SlideShare ist ein Scribd-Unternehmen logo

Customer Scale: Stateless Sessions and Managing High-Volume Digital Services

Als PPTX, PDF herunterladen
ForgeRock
ForgeRock

Rob Wapshott, Sr Software Developer, ForgeRock: When identity moves beyond simple users and web apps to also include devices and things, the volume of identities to manage grows exponentially. Identity deployments are now asked to support over a hundred million identities. In this session, Rob will discuss the exploding requirements for scale and how to meet them.

Technologie
1 von 20
Customer Scale Internet Scale Session Management with Stateless Sessions in OpenAM Robert Wapshott Senior Software Developer, ForgeRock robert.wapshott@forgerock.com
Mobile devices: 7.5 billion IoT Devices: 4.9 billion Analysts predict rapid growth Identity will be at the center Challenge: Internet Scale Copyright © Identity Summit 2015, all rights reserved. Estimated 4 connected devices per person by 2020 (source: Strategy Analytics)
Challenge: Internet Scale • Elastic Deployment / Cloud • Load Balancing • Security Features like Single Sign-On (SSO) will be ranked highly Copyright © Identity Summit 2015, all rights reserved. Gartner Predicts Infrastructure Services Will Accelerate Cloud Computing Growth (Source)
OpenAM: Access Management OpenAM provides: • Authentication • Authorization • Session Management • Single Sign-On • User Profiles • Federation Copyright © Identity Summit 2015, all rights reserved.
Session Management: Stateful Session management is at the core of OpenAM: • Cluster load balancing • Failover Storage (OpenDJ) • Session held in server memory • Session persisted for failover Copyright © Identity Summit 2015, all rights reserved. Stateful OpenAM deployment
Session Management: Stateless Stateless Session model introduced for OpenAM 13: • Simplified load balancing • No failover storage required • No in-memory Session • Session stored in cookie Copyright © Identity Summit 2015, all rights reserved. Stateless OpenAM deployment
Enabling Stateless Sessions Optional Feature Enabled per realm Shared Signing/Encryption Copyright © Identity Summit 2015, all rights reserved.
How do Stateless Sessions Work? • Uses browser Cookie (JWT) • Session can be Signed –HMAC Shared Secret •Session can be Encrypted –RSA 256 •Package up in SSO Token (iPlanetDirectoryPro) Copyright © Identity Summit 2015, all rights reserved. Comparison of Stateful and Stateless
Stateless Sessions: Logout Optional feature Stores UID in-memory Stores UID in CTS Replicated between servers Copyright © Identity Summit 2015, all rights reserved.
Recommended for Stateless Sessions Global Deployments Replicating user Session data between data centres is a challenge Failover recovery is complex Stateless Sessions simplifies this problem Copyright © Identity Summit 2015, all rights reserved. Stateful communication: global replication
Recommended for Stateless Sessions Elastic Deployments seen in: • Retail • Media • Entertainment • Emergency Server elasticity suits Stateless Sessions, Cloud is increasingly common Copyright © Identity Summit 2015, all rights reserved.
REST and Stateless Copyright © Identity Summit 2015, all rights reserved. • Increasingly valuable for third party applications • Cookies are not RESTful • Requires dependency on home server • Crosstalk has performance consequence Stateless Sessions for REST users might help
Not Recommended for Stateless Sessions There are situations where Stateless Sessions are not recommended: • Session Quota: N logins on an account allowed • CDSSO: Looks up Session based on restricted token • SAML: Some profiles require stateful Session This will be covered in documentation Copyright © Identity Summit 2015, all rights reserved.
Deployment Characteristics Copyright © Identity Summit 2015, all rights reserved. Stateful Sessions (OpenAM 10-13) Stateless Sessions (OpenAM 13) Memory: Stored in Server memory CPU: Decrypt/Verify Signature Session persists in Database Session persists in Cookie Vertical Scalability Horizontal Scalability Load Balancer: Sticky Load Balancer: Round Robin
Performance Comparison Copyright © Identity Summit 2015, all rights reserved. Test Setup: Stateful • 2 OpenAM servers • 2 OpenDJ servers • Standard failover • External Load Balancer Test Setup: Stateless • 2 OpenAM servers • No failover • Session Signing • External Load Balancer Dell PowerEdge R620
Performance Test Objective Session Management performance comparison • Sustained duration (10 min) • 5,000 concurrent users • Login, validate, logout • Basic Stateless – Signing – No blacklist Copyright © Identity Summit 2015, all rights reserved. Gatling (http://gatling.io)
Performance Graphs Copyright © Identity Summit 2015, all rights reserved. Stateful Sessions 3,000 Login/Second Stateless Session 5,000 Login/Second
Performance Analysis Expectations: Stateful faster, in memory Sessions Stateless processing time slower Actual Result: Process Stateless Session quick Stateful code path obvious factor Copyright © Identity Summit 2015, all rights reserved. Comparison of path through code base
Takeaways • Dramatic growth in connected ‘things’ • OpenAM supports a lot of these use cases • Tradeoffs exist - no “one size fits all” • Enabling new options for scaling • Faster than I expected Copyright © Identity Summit 2015, all rights reserved.
Thank You! Robert Wapshott Senior Software Developer, ForgeRock robert.wapshott@forgerock.com

