SlideShare a Scribd company logo

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

CA API Management
CA API Management

Understanding how emerging standards like OAuth and OpenID Connect impact federation Federation is a critical technology for reconciling user identity across Web applications. Now that users consume the same data through cloud and mobile, federation infrastructure must adapt to enable these new channels while maintaining security and providing a consistent user experience. This webinar will examine the differences between identity federation across Web, cloud and mobile, look at API specific use cases and explore the impact of emerging federation standards. You Will Learn Best practices for federating identity across mobile and cloud How emerging identity federation standards will impact your infrastructure How to implement an identity-centric API security and management infrastructure Presenters Ehud Amiri Director, Product Management, CA Technologies Francois Lascelles Chief Architect, Layer 7

Technology
1 of 34
Download to read offline
Federation evolved:  How cloud, mobile & APIs change the way we broker identity Francois Lascelles Ehud Amiri o c oud, ob e & s c a ge t e ay e b o e de t ty Chief Architect Layer 7 Technologies Director, Product Management CA
Webinar Housekeeping Questions -Chat any questions you have and we’ll answer them at the Webinar Housekeeping end of this webinar TwitterTwitter - Today’s event hashtag: #L7webinar Follow us on Twitter:Follow us on Twitter: @layer7 @forrester Layer 7 Confidential 2
CA/L7 Webinars Following previous webinar “Unifying Security Across Web, APIs and Mobile” http://api.co/unifySEC Today we will introduce the “Federation Evolved” Layer 7 Confidential 3
The Identity Standards Layer 7 Confidential 4
Survival Of The Fittest “It is not the strongest of species that survives not the mostthat survives, not the most intelligent that survives. It is the one that is most adaptable to change” Charles Darwin Layer 7 Confidential 5
Macro Trends Impacting the “New Federation”p g f i ti Cloud ServicesPartners/Divisions 1 43B social network b 2012¹ of organizations are using SaaS³79% Cloud Services1.43B users by 2012¹ mobile app downloads by 2016²305B Developer CommunityMobile Apps connected devices by 2020450B IoT / Big Data of data by 20205 35ZB Social Registration Layer 7 Confidential 6
The History Of SAML Security Assertion Markup Language Layer 7 Confidential 7
SAML 2.0 Published in 2007 Key Use Case: Browser Single Sign-ony g g 2. IDP Discovery Application (Relying Party) Identity Provider 5. Redirect back with <Response>Provider 3. Redirect to IDP with <AuthnRequest> with Response 6. Return 1. Request resource 6. Return resource 4. Login flow Layer 7 Confidential 8
Single Sign-On for SaaS Applications SAML 2.0 “Fountain of Youth” SaaS ApplicationIdentity Provider S SSaaS ApplicationIdentity Provider SaaS Application Identity Layer 7 Confidential 9 Application Provider
Major success in SaaS enterprise applications Customer story – large global financial organization • 2007 obtained SiteMinder Federation for 5 partnerships • 2012 using about 100 partnerships many of them are enterprise SaaS applications • 2013 planning 500 1000• 2013 planning 500-1000 for partner ecosystem Layer 7 Confidential 10
CA Federation Partner Program • CA Federation Partner program - Test and templatized standard based SSO between CA’s Federation and top cloud business applications • Some of the validated SaaS Applications Layer 7 Confidential 11
CA CloudMinder™ 1.1 suite of IAM cloud services Identity and access management capabilities Id tit M t F d t d SSO Strong delivered as a service Identity Management Federated SSO Strong Authentication • User management • Access request • Standards-based federation (SAML, • Software Tokens, QnA, OATH, certificatesccess equest • Provisioning & de-provisioning • Identity synchronization ede at o (S , WS-Fed, OAuth,…) • Employee/Partner SSO • Social Sign-on • Just-in-time provisioning O , ce t cates • Risk analysis & adaptive authentication • Device identification • Fraud preventionp g p USER Layer 7 Confidential 12
Mobile First Layer 7 Confidential 13
Mobile access control - secure what? … the data source Mobile browser Web Any other app APIs Layer 7 Confidential 14
Reconciling Mobile UX and Security: Single Sign-Ong y g g • Single sign-on on mobile devices is essential to mitigating mobile UX disruptors Identify yourself Show me my data Layer 7 Confidential 15
Mobile app isolationpp User-agent Webapp 1 Cookie domain A Domain A • Mobile web Webapp 2 Cookie domain B Webapp 3 (can be different parties) Access token 1 APP A API 1 (can be different parties) Domain A API 2 Access token 2 APP B Mobile apps Layer 7 Confidential 16 API 3 Access token 3 APP C
Client-side sharing of authentication contextg • Client side platforms allow applications within a domain to share a Key ChainChain - Share an authentication context - Only for apps published by the same developer key KC A KC B Shared Key ChainKC A KC B Shared Key Chain App A App B App A App B Layer 7 Confidential 17
Cross domain mobile SSO • Client side redirections and callback - App register URL scheme to allow switching between apps - Passing a token in a redirection callback allows an authentication context to be extended to a 3rd party app openURL AppA://something?callback=AppB://somethingelse step 1 App A App B openURL AppA://something?callback AppB://somethingelse openURL AppB://somethingelse?arg=that_thing_you_need Layer 7 Confidential 18 step 2
