Upload
covisint
View
390
Download
1
Embed Size (px)
DESCRIPTION
Presented by David Miller, Covisint CSO, at Gartner Identity & Access Management Summit 2012
Citation preview
Orchestrating External Engagement Through Access Patterns
David Miller, Covisint CSO, December 2012
Enterprise-grade, Global and Proven
One Platform
500+ Global Customers
22M+ Users
1B+ Yearly Transactions
100% Availability
External Engagement Platforms
• Automotive• Energy
Supply Chain Joint Venture
• Automotive • Energy
Performance-based Care
• Healthcare• Public Sector
Customer
• Automotive• Healthcare• Travel• Financial Services
Dealer
• Automotive• Energy• Financial Services
Consumer/Patient
• Automotive• Healthcare
cloud cloud cloud
cloud
cloud
Cloud Engagement Platform
Applications ManagementPersonalized Dashboard
Remote CommandsService History, Parts/Accessories
Diagnostics
Consumer Finance
Preferred Retail Outlet Integration with Social Media
Accessing Applications, Services, Data
• ID/Password• 2 Factor• Risk-based Authentication• Policy Enforcement
Cloud Authentication
Services
Trusted Identity Broker
• Security Token Service• Federation Protocols• Translations and Mapping
General Services
• Password Strength• User Name Suggestion• Captcha
Administration • Administration Tools• Reporting
Trusted Identity Provider
• Password Management• Provisioning• Profile Management• Authorization Management• Role Management• Workflow Engine
Cloud Identity Services Framework Overview
RESTful & JSON, SOAP
Mobile Web Site
RESTful & JSON, SOAP
APIs
APIs
• Configurable and extensible• Used for suppliers,
employees, consumers, etc.• Use any to all of the services
Solution Integrations
Token Consumer
Token Consumer
Token Consumer
Token Consumer
WS-Fed, Open ID
SAML, WS-Fed
Logon
APIs
APIs
SAML
Token Producer
SAML APIs
Identity Stores- ITIM for Administrators- User Registration
Batch-driven Event-driven
SPMLFTP
HTTP(S)Internal
Web Service
Employee
Administrator
Consumers
Service 1
Service 2
Service 3
Third-party Providers
Service A
Service B
Third Party IdP
Primary Company
Covisint Cloud API: High-level Architecture
Hosted Apps
RESTful & JSON/HTTPS
Covisint Cloud API
Mobile Web Site
Hybrid/Native Mobile App
Device Apps
Hosted by Covisint
PortalMobile UI
• ID/Password• 2 Factor• Risk-based Authentication• Policy Enforcement
Cloud Authentication
Services
Trusted Identity Broker
• Security Token Service• Federation Protocols• Translations and Mapping
General Services
• Password Strength• User Name Suggestion• Captcha
Administration • Administration Tools• Reporting
Trusted Identity Provider
• Password Management• Provisioning• Profile Management• Authorization Management• Role Management• Workflow Engine
Integration Patterns
Pattern 1: Hyperlink-based Integration
• Redirects user’s browser to target application/service- Can include user context- Single sign-on experience
• Implementation effort- Simple portal configuration- Potential security integrations
www.portal.com
www.pandora.com
User
1
2
Pattern 2: iFrame-based Integration
• Target application/service is rendered within a window on the portal• Implementation effort
- Fit target application within the available portal window- Requires security integrations
Pattern 3: Portlet-based Integration
• Select target service functionality surfaced to the user via portlet• Implementation effort
- Portlet creation- Establish API integration
• Security – SAML, WS-Federation, provisioning (potentially), etc.• Routing to target service (direct or via ESB)
- Surface target service’s functionality via API
Target Service
Service 1
Covisint AppCloud API Key Features
• Drive Developer Adoption- Developer Community Portal- API Productivity Tools- Developer Onboarding and Management
• Understand API Usage- API Analytics- Real-time Operational Data- Debugging and Root-cause Analysis
• Control Traffic Flow- Rate Limiting- Traffic Shaping and Queuing- API Load Balancing
Covisint AppCloud API Key Features
• Scale to Millions of Customers and Devices- Caching and Compression- High Concurrency, Low Latency- Horizontal and Vertical Scale
• Transform Existing APIs- Protocol Mediation and Transformation- Optimize API for Mobile Devices- Manage API Versioning
• Secure and Connect- Authentication and Authorization- Data and Threat Protection- Fine-grained Access Control
Pattern 4: Mash-up Based Integration
• Functionality from multiple services (requires correlation criteria) surfaced to the user via a portlet
• Implementation effort- Mash-up portlet creation (with correlation criteria)- Establish API integration
• Security – SAML, WS-Federation, provisioning (potentially), etc.• Routing to target service (direct or via ESB)
- Surface target services’ functionality via APIs
Service 1
Service 2
Service 3
Service “n”
Target Services
Pattern 5: Mobile App-based Integration
• Target services’ functionality surfaced to the user on a smart device
• Implementation effort- App creation- Establish API integration
• Security – SAML, WS-Federation, provisioning (potentially), etc.• Routing to target service (direct or via ESB)
- Surface target services’ functionality via APIs
Service 1
Service 2
Service 3
Service “n”
Target Services
API Integration Reuse
• Portlets and mobile apps leverage the same API integrations- Minimizes development efforts- Accelerates implementations- Leverages business logic- Tailors user interface to platform’s capabilities/constraints
Service 1
Service 2
Service 3
Service “n”
Target Services
Service Provider: A
Service 4
Accelerating Service Migrations
Presentation Abstraction
Web Service Abstraction
• Portlet Enabler
• Faster Implementation
• Flexible Integration
• Future Proof
• Accelerate Development
• Reduce Costs
• Cross-platform Consistency
Presentation Services
Content/ Aggregation
Services
Service Bus
Security Framework
Covisint Environment
Service Provider: A
Service 1
Service 2
Service 3
Service 4
Service Provider: B
Service 1, 2, 3
JSON Object
JSON Object
Thank You