© 2016 ForgeRock. All rights reserved.
Identity: The Future's So Bright, I Gotta Wear Shades
Daniel Raskin, SVP Product ManagementParis Identity Summit
© 2016 ForgeRock. All rights reserved.
Relationship Management
© 2016 ForgeRock. All rights reserved.
Identity
Users
© 2016 ForgeRock. All rights reserved.
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Users, Devices, Things & Services
© 2016 ForgeRock. All rights reserved.
Identity Management Evolves to Relationship Management
Identity Lifecycle Management Users, Devices, Things & Services
© 2016 ForgeRock. All rights reserved.
Contextual Identity
© 2016 ForgeRock. All rights reserved.
Contextual SecurityTaking Safety to the Next Level
Passwordless Authentication
Register Device for First Time
Authorise consent child purchase
Authorise family members to use account
Authorise Data to Device / Thing
© 2016 ForgeRock. All rights reserved.
Did you just request to transfer $1,000,000.
Taro is trying to purchase Footloose on Amazon .
Is that ok?
Kayoko is requesting access to your car
Are you trying to open your front door?
We noticed your are accessing our service on an iPhone. Would you
like to register this device?
Would you like to authorise purchasing Showtime on your Samsung TV?
Contextual IdentityEnriching the Experience
© 2016 ForgeRock. All rights reserved.
Contextual IdentityAuthentication, Authorisation and Consent
User Managed AccessSharing X-Ray with Doctor
© 2016 ForgeRock. All rights reserved.
MicroservicesArchitecture
© 2016 ForgeRock. All rights reserved.
SOA is Dead, but Services on the Rise!
1990s and EarlyPre-SOA
Monolith to change
2000sTraditional SOA
Autonomous but coordinated
PresentMicroservices
Decoupled and Independent
PWC, Agile coding in enterprise IT: Code small and local
© 2016 ForgeRock. All rights reserved.
1990s and EarlyPre-SOA
Monolith to change
2000sTraditional SOA
Autonomous but coordinated
PresentMicroservices
Decoupled and Independent
PWC, Agile coding in enterprise IT: Code small and local
SOA is Dead, but Services on the Rise!
© 2016 ForgeRock. All rights reserved.
Service to Service InteractionAuthentication, Authorisation and Consent
https://api.telstra.com/v1/mobileconnect/userinfo
Authenticate API Authorise API Calls Authenticate API
© 2016 ForgeRock. All rights reserved.
Scaling to Support Distributed Cloud ArchsStateless Architecture
• Flexible deployment option to address cloud elasticity and massive horizontal scalability
• Configuration can be on a per-realm basis
• Stateless = state information is encoded in JWT token
• Stateful = tokens persisted in the Core Token Service
OpenAM Server
OpenAM Server
OpenAM Server
AWS1 AWS2 AWS3
Microservices Client App
Distributed Cloud Environment
© 2016 ForgeRock. All rights reserved.
CloudReadiness
© 2016 ForgeRock. All rights reserved.
Hybrid Cloud – One Cloud Many Pieces
© 2016 ForgeRock. All rights reserved.
The Cloud Conundrum
No Portability! Identity Baked in and Constrained to Each Cloud!
© 2016 ForgeRock. All rights reserved.
OAuth2/OIDC OAuth2/OIDC OAuth2/OIDC OAuth2
The Abstraction of Identity … Again
© 2016 ForgeRock. All rights reserved.
Cloud Automation
© 2016 ForgeRock. All rights reserved.
Cloud Native: Cattle versus Pets
© 2016 ForgeRock. All rights reserved.
Cloud Native: Cattle versus Pets
Cattle• Cattle are numbers• They are almost identical• When ill, get another (Kill it!)• Thousands of cattle on farm
Pets• Pets have names like “pussnboots”• They are lovingly hand raised• When ill, nursed back to health• 1 or 2 pets in house
Elastic Inelastic
© 2016 ForgeRock. All rights reserved.
Container Management & Deployment
ProductConfiguration
ProductManifests
ForgeRock Images
JavaImage
TomcatImage
…
Other Images
DOCKER REPOSITORY
© 2016 ForgeRock. All rights reserved.
PlatformUbiquity
© 2016 ForgeRock. All rights reserved.
We Must Be Better
Authentication Authorization Multi-Factor Adaptive Risk Self Service Directory API Security GRC …
© 2016 ForgeRock. All rights reserved.
Unified Platform
UMA Provider Mobile OTP App Synchronization Auditing
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Auditing
Monitoring
Groups
Password Policy
Active Directory Pass-
thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Role Provisioning Message Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Directory Services
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2016 ForgeRock. All rights reserved.
Identity Relationship Management: Talkin’ Bout a Revolution
Relationship Management
CloudAutomation
CloudReadiness
PlatformUbiquity
MicroservicesArchitecture
Contextual Identity
© 2016 ForgeRock. All rights reserved.
Demo!