building open source identity building open source
play

Building Open Source Identity Building Open Source Identity - PowerPoint PPT Presentation

Jul 09, 2023 •164 likes •493 views

Building Open Source Identity Building Open Source Identity Infrastructures Infrastructures Francesco Chicchiricc Francesco Chicchiricc ilgrosso@apache.org ilgrosso@apache.org https://about.me/ilgrosso https://about.me/ilgrosso The

  1. Building Open Source Identity Building Open Source Identity Infrastructures Infrastructures Francesco Chicchiriccò Francesco Chicchiriccò ilgrosso@apache.org ilgrosso@apache.org https://about.me/ilgrosso https://about.me/ilgrosso

  2. The Identity Management Need The Identity Management Need

  3. Identity Vs Account Source: https://saberhamidi.wordpress.com/2015/02/22/topic-2-should-we-have-more-than-one-online-identity/

  4. Identity Vs Account • Account • record containing data about a person • technical info needed by the information system for which the account is created and managed • (Digital) Identity • representation of a set of claims made by one digital subject about itself • ...it's you

  5. Why Identity Management? • Operational costs • Multiple sources of identity data • Manual user provisioning and password reset • Labor-intensive, paper-based approval • Compliance • No record of who has access to which IT resources • Diffjcult to deprovision access rights upon termination • No complete audit trail available • Hard to prevent unauthorized access

  6. Which identity?

  7. Identity Solutions Identity Solutions

  8. Identity T echnologies • Identity Stores • Storage of user information • Provisioning Engines • Synchronize account data across identity stores and a broad range of data formats, models, meanings and purposes • Access Managers • Security mechanisms that take place when a user is accessing a specifjc system or functionality

  9. Identity Store • Examples • LDAP / Active Directory • RDBMS • Meta and Virtual Directories • Accounts can be created and managed in one place only • Each application manages authentication separately • The user may use the same password for all the connected applications

  10. ...is it enough? • Heterogeneity of systems • Lack of a single source of information • HR for corporate id, Groupware for mail address, ... • Need for a local user database • Inconsistent policies • Lack of workfmow management • Hidden infra management cost, growing with organization

  11. Provisioning Engine • Keeping the identity stores as much synchronized as possible (and practical) • Need to be customizable and fmexible • Priority: non-intrusive • Focused on application back-end • Critical: data exchange with identity stores • Connectors • Agents

  12. Identity Lifecycle

  13. Access Manager • Mediator to all access to all applications • Focused on application front-end • Aspects • Authentication • Single SignOn • Authorization (OAuth, XACML, ...) • Federation (SAML, Liberty, ...) • Mainly applicable to web applications • Diffjcult integration with pre-existing apps

  14. Reference Identity Scenario

  15. Identity Infrastructures Identity Infrastructures

  16. Gather... • Number and type of identities • Number of roles / groups (and what are they used for) • External resources (all covered by standard connectors?) • Approval workfmow(s)? • Self-service? • Which applications to protect? • Which authentication mechanisms? • Which authorization types? ...essentially, shape the identity and access fmows

  17. ...design... • Schema for various identities (users, roles, groups, ...) • Identify mapping for all resources • Not too complex! • Watch roles size to avoid RBAC's role explosion • Don't be tempted to redesign the whole network • Provisioning needs to be fmexible • Reduce impact of access management on existing applications • Prioritize requirements

  18. ...build... • Carefully choose the building blocks • Can't simply buy COTS • On-premises • Proprietary • Open Source • As-a-service • Consider prototyping the designed solution (PoC)

  19. ...and start again • IAM is a continuous process, not a turn-key project • New applications to protect • New resources to integrate • Identity fmows evolution • IAM deliveries frequently fail • Mix of complex and unrelated technologies • Unexpected interactions • Mess with internal processes • Discover Policy Vs Reality

  20. The Open Source Identity Stack The Open Source Identity Stack

  21. Open Source IAM • Why? • Flexibility, adaptability and agility • Cost efgectiveness • Start small and grow • Solid information security • No vendor lock-in • Caveats • Integration with proprietary software (AD over all) • Enterprise support availability

  22. Available Components

  23. Selection Criteria • Open Standards • Design for integration • Well-established • Supported • Alive • ...Open Source!

