Upload
forgerock
View
238
Download
1
Embed Size (px)
Citation preview
© 2016 ForgeRock. All rights reserved.
Daniel Raskin SVP, Product Management
The Future is Now: The ForgeRock Identity Platform
Jessica Morrison Senior Director, Product Marketing
© 2016 ForgeRock. All rights reserved.
Disclaimer
The presentation represents ForgeRock’s current view of its product development cycle and future directions. It is intended for information purposes only, and should not be interpreted as a commitment on the part of ForgeRock. ForgeRock makes no warranties, expressed or implied, on future functionality and timeline.
© 2016 ForgeRock. All rights reserved.
2010 Founded
10 Offices worldwide with headquarters in San Francisco
400+ Employees
600+ Enterprise Customers
50% Americas / 50% International commercial revenues
30+ Countries
ForgeRock The leading, next-generation,
identity security software platform, driving digital business.
© 2016 ForgeRock. All rights reserved.
Everyone And
Every Thing
Identity For
Customer Identity Relationship Management
© 2016 ForgeRock. All rights reserved.
Frictionless
Personalized
The New Customer Experience
Device / IoT
© 2016 ForgeRock. All rights reserved.
ForgeRock Identity Platform
UMA Provider Mobile App Synchronization Social Identity
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Directory Proxy
Monitoring
Groups
Password Policy
Active Directory Pass-thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Aggregated User View
Message Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Directory Services
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2017 ForgeRock. All rights reserved.
Build trusted identity relationships across users, things, & cloud services
© 2017 ForgeRock. All rights reserved.
Authorization Federation
Identity Workflow Self Service
Authentication
Identity Synchronization
Adaptive Risk
Identity Store
User-Managed Access
Identity Gateway
Q1 Platform Release – New Modules
Social Identity
Identity Proxy
© 2017 ForgeRock. All rights reserved.
Identity Horizons: Key Focus Areas
Unified Platform
Cloud Native
Customer Identity Unified Platform
DevOps / Containers Privacy & Consent
Internet of Things Microservices
SOLUTION AREAS DELIVERY FLEXIBILITY
© 2017 ForgeRock. All rights reserved.
Cus
tom
er V
alue
Completeness of Vision
Customer Identity Core Business
Privacy & Consent Adjacent Growth
Internet of Things Exploration in to New Market
Identity Horizons: Solution Areas
Enterprise Traditional IAM
© 2017 ForgeRock. All rights reserved.
Cus
tom
er V
alue
Completeness of Vision
Customer Identity Core Business
Privacy & Consent Adjacent Growth
Internet of Things Exploration in to New Market
Identity Horizons: Solution Areas
Enterprise Traditional IAM
RELATIONSHIP MANAGEMENT
© 2017 ForgeRock. All rights reserved.
ForgeRock Identity Platform
UMA Provider Mobile App Synchronization Social Identity
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Directory Proxy
Monitoring
Groups
Password Policy
Active Directory Pass-thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Aggregated User View
Message Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Identity Store
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2017 ForgeRock. All rights reserved.
ForgeRock Common Audit Framework
Available Audit Handlers
Handlers Publishes to
CSV CSV files
Syslog The syslog daemon
JDBC A rela7onal database
Elas7csearch An Elas7csearch store
JMS JMS topics
JSON JSON files
Splunk Splunk database
© 2017 ForgeRock. All rights reserved.
DevOps Guide Containerized Images, Cloud Orchestration and Docker / Kubernetes Samples
© 2017 ForgeRock. All rights reserved.
2H 2017 1H 2017 Platform 2017 Roadmap
5.0 Release Developer • API Explorer for Common REST
DevOps • DevOps Guide • Docker Samples • Kubernetes Samples • Cloud Foundry Service Broker
More Audit Handlers • Splunk, JMS, JSON Handlers
5.5 Release Platform • ForgeRock Persistence Layer • Common Schema
DevOps • Docker Repository / Images • Configuration as Artifact • Reference Deployments
Serviceability • Support forensics
© 2017 ForgeRock. All rights reserved.