App-to-app redirection limitations, riskspp pp • Un-verified URL schemes opens possibility of “app-in-the-middle” attack APPLE: “If more than one third-party app registers to handle the same URL scheme, there is currently no process for determining which app will be given that scheme ”for determining which app will be given that scheme. Layer 7 Confidential 19
App wrappingpp pp g • Single sign-on across mobile apps normally requires the active participation of each appeach app - Wrapping an app can compensate for a 3rd party app’s lack of awareness • Adding a wrapper to an existing app re-signs app and enables access to shared authentication context - On the API side, federation still requires active participation or API calls themselves need be redirected 3rd P App Auth Context ? Layer 7 Confidential 20 App A App B 3rd P API ?
Cloud API consumption from mobilep • The enterprise does not actively participate • Shared password is a security riskShared password is a security risk @corp: Promotion @corp: Something Funny @ RT S Kevin @corp: RT Someone James :( Brent Layer 7 Confidential 21
Enterprise API brokeringp g Kevin @corp: Promotion @corp: Something Funny [@corp: RT Someone] JamesJames BrentBrent Layer 7 Confidential 22
Enterprise API brokeringp g • Client-side redirected API call - New app - Localhost proxy (?) - Wrapper @corp Wrapper user@corp  API BrokeringAPI Brokering - User authentication, lookup delegation permission @ t t i t Layer 7 Confidential 23 - @corp account secret remains secret
Standard: OAuth 1. Handshake issues token to app -> grant types 2 App uses token to consume API -> resource server2. App uses token to consume API > resource server API ProviderClient Token endpointApp API Call with creds (or context) Authz endpointBrowser Web Redirection (optional) Layer 7 Confidential 24
Social Login Patterng • A service redirects user to an OAuth authorization server • User consents service to get basic user info from social providerUse co se ts se ce to get bas c use o o soc a p o de • Service leverages this context to delegate authentication and avoid setting up a shared secret with user Social provider Do you authorize [service] to access your basic information? [_] Yes In: access token Out: user info [_] No Layer 7 Confidential 25 Service (Web, Api/App, …)
Standard: OpenID Connectp • The use of OAuth to delegate authentication (social login) is formalized by OpenIDg ( g ) y p Connect - JSON based identity claims, use of JWT (ID Token) Define scopes user info api- Define scopes, user info api • OpenID connect lets an IdP provide federated authentication in a way that is ‘lightweight’ for the relying party - No SAML - No XML - No dsigNo dsig Layer 7 Confidential 26
Standard: Federated access token grantsg • App gets an access token in exchange for another token - SAML Bearer grant type [urn:ietf:params:oauth:grant-type:saml2-bearer] - JWT Bearer grant type [urn:ietf:params:oauth:grant-type:jwt-bearer] • Let apps leverage authentication context without disturbing UXLet apps leverage authentication context without disturbing UX API ProviderClient API Call incl proof of authentication Token endpointApp API Call incl proof of authentication Get back access token Layer 7 Confidential 27
Layer 7 Mobile Access Gatewayy y Mobile API Delivery • Secure Mobile EndpointSecure Mobile Endpoint • Manage permissions across users, devices, apps • Integration, Scaling Access Control, UX Increased Developer Velocity • Mobile PKI Provisioning • Mobile app-to-app SSO • Latest standards (OAuth, OpenID Connect • Mobile SDK for iOS and Android • Configure, not code • Form factors deployment Layer 7 Confidential 28 OpenID Connect, JWT/JWS/JWE) Form factors, deployment options
Identity and Multi-channel security are Critical Capabilitiesp Key Enablers of the Cloud ServicesPartners/Divisions y Open Enterprise Cloud Services Identity Mobile Apps Developer Community Multi-channel Engagement IoT / Big Data Social Registration Layer 7 Confidential 29 Internal / External Threats
Secure the Mobile, Cloud-Connected Enterprise Identity is the New Perimeter SaaSContractors Access G Secure Single Sign on On/Off-Boarding Partners Cloud Apps/Platforms Governance Single Sign-on Employees Identity Apps/Platforms & Web Services User Self Service Data Discovery & Classification Enterprise Apps Administrators On Premise Self Service Enterprise Mobility Classification Layer 7 Confidential 30
The New Business Services APIs Drive the Modern Business Mobile Apps Browser Web Smart Devices Cloud Services API B i P t Cloud Services Layer 7 Confidential 31 Developer Access Business Partners Business Divisions
The Rise of The “New Federation” Enable Access to Secure New Business Services APIs Drive the Modern Business Mobile Apps Browser Single Centralized    Security Policy Web Smart Devices Single  Sign‐on Accelerate  Data Access Social Registration Identity  Cloud Services Optimize Traffic Protect Federation Advanced  Authentication API B i P t Cloud Services Identity / Device  Management Protect    Data Layer 7 Confidential 32 Developer Access Business Partners Business Divisions g
Federation Evolved CA CloudMinder & Layer 7 Modern Federation Across ChannelsModern Federation Across Channels The “New Federation” is here: • Standard based • Enables Cloud, Mobile & SocialSocial • Protect the Web & API Layer 7 Confidential 33
Q&A

