• Home

  • Education

  • Open Standard Based identity Provisioning System for Cloud
26
Prabath Siriwardena (@prabath) Senior Software Architect

Open Standard Based identity Provisioning System for Cloud

Tags:

Embed Size (px)

DESCRIPTION

Open Standard Based identity Provisioning System for Cloud @ Identity.Next 2012 - Netherlands.

Citation preview

Page 1: Open Standard Based identity Provisioning System for Cloud

Prabath Siriwardena (@prabath)

Senior Software Architect

Page 2: Open Standard Based identity Provisioning System for Cloud
Page 3: Open Standard Based identity Provisioning System for Cloud
Page 4: Open Standard Based identity Provisioning System for Cloud
Page 5: Open Standard Based identity Provisioning System for Cloud
Page 6: Open Standard Based identity Provisioning System for Cloud
Page 7: Open Standard Based identity Provisioning System for Cloud
Page 8: Open Standard Based identity Provisioning System for Cloud
Page 9: Open Standard Based identity Provisioning System for Cloud

2001  :  OASIS  PS  TC  

2003  :  SPML  1.0  2003  :  WS-­‐Provisioning  

2006  :  SPML  2.0  2010  :  SCIM  community  

2011  :  SCIM  1.0  

2012  :  SCIM  1.1  

2011  :  RESTPML  

Page 10: Open Standard Based identity Provisioning System for Cloud
Page 11: Open Standard Based identity Provisioning System for Cloud

SCIM  Service  Provider  

/Users  

/Groups  SCIM  Consumer  

Page 12: Open Standard Based identity Provisioning System for Cloud

{    "schemas":[],    "name":{"familyName":”siriwardena","givenName":”prabath"},    "userName":”prabath","password":”prabath123",    "emails":[{"primary":true,"value":”[email protected]","type":"home"},  

       {"value":”[email protected]","type":"work"}]  }  

curl  -­‐v  -­‐k  -­‐-­‐user  admin:admin  -­‐d  @add-­‐user.json  -­‐-­‐header  "Content-­‐Type:application/json"  https://localhost:9443/wso2/scim/Users  

add-­‐user.json    

curl  command  

Page 13: Open Standard Based identity Provisioning System for Cloud

{      "schemas":  ["urn:scim:schemas:core:1.0"],      "id":  "idnext",      "displayName":  "IdentityNext",  }  

curl  -­‐v  -­‐k  -­‐-­‐user  admin:admin  -­‐d  @add-­‐group.json  -­‐-­‐header  "Content-­‐Type:application/json"  https://localhost:9443/wso2/scim/Groups  

add-­‐group.json    

curl  command  

Page 14: Open Standard Based identity Provisioning System for Cloud
Page 15: Open Standard Based identity Provisioning System for Cloud

Provisioning

Service Provider

Domain  A  

Domain  B  

One    way  provisioning  

Provisioning

Service Provider

Provisioning

Service Provider

Domain  C  

SCIM  Consumer  

Page 16: Open Standard Based identity Provisioning System for Cloud

Provisioning

Service Provider

Domain  A  

Domain  B  

One  way  provisioning  with  broker  mode  

Provisioning

Service Provider

Provisioning

Service Provider

Domain  C  

SCIM  Consumer  

Page 17: Open Standard Based identity Provisioning System for Cloud

Provisioning

Service Provider

Domain  A  

Domain  B  

Bi-­‐directional  provisioning  

Provisioning

Service Provider

Provisioning

Service Provider

Domain  C  

SCIM  Consumer  

SCIM  Consumer  

SCIM  Consumer  

Page 18: Open Standard Based identity Provisioning System for Cloud

Provisioning

Service Provider

Domain  A  

Domain  B  

Multi-­‐directional  provisioning  with  a  centralized  PSP  

Provisioning

Service Provider

Provisioning

Service Provider

Domain  C  

SCIM  Consumer  

SCIM  Consumer  

SCIM  Consumer  

Provisioning

Service Provider

Page 19: Open Standard Based identity Provisioning System for Cloud

Provisioning

Service Provider

Domain  A  

Domain  B  

Just-­‐in-­‐time  provisioning  with  SAML2  

SAML2 IdP

1

2

3

4

Page 20: Open Standard Based identity Provisioning System for Cloud

Provisioning

Service Provider

Domain  A  

Domain  B  

Just-­‐in-­‐time  provisioning  with  SAML2  

SAML2 IdP

1

2

3

5

4

Page 21: Open Standard Based identity Provisioning System for Cloud

Provisioning

Service Provider

SCIM  Consumer  (facilelogin.com)  

