cis14: providing business with nextgen identity solutions in a legacy world
DESCRIPTION
Steve Hutchinson, GE Report on the results of a partnership formation between design teams and service delivery teams at GE to leverage existing infrastructure and quickly operationalize new identity services like OAuth, SCIM, and OpenID Connect while also managing a 300% increase in traditional SAML-based integrationsTRANSCRIPT
Providing NextGen Iden0ty Solu0ons in a Legacy World
Steve “Hutch” Hutchinson SSO Service Leader, GE [email protected] @Iden0tyHutch
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 2
A disclaimer … The views and opinions expressed in this presenta0on are my own and do not necessarily represent the views or opinions of the General Electric Company or any of its subsidiaries.
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 3
Thanks Daniel … no pressure
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 4
A warning
SOLUTIONS AT CIS ARE NOT AS CLOSE AS THEY APPEAR but they could be closer …
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 5
SAML is dead?
0
100
200
300
400
500
2013 2014 2012 2011 2010 2009 2008
SAML Integra-
ons
Year
! “SAML is not dead. It’s done. Which means we can use it.”
-‐ Dale Olds at CIS2013
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 6
Ge]ng from here to there
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 7
Where is here?
SSO LDAP
Policy Decision Point
Web Server
Web Access Management
Federa0on Server
Agent
Iden0ty Federa0on SAML, STS, OAuth, OpenID
Virtual Directory
Interceptor Script
LDAP Authen0ca0on Mul0-‐Source Directory Views
Web Agent
B2B B2C
HR System Ac0ve Directory
7500+ applica0
ons
475+ Fed
era0
ons
350+ dire
ctories
5 million accounts ~500,000 accounts
18 policy sets
Registra0on Apps
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 8
Enter FastWorks
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 9
Migra0on from data centers to cloud
Web Server
Agent
PDP
Fed IdP
Agent
Shibboleth Plugin
Tradi0onal Web Access Management
SAML
Policy& User Stores
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 10
Bring Your Own Iden0ty (BYOI)
Fed IdP
User Store
Web/App Server
Select IDP
ATTESTATION NETWORK
PDP
Shibboleth Plugin
Agent
SCIM
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 11
The API economy
Web/App Server API
Registry
OAuth
Fed IdP XML Gateway
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 12
Top drivers for Iden0ty • Migra0on from data centers to cloud • Bring Your Own Iden0ty (BYOI) • API economy • Mobile devices, access anywhere • Right-‐sized authen0ca0on • ABAC replacing RBAC • UX improvements • Industrial internet (Internet of Things)
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 13
Barriers to new service offerings
Service Design
Service Delivery
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 14
Building a unified, agile service team
Service Design
Service Delivery
• Create change • Add or modify features
• Create stability • Create or enhance services
ENABLING the business!
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 15
The big wins
• Communica0on, communica0on, communica0on
• Eliminate finger-‐poin0ng
• Team engagement from concept to delivery
• Delivery provides feedback loop for service improvement
• Huge reduc0on in cycle 0mes
Providing NextGen Iden0ty Solu0ons in a Legacy World 22 Jul 2014 -‐ Page 16
Ques0ons?
Steve “Hutch” Hutchinson
[email protected] @Iden0tyHutch