WSO2Con EU 2015: WSO2 Identity Server: Identity Management for the Next Decade

Identity Management for the Next Decade

Johann Dilantha NallathambyWSO2

Technical Lead

The Past...

Too many IAM standards?

The Future...

Use cases driven over specification driven

Integration inside and out

Key differentiators in IAM products...

● Embrace strategy over tactics● Rapid time to value and low operational costs● Access Control is more of a Business problem

than IT problem● Deployment flexibility● Customizable with minimal coding

Three disrupting forces of the new information age

Why IAM products suite the cloud ?

● Mostly standardized● Cost effective● Extends the same security model that is on-

premise to cloud● Can effectively handle the distributed nature of

SaaS applications

Challenges in Mobile..

● SSO for Native Application○ Native Application WG

● Dynamic Client Registration● Client side data encryption

○ How to secure the key?● Bring Your Own Device (BYOD)

○ Desktop Virtualization○ OS Containerization○ App Wrapping○ Selective wipe

Future of Authentication

● Gartner predicted “Zero Trust Authentication” way back in 2010.

● Multifactor Factor Authentication○ Key fobs○ Smartphone + authenticator tools○ Smartphone + fingerprint○ Smartphone + QR code scanner

● Fast IDentity Online (FIDO) Alliance

What happens to Social Login ?● Corporate User Directories BYOI

● The surge in BYOD might even fuel this transition.

● Consumer Identity is the next big thing○ National Strategy for Trusted Identities in

CyberSpace (NSTIC)○ UK Government Identity Assurance Program○ Dubai e-Gov - Dubai Connect

Future of IAM

More,● Context Based Access Control

○ Is XACML dead? No.

● More compliance○ PCI DSS, NIST, HIPAA

The Enterprise Identity Bus (EIB) from WSO2

● Separation of concerns between Application layer and the Identity layer

● No universal standard● Can’t modify the clients as well as the backend

applications/services

The EIB Architecture

Back-End Extensibility..

Dynamic UX..

Dynamic UX..

Gadgets Based Dashboard

Workflow Execution

User Managed Access (UMA) 1.0

Privileged Account Management (PAM)

PAM requires better integration with IAM systems ● Password change frequency

○ Never○ Frequently○ Per session○ On demand

● Timely provisioning● Better role management capabilities

Security Information Management (SIM)● WSO2 platform has the nuts and bolts to build a

SIM solution.● WSO2 DAS - High performing, highly scalable

data analysis○ Reports and dashboards on identity data○ Trend analysis and risk scores

● WSO2 CEP - Real time alerting○ Intrusion detection and intrusion prevention

● WSO2 Machine Learner - Build machine learning algorithms for tasks such as fraud detection, anomaly detection, classification, etc.

Thank You