SCIM  Consumer  (wso2.com)  

wso2.com  

facilelogin.com  

Page 22: Open Standard Based identity Provisioning System for Cloud

Provisioning

Service Provider

SCIM  Consumer    

OAuth 2.0

Authorization Server

Bearer  Token  

Page 23: Open Standard Based identity Provisioning System for Cloud

Provisioning

Service Provider

SCIM  Consumer    

OAuth 2.0

Authorization Server

Bearer  Token  

Validate()  

Page 24: Open Standard Based identity Provisioning System for Cloud

Client  

Resource  Owner  

Resource    

Scope  

Action  

SCIM  Consumer    

Provisioning

Service Provider

Page 25: Open Standard Based identity Provisioning System for Cloud

Provisioning

Service Provider

SCIM  Consumer    

OAuth 2.0

Authorization Server

Validate()  

XACML PDP

XACML  Request  

Permit/Deny/…  

Page 26: Open Standard Based identity Provisioning System for Cloud

Cloud Based IoT Application Provisioning (The Case of ...users.encs.concordia.ca › home › g › glitho › F16_ENCS691K_WSNAp… · Cloud Based IoT Application Provisioning (The

Cloud Based IoT Application Provisioning (The Case of ...users.encs.concordia.ca › home › g › glitho › F16_ENCS691K_WSNAp… · Cloud Based IoT Application Provisioning (The

Documents
CLOUD COMPUTING - IAUNresearch.iaun.ac.ir/pd/faramarz_safiold/pdfs/HomeWork_6541.pdf · CLOUD COMPUTING Virtual Machines Provisioning and Migration Services ... Virtual machine provisioning

CLOUD COMPUTING - IAUNresearch.iaun.ac.ir/pd/faramarz_safiold/pdfs/HomeWork_6541.pdf · CLOUD COMPUTING Virtual Machines Provisioning and Migration Services ... Virtual machine provisioning

Documents
User Provisioning, Comparison of Common Methodologies, Cloud Provisioning

User Provisioning, Comparison of Common Methodologies, Cloud Provisioning

Business
CloudPlatform – XenDesktop/XenApp cloud provisioning · CloudPlatform – XenDesktop/XenApp cloud provisioning Systems Engineer Networking & Cloud October 2014 Gaby Grau - gaby.grau@citrix.com

CloudPlatform – XenDesktop/XenApp cloud provisioning · CloudPlatform – XenDesktop/XenApp cloud provisioning Systems Engineer Networking & Cloud October 2014 Gaby Grau - [email protected]

Documents
Enabling Automated Network Services Provisioning for Cloud ... · Enabling Automated Network Services Provisioning for Cloud Based Applications Using Zero Touch Provisioning ... the

Enabling Automated Network Services Provisioning for Cloud ... · Enabling Automated Network Services Provisioning for Cloud Based Applications Using Zero Touch Provisioning ... the

Documents
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patterson, Vikas Jain, Ed Sutter

CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patterson, Vikas Jain, Ed Sutter

Technology
An Overview of Cloud Identity Management-Modelspdfs.semanticscholar.org › fcb6 › 0e66a6e5935c0f5cf... · Keywords: Cloud, Cloud Computing, Cloud Identity Management-Model, Identity

An Overview of Cloud Identity Management-Modelspdfs.semanticscholar.org › fcb6 › 0e66a6e5935c0f5cf... · Keywords: Cloud, Cloud Computing, Cloud Identity Management-Model, Identity

Documents
Oracle Public Cloud : Provisioning with Chef

Oracle Public Cloud : Provisioning with Chef

Internet
Standardizing Identity Provisioning with SCIM

Standardizing Identity Provisioning with SCIM

Technology
Provisioning software defined servers using Cloud OS · Provisioning Software-defined Servers ... Template-based software defined server provisioning HP Cloud OS for Moonshot

Provisioning software defined servers using Cloud OS · Provisioning Software-defined Servers ... Template-based software defined server provisioning HP Cloud OS for Moonshot

Documents
3rd Party User Provisioning with Salesforce Identity

3rd Party User Provisioning with Salesforce Identity

Documents
Grouper Provisioning: Locally & Cloud

Grouper Provisioning: Locally & Cloud

Documents
Optimizing Resource Provisioning in Shared Cloud …delimitrou/papers/2014.techreport.hybrid.pdfOptimizing Resource Provisioning in Shared Cloud Systems Abstract Cloud computing promises

Optimizing Resource Provisioning in Shared Cloud …delimitrou/papers/2014.techreport.hybrid.pdfOptimizing Resource Provisioning in Shared Cloud Systems Abstract Cloud computing promises

