Architecting a cloud scale identity fabric

•

0 recomendaciones•932 vistas

Mário Almeida

(Check my blog @ http://www.marioalmeida.eu/ )

Tecnología

Architecting a
Cloud-Scale
Identity Fabric by Eric Olden

Execution Environments for Distributed Computing
By João Rosa, Mário Almeida and Alex 'El Baron'

Barcelona 23 April 2012

Outline (1/2)
Introduction
● Cloud benefits
● Identity problem

Identity stack
● Authorization
● Authentication
● User account management
● Auditing
● Cloud Plattaform Architecture

Outline (2/2)
Identity properties
● Integration
● Network effect
● Abstraction

Identity as a service

Conclusion

Cloud benefits

Access to a shared pool of configurable
computing resources.

Elastic scalability

Reliability, availability and flexibility.

1

Identity problem (1/3)

It's young!

Not fully thrustable!

2

Identity problem (2/3)

There isn't a strategy to handle the enormous
volume of users identities.

3

Identity problem (3/3)

Identity management is a key bottleneck to
cloud adoption!

4

Authorization

The problem: Authorization must envolve to a
distributed model to support users outside the
network firewall

The solution: Authorization in Depth, Grouping
Access, Distributed Federated Model

5

Authentication

The problem: SAML adoption is not famous in
the enterprise apps world

The solution: HTTP authentication standard

6

User Account Management

The problem: every app performs a user
management differently

The solution: standarlization of user
management APIs

7

Auditing

The problem: overcome the lack of visibility in
user access

The solution: framework to understand the
global jurisdictional rules

8

Cloud Platform
Architectural

The problem: virtualized platforms have a
huge decrease in performance with high
utilization rates

The solution: proxy-base approach

9

Integration (1/2)
One-to-many federated identity model

10

Integration (2/2)
Example:
● 10,000 users that access 15 apps.
● In a one-to-one model, this requires 150,000
credentials (passwords).
● Resetting a credential once a year via a $30
help desk results inl $4.5 million expense.
If licensing, deployment, integration, and
maintenance costs are $50,000 p/connection
(15 apps), the total expense would be
$750,000. 11

Network effect

As more users and apps are integrated in the
identity network, these benefits extend to other
network members simply by virtue of their
being connected.

12

Abstraction

Enterprises must be able to use more than one
type of authentication depending on the level of
risk associated with an app.

13

Abstraction
Externalize identity functions for Web apps in
public or private clouds.

Focus on improving apps.

Enterprises can manage identity across
multiple apps more efficiently.

14

Identity as a service

Think less about identity technology and focus
on service-level agreements and service
management.

Move from a company-owned to a service-
provider-owned and operated identity
management approach.

15

Consumerization
Consumer-based web apps

16

Consumerization

Unexpected viral adoption or porting an app
server to the cloud.

Each identity integration point becomes a
stress point, and each credential creates a
broader attack surface and potential help desk
expense.
16

Conclusions

Facebook has exploded in popularity, with
more than 550 million users.

The support for identity sharing via OpenID,
made hundreds of millions of people suddenly
have OpenID credentials.

17

Conclusions

An identity access fabric linking enterprises to
the cloud is not only relevant but also
necessary.

18

Conclusions
An identity fabric:
● provides secure linkage between the
enterprise and the cloud.
● reduces the number of identities and scales
better.
● enables full-scale cloud adoption.
● provides an infrastructure service with on-
demand dial-tone quality.
● benefits users, administrators, vendors, and
service providers in dramatic ways. 19

References
- Architecting a Cloud-Scale Identity Fabric,
Eric Olden, Symplified

Images (CC rights):
http://www.flickr.com/photos/mobilestreetlife/4278659537/

1

Más contenido relacionado

La actualidad más candente

What is web2.0

flyingsheep

Converge Leveraging Identity With Professional Open Source Final

Gonow

Citrix Receiver has emerged as a powerful universal client providing simple, intuitive, high-definition access to virtual desktops and applications anywhere, on any device. Receiver will evolve into an even more critical piece of client-side software that goes beyond access on both desktop and mobile platforms. Upcoming functions include serving as a broker for other apps on the device, a secure conduit to the enterprise and a platform providing access to value-added services.

