© 2016 ForgeRock. All rights reserved.

Identity Relationship Management The Future's So Bright, I Gotta Wear Shades

Daniel Raskin, SVP Product Management Chris Kawalek, Director of Product Marketing

© 2016 ForgeRock. All rights reserved.

Relationship Management

© 2016 ForgeRock. All rights reserved.

Iden%ty  

Users

© 2016 ForgeRock. All rights reserved.

Iden%ty  

Iden%ty  

Iden%ty  

Iden%ty  

Iden%ty  

Iden%ty  

Iden%ty  

Iden%ty  

Iden%ty  

Iden%ty  

Iden%ty  

Iden%ty  

Users, Devices, Things & Services

© 2016 ForgeRock. All rights reserved.

Identity Management Evolves to Relationship Management

Identity Lifecycle Management Users, Devices, Things & Services

© 2016 ForgeRock. All rights reserved.

Contextual Identity

© 2016 ForgeRock. All rights reserved.

Contextual Security Taking Safety to the Next Level

Passwordless  Authentication  

Register  Device    for  First  Time  

Authorise  consent      child  purchase  

Authorise  family  members  to  use  account  

Authorise  Data  to    Device  /  Thing  

© 2016 ForgeRock. All rights reserved.

Did  you  just  request  to  transfer  $1,000,000.  

Taro  is  trying  to  purchase  Footloose  on  Amazon  .    

Is  that  ok?  

Kayoko  is  reques%ng  access  to  your  car  

Are  you  trying  to  open  your  front  door?  

We  no%ced  your  are  accessing  our  service  on  a  iPhone.  Would  you  like  to  register  this  device?  

Would  you  like  to  authorise  purchasing    Show%me  on  your  Samsung  TV?  

Contextual Identity Enriching the Experience

© 2016 ForgeRock. All rights reserved.

Contextual Identity Authentication, Authorisation and Consent

User Managed Access Sharing X-Ray with Doctor

© 2016 ForgeRock. All rights reserved.

Microservice Architecture

© 2016 ForgeRock. All rights reserved.

SOA is Dead, but Services on the Rise!

1990s and Early Pre-SOA

Monolith to change

2000s Traditional SOA

Autonomous but coordinated

Present Microservices

Decoupled and Independent

PWC, Agile coding in enterprise IT: Code small and local

© 2016 ForgeRock. All rights reserved.

Service to Service Interaction Authentication, Authorisation and Consent

https://api.chucknorris.com/categories/nerdy

Authenticate  API   Authorise  API  Calls   Authenticate  API  

© 2016 ForgeRock. All rights reserved.

Scaling to Support Distributed Cloud Archs Stateless Architecture

•  Flexible deployment option to address cloud elasticity and massive horizontal scalability

•  Configuration can be on a per-realm basis

•  Stateless = state information is encoded in JWT token

•  Stateful = tokens persisted in the Core Token Service

OpenAM Server

OpenAM Server

OpenAM Server

AWS1 AWS2 AWS3

Microservices Client App

Distributed Cloud Environment

© 2016 ForgeRock. All rights reserved.

Cloud Readiness

© 2016 ForgeRock. All rights reserved.

Hybrid Cloud – One Cloud Many Pieces

© 2016 ForgeRock. All rights reserved.

The Cloud Conundrum

No Portability! Identity Baked in and Constrained to Each Cloud!

© 2016 ForgeRock. All rights reserved.

OAuth2/OIDC OAuth2/OIDC OAuth2/OIDC OAuth2

The Abstraction of Identity … Again

© 2016 ForgeRock. All rights reserved.

Cloud Automation

© 2016 ForgeRock. All rights reserved.

Cloud Native: Cattle versus Pets

© 2016 ForgeRock. All rights reserved.

Cloud Native: Cattle versus Pets

Cattle •  Cattle are numbers •  They are almost identical •  When ill, get another (Kill it!) •  Thousands of cattle on farm

Pets •  Pets have names like “pussnboots” •  They are lovingly hand raised •  When ill, nursed back to health •  1 or 2 pets in house

Elastic Inelastic

© 2016 ForgeRock. All rights reserved.

Container Management & Deployment

Product Configuration

Product Manifests

ForgeRock    Images  

Java  Image  

Tomcat  Image  

…

Other    Images  

DOCKER REPOSITORY

© 2016 ForgeRock. All rights reserved.

Platform Ubiquity

© 2016 ForgeRock. All rights reserved.

We Must Be Better

Authen%ca%on   Authoriza%on   Mul%-­‐Factor   Adap%ve  Risk   Self  Service   Directory   API  Security   GRC   …  

© 2016 ForgeRock. All rights reserved.

Unified Platform

UMA Provider Mobile OTP App Synchronization Auditing

LDAPv3 REST/JSON

Replication Access Control

Schema Management

Caching

Auditing

Monitoring

Groups

Password Policy

Active Directory Pass-thru

Reporting

Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2

Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2

Adaptive Risk Stateless/Stateful Registration Role Provisioning Message Transformation

API Security Scripting

Built from Open Source Projects:

UMA Resource

Access Management Identity Management Identity Gateway

Directory Services

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g

© 2016 ForgeRock. All rights reserved.

Identity Relationship Management: Talkin’ Bout a Revolution

Relationship Management

Cloud Automation

Cloud Readiness

Platform Ubiquity

Microservice Architecture

Contextual Identity

© 2016 ForgeRock. All rights reserved.

Demo!