ForgeRock Identity Platform
UMA Provider Mobile App Synchronization Social Identity
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Directory Proxy
Monitoring
Groups
Password Policy
Active Directory Pass-thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Aggregated User View
Message Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Identity Store
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2017 ForgeRock. All rights reserved.
Architecture provides … • Simpler component topology • Elastic Architecture • Parallel instantiations • Phase 1: DevOps (5.0) • Phase 2: Elastic (5.5)
AM AM AM AM
ELB
…
Autonomous Servers Cloud-friendly Architecture
© 2017 ForgeRock. All rights reserved.
DevOps Support For Automated Deployments
• AMster • New lightweight CLI tool • Remote configuration over REST • Export/Import config as json
• Dynamic Boot params • Supply boot params via
environment variables • Great for containerization • Docker container becomes
generic
• Keystores • Boot passwords can be stored in
secret volumes
AMster
AM AM AM
DevOps Tool of Choice
© 2017 ForgeRock. All rights reserved.
IoT and Security Secure OAuth2 Tokens
• OAuth2 widely used in IoT • Bearer token security critical • New “Proof-of-Possession” support • Resource server can verify Access
token belongs to client
Resource Server
Authorization Server
© 2017 ForgeRock. All rights reserved.
2H 2017 1H 2017 Access Management
5.0 Release 5.5 Release Cloud • Autonomous Servers Phase 2 – Elastic
Customer Identity • Smart Decision Trees • Push Authorization • User Managed Access 2.0 / Pluggability
Securing Microservices • Authentication Microservice • Token Validation Microservice • Token Exchange Microservice
Internet of Things • OAuth2 Security Token Service • OAuth2 Client Registration
Cloud • DevOps Friendly CLI (Amster) • Autonomous Servers Phase 1 - DevOps
• CTS Session Affinity • Docker / Kubernetes Samples
• Cloud Foundry Service Broker
Security • New Stateless Encryption Modes • New Stateless Encryption Algorithms
Internet of Things • OAuth2 Proof of Possession
© 2017 ForgeRock. All rights reserved.
ForgeRock Identity Platform
UMA Provider Mobile App Synchronization Social Identity
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Directory Proxy
Monitoring
Groups
Password Policy
Active Directory Pass-thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Aggregated User View
Message Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Identity Store
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2017 ForgeRock. All rights reserved.
Social Identity Module
Select social provider for registration.
Authorize data to be shared from social provider.
Accelerate registration and build common user profile.
1 2 3
© 2017 ForgeRock. All rights reserved.
Social Identity Module Seamless Integration with ForgeRock Access Management
© 2017 ForgeRock. All rights reserved.
Profile and Consent Management User’s Ability to view and manage privacy policies
Configurable User Preference
© 2017 ForgeRock. All rights reserved.
Marketo Connector for Lead Scoring
• Out-of-the box Connector • Synchronize any managed user to
Marketo • Configure through the Admin UI. • IDM Users deselecting marketing
preference removes them from Marketo Lead database
Marketo Web service endpoint to the leads database.
© 2017 ForgeRock. All rights reserved.
Marketo
Marketo Connector for Lead Scoring
• email • first name • last name • gender • country • city • locale • time zone • age-range • Opt-in/opt-out • facebook ID • linkedIn ID • Google ID
Total
Lead Scoring
Behaviors
Demographics
Actions/# of web clicks
Actions/opt-in/opt-out
Title
Location
Time zone
Marketo CONNECTOR
© 2017 ForgeRock. All rights reserved.
Social IDPs Q1 Q2 Q3 Q4
Google ✔
Facebook ✔
LinkedIn ✔
Yahoo ✔
Instagram ✔
Microsoft Live ✔
Foursquare ✔
Salesforce ✔
WeChat ✔
Vkontaktes ✔
RenRen ✔
Twitter ✔
Sine Weibo ✔
Wordpress ✔
Paypal ✔
Amazon ✔
Verisign ✔
Bloggger ✔
Flickr ✔
Social Registration IDPs 2017 Roadmap
© 2017 ForgeRock. All rights reserved.