Empfohlen

Identity Summit UK: STATELESS SESSIONS AND MANAGING HIGH-VOLUME DIGITAL SERVICES
Identity Summit UK: STATELESS SESSIONS AND MANAGING HIGH-VOLUME DIGITAL SERVICESIdentity Summit UK: STATELESS SESSIONS AND MANAGING HIGH-VOLUME DIGITAL SERVICES
Identity Summit UK: STATELESS SESSIONS AND MANAGING HIGH-VOLUME DIGITAL SERVICES
ForgeRock
 
Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!
ForgeRock
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.
Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.
Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.
ForgeRock
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible Identity
ForgeRock
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
ForgeRock
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
ForgeRock
 

Empfohlen

Identity Summit UK: STATELESS SESSIONS AND MANAGING HIGH-VOLUME DIGITAL SERVICES
Identity Summit UK: STATELESS SESSIONS AND MANAGING HIGH-VOLUME DIGITAL SERVICESIdentity Summit UK: STATELESS SESSIONS AND MANAGING HIGH-VOLUME DIGITAL SERVICES
Identity Summit UK: STATELESS SESSIONS AND MANAGING HIGH-VOLUME DIGITAL SERVICES
ForgeRock
 
Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!
ForgeRock
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.
Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.
Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.
ForgeRock
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible Identity
ForgeRock
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
ForgeRock
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
ForgeRock
 
ForgeRock and the Graph: A Match Made for IRM
ForgeRock and the Graph: A Match Made for IRMForgeRock and the Graph: A Match Made for IRM
ForgeRock and the Graph: A Match Made for IRM
ForgeRock
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
ForgeRock
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
ForgeRock
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
ForgeRock
 
Implementing eGov
Implementing eGovImplementing eGov
Implementing eGov
ForgeRock
 
OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An Introduction
ForgeRock
 
Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...
Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...
Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...
Data Con LA
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
ForgeRock
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in Practice
ForgeRock
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture Review
ForgeRock
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
ForgeRock
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
ForgeRock
 
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
ForgeRock
 
Pimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersPimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion Users
ForgeRock
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack Roadmap
ForgeRock
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
ForgeRock
 
A CONTEMPLATION OF OPENIG DEEP THOUGHTS
A CONTEMPLATION OF OPENIG DEEP THOUGHTSA CONTEMPLATION OF OPENIG DEEP THOUGHTS
A CONTEMPLATION OF OPENIG DEEP THOUGHTS
ForgeRock
 
Webinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursWebinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New Featurs
ForgeRock
 
THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURE
ForgeRock
 
Dev Ops Geek Fest: Automating the ForgeRock Platform
Dev Ops Geek Fest: Automating the ForgeRock PlatformDev Ops Geek Fest: Automating the ForgeRock Platform
Dev Ops Geek Fest: Automating the ForgeRock Platform
ForgeRock
 
Taking Flexibility to the Next Level
Taking Flexibility to the Next LevelTaking Flexibility to the Next Level
Taking Flexibility to the Next Level
ForgeRock
 

Weitere ähnliche Inhalte

Was ist angesagt?

ForgeRock and the Graph: A Match Made for IRM
ForgeRock and the Graph: A Match Made for IRMForgeRock and the Graph: A Match Made for IRM
ForgeRock and the Graph: A Match Made for IRM
ForgeRock
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
ForgeRock
 
Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...
Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...
Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...
Data Con LA
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
ForgeRock
 

Was ist angesagt? (20)

ForgeRock and the Graph: A Match Made for IRM
ForgeRock and the Graph: A Match Made for IRMForgeRock and the Graph: A Match Made for IRM
ForgeRock and the Graph: A Match Made for IRM
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud Service
 
Implementing eGov
Implementing eGovImplementing eGov
Implementing eGov
 
OpenAM: An Introduction
OpenAM: An IntroductionOpenAM: An Introduction
OpenAM: An Introduction
 
Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...
Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...
Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Manageme...
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in Practice
 
OIS Architecture Review
OIS Architecture ReviewOIS Architecture Review
OIS Architecture Review
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
IDP Proxy Concept: Accessing Identity Data Sources Everywhere!
 
Pimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersPimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion Users
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack Roadmap
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 
A CONTEMPLATION OF OPENIG DEEP THOUGHTS
A CONTEMPLATION OF OPENIG DEEP THOUGHTSA CONTEMPLATION OF OPENIG DEEP THOUGHTS
A CONTEMPLATION OF OPENIG DEEP THOUGHTS
 
Webinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursWebinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New Featurs
 
THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURETHE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURE
 

Andere mochten auch

Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
ForgeRock
 
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORMIdentity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
ForgeRock
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
ForgeRock
 
Identity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management SystemsIdentity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management Systems
ForgeRock
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
Nov Matake
 

Andere mochten auch (20)

Dev Ops Geek Fest: Automating the ForgeRock Platform
Dev Ops Geek Fest: Automating the ForgeRock PlatformDev Ops Geek Fest: Automating the ForgeRock Platform
Dev Ops Geek Fest: Automating the ForgeRock Platform
 
Taking Flexibility to the Next Level
Taking Flexibility to the Next LevelTaking Flexibility to the Next Level
Taking Flexibility to the Next Level
 
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
 
Entitlements: Taking Control of the Big Data Gold Rush
Entitlements: Taking Control of the Big Data Gold RushEntitlements: Taking Control of the Big Data Gold Rush
Entitlements: Taking Control of the Big Data Gold Rush
 
Identity Summit 2015: 2Keys Canadian Digital Identity
Identity Summit 2015: 2Keys Canadian Digital Identity Identity Summit 2015: 2Keys Canadian Digital Identity
Identity Summit 2015: 2Keys Canadian Digital Identity
 
Using Identity to Empower CIOs (Mike Ellis, CEO ForgeRock, Keynote)
Using Identity to Empower CIOs (Mike Ellis, CEO ForgeRock, Keynote)Using Identity to Empower CIOs (Mike Ellis, CEO ForgeRock, Keynote)
Using Identity to Empower CIOs (Mike Ellis, CEO ForgeRock, Keynote)
 
Digital Consent: Taking UMA from Concept to Reality
Digital Consent: Taking UMA from Concept to RealityDigital Consent: Taking UMA from Concept to Reality
Digital Consent: Taking UMA from Concept to Reality
 
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORMIdentity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
 
Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...
Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...
Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
 
Identity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management SystemsIdentity Summit 2015: Connect.gov and Identity Management Systems
Identity Summit 2015: Connect.gov and Identity Management Systems
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
 
A Common API & UI for Building Next Generation Identity Services
A Common API & UI for Building Next Generation Identity ServicesA Common API & UI for Building Next Generation Identity Services
A Common API & UI for Building Next Generation Identity Services
 
Inside the Chef Push Jobs Service - ChefConf 2015
Inside the Chef Push Jobs Service - ChefConf 2015 Inside the Chef Push Jobs Service - ChefConf 2015
Inside the Chef Push Jobs Service - ChefConf 2015
 
TYPO3 Camp Stuttgart 2015 - Continuous Delivery with Open Source Tools
TYPO3 Camp Stuttgart 2015 - Continuous Delivery with Open Source ToolsTYPO3 Camp Stuttgart 2015 - Continuous Delivery with Open Source Tools
TYPO3 Camp Stuttgart 2015 - Continuous Delivery with Open Source Tools
 
Continuous performance: Load testing for developers with gatling
Continuous performance: Load testing for developers with gatlingContinuous performance: Load testing for developers with gatling
Continuous performance: Load testing for developers with gatling
 
Gatling Tool in Action at DevoxxFR 2012
Gatling Tool in Action at DevoxxFR 2012Gatling Tool in Action at DevoxxFR 2012
Gatling Tool in Action at DevoxxFR 2012
 
Automated Testing Talk from Meet Magento New York 2014
Automated Testing Talk from Meet Magento New York 2014Automated Testing Talk from Meet Magento New York 2014
Automated Testing Talk from Meet Magento New York 2014
 
TestWorks Conf Performance testing made easy with gatling - Guillaume Corré
TestWorks Conf Performance testing made easy with gatling - Guillaume CorréTestWorks Conf Performance testing made easy with gatling - Guillaume Corré
TestWorks Conf Performance testing made easy with gatling - Guillaume Corré
 

