cis14: spinning new threads with existing identity systems

Report

Tags:

Post on 01-Jun-2015

118 Views

Category:

Technology

2 Downloads

Preview:

Click to see full reader

DESCRIPTION

Mike Neuenschwander, iC Consult Americas A comparison of use cases for identity in cloud and enterprise deployments, with ideas on how to intertwine enterprise and cloud identity systems in the emerging cloud fabric.

TRANSCRIPT

SPINNING NEW THREADS WITH EXISTING IDENTITY SYSTEMS

2  

About iC Consult FOUNDED IN 1997 120+ EMPLOYEES OPERATIONS IN 4 COUNTRIES 2 SERVICE BRANDS

Times have changed

3  

Now Then

HR

Cloud Use Cases Shift in the design center •  High scale & high availability @ low cost

–  Rapid deployment to dozens of environments –  On-demand change in capacity –  Multi-tenancy –  Personalized app presentment on login –  Data firewall & data sharing –  Frequent, iterative rollout of features –  Account creation flows

•  Vetting through private (not corporate) email •  Device registration on a personal device •  Password reset with auto-login •  “Page 2” functionality •  Multiple personas (i.e., business & consumer)

–  Custom UI for users, admins, and CSR’s 4  

Architectures have changed

Now Then

Corp    Data  Center  

Corp    Pla-orm  

Elas1c,  Virtualized  Compute  Service  

PaaS  

App’s  1   2   3  

•  Always  on  •  Unscheduled  elas1c  compute  •  New  features  rolled  out  bi-­‐weekly  •  Very  low  overhead  

Packaged  IDM  Products  

Out-­‐of-­‐the-­‐box    UI   UI’s  

…n  

Meanwhile, IDM products have changed little

•  Existing products are what they were •  Core architecture unchanged

•  Standards and practices are evolving –  But many of the new protocols are “bolted on” to existing architecture

•  Scale, performance requirements outpacing product improvements

6  

So is IDM as we know it out of its league?

7  

Current Requirements

IDM Products

Shipping products will never meet contemporary needs

IDM Products: –  it matters less what you use than how you use it

8  

We’ve helped companies solve contemporary problems with existing technology

•  Multi-tenant LDAP design –  Product teams were surprised by the approach, but

endorsed it in the end •  Progressive profile creation

–  From low-barrier to validated accounts –  Validation UI’s

•  Automated rollout –  Reduces errors and saves time –  Iterative feature deployment

•  API-level access controls 9  

In Summary…

•  For identity and access products, creative and destructive processes are ongoing

•  Starting over rarely saves time or effort •  Use the technologies available to the best of their

abilities

IAM EXCELLENCE

iC Consult Americas LLC 222 S. Main Street, Suite 500 Salt Lake City, UT 84101 E-Mail: contact@icconsult.com www.icconsult.com

top related

cis14: implementing mitreid
Technology
cis14: pingaccess in action
Technology
cis14: protecting your apis from threats and hacks
Technology
cis14: nstic: identity enables a new digital relationship
Technology
cis14: from card to mobile—evolving identity credentials
Technology
rapid manufactured...
Documents
cis14: handling identity in alljoyn 14.06
Technology
cis14: enterprise identity apis
Technology
cis14: identity in openstack icehouse
Technology
cis14: working with oauth and openid connect
Technology
cis14: pingaccess 101
Technology
cis14: nist and nstic (new directions in identity)
Technology
cis14: human identity and the iot “jungle”
Technology
cis14: persistent trusted identity
Technology
cis14: mobilize your workforce with secure identity services
Technology
cis14: kantara briefing on id.me
Technology
cis14: global trends in byoid
Technology
cis14: authentication family tree (1.1.1 annotated) - steve...
Technology
cis14: identity at scale: next gen federation architectures
Technology
cis14: google's identity toolkit
Technology