SlideShare ist ein Scribd-Unternehmen logo

Synergies of Cloud Identity: Putting it All Together

Twobo Technologies
Twobo Technologies

Synergisticly using digital identity to securely adopt cloud computing, mobile, and social. Introduction to the "Neo Security Stack" of digital identity standards, namely OpenID Connect, OAuth, JWT, and SCIM and how to use them together.

Technologie
1 von 17
Downloaden Sie, um offline zu lesen
Synergies of Cloud Identity: Putting it All Together By Travis Spencer, CEO
Agenda • Impact of mobile and cloud on business • Central role of identity in coping with these changes • Using the different identity specs together to this end Copyright (C) 2012 Twobo Technologies AB
Mobile is Changing Business • 75% of mobiles in Scandinavia are smartphones; 50% in rest of Europe & US • BYOD is a foregone conclusion for most – 90% of orgs will support corporate apps on personal devices by 2014 • 80% of orgs will use tablets by next year Copyright (C) 2012 Twobo Technologies AB
Mobilizing Business Processes • Workflows are a business’s circulatory system • Automation and efficiency are critical • Mobile helps optimizes these processes Copyright (C) 2012 Twobo Technologies AB
Reusing Existing Technology • Prior technology investments will remain on the books for years • Existing data/systems must be available to mobile users and cloud services • IT organizations need to bridge the old and new technologies Copyright (C) 2012 Twobo Technologies AB
Seamless Access to Cloud Apps • Giving employees new passwords for each cloud app is not secure or scalable • 123456 is not a secure password, but cloud providers allows it! • Existing OTP tokens are not supported • Seamless cloud access is required Copyright (C) 2012 Twobo Technologies AB
Crucial Security Concerns Enterprise API Mobile Security Security Security Copyright (C) 2012 Twobo Technologies AB
Identity is Central Mobile Security MDM MAM Identity Enterprise A u API Security t Security h Z Copyright (C) 2012 Twobo Technologies AB Venn diagram by Gunnar Peterson
Neo-security Stack OpenID Connect • SCIM, SAML, OAuth, and JWT are the new standards-based cloud security stack • OAuth 2 is the new meta-protocol defining how tokens are handled • These address old requirements, solves new problems & are composed in useful ways Grandpa SAML & junior • WS- again? Copyright (C) 2012 Twobo Technologies AB
SAML + OAuth • Relay OAuth token in SAML messages • Use SAML tokens to authenticate OAuth clients or as the AS’s output token format • Use SAML SSO to authenticate users to AS Copyright (C) 2012 Twobo Technologies AB
SCIM + OAuth • Use OAuth to secure SCIM API calls • Use SCIM to create accounts needed to access APIs secured using OAuth Copyright (C) 2012 Twobo Technologies AB
Push Tokens & Pull Identities IdP/SCIM Server SP / SCIM Client User Data Get User Access token in federation message Browser Copyright (C) 2012 Twobo Technologies AB
SCIM + SAML/OIC • Carry SCIM attributes in SAML assertions (bindings for SCIM) – Enables JIT provisioning – Supplements SCIM API & schema • Provisioning accounts using SCIM API to updated before/after logon Copyright (C) 2012 Twobo Technologies AB
OpenID Connect • Builds on OAuth for profile sharing • Uses the flows optimized for user-consent scenarios • Adds identity-based inputs/outputs to core OAuth messages • Tokens are JWTs Copyright (C) 2012 Twobo Technologies AB
User Managed Access • Also extends OAuth 2 • Allows users to centrally control distribution of their identity data • Used with Personal Data Stores (PDS) to create “identity data lockers” Copyright (C) 2012 Twobo Technologies AB
Questions & Thanks @2botech @travisspencer www.2botech.com www.travisspencer.com Copyright (C) 2012 Twobo Technologies AB
Synergies of Cloud Identity: Putting it All Together

Empfohlen

OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure APITwobo Technologies
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security StackTwobo Technologies
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuthTwobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleNordic APIs
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01Nordic APIs
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure APINordic APIs
 

Empfohlen

OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 
Nordic APIs - Building a Secure API
Nordic APIs - Building a Secure APINordic APIs - Building a Secure API
Nordic APIs - Building a Secure APITwobo Technologies
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security StackTwobo Technologies
 
Incorporating OAuth
Incorporating OAuthIncorporating OAuth
Incorporating OAuthTwobo Technologies
 
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldNordic APIs - Integrated Social Solutions for a Cloudy, Mobile World
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleNordic APIs
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01Nordic APIs
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure APINordic APIs
 
Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to ScopesOAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to ScopesNordic APIs
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBrian Campbell
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.
 