Connector Q1 Q2 Q3 Q4
Marketo ✔
Docusign ✔
Eloqua ✔
SAP Hybris ✔
Adobe Marketing ✔
Demandware ✔
SCIM ✔
Shareware ✔
Interscope ✔
Neo4j ✔
Marketing Connectors 2017 Roadmap
© 2017 ForgeRock. All rights reserved.
ForgeRock Identity Platform
UMA Provider Mobile App Synchronization Social Identity
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Directory Proxy
Monitoring
Groups
Password Policy
Active Directory Pass-thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Aggregated User View
Message Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Identity Store
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2017 ForgeRock. All rights reserved.
2H 2017 1H 2017 Identity Management 2017 Roadmap
5.0 Release 5.5 Release Customer Identity • More Social Registration IDPs • More Marketing Connectors • Self Service Email Templates • GDPR Profile Management
Cloud • Dynamic Clustering • Configuration as Artifact • SCIM 2.0 Connector
Internet of Things • IDM Graph Connector
Customer Identity • Social Registration • Consent Synchronization • Configure AM as OIDC IDP • Marketo Connector
Cloud • IDM DevOps Guide • Docker Images • Kubernetes samples
Ease of Use • Simplified upgrade
© 2017 ForgeRock. All rights reserved.
Identity Gateway Developer Studio Enable developers and evaluators to construct configuration artifacts
you can create routes to authenticate and authorize users' access to protected applications, and throttle the rate of requests.
Through Studio …
© 2017 ForgeRock. All rights reserved.
2H 2017 1H 2017 Identity Gateway 2017 Roadmap
5.0 Release 5.5 Release Developer • Design Studio Phase 1 • Filter Chains • Conditional Filters
Cloud • IG DevOps Guide • Mutable / Immutable Modes • Docker / Kubernetes samples
Customer Identity • Support for Step-up Authentication • SSO with AM
Developer • Design Studio Phase 2
Cloud • Cloud Foundry Route Services • IG DevOps Reference Architect
Internet of Things • AuthN/AuthZ over MQTT • AuthN/AuthZ over COAP
© 2017 ForgeRock. All rights reserved.
ForgeRock Identity Platform
UMA Provider Mobile App Synchronization Social Identity
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Directory Proxy
Monitoring
Groups
Password Policy
Active Directory Pass-thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Aggregated User View
Message Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Identity Store
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2017 ForgeRock. All rights reserved.
Identity Proxy Server Distributed Identity Architecture
The proxy provides …
• A single point of access with choice of using REST or LDAP to access underlying LDAP databse services.
• High service availability, hiding implementation details from LDAP client applications.
• LDAP load balancing and failover strategies to handle referrals, connection failures, and network partitions.
• Can be deployed with any LDAPv3 identity store.
LDAP or REST
Tenant 1
Proxy Service
Tenant 2 Tenant 3 Tenant 4
LDAP
© 2017 ForgeRock. All rights reserved.
Supporting JSON
• Added support for JSON Syntax myA$r: { "_id":"bjensen", "_rev":"123", "name": { "first": "Babs", "surname": "Jensen" }, "age": 25, "roles": [ "sales", "admin" ] }
• JSON Validation configurable • Added JSON Matching Rules
ldapsearch … "(myA$r=age lt 30 and name/first sw ’b')"
• Can be indexed • Can be customized for finer indexing and matching • Search JSON values using Common REST query filters
© 2017 ForgeRock. All rights reserved.
2H 2017 1H 2017 Identity Store 2017 Roadmap
5.0 Release 5.5 Release Cloud / Scale • Identity Proxy Services Phase 1 • Docker & Kubernetes Samples • DevOps Guide
Database • JSON Syntax for LDAP
Directory Proxy • Dynamic Server Discovery • Coarse Grained Access Control • Load Balancing
Cloud / Scale • Core Token Service Optimization • Replication Optimization • DevOps Reference Architecture
Database • Platform Persistence
Directory Proxy • Fine Grained Access Control • Advanced Load Balancing • Elastic Proxy Features