Citrix Receiver: the road ahead

Citrix

Citrix reference architecture for xen mobile 8 5_july2013

Nuno Alves

The introduction of nexaweb flatform v4

Duc Nguyen

5G World 2019 - Security Workshop - Chairman's Remarks

Paul Bradley

Mind the gap: Navigating the Security Challenges of BYOD

Proofpoint

Web 2.0, Kenniswerker en ICT Beheer

Jan Krans

Wired2Win: Sharepoint_Social_Enterprise

WinWire Technologies Inc

Mobile enterprise content management

Amplexor

Cloud computing is a general term for anything that involves delivering hosted services over the Internet. Cloud computing is a paradigm shift following the shift from mainframe to client–server in the early 1980s. Cloud computing can be defined as accessing third party software and services on web and paying as per usage. It facilitates scalability and virtualized resources over Internet as a service providing cost effective and scalable solution to customers. Cloud computing has evolved as a disruptive technology and picked up speed with the presence of many vendors in cloud computing space. The evolution of cloud computing from numerous technological approaches and business models such as SaaS, cluster computing, high performance computing, etc., signifies that the cloud IDM can be considered as a superset of all the corresponding issues from these paradigms and many more. In this paper we will discuss Life cycle management, Cloud architecture, Pattern in Cloud IDM, Volatility of Cloud relations.

Cloud Computing: A study of cloud architecture and its patterns

IJERA Editor

Cloud computing identity management summary

Brandon Dunlap

Business Situation Having narrowed down on social media as the right solution to connect NRIs, the challenge was to shortlist the social networking frameworks available and forward our recommendations to the client. The advantages of choosing a framework was that it would lead to faster time to market as the base features were readily available. The framework would also improve the user experience through frequent updates, increased stability, full source code control and less time to go live!

Nri touch

Compassites Software Solutions

TeleSign - Citrix ShareFile - Two-Factor Authentication Case Study

TeleSign Corporation

Redmond Magazine webinar from 5-20-2015 with myself and Ben Henderson from Colligo. Abstract: With almost two decades of experience building out and supporting intranets, employee portals, and document collaboration platforms, the industry is quickly moving toward cloud-first and mobile-first solutions. With that shift, keeping end users engaged and productive has become an imperative. As organizations struggle to move from centralized on prem solutions to this new paradigm, three universal truths come to the surface in every successful deployment: --The user experience (UX) should be central to everything you do --Telemetry & metrics need to be in place at the beginning & fine-tuned along the way --Mobility must move beyond just responsive design & enhance productivity In this webinar, Office 365 MVP and globally-recognized collaboration and social technology expert Christian Buckley will talk with Colligo Product Manager Ben Henderson about the future of mobility, the expanded vision of team and document collaboration, and the value of a productivity focus. They will share valuable insights and real-world examples of how you can incorporate these universal truths into your SharePoint strategy.

Cloud-First, Mobile-First SharePoint -- 3 Universal Truths for Successful Dep...

Christian Buckley

Lock Down Mobile and Cloud Data Leaks Part II

Proofpoint

Executive Alliance Dallas - Accellion Presentation

Proofpoint

La actualidad más candente (17)

What is web2.0

Converge Leveraging Identity With Professional Open Source Final

Citrix Receiver: the road ahead

Citrix reference architecture for xen mobile 8 5_july2013

The introduction of nexaweb flatform v4

5G World 2019 - Security Workshop - Chairman's Remarks

Mind the gap: Navigating the Security Challenges of BYOD

Web 2.0, Kenniswerker en ICT Beheer

Wired2Win: Sharepoint_Social_Enterprise

Mobile enterprise content management

Cloud Computing: A study of cloud architecture and its patterns

Cloud computing identity management summary

Nri touch

TeleSign - Citrix ShareFile - Two-Factor Authentication Case Study

Cloud-First, Mobile-First SharePoint -- 3 Universal Truths for Successful Dep...

