Title: The Identity Server A New Layer of Enterprise Infrastructure
1The Identity ServerA New Layer of Enterprise
Infrastructure
- Digital Identity World
- October 9, 2002
Lance HoodVP Products, OneName Corporation
2Key topics
- Identity is an important foundation for Web
services - Identity Web is ideal architecture for Web
identity services - Identity servers are new layer of enterprise
infrastructure - Real world solutions
3What would happen if?
We could share identity information from
databases, directories and applications
- with the same ease and breadth as we share
documents on the Web - we would have an Identity Web.
4An Identity Web that linked data, directories and
applications could
- Provide permission-based privacy protection for
regulatory compliance - Unify portals among business partners
- Synchronize and protect inventory data among
suppliers - Enable trusted e-business from any device
5Identity across boundaries
- Benefits
- Stronger business relationships
- Increased revenue
- Increased productivity
- Reduced costs
- Competitive advantage
- Barriers
- Persistent identifiers
- Security
- Privacy
- Evolving data definitions
- Obsolete data
Identity services will allow any business to
establish an identity Web
6Evolution of the Identity Web
Web Servers
Logical Organization and Linking
Web Pages(HTML)
File Servers
Files
Physical Organization and Storage
Digital Content (the Web)
7From enterprise to Web identity
EnterpriseDirectoryServices(LAN)
WebIdentityServices(Internet)
Deploymentarchitecture
Directory ormetadirectoryserver
Federatedidentity servernetwork
LDAPDSML
XNS
Standardprotocol
Hierarchicaldirectory (X.500)
Web (linkedXML documents)
Datamodel
LAN
Internet
8Document linking vs. identity linking
HTML
HTML
XML
XML
Contract
Contract
URI
URI
Contract
HTML
HTML
XML
XML
Contract
URI
URI
URI
Contract
Contract
Both require document markup, exchange protocol
and addressing/linking
9XNS identity protocol
Identity
Persistent global addressing,logical naming,
cross-domain mapping
Addressing
Schema sharing, versioning,intelligent forms,
receipts
Data Sharing
Authentication, Web SSO, authorization,
certification, auditing
Access Controls
Permission management, privacy regulation
compliance
Usage Controls
Persistent links, chain-of authority, workflow
Update ControlsLinking Synchronization
10Federated/distributed identity
Identity server
Identity server
XML
XML
XML
XML
XML
XML
Trustboundary
XML
XML
XML
XML
XML
XML
Identity server
Identity server
Identityclient
PlainText
WML
HTML
XML
11Role of identity in Web services
12Identity Services Segmentation
Data Control
Meta Directories
Directories
Minimal Access Usage/Update
RDMS
Intranet Web Servers
Internet Web Servers
DesktopApplications
Application Domain
Cross-Domain ExtraNet Internet
Data Sharing/Integration
13Identity services in the enterprise
Browser
Application ID
Application
Browser ID
XNSIdentityRoot
Logical
Web (HTML over HTTP)
Web Portal (HTML Cookies over HTTP)
Web Services (XML over SOAP)
Web Identity Services (XNS over SOAP)
Enterprise Security
Enterprise Security
Enterprise Security
Enterprise Directory
Enterprise Directory
Enterprise Directory
Enterprise Integration
Enterprise Integration
Enterprise Integration
Physical
Application
Application
Application
Persistence
Persistence
Persistence
LDAPIdentityRoot
Domain
Domain
Domain
14The identity services layer
Pure Identity (Actors)
Presentation
Servlet
Servlet
Servlet
Servlet
Servlet
Servlet
Webserver
SOAPserver
Otherprotocols
Identityprocessing
XNS
ID app
ID app
ID app
ID app
ID app
Identity server
Businessprocessing
DSML
App
App
Metadirectory
App
Application server
LDAP
Relational data-base server
Object data-base server
Directoryserver
Persistence
Pure Data (Bits)
15Identity server integration architecture
Web Portal
Other Identity Server
Wireless Portal
Web ServiceConsumer
HTML Servlet
WML Servlet
SOAP Connector
SOAP Connector
SOAP Connector
SOAP Connector
Firewall
SOAP Connector
SOAP Connector
SOAP Connector
SOAP Connector
Identity Application
Identity Application
Identity Application
XNS Base Services
IdentityDocument(XML)
IdentityDocument(XML)
IdentityDocument(XML)
IdentityDocument(XML)
Identity Server
OneName Integration Suite
SAML Adapter
LDAP Adapter (JNDI)
JDBC Adapter
Enterprise Security Server(e.g., Netegrity)
Enterprise Directory Server (e.g., Active
Directory)
Enterprise Database Server (e.g., SQL Server)
16Permission based data exchange
- Customer data distributed based on privacy
agreements - Changes to data automatically published to
partners - Disclosure to distribution groups updated if
privacy agreement changes
XNS Links
Partner Identity Documents
DistributionIdentity Web Service
DistributionGroup 1
DistributionGroup 1
DistributionGroup 1
JDBC Adapter
Customer Identity Documents
Legacy Data
Permissions
Account Data
17E-Loan / Mortgage Example
Supporting Services
Consumer
Personal Identity
- XNS PersonalIdentity
- Wallet
- Keys
- Credentials
- Contracts
XNS Linked Contracts
XNS Form Submission
TransactionRepository
Executed E-Loan Agreement
18Developing identity applications
3 Build/integrate with client application
Indirect
Direct
Target Application
1 Define messages and data
InterfaceApplication
Web Services Consumer
XSD
WSDL
Web Services Consumer
SOAP
UML
Web Services Provider Implementation
Identity Server
2 Implement service
19Summary
- Identity servers provide the identity
infrastructure needed for Web services - Identity servers enable valuable, strategic,
e-business initiatives - Identity servers can be deployed incrementally
20www.onename.com
- 206-812-6000
- sales_at_onename.com