Recommended

Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
Matt McLarty
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the Enterprise
CA API Management
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
WSO2
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
CA API Management
 
The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)
Nordic APIs
 
API Management and Mobile App Enablement
API Management and Mobile App EnablementAPI Management and Mobile App Enablement
API Management and Mobile App Enablement
CA API Management
 
WebRTC Challenges in Contact Centers
WebRTC Challenges in Contact CentersWebRTC Challenges in Contact Centers
WebRTC Challenges in Contact Centers
Dialogic Inc.
 

Recommended

Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
Matt McLarty
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the Enterprise
CA API Management
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
WSO2
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
CA API Management
 
The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)
Nordic APIs
 
API Management and Mobile App Enablement
API Management and Mobile App EnablementAPI Management and Mobile App Enablement
API Management and Mobile App Enablement
CA API Management
 
WebRTC Challenges in Contact Centers
WebRTC Challenges in Contact CentersWebRTC Challenges in Contact Centers
WebRTC Challenges in Contact Centers
Dialogic Inc.
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
CloudIDSummit
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
WSO2
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
Shiu-Fun Poon
 
Gateway deepdive
Gateway deepdiveGateway deepdive
Gateway deepdive
Shiu-Fun Poon
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identity
Nordic APIs
 
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian JaffeCIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CloudIDSummit
 
SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15
Mike Lemons
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
Dan Usher
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Richard Bullington-McGuire
 
LF_APIStrat17_OWASP’s Latest Category: API Underprotection
LF_APIStrat17_OWASP’s Latest Category: API UnderprotectionLF_APIStrat17_OWASP’s Latest Category: API Underprotection
LF_APIStrat17_OWASP’s Latest Category: API Underprotection
LF_APIStrat
 
Identiverse - Microservices Security
Identiverse - Microservices SecurityIdentiverse - Microservices Security
Identiverse - Microservices Security
Bertrand Carlier
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
Cryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
Cryptzone
 
Consul Connect - EPAM SEC - 22nd september 2018
Consul Connect - EPAM SEC - 22nd september 2018Consul Connect - EPAM SEC - 22nd september 2018
Consul Connect - EPAM SEC - 22nd september 2018
Peter Souter
 
What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?
pqrs1234
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OpenIDFoundation
 
User manual of i vms 4200-v2.3.1_20150415
User manual of i vms 4200-v2.3.1_20150415User manual of i vms 4200-v2.3.1_20150415
User manual of i vms 4200-v2.3.1_20150415
IsraelGuillen12
 
FIWARE Complex Event Processing
FIWARE Complex Event ProcessingFIWARE Complex Event Processing
FIWARE Complex Event Processing
Miguel González
 
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieSpring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
VMware Tanzu
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
IBM Security
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
Sarah Moore
 

More Related Content

What's hot

Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
WSO2
 
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian JaffeCIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CloudIDSummit
 
SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15
Mike Lemons
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
Dan Usher
 