Lock Down Mobile and Cloud Data Leaks Part II

Executive Alliance Dallas - Accellion Presentation

Similar a Architecting a cloud scale identity fabric

Architecting a Cloud-Scale Identity Fabric

Arinto Murdopo

Cloud Computing – The Best Form of IT Delivery

Softweb Solutions

Security in Cloud Computing

Ashish Patel

Session presented at the 2nd IndicThreads.com Conference on Cloud Computing held in Pune, India on 3-4 June 2011. http://CloudComputing.IndicThreads.com Abstract:As the cloud adoption increases, there is a growing concern about the lock-in of customers into the various cloud platforms. This session will discuss various major cloud platforms, the type of lock-in the customer will face in each of these platforms and what each customer can do to minimize their lock-in. Key takeaways for audience are: Understand what is cloud lock-in Types of cloud vendor lock-ins What is cloud interoperability Major initiatives around cloud interoperability standards Goals, differences and players/proponents of these major standards Steps to minimize cloud lock-in for your customers Speaker: Ashwin Waknis is a Sr. IT professional with 15 years in the industry. Ashwin is currently head of the Cloud Professional Services Business at Persistent Systems. Before that Ashwin was a Sr. Product Manager at Cisco Systems where he lead major initiatives around Knowledge Management, Enterprise Portal, Web 2.0/Social softwares and Enterprise Search. For the last 2 years, Ashwin has been involved in Cloud Computing initiatives first at Cisco and then at Persistent Systems.Ashwin has spoken at many customer workshops and events organized for educational institutes.

Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...

IndicThreads

Cloud Security: What you need to know about IBM SmartCloud Security

IBM Security

Racing + Cloud

Advanced Technology Consulting (ATC)

chapter 3 Selected Topics in computer.pptx

AschalewAyele2

Cloud computing is the on-demand delivery of computing resources over the Internet. Cloud services present one of the most progressive and rapidly growing areas in the IT sector, with projections showing that the demand for cloud computing services will reach approximately 791.48 billion dollars by 2028. However, whilst the sector shows massive potential and benefits such as scalability, cost efficiency, easy accessibility, flexibility, and Increased productivity, there are extensive risks and threats associated with it. The increasing amount of confidential data stored in multi-cloud environments leaves organizations more exposed to attacks. This is of significant concern to businesses including organizations still considering a migration to cloud computing, thereby posing a consequential threat to cloud-enabled business transformation. Depending on several factors and business requirements, organizations may choose between different cloud computing deployment or service models. The choice of models de- termines the scope of control between the cloud service providers (CSPs) and cloud consumers and ultimately defines the security responsibilities between the two. By means of a systematic literature review (SLR), this research identifies 18 threats including Data breaches, loss, and leakage, Infrastructure vulnerabilities, Identity and access management, Insecure interfaces and APIs, Insider threats, External attacks, Cloud misconfiguration, etc., as the top security concerns of cloud migration that affects business transformation. This is followed by an extensive study of these identified threats and a case study on eBay, a leading online marketplace. To mitigate these established security concerns, security measures such as examining baseline security, establishing an adequate cloud security strategy, utilizing proper setups, and establishing proper logging and monitoring measures are some good practices to adopt during the process of cloud migration. Other cloud migration protocols to consider include establishing a strategic plan, a definition of the migration scope, and identifying milestones and KPIs.

Security concerns of cloud migration and its implications on cloud-enabled bu...

Adewole Shitta-bey

Celera Networks on Cloud Computing

CeleraNetworks

Enterprise agility for the Cloud

Steven_Jackson

Achieving Cloud Enterprise Agility

Steven_Jackson

Cloud Computing Introduction

Craig Dickson

INTRODUCTION TO CLOUD COMPUTING

Tanmoy Barman

Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...

GovCloud Network

Cloud lockin and interoperability v2 indic threads cloud computing conferen...

IndicThreads

Cloud lockin and interoperability v2 indic threads cloud computing conferen...

IndicThreads

Container Technologies and Transformational value

Mihai Criveti

Are you ready for the private cloud? [WHITEPAPER]

KVH Co. Ltd.

