synergies across apis and iam
TRANSCRIPT
![Page 1: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/1.jpg)
Synergies Across APIs and IAM
Ingredients For winning digital transformation strategy
Nov , 2017
Sagara Gunathunga - Director, WSO2
![Page 2: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/2.jpg)
ABOUT WSO2
2
Mountain View,New York, London,Sao Paolo, Colombo
Founded in 2005Venture backed by
Cisco and Toba Capital
450 Employees;300 Engineers
400+ Customers,120 New Customers
in 2016
ProfitableBusiness since 2016
![Page 3: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/3.jpg)
OPEN TECHNOLOGY FOR AGILE DIGITAL BUSINESS
3
Build internal and external developer ecosystems with an API marketplace.
Manage identity, security, and
privacy across your digital
business.
Make mobile and IoTdevices integral to
your digital business.
Create real-time, intelligent, actionable business insights and data products.
Platform enable your digital business with “micro-services”
and “micro-integrations”.
![Page 4: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/4.jpg)
Digital Transformationwill decide and shape
The destiny of your business
![Page 5: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/5.jpg)
Digital Transformation is no longer a nice to have or a differentiator, it’s about the survival of your business
Is it the Right Time to Think?
A nice to have
A differentiator
For survival
![Page 6: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/6.jpg)
Is it Real?
Look Around You!
![Page 7: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/7.jpg)
Is it Real?
![Page 8: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/8.jpg)
Digitize Delivery Channels
Personalized User Experience
Highly connected business offerings
Digital Transformation
![Page 9: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/9.jpg)
• Sales increasingly based on real user reviews and ratings than traditional marketing
• Physical stores replaced with digital channels (web stores, mobile apps, IVR solutions)
• Fast consumer response time and convenience means connectivity (e.g. Facebook, Twitter, WhatsApp)
Challenge 1 - Digitize Delivery Channels
![Page 10: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/10.jpg)
Generic user experiences don’t work, consumers now expect
– A highly personalized experience
– Control over preferences – Relativeness of content
Challenge 2 - Personalized User Experience
![Page 11: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/11.jpg)
Fulfill all the related business requirements at one-stop. • Save consumer time and avoid data
duplications. • Fast and efficient B2B integration. • Adoption of open business interfaces
Challenge 3 - Highly connected business offerings
![Page 12: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/12.jpg)
Synergies Across
APIs and IAM is the right answer
![Page 13: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/13.jpg)
API Management
Digitize Delivery Channels
Highly connected business offerings
![Page 14: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/14.jpg)
Reality of Enterprise Systems Landscape
● Enterprise systems are complex
● Enterprise systems are bureaucratic
● Cannot afford the luxury of
complete re-write or having a clean
slate
● Comes with years of baggage
14
![Page 15: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/15.jpg)
15
API Always Comes First
![Page 16: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/16.jpg)
16
Present Day Enterprise Architecture
Analytics
Continuous-*
Security & Access Management API / Service discovery
Dev toolsDevops tools
Service router
API Gateway
Core Microservices Data
Container(s)
Delivery channels Digital Products
Messaging Channels Integration MicroservicesExisting Services
![Page 17: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/17.jpg)
17
APIs are found in Every Layer
![Page 18: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/18.jpg)
18
The modern API
● RESTful & JSON savvy - being lightweight, REST style conformant
● Well documented - Methods, operations, responses, error codes etc
● Manageable (life-cycle, version)
● Discoverable - Searchable, testable
● Measurable
● Secured - Multiple security protocol support, transformable
![Page 19: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/19.jpg)
Key Performance Factors of an API Platform
● Security
● Rate Limiting
● Integration
● Analytics
19
![Page 20: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/20.jpg)
API Gateway
20
Security
Rate
Limiting
Integration
Analytics
Gateway
Apps Services and
Data
![Page 21: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/21.jpg)
Security: Identity
● Authentication
● Single Sign On
● Federation
● Authorization
21
Authenticate via Facebook to Airbnb APIs
![Page 22: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/22.jpg)
Security: Access Delegation
● Secure Trusted Clients
● Secure Untrusted Clients
● Unsecure Clients
● System to System Auth/z
22
People Apps
![Page 23: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/23.jpg)
Rate Limiting: Front End
● Monetization
● Burst Control
● Fair Usage Policy
● Geographical Distribution
● Distribution by Device Type
23
People Apps Gateway
![Page 24: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/24.jpg)
Rate Limiting: Back-End
● Prevent Total Service
Outage at Peaks
● Back-End Server
Maintenance
24
Gateway
Services
and Data
![Page 25: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/25.jpg)
Integration
25
Interface
Integration
![Page 26: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/26.jpg)
Integration
26
![Page 27: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/27.jpg)
Analytics: Statistical Analysis
27
![Page 28: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/28.jpg)
Analytics: Operational
● API Latency Distribution
● Alerting on Abnormalities
● API Health
28
![Page 29: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/29.jpg)
WSO2 API Manager
![Page 30: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/30.jpg)
30
● Currently at version 2.1.0 with over 6 years of engineering improvements
across 15 stable releases
● Geo distributed and clustered deployments
○ In production at StubHub / Verizon / Motorola / BYU / BNY
● Same code base at WSO2 API Cloud running with four 9s uptime
● One major and 3 minor releases per year
● Automated deployment with puppet
● Containerized with Docker