Making Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsMaking Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsArmonDadgar
 
ASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITYASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITYTrâm Mai
 
Enterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsEnterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsCA API Management
 
Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST servicesMaurice De Beijer [MVP]
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platformsTwobo Technologies
 
Designing an API
Designing an APIDesigning an API
Designing an APITwobo Technologies
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino DevelopersDominopoint - Italian Lotus User Group
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0Oracle Corporation
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteTwobo Technologies
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Judy Breedlove
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Jeremy Gray
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLpqrs1234
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesUbisecure
 

Weitere ähnliche Inhalte

Was ist angesagt?

Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo Technologies
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to ScopesOAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to ScopesNordic APIs
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBrian Campbell
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.
 
Making Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsMaking Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsArmonDadgar
 
ASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITYASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITYTrâm Mai
 
Enterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsEnterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsCA API Management
 

Was ist angesagt? (8)

Twobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFSTwobo LDAP Attribute Store for ADFS
Twobo LDAP Attribute Store for ADFS
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to ScopesOAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
 
Making Security Approachable for Developers and Operators
Making Security Approachable for Developers and OperatorsMaking Security Approachable for Developers and Operators
Making Security Approachable for Developers and Operators
 
ASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITYASP.NET CORE AND IDENTITY
ASP.NET CORE AND IDENTITY
 
Enterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsEnterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIs
 

Andere mochten auch

Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platformsTwobo Technologies
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012Twobo Technologies
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteTwobo Technologies
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 

Andere mochten auch (8)

Beveiliging en REST services
Beveiliging en REST servicesBeveiliging en REST services
Beveiliging en REST services
 
Transforming organizations into platforms
Transforming organizations into platformsTransforming organizations into platforms
Transforming organizations into platforms
 
Designing an API
Designing an APIDesigning an API
Designing an API
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers
 
SCIM presentation from CIS 2012
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol Suite
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 

Ähnlich wie Synergies of Cloud Identity: Putting it All Together

OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Judy Breedlove
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Jeremy Gray
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLpqrs1234
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesUbisecure
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftJitendra Bafna
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
RTView - Monitoring Service for SmartCloud Applications
RTView - Monitoring Service for SmartCloud ApplicationsRTView - Monitoring Service for SmartCloud Applications
RTView - Monitoring Service for SmartCloud ApplicationsSL Corporation
 
Prakhar Sood-Resume-CV
Prakhar Sood-Resume-CVPrakhar Sood-Resume-CV
Prakhar Sood-Resume-CVPrakhar Sood
 
Migrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi CloudMigrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi CloudStrata Identity
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identityNordic APIs
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04Paul Madsen
 
Connectivity for a Smarter Planet
Connectivity for a Smarter PlanetConnectivity for a Smarter Planet
Connectivity for a Smarter PlanetProlifics
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseOKsystem
 
Cidway Byod Authentication
Cidway Byod AuthenticationCidway Byod Authentication
Cidway Byod Authenticationlfilliat
 
Single Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password EliminationSingle Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password EliminationSymantec
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualVMware Tanzu
 

Ähnlich wie Synergies of Cloud Identity: Putting it All Together (20)

OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
 
Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...Implementing Enterprise Identity and Access Management in a microservices wor...
Implementing Enterprise Identity and Access Management in a microservices wor...
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAML
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational Solutions
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for Microservices
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
RTView - Monitoring Service for SmartCloud Applications
RTView - Monitoring Service for SmartCloud ApplicationsRTView - Monitoring Service for SmartCloud Applications
RTView - Monitoring Service for SmartCloud Applications
 
Prakhar Sood-Resume-CV
Prakhar Sood-Resume-CVPrakhar Sood-Resume-CV
Prakhar Sood-Resume-CV
 
Migrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi CloudMigrating and Modernizing Identity on the Path to Multi Cloud
Migrating and Modernizing Identity on the Path to Multi Cloud
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identity
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 
Connectivity for a Smarter Planet
Connectivity for a Smarter PlanetConnectivity for a Smarter Planet
Connectivity for a Smarter Planet
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterprise
 
Cidway Byod Authentication
Cidway Byod AuthenticationCidway Byod Authentication
Cidway Byod Authentication
 
Enterprise serverless
Enterprise serverlessEnterprise serverless
Enterprise serverless
 
Single Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password EliminationSingle Sign-On: Our Path to Password Elimination
Single Sign-On: Our Path to Password Elimination
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty Mutual
 

Kürzlich hochgeladen

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Kürzlich hochgeladen (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Synergies of Cloud Identity: Putting it All Together

  • 1. Synergies of Cloud Identity: Putting it All Together By Travis Spencer, CEO
  • 2. Agenda • Impact of mobile and cloud on business • Central role of identity in coping with these changes • Using the different identity specs together to this end Copyright (C) 2012 Twobo Technologies AB
  • 3. Mobile is Changing Business • 75% of mobiles in Scandinavia are smartphones; 50% in rest of Europe & US • BYOD is a foregone conclusion for most – 90% of orgs will support corporate apps on personal devices by 2014 • 80% of orgs will use tablets by next year Copyright (C) 2012 Twobo Technologies AB
  • 4. Mobilizing Business Processes • Workflows are a business’s circulatory system • Automation and efficiency are critical • Mobile helps optimizes these processes Copyright (C) 2012 Twobo Technologies AB
  • 5. Reusing Existing Technology • Prior technology investments will remain on the books for years • Existing data/systems must be available to mobile users and cloud services • IT organizations need to bridge the old and new technologies Copyright (C) 2012 Twobo Technologies AB
  • 6. Seamless Access to Cloud Apps • Giving employees new passwords for each cloud app is not secure or scalable • 123456 is not a secure password, but cloud providers allows it! • Existing OTP tokens are not supported • Seamless cloud access is required Copyright (C) 2012 Twobo Technologies AB
  • 7. Crucial Security Concerns Enterprise API Mobile Security Security Security Copyright (C) 2012 Twobo Technologies AB
  • 8. Identity is Central Mobile Security MDM MAM Identity Enterprise A u API Security t Security h Z Copyright (C) 2012 Twobo Technologies AB Venn diagram by Gunnar Peterson
  • 9. Neo-security Stack OpenID Connect • SCIM, SAML, OAuth, and JWT are the new standards-based cloud security stack • OAuth 2 is the new meta-protocol defining how tokens are handled • These address old requirements, solves new problems & are composed in useful ways Grandpa SAML & junior • WS- again? Copyright (C) 2012 Twobo Technologies AB
  • 10. SAML + OAuth • Relay OAuth token in SAML messages • Use SAML tokens to authenticate OAuth clients or as the AS’s output token format • Use SAML SSO to authenticate users to AS Copyright (C) 2012 Twobo Technologies AB
  • 11. SCIM + OAuth • Use OAuth to secure SCIM API calls • Use SCIM to create accounts needed to access APIs secured using OAuth Copyright (C) 2012 Twobo Technologies AB
  • 12. Push Tokens & Pull Identities IdP/SCIM Server SP / SCIM Client User Data Get User Access token in federation message Browser Copyright (C) 2012 Twobo Technologies AB
  • 13. SCIM + SAML/OIC • Carry SCIM attributes in SAML assertions (bindings for SCIM) – Enables JIT provisioning – Supplements SCIM API & schema • Provisioning accounts using SCIM API to updated before/after logon Copyright (C) 2012 Twobo Technologies AB
  • 14. OpenID Connect • Builds on OAuth for profile sharing • Uses the flows optimized for user-consent scenarios • Adds identity-based inputs/outputs to core OAuth messages • Tokens are JWTs Copyright (C) 2012 Twobo Technologies AB
  • 15. User Managed Access • Also extends OAuth 2 • Allows users to centrally control distribution of their identity data • Used with Personal Data Stores (PDS) to create “identity data lockers” Copyright (C) 2012 Twobo Technologies AB