Documents
Deploying SaaSLicensing & Provisioning for Cloud Applications

Deploying SaaSLicensing & Provisioning for Cloud Applications

Documents
Williams Cloud-based Provisioning

Williams Cloud-based Provisioning

Documents
WP4 – Cloud Platform & Provisioning

WP4 – Cloud Platform & Provisioning

Documents
Optimizing MapReduce Provisioning in the Cloud

Optimizing MapReduce Provisioning in the Cloud

Documents
Automating Network Provisioning for Private Cloud

Automating Network Provisioning for Private Cloud

Documents
OData Provisioning - SAP Help Portal · PDF fileThe SAP Cloud Platform OData Provisioning is a function of SAP Cloud Platform which combines SAP Gateway ... OData Provisioning Overview

OData Provisioning - SAP Help Portal · PDF fileThe SAP Cloud Platform OData Provisioning is a function of SAP Cloud Platform which combines SAP Gateway ... OData Provisioning Overview

Documents
Autonomic Cloud Provisioning For Scientific Workflows · PDF fileAutonomic Cloud Provisioning For Scientific Workflows ... HTCondor for job scheduling and execution ... Autonomic Cloud

Autonomic Cloud Provisioning For Scientific Workflows · PDF fileAutonomic Cloud Provisioning For Scientific Workflows ... HTCondor for job scheduling and execution ... Autonomic Cloud

Documents
Automatic Provisioning via Cloud-Init - AudioCodes

Automatic Provisioning via Cloud-Init - AudioCodes

Documents
FLEXIBLE ORGANIZATION OF REPOSITORIES FOR PROVISIONING CLOUD … · 2 REQUIREMENTS OF CLOUD INFRASTRUCTURE PROVISIONING Both grid computing and cloud computing are attempts at utility

FLEXIBLE ORGANIZATION OF REPOSITORIES FOR PROVISIONING CLOUD … · 2 REQUIREMENTS OF CLOUD INFRASTRUCTURE PROVISIONING Both grid computing and cloud computing are attempts at utility

Documents
Open standard based Identity Provisioning for Cloud

Open standard based Identity Provisioning for Cloud

Documents
Identity Analytics - 'User Provisioning' Case Study: Using Modelling … · 2018. 9. 13. · Identity Analytics - "User Provisioning" Case Study: Using Modelling and Simulation for

Identity Analytics - 'User Provisioning' Case Study: Using Modelling … · 2018. 9. 13. · Identity Analytics - "User Provisioning" Case Study: Using Modelling and Simulation for

Documents
Private-Cloud Provisioning in Multi-Cloud Environments...Private-Cloud Provisioning in Multi-Cloud Environments Get it right with 2 levels of abstraction The Provisioning Problem Powerful

Private-Cloud Provisioning in Multi-Cloud Environments...Private-Cloud Provisioning in Multi-Cloud Environments Get it right with 2 levels of abstraction The Provisioning Problem Powerful

Documents
Leadership Compass Identity Provisioning - Market Analysis ......KuppingerCole – Leadership Compass – Identity Provisioning Report No.: 70151 Page 4 of 26 2. Methodology KuppingerCole

Leadership Compass Identity Provisioning - Market Analysis ......KuppingerCole – Leadership Compass – Identity Provisioning Report No.: 70151 Page 4 of 26 2. Methodology KuppingerCole

Documents
Oracle® Revenue Management and Billing Cloud Services · Oracle Revenue Management and Billing Cloud Services Federated Identity Configuration Guide F31148-01 ... 1.4.3 User Provisioning

Oracle® Revenue Management and Billing Cloud Services · Oracle Revenue Management and Billing Cloud Services Federated Identity Configuration Guide F31148-01 ... 1.4.3 User Provisioning

Documents
NetSuite Provisioning Connector Guide - McAfeekc.mcafee.com/.../24000/PD24306/en_US/MCIM_NetSuite_Prov_Guide… · McAfee Cloud Identity Manager 3.5 NetSuite Provisioning Connector

NetSuite Provisioning Connector Guide - McAfeekc.mcafee.com/.../24000/PD24306/en_US/MCIM_NetSuite_Prov_Guide… · McAfee Cloud Identity Manager 3.5 NetSuite Provisioning Connector

Documents
Cloud init and cloud provisioning [openstack summit vancouver]

Cloud init and cloud provisioning [openstack summit vancouver]

Technology
Standards Based Identity Provisioning

Standards Based Identity Provisioning

Technology