LF_APIStrat17_OWASP’s Latest Category: API Underprotection
LF_APIStrat17_OWASP’s Latest Category: API UnderprotectionLF_APIStrat17_OWASP’s Latest Category: API Underprotection
LF_APIStrat17_OWASP’s Latest Category: API Underprotection
LF_APIStrat
 

What's hot (20)

CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
Gateway deepdive
Gateway deepdiveGateway deepdive
Gateway deepdive
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identity
 
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian JaffeCIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
 
SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
 
LF_APIStrat17_OWASP’s Latest Category: API Underprotection
LF_APIStrat17_OWASP’s Latest Category: API UnderprotectionLF_APIStrat17_OWASP’s Latest Category: API Underprotection
LF_APIStrat17_OWASP’s Latest Category: API Underprotection
 
Identiverse - Microservices Security
Identiverse - Microservices SecurityIdentiverse - Microservices Security
Identiverse - Microservices Security
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
 
Consul Connect - EPAM SEC - 22nd september 2018
Consul Connect - EPAM SEC - 22nd september 2018Consul Connect - EPAM SEC - 22nd september 2018
Consul Connect - EPAM SEC - 22nd september 2018
 
What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
 
User manual of i vms 4200-v2.3.1_20150415
User manual of i vms 4200-v2.3.1_20150415User manual of i vms 4200-v2.3.1_20150415
User manual of i vms 4200-v2.3.1_20150415
 
FIWARE Complex Event Processing
FIWARE Complex Event ProcessingFIWARE Complex Event Processing
FIWARE Complex Event Processing
 
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieSpring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
 

Viewers also liked

Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the Cloud
Scientia Groups
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
IBM Security
 
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORMIdentity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
ForgeRock
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
ForgeRock
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT Mission
CA API Management
 
SN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoT
Sukumar Nayak
 

Viewers also liked (20)

Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & Cloud
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the Cloud
 
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
 
Tuebora Self Driven IAM
Tuebora Self Driven IAMTuebora Self Driven IAM
Tuebora Self Driven IAM
 
8 questions to ask when evaluating a Cloud Access Security Broker
8 questions to ask when evaluating a Cloud Access Security Broker8 questions to ask when evaluating a Cloud Access Security Broker
8 questions to ask when evaluating a Cloud Access Security Broker
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORMIdentity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
 
Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...
Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...
Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT Mission
 
IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - Portfolio
 
IAM for the Masses: Managing Consumer Identities
IAM for the Masses: Managing Consumer Identities IAM for the Masses: Managing Consumer Identities
IAM for the Masses: Managing Consumer Identities
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTFUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
 
SN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoT
 

Similar to Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
CA API Management
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
SRV421 Deep Dive with AWS Mobile Services
SRV421 Deep Dive with AWS Mobile ServicesSRV421 Deep Dive with AWS Mobile Services
SRV421 Deep Dive with AWS Mobile Services
Amazon Web Services
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
Andrew Ames
 

Similar to Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity (20)

EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practice
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
 
SRV421 Deep Dive with AWS Mobile Services
SRV421 Deep Dive with AWS Mobile ServicesSRV421 Deep Dive with AWS Mobile Services
SRV421 Deep Dive with AWS Mobile Services
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management Seminar
 
Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers
Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix ContainersRapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers
Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and Mobile
 

More from CA API Management

Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
CA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
CA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
CA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
CA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
CA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
CA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
CA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
CA API Management
 

More from CA API Management (20)

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIs
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your Data
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Recently uploaded (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