Ähnlich wie Customer Scale: Stateless Sessions and Managing High-Volume Digital Services

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans Zandbelt
CloudIDSummit
 
An Introduction to Apache Geode (incubating)
An Introduction to Apache Geode (incubating)An Introduction to Apache Geode (incubating)
An Introduction to Apache Geode (incubating)
Anthony Baker
 
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Amazon Web Services
 
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to AvoidChoosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
eG Innovations
 
How to Get the​ Fastest Possible ​Citrix Logon Times​? Optimization Tips for ...
How to Get the​ Fastest Possible ​Citrix Logon Times​? Optimization Tips for ...How to Get the​ Fastest Possible ​Citrix Logon Times​? Optimization Tips for ...
How to Get the​ Fastest Possible ​Citrix Logon Times​? Optimization Tips for ...
eG Innovations
 

Ähnlich wie Customer Scale: Stateless Sessions and Managing High-Volume Digital Services (20)

Webinar: Customer Scale
Webinar: Customer ScaleWebinar: Customer Scale
Webinar: Customer Scale
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans ZandbeltCIS 2015 Extreme SAML - Hans Zandbelt
CIS 2015 Extreme SAML - Hans Zandbelt
 
Open Sourcing GemFire - Apache Geode
Open Sourcing GemFire - Apache GeodeOpen Sourcing GemFire - Apache Geode
Open Sourcing GemFire - Apache Geode
 
An Introduction to Apache Geode (incubating)
An Introduction to Apache Geode (incubating)An Introduction to Apache Geode (incubating)
An Introduction to Apache Geode (incubating)
 
Presentazione SimpliVity @ VMUGIT UserCon 2015
Presentazione SimpliVity @ VMUGIT UserCon 2015Presentazione SimpliVity @ VMUGIT UserCon 2015
Presentazione SimpliVity @ VMUGIT UserCon 2015
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
 
WebRTC Customer Experience Optimizations - Kranky Geek Presentation
WebRTC Customer Experience Optimizations - Kranky Geek PresentationWebRTC Customer Experience Optimizations - Kranky Geek Presentation
WebRTC Customer Experience Optimizations - Kranky Geek Presentation
 
The Platform Big Picture
The Platform Big PictureThe Platform Big Picture
The Platform Big Picture
 
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
 
Oracle Management Cloud
Oracle Management Cloud Oracle Management Cloud
Oracle Management Cloud
 
Oracle Management Cloud
Oracle Management CloudOracle Management Cloud
Oracle Management Cloud
 
Continuous Availability for Private Database Clouds
Continuous Availability for Private Database CloudsContinuous Availability for Private Database Clouds
Continuous Availability for Private Database Clouds
 
Oracle business continuity for virtualization and cloud infrastructure
Oracle business continuity for virtualization and cloud infrastructureOracle business continuity for virtualization and cloud infrastructure
Oracle business continuity for virtualization and cloud infrastructure
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Project
 
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to AvoidChoosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
 
How to Get the​ Fastest Possible ​Citrix Logon Times​? Optimization Tips for ...
How to Get the​ Fastest Possible ​Citrix Logon Times​? Optimization Tips for ...How to Get the​ Fastest Possible ​Citrix Logon Times​? Optimization Tips for ...
How to Get the​ Fastest Possible ​Citrix Logon Times​? Optimization Tips for ...
 
APIs, STOP Polling, lets go Streaming
APIs, STOP Polling, lets go StreamingAPIs, STOP Polling, lets go Streaming
APIs, STOP Polling, lets go Streaming
 
Internet of Things and Edge Compute at Chick-fil-A
Internet of Things and Edge Compute at Chick-fil-AInternet of Things and Edge Compute at Chick-fil-A
Internet of Things and Edge Compute at Chick-fil-A
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
 

Mehr von ForgeRock

ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock
 

Mehr von ForgeRock (20)

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 

Kürzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Customer Scale: Stateless Sessions and Managing High-Volume Digital Services

