Identity Management for the Next Decade Johann Dilantha Nallathamby WSO2 Technical Lead
Aug 08, 2015
Key differentiators in IAM products...
● Embrace strategy over tactics● Rapid time to value and low operational costs● Access Control is more of a Business problem
than IT problem● Deployment flexibility● Customizable with minimal coding
Why IAM products suite the cloud ?
● Mostly standardized● Cost effective● Extends the same security model that is on-
premise to cloud● Can effectively handle the distributed nature of
SaaS applications
Challenges in Mobile..
● SSO for Native Application○ Native Application WG
● Dynamic Client Registration● Client side data encryption
○ How to secure the key?● Bring Your Own Device (BYOD)
○ Desktop Virtualization○ OS Containerization○ App Wrapping○ Selective wipe
Future of Authentication
● Gartner predicted “Zero Trust Authentication” way back in 2010.
● Multifactor Factor Authentication○ Key fobs○ Smartphone + authenticator tools○ Smartphone + fingerprint○ Smartphone + QR code scanner
● Fast IDentity Online (FIDO) Alliance
What happens to Social Login ?● Corporate User Directories BYOI
● The surge in BYOD might even fuel this transition.
● Consumer Identity is the next big thing○ National Strategy for Trusted Identities in
CyberSpace (NSTIC)○ UK Government Identity Assurance Program○ Dubai e-Gov - Dubai Connect
Future of IAM
More,● Context Based Access Control
○ Is XACML dead? No.
● More compliance○ PCI DSS, NIST, HIPAA
The Enterprise Identity Bus (EIB) from WSO2
● Separation of concerns between Application layer and the Identity layer
● No universal standard● Can’t modify the clients as well as the backend
applications/services
Privileged Account Management (PAM)
PAM requires better integration with IAM systems ● Password change frequency
○ Never○ Frequently○ Per session○ On demand
● Timely provisioning● Better role management capabilities
Security Information Management (SIM)● WSO2 platform has the nuts and bolts to build a
SIM solution.● WSO2 DAS - High performing, highly scalable
data analysis○ Reports and dashboards on identity data○ Trend analysis and risk scores
● WSO2 CEP - Real time alerting○ Intrusion detection and intrusion prevention
● WSO2 Machine Learner - Build machine learning algorithms for tasks such as fraud detection, anomaly detection, classification, etc.