  • 1. Federation evolved:  How cloud, mobile & APIs change the way we broker identity Francois Lascelles Ehud Amiri o c oud, ob e & s c a ge t e ay e b o e de t ty Chief Architect Layer 7 Technologies Director, Product Management CA
  • 2. Webinar Housekeeping Questions -Chat any questions you have and we’ll answer them at the Webinar Housekeeping end of this webinar TwitterTwitter - Today’s event hashtag: #L7webinar Follow us on Twitter:Follow us on Twitter: @layer7 @forrester Layer 7 Confidential 2
  • 3. CA/L7 Webinars Following previous webinar “Unifying Security Across Web, APIs and Mobile” http://api.co/unifySEC Today we will introduce the “Federation Evolved” Layer 7 Confidential 3
  • 4. The Identity Standards Layer 7 Confidential 4
  • 5. Survival Of The Fittest “It is not the strongest of species that survives not the mostthat survives, not the most intelligent that survives. It is the one that is most adaptable to change” Charles Darwin Layer 7 Confidential 5
  • 6. Macro Trends Impacting the “New Federation”p g f i ti Cloud ServicesPartners/Divisions 1 43B social network b 2012¹ of organizations are using SaaS³79% Cloud Services1.43B users by 2012¹ mobile app downloads by 2016²305B Developer CommunityMobile Apps connected devices by 2020450B IoT / Big Data of data by 20205 35ZB Social Registration Layer 7 Confidential 6
  • 7. The History Of SAML Security Assertion Markup Language Layer 7 Confidential 7
  • 8. SAML 2.0 Published in 2007 Key Use Case: Browser Single Sign-ony g g 2. IDP Discovery Application (Relying Party) Identity Provider 5. Redirect back with <Response>Provider 3. Redirect to IDP with <AuthnRequest> with Response 6. Return 1. Request resource 6. Return resource 4. Login flow Layer 7 Confidential 8
  • 9. Single Sign-On for SaaS Applications SAML 2.0 “Fountain of Youth” SaaS ApplicationIdentity Provider S SSaaS ApplicationIdentity Provider SaaS Application Identity Layer 7 Confidential 9 Application Provider
  • 10. Major success in SaaS enterprise applications Customer story – large global financial organization • 2007 obtained SiteMinder Federation for 5 partnerships • 2012 using about 100 partnerships many of them are enterprise SaaS applications • 2013 planning 500 1000• 2013 planning 500-1000 for partner ecosystem Layer 7 Confidential 10
  • 11. CA Federation Partner Program • CA Federation Partner program - Test and templatized standard based SSO between CA’s Federation and top cloud business applications • Some of the validated SaaS Applications Layer 7 Confidential 11
  • 12. CA CloudMinder™ 1.1 suite of IAM cloud services Identity and access management capabilities Id tit M t F d t d SSO Strong delivered as a service Identity Management Federated SSO Strong Authentication • User management • Access request • Standards-based federation (SAML, • Software Tokens, QnA, OATH, certificatesccess equest • Provisioning & de-provisioning • Identity synchronization ede at o (S , WS-Fed, OAuth,…) • Employee/Partner SSO • Social Sign-on • Just-in-time provisioning O , ce t cates • Risk analysis & adaptive authentication • Device identification • Fraud preventionp g p USER Layer 7 Confidential 12
  • 13. Mobile First Layer 7 Confidential 13
  • 14. Mobile access control - secure what? … the data source Mobile browser Web Any other app APIs Layer 7 Confidential 14
  • 15. Reconciling Mobile UX and Security: Single Sign-Ong y g g • Single sign-on on mobile devices is essential to mitigating mobile UX disruptors Identify yourself Show me my data Layer 7 Confidential 15
  • 16. Mobile app isolationpp User-agent Webapp 1 Cookie domain A Domain A • Mobile web Webapp 2 Cookie domain B Webapp 3 (can be different parties) Access token 1 APP A API 1 (can be different parties) Domain A API 2 Access token 2 APP B Mobile apps Layer 7 Confidential 16 API 3 Access token 3 APP C
  • 17. Client-side sharing of authentication contextg • Client side platforms allow applications within a domain to share a Key ChainChain - Share an authentication context - Only for apps published by the same developer key KC A KC B Shared Key ChainKC A KC B Shared Key Chain App A App B App A App B Layer 7 Confidential 17
  • 18. Cross domain mobile SSO • Client side redirections and callback - App register URL scheme to allow switching between apps - Passing a token in a redirection callback allows an authentication context to be extended to a 3rd party app openURL AppA://something?callback=AppB://somethingelse step 1 App A App B openURL AppA://something?callback AppB://somethingelse openURL AppB://somethingelse?arg=that_thing_you_need Layer 7 Confidential 18 step 2
  • 19. App-to-app redirection limitations, riskspp pp • Un-verified URL schemes opens possibility of “app-in-the-middle” attack APPLE: “If more than one third-party app registers to handle the same URL scheme, there is currently no process for determining which app will be given that scheme ”for determining which app will be given that scheme. Layer 7 Confidential 19
