Steve Hutchinson, GE
Report on the results of a partnership formation between design teams and service delivery teams at GE to leverage existing infrastructure and quickly operationalize new identity services like OAuth, SCIM, and OpenID Connect while also managing a 300% increase in traditional SAML-based integrations
Scanning the Internet for External Cloud Exposures via SSL Certs
Providing NextGen Identity Solutions in a Legacy World
1. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
Steve
“Hutch”
Hutchinson
SSO
Service
Leader,
GE
sehutchinson@gmail.com
@Iden0tyHutch
2. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
2
A
disclaimer
…
The
views
and
opinions
expressed
in
this
presenta0on
are
my
own
and
do
not
necessarily
represent
the
views
or
opinions
of
the
General
Electric
Company
or
any
of
its
subsidiaries.
3. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
3
Thanks
Daniel
…
no
pressure
4. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
4
A
warning
SOLUTIONS
AT
CIS
ARE
NOT
AS
CLOSE
AS
THEY
APPEAR
but
they
could
be
closer
…
5. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
5
SAML
is
dead?
0
100
200
300
400
500
2013 201420122011201020092008
SAML
Integra-ons
Year
!
“SAML
is
not
dead.
It’s
done.
Which
means
we
can
use
it.”
-‐
Dale
Olds
at
CIS2013
9. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
9
Migra0on
from
data
centers
to
cloud
Web
Server
Agent
PDP
Fed
IdP
Agent
Shibboleth
Plugin
Tradi0onal
Web
Access
Management
SAML
Policy&
User
Stores
10. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
10
Bring
Your
Own
Iden0ty
(BYOI)
Fed
IdP
User
Store
Web/App
Server
Select
IDP
ATTESTATION
NETWORK
PDP
Shibboleth
Plugin
Agent
SCIM
11. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
11
The
API
economy
Web/App
Server
API
Registry
OAuth
Fed
IdP
XML
Gateway
12. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
12
Top
drivers
for
Iden0ty
• Migra0on
from
data
centers
to
cloud
• Bring
Your
Own
Iden0ty
(BYOI)
• API
economy
• Mobile
devices,
access
anywhere
• Right-‐sized
authen0ca0on
• ABAC
replacing
RBAC
• UX
improvements
• Industrial
internet
(Internet
of
Things)
13. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
13
Barriers
to
new
service
offerings
Service
Design
Service
Delivery
14. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
14
Building
a
unified,
agile
service
team
Service
Design
Service
Delivery
• Create
change
• Add
or
modify
features
• Create
stability
• Create
or
enhance
services
ENABLING
the
business!
15. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
15
The
big
wins
• Communica0on,
communica0on,
communica0on
• Eliminate
finger-‐poin0ng
• Team
engagement
from
concept
to
delivery
• Delivery
provides
feedback
loop
for
service
improvement
• Huge
reduc0on
in
cycle
0mes
16. Providing
NextGen
Iden0ty
Solu0ons
in
a
Legacy
World
22
Jul
2014
-‐
Page
16
Ques0ons?
Steve
“Hutch”
Hutchinson
sehutchinson@gmail.com
@Iden0tyHutch