Copyright © Siemens Enterprise Communications 2008. All rights reserved.
Loosely Coupling Best-of-Breed
IdM Solutions Bernd HohgräfeHead of Center of CompetenceIdentity & Access Management
EIC 2008, Munich
Copyright © Siemens Enterprise Communications GmbH & Co KG 2008. All rights reserved.
Page 2 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
Page 3 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
Siemens Enterprise Communications
is a global security consultancy
Global Professional Security Services Community
Total for securityservices 380
Americas 70USA 50Latin America 20
Europe 280Germany 100United Kingdom 100Other 80
Rest of world 30
More than 350 consultants / integrators with expertise in:
Information security governance
Application security
Infrastructure security
Managed securityservice centers
Global centersof competence
Additional networkoperation centers
The CoC for IAM boasts more than 20 consultants and almost 10 years expertise in consulting and implementation of identity management solutions:
Natural expertise as a Siemens DirX systems integrator
Independent consultancy for IAM strategy, role engineering, RoI etc.
Experience from large scale IAM projects and operations, e.g. Siemens own entitlement project
CoC IAM
Page 4 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
What is the relationship between IAM & SOA?
What about ESB and the other buzzwords?
IAM
ESB, UDDI,
WSDL, XML,
SOAP, …
SOA
Page 5 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
What is the relationship between IAM & SOA?
What about ESB and the other buzzwords?
Applications
Infrastructure
IAM
ESB, UDDI,
WSDL, XML,
SOAP, …
SOA
Architecture
Page 6 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
IAM & SOA are definitively closely interrelated –
but the question is …
IAM
ESB, UDDI,
WSDL, XML,
SOAP, …
SOA
Applications
Infrastructure
Architecture
Page 7 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
Does SOA dominate IAM?
ESB, UDDI,
WSDL, XML,
SOAP, …
Applications
Infrastructure
Architecture
Page 8 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
Or is it the other way round?
ESB, UDDI,
WSDL, XML,
SOAP, …
Applications
Infrastructure
Architecture
Page 9 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
Well, the truth is: SOA needs IAM!
SOA needs IAM due to
ESB, UDDI,
WSDL,
XML, SOAP,
…
Applications
Infrastructure
Architecture
Importance of trust in the
anonymous web
Web Service security
requirements
Authentication
Authorization
Access
Individual security policies
Billing & Accounting
Scalability
Need for Identity Provider
Page 10 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
Take federation as an example!
Page 11 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
BUT - the opposite is also true:
IAM should utilize SOA!
IAM deployments will be more
and more loosely coupled to
after e.g. M&As
Protect investments & know-how
Reuse existing solutions
but also on purpose
Allow distributed, multi-vendor
architecture
Combine best-of-breed solutions
Role management
Connectivity
Reduce complexity
Dedicated IdM subsystems
for e.g. SAP, telco, …
Layered IdM
Increase flexibility
ESB, UDDI,
WSDL,
XML, SOAP,
…
Applications
Infrastructure
Architecture
"SOA is a paradigm for organizing and
utilizing distributed capabilities that may
be under the control of different
ownership domains." (OASIS)
Page 12 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
IAM will utilize SOA to connect multi-vendor
subsystems to best-of-breed IdM solutions
IT Systems
Network
Directories
Host
Systems
Group-
ware
SAP Systems
NetWeaver
Portal
SAP
HR
ZBV
CUABV / UA
SAP IdM
Subsystem
Comms IdM
Subsystem
Voice CTI Fax UMS
Communication Systems
Role
Management "SOA"
Meta Directory
Page 13 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
„Identity as a (Web) service“ is state of the art
Directory Services(DSML)
Access Services
(SAML)Identity Services
(SPML)
DSML ServiceProvisioning
Service
Federation
Service
…
UserMgmt.
RoleMgmt.
Perm.Mgmt.
GroupMgmt.
Target Syst. M.
…
HTTP/SOAP
Authen-
tication
Authori
-zation
Federated
domains
Identity
and policy
administration
ApplicationsApplicationsApplications
Identity Interface Layer
ESB
Page 14 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
Authentication
& Certificate
Services
Single Sign-On
Solutions
Audit and
Compliance
Secure
Workplace
Solutions
Secure Business
Applications
Secure Remote
Access Solutions
Identity Solutions
for Voice
Identity
Management
Solutions
ID Card Solutions
TISA Infrastructure, Technologies and Services
Op
en
Sc
ale
Se
rvic
es
Business Requirements
TISA Modules
Siemens' Totally Integrated Security Architecture
(TISA) is an example for Security Services:
Page 15 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications
Identity management and SOA:
Loosely coupling best-of-breed IdM solutions
IAM
ESB, UDDI,
WSDL,
XML, SOAP,
…
SO
A
Applications
Infrastructure
Architecture
IAM & SOA – a winning team!
SOA without IAM does not
work
Silo-based IAM will not work in
SOA, either
IAM is a natural component of
any SOA deployment
SOA enables combining of
multi-vendor, best-of-breed
IdM solutions
The winners are:
all of us!
Page 16 EIC 2008, Munich
Copyright © 2008. All rights reserved.
Siemens Enterprise Communications