Battle hardened
![Page 31: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/31.jpg)
31
WSO2 API Manager
● Available as a single
downloadable package
● Available as a cloud / SaaS
solution
● Flexible deployment choices
● High performance gateway
● API governance, marketplace
solution
![Page 32: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/32.jpg)
32
Cloud First or Start On-Prem
● Multi-tenanted, shared
everything
● WSO2 Hosted and managed
● Pay as you go
● Multi-region availability
● VPN tunnel to private DC
● Guaranteed uptime
● Limited options in customizing
● Privately hosted
● WSO2 managed
● Upgrades, patches installation
● Guaranteed uptime
● Full flexibility in customization
● Better control
● Self hosted
● Self managed
● Full flexibility
● Dev-ops learning curve
● Self managed upgrades
http://wso2.com/api-management/cloud/
https://docs.wso2.com/display/ManagedCl
oud/WSO2+Managed+Cloud+Documenta
tion
![Page 33: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/33.jpg)
33
Componentized
![Page 34: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/34.jpg)
Identity and Access Management
Personalized User Experience
Highly connected business offerings
![Page 35: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/35.jpg)
Users onboarding
• Employees vs. customers
• Self signup
• Self signup with verification
• Approval workflows
![Page 36: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/36.jpg)
Bring Your Own Identity (BYOI)
New to Hi! Sign Up
WelcomeSagara
![Page 37: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/37.jpg)
Authentication
• Multi-factor authentication
• Adaptive authentication
• FIDO U2F, TOTP, SMS/Email OTP
• LDAP, Database, AD
![Page 38: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/38.jpg)
Social Authentication
New to Hi! Sign Up
WelcomeSagara
![Page 39: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/39.jpg)
Two-Factor Authentication
STEP 1
STEP 2
WelcomeSagara
![Page 40: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/40.jpg)
Authorization
• Role-based
• Attribute-based
• XACML REST API
• Policy templates
![Page 41: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/41.jpg)
Single sign-on (SSO)
• Social logins eliminate password management complexities from consumer and business side
• Out-of-the-box support for strong authentication options, such as 2-factor authentication
Welcome
Welcome
![Page 42: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/42.jpg)
Self-service
• User portal• Password reset• Self access requests• Consent management• Profile update• Password reset• Account recovery
![Page 43: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/43.jpg)
Monitoring and Analytics
• Login analytics
• Session analytics
• Fraud detection/prevention
![Page 44: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/44.jpg)
WSO2 Identity Server
![Page 45: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/45.jpg)
▪ Addresses critical IAM needs both in customer IAM and workforce IAM spaces▪ Most of the WSO2 IS deployments are to address CIAM needs ▪ Extensive support for open standards - no vendor locking▪ Large scale deployments over millions of users▪ Rich eco system with 40+ connectors
(https://store.wso2.com/store/assets/isconnector/list)▪ Support for multi-tenancy▪ Web based management console and user portal (with easily customizable theme)▪ Extensible product architecture to address complex IAM needs▪ Docker friendly deployment▪ Latest release - WSO2 Identity Server 5.3.0
WSO2 IDENTITY SERVEROverview
![Page 46: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/46.jpg)
▪ 75+ active subscribers, 200+ instances under subscription▪ Key OEMs
○ WSO2 API Manager (Key Manager Profile)○ WSO2.Telco○ Ellucian (340 customers)○ Accenture
▪ 1000+ product downloads each month▪ 100% year to year growth of direct WSO2 IS customer base for last three
years.▪ 100% open source (both the source code and the binaries are released
under most business friendly Apache 2.0 open source license)
WSO2 IDENTITY SERVERAdoption
![Page 47: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/47.jpg)
▪ Accounts management and identity provisioning▪ Single sign-on and identity federation▪ Identity broker▪ Fine-grained access control▪ Identity analytics
WSO2 IDENTITY SERVERFocus Areas
![Page 48: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/48.jpg)
▪ Support for heterogenous identity stores: database, LDAP, AD ▪ Largest deployment of WSO2 IS in Saudi Arabia (4M+ users in a MS SQL
database)▪ State of Arizona uses WSO2 IS for both CIAM and workforce IAM over a
MSSQL database and AD▪ Seagate uses WSO2 IS to manage 1M+ users/customers (Oracle DB)▪ Trimble uses WSO2 IS to manage 1M+ users/customer (OpenLDAP)
ACCOUNTS MANAGEMENT & IDENTITY PROVISIONINGMultiple Identity Stores
![Page 49: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/49.jpg)
ACCOUNTS MANAGEMENT & IDENTITY PROVISIONING
Self Service
![Page 50: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/50.jpg)
▪ SAML 2.0▪ OpenID Connect (OAuth 2.0)▪ WS-Federation▪ CAS▪ OpenID▪ GSMA Mobile Connect
SINGLE SIGN-ON & IDENTITY FEDERATIONOpen Standards
![Page 51: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/51.jpg)
▪ Multi-option based login▪ Multi-factor authentication▪ FIDO U2F, TOTP (Google Authenticator), OTP over SMS, OTP over
Email, Certificates, mePin, Duo Security, RSA SecurID▪ OTP over SMS is the most used one in WSO2 IS deployments▪ Nutanix uses Google Authenticator to secure access to WSO2 IS
admin console.
SINGLE SIGN-ON & IDENTITY FEDERATIONStrong Authentication
![Page 52: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/52.jpg)
▪ Enable Social Login by service provider▪ Facebook, LinkedIn, Twitter, Google, Yahoo, Microsoft Live
SINGLE SIGN-ON & IDENTITY FEDERATIONSocial Login
![Page 53: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/53.jpg)
IDENTITY ANALYTICSLogin Analytics
▪ Track success/failed login attempts by user/service provider/identity provider.
▪ Detect anomalous login behaviours.
![Page 54: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/54.jpg)
IDENTITY ANALYTICSSession Analytics
▪ Track all the sessions in the system by user and the duration of the session
![Page 55: Synergies across APIs and IAM](https://reader034.vdocuments.site/reader034/viewer/2022051404/5a651c9a7f8b9a2e118b4ad7/html5/thumbnails/55.jpg)
THANK YOU
wso2.com