  24. The Identity Ecosystem • Triggered by open companies in the Open Source IAM area • Common place for open source players, system integrators and service providers • Ensuring IAM open source components work well together • Easy access to enterprise support providers • Several options for each single component • More at http://www.identity-ecosystem.org/

  25. Real World Use Cases Real World Use Cases

  26. Disclaimer Disclaimer I am V.P . Apache Syncope and CEO of Tirasa, providing I am V.P . Apache Syncope and CEO of Tirasa, providing enterprise support and services for Apache Syncope, enterprise support and services for Apache Syncope, so… so… don't be surprised Syncope is everywhere :-) don't be surprised Syncope is everywhere :-)

  27. #1 Stadtwerke München • One of largest German municipal utilities • Mobile ticketing for public transportation and bike sharing • self-registration • login • password reset • user suspend / reactivate • > 250k registered users • > 80k authentications per day

  28. #2 Ospedali Riuniti Ancona • University hospital • Active synchronization from HR to Microsoft Active Directory • Centralized provisioning, authentication and authorization of medical record systems • Windows domain SSO • SAML 2.0 federation with regional network • ~ 5000 users

  29. #3 Stichting Bibliotheek.nl • Dutch foundation that aims to expand and manage the Digital National Library • The IAM infrastructure aims to hold all users of the national library in the Netherlands, fed by a continuous feed from the local libraries • All Dutch library members can authenticate and use digital services connected to the IAM infrastructure • > 8 million users

  30. #4 University of Milan • Very complex provisioning fmows involving • Microsoft Active Directory • OpenLDAP • 3 difgerent RDBMS • Oracle E-Mail Server • ~ 5k employees • > 60k students • ~ 800 roles

  31. Questions? All text and image content in this document is licensed under the Creative Commons Attribution-Share Alike 3.0 License (unless otherwise specified). Apache, Syncope, Apache Syncope, the Apache feather logo, the Apache Syncope project logo and the Apache Syncope logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Building an open source culture Russell Green 20 November 2019 For internal use only Deutsche

Building an open source culture Russell Green 20 November 2019 For internal use only Deutsche

Deutsche Bank Building an open source culture Russell Green 20 November 2019 For internal use only Deutsche Banks open source journey Open Software Source Recognising the potential of Unlocking the open source value Programme

846 views • 7 slides
Building a Science of Open Source Analysis: Addressing the need for real tradecraft using open

Building a Science of Open Source Analysis: Addressing the need for real tradecraft using open

Building a Science of Open Source Analysis: Addressing the need for real tradecraft using open source analysis Current Context of Intelligence Analysis Customers and consumers demanding greater understanding of political and national

358 views • 18 slides
Could SCIM become lingua franca of Identity Provisioning (Un)conference on Open Source Identity

Could SCIM become lingua franca of Identity Provisioning (Un)conference on Open Source Identity

Could SCIM become lingua franca of Identity Provisioning (Un)conference on Open Source Identity and Access Management, Vienna 18.02.2020 Peter Gietz, DAASI International Agenda Why Standards in Open Source Short Introduction into SCIM

460 views • 18 slides
Building Open Sour Building Open Source platforms ce platforms on A on AWS WS Julien Simon

Building Open Sour Building Open Source platforms ce platforms on A on AWS WS Julien Simon

Building Open Sour Building Open Source platforms ce platforms on A on AWS WS Julien Simon Principal Technical Evangelist Amazon Web Services julsimon@amazon.fr @julsimon Agenda Agenda Development infrastructure VMs & OSes

888 views • 51 slides
PRGA: An Open-source Framework for Building and Using Custom FPGAs Ang Li, David Wentzlaff