APIsecure 2023 - The world's first and only API security conference March 14 & 15, 2023 Approaching Multicloud API Security USing Metacloud David Linthicum, Chief Cloud Strategy Officer at Deloitte Consulting ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...

apidays

Vr storm cips_03nov2010

National Research Council Canada

Similar a Architecting a cloud scale identity fabric (20)

Architecting a Cloud-Scale Identity Fabric

Cloud Computing – The Best Form of IT Delivery

Security in Cloud Computing

Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...

Cloud Security: What you need to know about IBM SmartCloud Security

Racing + Cloud

chapter 3 Selected Topics in computer.pptx

Security concerns of cloud migration and its implications on cloud-enabled bu...

Celera Networks on Cloud Computing

Enterprise agility for the Cloud

Achieving Cloud Enterprise Agility

Cloud Computing Introduction

INTRODUCTION TO CLOUD COMPUTING

Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...

Cloud lockin and interoperability v2 indic threads cloud computing conferen...

Container Technologies and Transformational value

Are you ready for the private cloud? [WHITEPAPER]

APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...

Vr storm cips_03nov2010

Más de Mário Almeida

Empirical Study of Android Alarm Usage for Application Scheduling

Mário Almeida

During one of my personal projects I decided to study the internals of Android and the potential of altering the Dalvik VM (e.g. Xposed framework and Cydia) and application behaviour. Not going into detail about runtime hooking of constructors and classes like these two tools provide, I also explored the possibility of reverse engineering and modifying existing applications. In the web you can find multiple tutorials on Android reverse engineering of applications but not many that do it with real applications that are often subject to obfuscation or with complex execution flows. So in order to learn I decided to pick a common application such as Skype and do the following: decompile it study contents and completely remove some functionality (e.g. ads) change some resources (not described in presentation bellow) recompile, sign and install. Used tools include : apktool – for (de)compiling android applications jarsigner – for signing android applications xposed – for intercepting runtime execution flow (will make public in future) The following presentation describes the steps taken in order to completely remove the ads from skype. This includes any computation or data plan usage the ads consume. Please note the disclaimer of the presentation as this information is for educational purposes only. Check my website : www.marioalmeida.eu

Android reverse engineering - Analyzing skype

Mário Almeida

Spark

Mário Almeida

High-Availability of YARN (MRv2)

Mário Almeida

Flume impact of reliability on scalability

Mário Almeida

This report describes the simulation and benchmarking steps taken in order to predict the parallel performance of an application using Dimemas and Cache-level simulations. Using Dimemas [3] the time behaviour of NAS [1] integer sort was simulated for the architecture of the Barcelona Super Computer, MareNostrum [4]. The performance was evaluated as a function of the architecture latency, bandwidth, connectivity and CPU speed. For Cache-Level Simulations, Intel's pin tool was used to benchmark a simple parallel application in function of the cache and cluster sizes.

Dimemas and Multi-Level Cache Simulations

Mário Almeida

Self-Adapting, Energy-Conserving Distributed File Systems

Mário Almeida

Smith waterman algorithm parallelization

Mário Almeida

Man-In-The-Browser attacks

Mário Almeida

Flume-based Independent News Aggregator

Mário Almeida

Exploiting Availability Prediction in Distributed Systems

Mário Almeida

(Check my blog @ http://www.marioalmeida.eu/ ) Highly available distributed systems have been widely used and have proven to be resistant to a wide range of faults. Although these kind of services are easy to access, they require an investment that developers might not always be willing to make. We present an overview of Wide-Area shared computing networks as well as methods to provide high availability of services in such networks. We make some references to highly available systems that are being used and studied at the moment this paper was written (2012).