  • 20. App wrappingpp pp g • Single sign-on across mobile apps normally requires the active participation of each appeach app - Wrapping an app can compensate for a 3rd party app’s lack of awareness • Adding a wrapper to an existing app re-signs app and enables access to shared authentication context - On the API side, federation still requires active participation or API calls themselves need be redirected 3rd P App Auth Context ? Layer 7 Confidential 20 App A App B 3rd P API ?
  • 21. Cloud API consumption from mobilep • The enterprise does not actively participate • Shared password is a security riskShared password is a security risk @corp: Promotion @corp: Something Funny @ RT S Kevin @corp: RT Someone James :( Brent Layer 7 Confidential 21
  • 22. Enterprise API brokeringp g Kevin @corp: Promotion @corp: Something Funny [@corp: RT Someone] JamesJames BrentBrent Layer 7 Confidential 22
  • 23. Enterprise API brokeringp g • Client-side redirected API call - New app - Localhost proxy (?) - Wrapper @corp Wrapper user@corp  API BrokeringAPI Brokering - User authentication, lookup delegation permission @ t t i t Layer 7 Confidential 23 - @corp account secret remains secret
  • 24. Standard: OAuth 1. Handshake issues token to app -> grant types 2 App uses token to consume API -> resource server2. App uses token to consume API > resource server API ProviderClient Token endpointApp API Call with creds (or context) Authz endpointBrowser Web Redirection (optional) Layer 7 Confidential 24
  • 25. Social Login Patterng • A service redirects user to an OAuth authorization server • User consents service to get basic user info from social providerUse co se ts se ce to get bas c use o o soc a p o de • Service leverages this context to delegate authentication and avoid setting up a shared secret with user Social provider Do you authorize [service] to access your basic information? [_] Yes In: access token Out: user info [_] No Layer 7 Confidential 25 Service (Web, Api/App, …)
  • 26. Standard: OpenID Connectp • The use of OAuth to delegate authentication (social login) is formalized by OpenIDg ( g ) y p Connect - JSON based identity claims, use of JWT (ID Token) Define scopes user info api- Define scopes, user info api • OpenID connect lets an IdP provide federated authentication in a way that is ‘lightweight’ for the relying party - No SAML - No XML - No dsigNo dsig Layer 7 Confidential 26
  • 27. Standard: Federated access token grantsg • App gets an access token in exchange for another token - SAML Bearer grant type [urn:ietf:params:oauth:grant-type:saml2-bearer] - JWT Bearer grant type [urn:ietf:params:oauth:grant-type:jwt-bearer] • Let apps leverage authentication context without disturbing UXLet apps leverage authentication context without disturbing UX API ProviderClient API Call incl proof of authentication Token endpointApp API Call incl proof of authentication Get back access token Layer 7 Confidential 27
  • 28. Layer 7 Mobile Access Gatewayy y Mobile API Delivery • Secure Mobile EndpointSecure Mobile Endpoint • Manage permissions across users, devices, apps • Integration, Scaling Access Control, UX Increased Developer Velocity • Mobile PKI Provisioning • Mobile app-to-app SSO • Latest standards (OAuth, OpenID Connect • Mobile SDK for iOS and Android • Configure, not code • Form factors deployment Layer 7 Confidential 28 OpenID Connect, JWT/JWS/JWE) Form factors, deployment options
  • 29. Identity and Multi-channel security are Critical Capabilitiesp Key Enablers of the Cloud ServicesPartners/Divisions y Open Enterprise Cloud Services Identity Mobile Apps Developer Community Multi-channel Engagement IoT / Big Data Social Registration Layer 7 Confidential 29 Internal / External Threats
  • 30. Secure the Mobile, Cloud-Connected Enterprise Identity is the New Perimeter SaaSContractors Access G Secure Single Sign on On/Off-Boarding Partners Cloud Apps/Platforms Governance Single Sign-on Employees Identity Apps/Platforms & Web Services User Self Service Data Discovery & Classification Enterprise Apps Administrators On Premise Self Service Enterprise Mobility Classification Layer 7 Confidential 30
  • 31. The New Business Services APIs Drive the Modern Business Mobile Apps Browser Web Smart Devices Cloud Services API B i P t Cloud Services Layer 7 Confidential 31 Developer Access Business Partners Business Divisions
  • 32. The Rise of The “New Federation” Enable Access to Secure New Business Services APIs Drive the Modern Business Mobile Apps Browser Single Centralized    Security Policy Web Smart Devices Single  Sign‐on Accelerate  Data Access Social Registration Identity  Cloud Services Optimize Traffic Protect Federation Advanced  Authentication API B i P t Cloud Services Identity / Device  Management Protect    Data Layer 7 Confidential 32 Developer Access Business Partners Business Divisions g
  • 33. Federation Evolved CA CloudMinder & Layer 7 Modern Federation Across ChannelsModern Federation Across Channels The “New Federation” is here: • Standard based • Enables Cloud, Mobile & SocialSocial • Protect the Web & API Layer 7 Confidential 33
  • 34. Q&A