso2.com