High Availability of Services in Wide-Area Shared Computing Networks

Mário Almeida

Instrumenting parsecs raytrace

Mário Almeida

SOAP vs REST

Mário Almeida

Más de Mário Almeida (14)

Empirical Study of Android Alarm Usage for Application Scheduling

Android reverse engineering - Analyzing skype

Spark

High-Availability of YARN (MRv2)

Flume impact of reliability on scalability

Dimemas and Multi-Level Cache Simulations

Self-Adapting, Energy-Conserving Distributed File Systems

Smith waterman algorithm parallelization

Man-In-The-Browser attacks

Flume-based Independent News Aggregator

Exploiting Availability Prediction in Distributed Systems

High Availability of Services in Wide-Area Shared Computing Networks

Instrumenting parsecs raytrace

SOAP vs REST

Último

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

How to convert PDF to text with Nanonets

naman860154

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Architecting a cloud scale identity fabric

1. Architecting a Cloud-Scale Identity Fabric by Eric Olden Execution Environments for Distributed Computing By João Rosa, Mário Almeida and Alex 'El Baron' Barcelona 23 April 2012

2. Outline (1/2) Introduction ● Cloud benefits ● Identity problem Identity stack ● Authorization ● Authentication ● User account management ● Auditing ● Cloud Plattaform Architecture

3. Outline (2/2) Identity properties ● Integration ● Network effect ● Abstraction Identity as a service Conclusion

4. Introduction

5. Cloud benefits Access to a shared pool of configurable computing resources. Elastic scalability Reliability, availability and flexibility. 1

6. Identity problem (1/3) It's young! Not fully thrustable! 2

7. Identity problem (2/3) There isn't a strategy to handle the enormous volume of users identities. 3

8. Identity problem (3/3) Identity management is a key bottleneck to cloud adoption! 4

9. Identity stack

10. Authorization The problem: Authorization must envolve to a distributed model to support users outside the network firewall The solution: Authorization in Depth, Grouping Access, Distributed Federated Model 5

11. Authentication The problem: SAML adoption is not famous in the enterprise apps world The solution: HTTP authentication standard 6

12. User Account Management The problem: every app performs a user management differently The solution: standarlization of user management APIs 7

13. Auditing The problem: overcome the lack of visibility in user access The solution: framework to understand the global jurisdictional rules 8

14. Cloud Platform Architectural The problem: virtualized platforms have a huge decrease in performance with high utilization rates The solution: proxy-base approach 9

15. Identity properties

16. Integration (1/2) One-to-many federated identity model 10

17. Integration (2/2) Example: ● 10,000 users that access 15 apps. ● In a one-to-one model, this requires 150,000 credentials (passwords). ● Resetting a credential once a year via a $30 help desk results inl $4.5 million expense. If licensing, deployment, integration, and maintenance costs are $50,000 p/connection (15 apps), the total expense would be $750,000. 11

18. Network effect As more users and apps are integrated in the identity network, these benefits extend to other network members simply by virtue of their being connected. 12

19. Abstraction Enterprises must be able to use more than one type of authentication depending on the level of risk associated with an app. 13

20. Abstraction Externalize identity functions for Web apps in public or private clouds. Focus on improving apps. Enterprises can manage identity across multiple apps more efficiently. 14

21. Identity as a service

22. Identity as a service Think less about identity technology and focus on service-level agreements and service management. Move from a company-owned to a service- provider-owned and operated identity management approach. 15

23. Consumerization Consumer-based web apps 16

24. Consumerization Unexpected viral adoption or porting an app server to the cloud. Each identity integration point becomes a stress point, and each credential creates a broader attack surface and potential help desk expense. 16

25. Conclusions

26. Conclusions Facebook has exploded in popularity, with more than 550 million users. The support for identity sharing via OpenID, made hundreds of millions of people suddenly have OpenID credentials. 17

27. Conclusions An identity access fabric linking enterprises to the cloud is not only relevant but also necessary. 18

28. Conclusions An identity fabric: ● provides secure linkage between the enterprise and the cloud. ● reduces the number of identities and scales better. ● enables full-scale cloud adoption. ● provides an infrastructure service with on- demand dial-tone quality. ● benefits users, administrators, vendors, and service providers in dramatic ways. 19

29. Questions

30. References - Architecting a Cloud-Scale Identity Fabric, Eric Olden, Symplified Images (CC rights): http://www.flickr.com/photos/mobilestreetlife/4278659537/ 1

Architecting a cloud scale identity fabric

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (17)

Similar a Architecting a cloud scale identity fabric

Similar a Architecting a cloud scale identity fabric (20)

Más de Mário Almeida

Más de Mário Almeida (14)

Último

Último (20)

Architecting a cloud scale identity fabric