PRGA: An Open-source Framework for Building and Using Custom FPGAs Ang Li, David Wentzlaff

PRGA: An Open-source Framework for Building and Using Custom FPGAs Ang Li, David Wentzlaff Princeton University github.com/PrincetonUniversity/prga 1 The Era of Open-Source Hardware NVDLA MIAOW OpenRISC PULP Ariane

776 views • 25 slides
Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source Licenses: GPL vs. LGPL vs. MIT/Apache Foundations: Linux, Apache, Eclipse, Similar: Open Data, Open Hardware, Open Knowledge, ... Advantages of OS

508 views • 13 slides
Building Open Source Projects in Government Esri Ecosystems Lyzi Diamond FOSS4G 2014 | Portland,

Building Open Source Projects in Government Esri Ecosystems Lyzi Diamond FOSS4G 2014 | Portland,

Building Open Source Projects in Government Esri Ecosystems Lyzi Diamond FOSS4G 2014 | Portland, OR | September 10, 2014 Road designed by Juan Pablo Bravo from the thenounproject.com This talk is about building open source web applications

403 views • 37 slides
HowFOSScanhelphuman tokeeptheirsanityduringa pandemiccrisis? Building better open source

HowFOSScanhelphuman tokeeptheirsanityduringa pandemiccrisis? Building better open source

HowFOSScanhelphuman tokeeptheirsanityduringa pandemiccrisis? Building better open source projects by Pauline Bourmeau (@Ko97551819) - Alexandre Dulaunoy (@adulau) June 29, 2020 Background During the lockdown, should we work on an obscure

617 views • 14 slides
Building Compassion julia ferraioli Open source @ Google @juliaferraioli @juliaferraioli

Building Compassion julia ferraioli Open source @ Google @juliaferraioli @juliaferraioli

Building Compassion julia ferraioli Open source @ Google @juliaferraioli @juliaferraioli Content warnings @juliaferraioli Lots of different jobs in tech Lived lots of different places Open source citizen (Dont) ask me

535 views • 31 slides
Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and

Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and

The State of Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and Open Source databases RedHat Acquired by IBM Image Source: https://techcrunch.com/story/ibm-acquires-red-hat/ Open Source

663 views • 29 slides
Reinventing How America Votes Through Open Source Solutions Deborah Bryant OSU Open Source Lab

Reinventing How America Votes Through Open Source Solutions Deborah Bryant OSU Open Source Lab

Reinventing How America Votes Through Open Source Solutions Deborah Bryant OSU Open Source Lab Joseph Hall Center for Information Technology Policy, Princeton University Gregory Miller Open Source Digital Voting Foundation Visionaries on

942 views • 29 slides
Ray Paik @rspaik ~ everyone can contribute ~ 1 Agenda My open source journey

Ray Paik @rspaik ~ everyone can contribute ~ 1 Agenda My open source journey

Building a thriving community in a company-led open source projects Ray Paik @rspaik ~ everyone can contribute ~ 1 Agenda My open source journey Traditional vs. company-led open source projects So how does community work at a

140 views • 9 slides
Creating an Open Source Project Thiago Macieira Who am I? Open Source developer for 15 years

Creating an Open Source Project Thiago Macieira Who am I? Open Source developer for 15 years

Creating an Open Source Project Thiago Macieira Who am I? Open Source developer for 15 years Sofuware Architect at Intels Open Source Technology Center (OTC) and Tizen Platgorm Community Manager Maintainer of two modules in the Qt

649 views • 33 slides
1 A Comparison of Open Source Search A Comparison of Open Source Search Engines Engines

1 A Comparison of Open Source Search A Comparison of Open Source Search Engines Engines

Open Source Search Engines Why? Low cost: No licensing fees Source code available for customization Good for modest or even large data sizes Open-Source Search Engines and Challenges: Lucene/Solr Performance, Scalability

347 views • 13 slides
Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source

Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source

Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source Software Leon Anavi Konsulko Group leon.anavi@konsulko.com leon@anavi.org FOSDEM 2018 Agenda Home automation and smart lightning Open

422 views • 30 slides
mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a

mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a

mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a vast increase in adoption of open source software solutions across the private enterprise, government associations and organizations, industries.