  • 1. Customer Scale Internet Scale Session Management with Stateless Sessions in OpenAM Robert Wapshott Senior Software Developer, ForgeRock robert.wapshott@forgerock.com
  • 2. Mobile devices: 7.5 billion IoT Devices: 4.9 billion Analysts predict rapid growth Identity will be at the center Challenge: Internet Scale Copyright © Identity Summit 2015, all rights reserved. Estimated 4 connected devices per person by 2020 (source: Strategy Analytics)
  • 3. Challenge: Internet Scale • Elastic Deployment / Cloud • Load Balancing • Security Features like Single Sign-On (SSO) will be ranked highly Copyright © Identity Summit 2015, all rights reserved. Gartner Predicts Infrastructure Services Will Accelerate Cloud Computing Growth (Source)
  • 4. OpenAM: Access Management OpenAM provides: • Authentication • Authorization • Session Management • Single Sign-On • User Profiles • Federation Copyright © Identity Summit 2015, all rights reserved.
  • 5. Session Management: Stateful Session management is at the core of OpenAM: • Cluster load balancing • Failover Storage (OpenDJ) • Session held in server memory • Session persisted for failover Copyright © Identity Summit 2015, all rights reserved. Stateful OpenAM deployment
  • 6. Session Management: Stateless Stateless Session model introduced for OpenAM 13: • Simplified load balancing • No failover storage required • No in-memory Session • Session stored in cookie Copyright © Identity Summit 2015, all rights reserved. Stateless OpenAM deployment
  • 7. Enabling Stateless Sessions Optional Feature Enabled per realm Shared Signing/Encryption Copyright © Identity Summit 2015, all rights reserved.
  • 8. How do Stateless Sessions Work? • Uses browser Cookie (JWT) • Session can be Signed –HMAC Shared Secret •Session can be Encrypted –RSA 256 •Package up in SSO Token (iPlanetDirectoryPro) Copyright © Identity Summit 2015, all rights reserved. Comparison of Stateful and Stateless
  • 9. Stateless Sessions: Logout Optional feature Stores UID in-memory Stores UID in CTS Replicated between servers Copyright © Identity Summit 2015, all rights reserved.
  • 10. Recommended for Stateless Sessions Global Deployments Replicating user Session data between data centres is a challenge Failover recovery is complex Stateless Sessions simplifies this problem Copyright © Identity Summit 2015, all rights reserved. Stateful communication: global replication
  • 11. Recommended for Stateless Sessions Elastic Deployments seen in: • Retail • Media • Entertainment • Emergency Server elasticity suits Stateless Sessions, Cloud is increasingly common Copyright © Identity Summit 2015, all rights reserved.
  • 12. REST and Stateless Copyright © Identity Summit 2015, all rights reserved. • Increasingly valuable for third party applications • Cookies are not RESTful • Requires dependency on home server • Crosstalk has performance consequence Stateless Sessions for REST users might help
  • 13. Not Recommended for Stateless Sessions There are situations where Stateless Sessions are not recommended: • Session Quota: N logins on an account allowed • CDSSO: Looks up Session based on restricted token • SAML: Some profiles require stateful Session This will be covered in documentation Copyright © Identity Summit 2015, all rights reserved.
  • 14. Deployment Characteristics Copyright © Identity Summit 2015, all rights reserved. Stateful Sessions (OpenAM 10-13) Stateless Sessions (OpenAM 13) Memory: Stored in Server memory CPU: Decrypt/Verify Signature Session persists in Database Session persists in Cookie Vertical Scalability Horizontal Scalability Load Balancer: Sticky Load Balancer: Round Robin
  • 15. Performance Comparison Copyright © Identity Summit 2015, all rights reserved. Test Setup: Stateful • 2 OpenAM servers • 2 OpenDJ servers • Standard failover • External Load Balancer Test Setup: Stateless • 2 OpenAM servers • No failover • Session Signing • External Load Balancer Dell PowerEdge R620
  • 16. Performance Test Objective Session Management performance comparison • Sustained duration (10 min) • 5,000 concurrent users • Login, validate, logout • Basic Stateless – Signing – No blacklist Copyright © Identity Summit 2015, all rights reserved. Gatling (http://gatling.io)
  • 17. Performance Graphs Copyright © Identity Summit 2015, all rights reserved. Stateful Sessions 3,000 Login/Second Stateless Session 5,000 Login/Second
  • 18. Performance Analysis Expectations: Stateful faster, in memory Sessions Stateless processing time slower Actual Result: Process Stateless Session quick Stateful code path obvious factor Copyright © Identity Summit 2015, all rights reserved. Comparison of path through code base
  • 19. Takeaways • Dramatic growth in connected ‘things’ • OpenAM supports a lot of these use cases • Tradeoffs exist - no “one size fits all” • Enabling new options for scaling • Faster than I expected Copyright © Identity Summit 2015, all rights reserved.
  • 20. Thank You! Robert Wapshott Senior Software Developer, ForgeRock robert.wapshott@forgerock.com