3. Agenda Introduction Who is TomTom TomTom & Identity A
TomTom customer journey TomTom & Everett 4
4. Who is TomTom TomTom is.. ..global leader in navigation and
mapping products and services since 1996 ..designs innovative
products that make it easy for people to keep moving towards their
goal .. We launched our first connected products in 2008 bundled
with LIVE Services which offered HD Traffic, local search and
weather information. 5
5. What do we do? 6 Over 77 million devices Navigable maps in
126 countries Navigation software Real time and historical Traffic
Location based services Sports Navigation
6. 7
7. TomTom and Identity Look at the journey in the video Can
anyone explain why or where Identity and Access Management is
required in this example? 8 What is Identity and Access Management?
Authentication: Who are you and how do you prove who you are?
Authorisation: What are your entitlements?
8. No Identity, no Relationships !
9. TomTom and Identity TomTom owned the customer The hardware
the software that operated it the content & services available
on the device maps, traffic, etc. Our solution for Identity and
Access Management is a proprietary one sessions are managed browser
side, service side is not aware developed in-house bespoke solution
10
10. TomTom and Identity What has happened to disrupt this?
Growth of the Internet of things in the Automotive space.
Increasingly, navigation is.. ..becoming a service ..being combined
with other service to deliver innovative solutions, e.g. assisted
driving combining navigation, telemetry, remote sensing External
demands for Identity and Access Management using industry standard
protocols 11
11. TomTom and Identity Sustaining a bespoke, proprietary
solution has become a challenge Our platform has entered the legacy
phase of its lifecycle Recognition that a bespoke solution is not
the way forward How is TomTom using ForgeRock to solve this?
12
12. COMMON SERVICES ForgeRock Identity Platform The platform is
what makes us unique! Benefits: Unified approach to managing
identity of users, devices and things.
13. Access Management Services 14 Devices are Authenticated
& Authorised to access TomToms Live services Segment Consumer
and Automotive devices Protocol OAuth2 OpenAM Authentication and
Authorisation OpenDJ Entitlement Store OpenAM Manage the sessions
OpenIG gateway between OpenAM and the backend services The use of
OpenIG was to address a specific requirement of our CTO that we
were not allowed to make changes to the backend services
14. Single Sign-on and Single Logout 15 End-users accessing
TomToms web applications Segment Consumer Protocol SAML2 OpenAM
User Authentication Improve user experience and security around the
authentication protocols
15. Synchronisation between devices 16 Cloud based service
Segment Consumer Protocol OAuth2 OpenAM Managing the MyDrive
session Combining smartphone navigation, journey planning on the
desktop and navigation devices, enabling synchronization between
them
16. Profile Management 17 UserData OpenIDM e-Commerce Sport
Service Management Campaign Management Unique User ID Username
Password Unique User ID Shipping Addr VAT number Unique User ID
Height Weight Unique User ID Maps Traffic Unique User ID Email
Opt-In/Opt-Out OpenIDM REST interface Basic user profile
information (e.g. username, name, address) is centrally stored in
OpenIDM An application with its own user data store, will continue
to store and manage that data. Based on the Unique User ID OpenIDM
can share common data across the different applications and
synchronise data where necessary. Each application can synchronise
and share data using the REST interface of OpenIDM.
17. I want to buy and use my new TomTom navigation device 18
TomTom customer journey Im John and I waste a lot of my time every
day being stuck in traffic.. ..I want to buy a new TomTom device
online. If Im happy maybe Ill use some more of TomTom services
18. John finds a TomTom PND he likes and puts it in his
shopping basket TomTom customer journey e-Commerce
19. John doesnt have a TomTom account yet and signs up 20
TomTom customer journey OpenIDM REST Username Account Number
OpenIDM John
20. John has to give details to register as customer 21 TomTom
customer journey OpenIDM Username Password BillingAddr, VAT Nr
Email Opt-In Campaign Management OpenDJ e-Commerce John Username
Account Number Address OpenIDM
21. Meanwhile 22 TomTom customer journey John receives his new
Personal Navigation Device He logs onto MyDrive to plan his daily
commute to and from work
22. John logs onto MyDrive to plan his daily commute 23 TomTom
customer journey OpenAM UserName Password User Authentication
Access OpenDJ MyDrive Cloud session
23. The next day 24 TomTom customer journey John drives into
work using his new Personal Navigation Device His device is
authenticated and authorized to access Live Traffic His device is
authorized to receive the route he planned last night
24. In the car 25 TomTom customer journey MyDrive OpenAM
Authorisation Johns route Authentication OpenDJ OpenAM OpenDJ
Traffic
25. History Initial request came from Automotive customers
wanting to access TomTom services Authentication and Autorisation
requirements became more important and more urgent Did some high
level internal architecture studies and looked for AuthN and AuthZ
platform initially just for the Automotive business And decided to
take this program further to reengineer our identity solution for
our consumer business We engaged Everett to help us forward with
our ForgeRock solution 26
26. 27
27. TomTom & Everett - Project approach highlights 28
Scoping the project Everett supported TomTom in creating the
project scope and prevent scope creep. We focused on business
strategy instead on short term technical solutions. Buddy structure
TomTom project members had an Everett project member buddy to
challenge, support, create management buy-in, coordinate and
transfer IAM knowledge Involve: An Everett agile project approach
Everett uses a standardized proven approach to agile project
delivery. Experience has proven that Involve is successful in
delivering the highest business value first, and avoids building
features that will never be used by the customer.
28. TomTom and Everett 29 Architecture & Roadmap Project
Governance Week 1 Week 4 Week 14 Week 18 Foundation Sprint
Foundation Foundation Transitie Roadmap Phase 2
29. Lessons Learnt Pick a partner with knowledge of both
business, architecture and technology. Pick Technology based on
open standards out of the box Demo often and early, not just talk!
Take leadership role Assign an engaged member of Security to your
team to give more control over the security agenda. SSO is a
business problem But Google does it this way 30
30. Identity and Access Management Oliver Lee, Product Owner
IAM Edwin van der Wal, Sr. Director Everett 31