581 views • 18 slides
Introductions CSEP 510: Human Computer n Instructor Interaction n Richard Anderson n CSE 582 n

Introductions CSEP 510: Human Computer n Instructor Interaction n Richard Anderson n CSE 582 n

Introductions CSEP 510: Human Computer n Instructor Interaction n Richard Anderson n CSE 582 n anderson@cs.washington.edu Lecture 1: History n 206-543-4305 n Teaching Assistant Richard Anderson n Alan Liu n aliu@cs.washington.edu My Background

291 views • 7 slides
An Open Source tool helps a global community of professionals

An Open Source tool helps a global community of professionals

An Open Source tool helps a global community of professionals shift from traditional contacts and annual meetings to continuous interaction on the web

505 views • 37 slides
Reducing GHGs with ICTs Entretien Jacques Cartier November 20th 2012 Myriam Blais, MFE Outlook

Reducing GHGs with ICTs Entretien Jacques Cartier November 20th 2012 Myriam Blais, MFE Outlook

Reducing GHGs with ICTs Entretien Jacques Cartier November 20th 2012 Myriam Blais, MFE Outlook Green ICTs ICTs carbon footprint and ways to reduce it (actions in Smart 2020 report and actions in Quebec) Greening with ITCs

611 views • 36 slides
Meeting tutorial Allen Dutoit dutoit@in.tum.de Technische Universitt Mnchen Institut fr

Meeting tutorial Allen Dutoit dutoit@in.tum.de Technische Universitt Mnchen Institut fr

Meeting tutorial Allen Dutoit dutoit@in.tum.de Technische Universitt Mnchen Institut fr Informatik Lehrstuhl fr Angewandte Softwaretechnik (Prof. Bruegge) Overview: communication, part 2 Now that we use groupware, why meet?

603 views • 13 slides
KOrganizer The KDE Calendaring and Scheduling Application Cornelius Schumacher The KDE Project

KOrganizer The KDE Calendaring and Scheduling Application Cornelius Schumacher The KDE Project

KOrganizer The KDE Calendaring and Scheduling Application Cornelius Schumacher The KDE Project KDE User Conference 2004 p.1 Overview History Demo Future KDE User Conference 2004 p.2 First Version Pre-1.0 (1998) Author: Preston

485 views • 12 slides
What is Interaction Design? Goals of interaction design Develop usable products

What is Interaction Design? Goals of interaction design Develop usable products

What is Interaction Design? Goals of interaction design Develop usable products Usability means easy to learn, effective to use and provide an enjoyable experience Involve users in the design process Example of bad design

393 views • 13 slides
What do my colleagues know? Dealing with Complexity in Organizations Andr Calero Valdez Simon

What do my colleagues know? Dealing with Complexity in Organizations Andr Calero Valdez Simon

What do my colleagues know? Dealing with Complexity in Organizations Andr Calero Valdez Simon Bruns, Christoph Greven, Ulrik Schroeder, Martina Ziefle Agenda The Aachen House of Production The Scientific Cooperation Portal Recommender

372 views • 15 slides
Some uses of Caml in industry Xavier Leroy INRIA Paris-Rocquencourt CUFP 2007 X. Leroy (INRIA)

Some uses of Caml in industry Xavier Leroy INRIA Paris-Rocquencourt CUFP 2007 X. Leroy (INRIA)

Some uses of Caml in industry Xavier Leroy INRIA Paris-Rocquencourt CUFP 2007 X. Leroy (INRIA) Some uses of Caml in industry CUFP 2007 1 / 34 Outline Examples of industrial uses of Caml 1 Perceived needs; the Caml consortium experiment 2

458 views • 35 slides

More recommend