1. 1. Identity and Access Management London, 2015
2. 2. Introduction Oliver Lee Oliver.Lee@tomtom.com Product Owner IAM Edwin van der Wal Edwin.van.der.Wal@everett.eu Sr. Director Talent & Technology 3
3. 3. Agenda Introduction Who is TomTom TomTom & Identity A TomTom customer journey TomTom & Everett 4
4. 4. Who is TomTom TomTom is.. ..global leader in navigation and mapping products and services since 1996 ..designs innovative products that make it easy for people to keep moving towards their goal .. We launched our first connected products in 2008 bundled with LIVE Services which offered HD Traffic, local search and weather information. 5
5. 5. What do we do? 6 Over 77 million devices Navigable maps in 126 countries Navigation software Real time and historical Traffic Location based services Sports Navigation
6. 6. 7
7. 7. TomTom and Identity Look at the journey in the video Can anyone explain why or where Identity and Access Management is required in this example? 8 What is Identity and Access Management? Authentication: Who are you and how do you prove who you are? Authorisation: What are your entitlements?
8. 8. No Identity, no Relationships !
9. 9. TomTom and Identity TomTom owned the customer The hardware the software that operated it the content & services available on the device maps, traffic, etc. Our solution for Identity and Access Management is a proprietary one sessions are managed browser side, service side is not aware developed in-house bespoke solution 10
10. 10. TomTom and Identity What has happened to disrupt this? Growth of the Internet of things in the Automotive space. Increasingly, navigation is.. ..becoming a service ..being combined with other service to deliver innovative solutions, e.g. assisted driving combining navigation, telemetry, remote sensing External demands for Identity and Access Management using industry standard protocols 11
11. 11. TomTom and Identity Sustaining a bespoke, proprietary solution has become a challenge Our platform has entered the legacy phase of its lifecycle Recognition that a bespoke solution is not the way forward How is TomTom using ForgeRock to solve this? 12
12. 12. COMMON SERVICES ForgeRock Identity Platform The platform is what makes us unique! Benefits: Unified approach to managing identity of users, devices and things.
13. 13. Access Management Services 14 Devices are Authenticated & Authorised to access TomToms Live services Segment Consumer and Automotive devices Protocol OAuth2 OpenAM Authentication and Authorisation OpenDJ Entitlement Store OpenAM Manage the sessions OpenIG gateway between OpenAM and the backend services The use of OpenIG was to address a specific requirement of our CTO that we were not allowed to make changes to the backend services
14. 14. Single Sign-on and Single Logout 15 End-users accessing TomToms web applications Segment Consumer Protocol SAML2 OpenAM User Authentication Improve user experience and security around the authentication protocols
15. 15. Synchronisation between devices 16 Cloud based service Segment Consumer Protocol OAuth2 OpenAM Managing the MyDrive session Combining smartphone navigation, journey planning on the desktop and navigation devices, enabling synchronization between them
16. 16. Profile Management 17 UserData OpenIDM e-Commerce Sport Service Management Campaign Management Unique User ID Username Password Unique User ID Shipping Addr VAT number Unique User ID Height Weight Unique User ID Maps Traffic Unique User ID Email Opt-In/Opt-Out OpenIDM REST interface Basic user profile information (e.g. username, name, address) is centrally stored in OpenIDM An application with its own user data store, will continue to store and manage that data. Based on the Unique User ID OpenIDM can share common data across the different applications and synchronise data where necessary. Each application can synchronise and share data using the REST interface of OpenIDM.
17. 17. I want to buy and use my new TomTom navigation device 18 TomTom customer journey Im John and I waste a lot of my time every day being stuck in traffic.. ..I want to buy a new TomTom device online. If Im happy maybe Ill use some more of TomTom services
18. 18. John finds a TomTom PND he likes and puts it in his shopping basket TomTom customer journey e-Commerce
19. 19. John doesnt have a TomTom account yet and signs up 20 TomTom customer journey OpenIDM REST Username Account Number OpenIDM John
20. 20. John has to give details to register as customer 21 TomTom customer journey OpenIDM Username Password BillingAddr, VAT Nr Email Opt-In Campaign Management OpenDJ e-Commerce John Username Account Number Address OpenIDM
21. 21. Meanwhile 22 TomTom customer journey John receives his new Personal Navigation Device He logs onto MyDrive to plan his daily commute to and from work
22. 22. John logs onto MyDrive to plan his daily commute 23 TomTom customer journey OpenAM UserName Password User Authentication Access OpenDJ MyDrive Cloud session
23. 23. The next day 24 TomTom customer journey John drives into work using his new Personal Navigation Device His device is authenticated and authorized to access Live Traffic His device is authorized to receive the route he planned last night
24. 24. In the car 25 TomTom customer journey MyDrive OpenAM Authorisation Johns route Authentication OpenDJ OpenAM OpenDJ Traffic
25. 25. History Initial request came from Automotive customers wanting to access TomTom services Authentication and Autorisation requirements became more important and more urgent Did some high level internal architecture studies and looked for AuthN and AuthZ platform initially just for the Automotive business And decided to take this program further to reengineer our identity solution for our consumer business We engaged Everett to help us forward with our ForgeRock solution 26
26. 26. 27
27. 27. TomTom & Everett - Project approach highlights 28 Scoping the project Everett supported TomTom in creating the project scope and prevent scope creep. We focused on business strategy instead on short term technical solutions. Buddy structure TomTom project members had an Everett project member buddy to challenge, support, create management buy-in, coordinate and transfer IAM knowledge Involve: An Everett agile project approach Everett uses a standardized proven approach to agile project delivery. Experience has proven that Involve is successful in delivering the highest business value first, and avoids building features that will never be used by the customer.
28. 28. TomTom and Everett 29 Architecture & Roadmap Project Governance Week 1 Week 4 Week 14 Week 18 Foundation Sprint Foundation Foundation Transitie Roadmap Phase 2
29. 29. Lessons Learnt Pick a partner with knowledge of both business, architecture and technology. Pick Technology based on open standards out of the box Demo often and early, not just talk! Take leadership role Assign an engaged member of Security to your team to give more control over the security agenda. SSO is a business problem But Google does it this way 30
30. 30. Identity and Access Management Oliver Lee, Product Owner IAM Edwin van der Wal, Sr. Director Everett 31
31. 31. Any questions? Thank you!