wso2con identity patterns

Enterprise  Iden,ty  Management  &  Security  Pa7erns  and  Prac,ces  

                                   Prabath  Siriwardena    

Email

JIRA

SVN

Forrester  Iden2ty  Management  Maturity  Model  

Iden2ty  as  a  Service  

Single  Sign  On  

Provisioning  

Delega2on  

Federa2on  

Access  Control  

Audi2ng  

Principles  of  Iden2ty  Data  

Do  NOT  replicate  iden22es  

Principles  of  Iden2ty  Data  

Business  requirements  should    drive  iden2ty  replica2on  

Principles  of  Iden2ty  Data  

Replicated  iden22es  should  be  read-­‐only  

Principles  of  Iden2ty  Data  

Iden2ty  data  should  be  loca2on  transparent  

Principles  of  Iden2ty  Data  

Enforce  the  consistency  &  integrity    of  iden2ty  data  with  policies,  processes  &  tools    

Principles  of  Iden2ty  Data  

Use  open  standards  rather  than  proprietary  standards  

Principles  of  Iden2ty  Data  

Use  encryp2on  to  protect  sensi2ve  iden2ty  elements  

•  User  stores  with  LDAP/AD/JDBC  •  Mul2ple  user  store  support  •  OpenID  •  SAML2  •  Kerberos  •  Informa2on  Cards    •  XACML  2.0  /  3.0  •  OAuth  1.0  /  2.0  •  Security  Token  Service  with  WS-­‐Trust  •  SCIM  1.1  •  WS-­‐XACML  

WSO2  Iden2ty  Server  

Thank  you