Gary O'Brien

1
Gary O'Brien Senior Solutions Architect APAC Sun
ONE
2
Market Evolution
Client-Server
WebApps
WebServices
HybridP2P
Grid
3-Tier
3
Identity Management And The Executive Focus

• Gaining competitive advantage
• Improve employee productivity
• Personalise relationships with customers
• Increase efficiencies with suppliers
• Reduce total cost of ownership
• Increase Performance and stakeholder returns

4
Identity Crisis

• Multiple Communities
• Information Integrity
• Security and Privacy
• Management of Information Assets
• Operational Inefficiencies
• High Admin Costs

Communities
Suppliers
Customers
Employees
Partners
Applications
Applications
Data
Information Assets
Information Assets
5
Solution Identity Management
Communities
Suppliers
Customers
Employees
Partners
Identity Management
Identity management
Web Services
Web Services
Applications
Applications
Data
Information Assets
Information Assets
6
What Is Identity Management?
Identity Management is the business processes and
technologies around managing the lifecycle of an
identity and its relationship to business
applications and services.
Policy-based Trusted Network
Context-sensitive authentication, attributes, and
authorization
Employees
Customers
BusinessPartners
Devices
Network identity is the foundation for the next
generation of highly personalized web services
7
Key Business Drivers

• Security
• Authentication, Authorization, Audit
• Deactivation
• Customer service
• Reduce churn (turn-over)
• Increase revenue via services and satisfaction
• Reduce Costs/Increase Productivity
• Reduce duplication, errors
• Improve business efficiency
• Compliance

8
The Foundation for Web Services
Web Services
Network Identity
Business policy Liability, assurance for
transactions
Relationships between people, groups, and
organizations
Applications and services Access and
Authorization
Relationships between identities and information
Presentation/Personalization What the User Sees
Defining relationships through quality of
experience
Authenticated Identity (person, application,
group, organization)
Source Burton Group
9
Taking Identities Beyond Organisation Boundaries

• Federated Identity Management
• The use of agreements, standards, and
  technologies to make identity and entitlements
  portable across autonomous identity domains.

10
Identity Evolution
Separate Cards with Each Bank
Linked Cards within Bank Networks
Seamless Access Across all Networks
11
Network Identity Components
Data stored about you based on what you do (Role)
ATTRIBUTES
Verifying you are who you claim to be
AUTHENTICATION
Providing selective access to applications and
data based on your role
AUTHORIZATION
12
The Liberty Alliance

• Support a broad range of identity-based products
  and services
• Allow for consumer choice of identity
  provider(s), the ability to link accounts through
  account federation, and the convenience of single
  sign-on, when using any network of connected
  services and devices
• Enable commercial and non-commercial
  organizations to realize new revenue and cost
  saving opportunities that economically leverage
  their relationships with customers, business
  partners, and employees
• Improve ease of use for e-commerce consumers

13
Key Objectives of the Liberty Alliance

• Simplified Sign-On Provide an open simplified
  sign-on specification that includes federated
  authentication from multiple providers operating
  independently, simplified access across multiple
  accounts within a trust community, and portable
  on-line identity
• Enhance Constituent Relationships Enable
  commercial and non-commercial organizations to
  control, maintain and enhance relationships with
  constituents
• Support All Devices Create a network identity
  infrastructure that supports all current and
  emerging network access devices
• Enable Consumer Privacy Enable commercial and
  non-commercial organizations to protect consumer
  privacy
• Support Interoperability Provide a mechanism
  supporting interoperability with existing
  systems, standards, and protocols

14
The Liberty Alliance What Is the Business Value?

• Technical cost barriers to interoperability
  (e.g. Development costs) are no longer an issue
• Context-sensitive, gradient levels of
  authentication and therefore of risk management
  is now possible
• Robust standards-based data and profile exchange
  is possible
• Multi-vendor availability Agree on standards,
  compete on implementations

15
Circle of Trust Concept
16
Liberty Founding Members
17
Liberty Sponsor Members
18
Liberty Phases

• Phase 1 1H 2002
• Identity Federation Framework
• SSO
• Account Federation
• Phase 2 2H 2002
• Identity Services Framework
• Service Discovery
• Attribute Exchange
• Phase 3 1H 2003
• Identity Services
• Interoperable Identity Services
• Alerts, Location Based, Presence, Wallets,
  Calendar

19
Project Liberty

• Liberty standard allows shared login
• Shipping NOW
• Java Card is a standard for smart cards
• NOW in mass deployments
• Java Card Liberty highest security standard
  for network identity

20
The Steps to Network Identity
21
Steps to Network Identity
6. Deliver Federated Network Identity Services
5. Implement Accountability for External Trusted
Transactions and Services
4. Distinguish Business Logic, Identity, and
Delivery
3. Extend Deliver Secure Role-based
Application Access and Services

• Key Benefits
• Cost Reduction
• New Capabilities
• End-user Satisfaction

2. Architect Network Identity Management
Infrastructure

• Key Benefits
• Cost Reduction
• New Capabilities
• End-user Satisfaction

1. Inventory Assess Risk, Requirements, and
Strategy

• Key Benefits
• Cost Reduction
• End-user Satisfaction
• Revenue Growth

• Key Benefits
• Cost Reduction
• New Capabilities
• End-user Satisfaction

• Key Benefits
• Cost Reduction
• New Capabilities
• New Efficiencies

• Key Benefits
• Risk Assessment
• Efficiencies
• Network Identity Readiness

22
The Business Case

• Financial
• Infrastructure and operational, development, time
  to market, customer service access, support and
  Help Desk, productivity, administrative and
  process efficiencies.
• Compliance
• Configurable to meet legislation, mitigating
  liability
• Trust
• Reduces opportunity to infringe on privacy and
  provides relative anonymity, building and
  maintaining trust with partners, customers and
  employees.
• Security
• Enforce security policy based on usage and
  content, minimises exposure
• Technology
• Separates identity from application to make a
  more flexible, standardised and context based
  form of managing identity

23
Sun Software Mission
To connect everything with a digital heartbeat to
the network and help you use it to make more money
24
Network Identity and Sun ONE
Directory Server
Identity Server
Portal Server
Directory Proxy
Meta Directory
SIPL
Sun Proprietary/Confidential, Internal Use Only
1
25
Sun ONE Network Identity PS Offerings

• Online Capability Assessment Tool
• http//www.sunonetools.com/
• Architecture Workshop (2 Day)
• Develop your IT vision for Network Identity
• Identifies key requirements - Business and IT
• Provide a concrete, specific, action plan
• Architecture Assessment (2 Week)
• Gap analysis between your existing system and
  your desired Network Identity solution and
  Specific action plan
• Architecture Roadmap
• Provide a high level architectural design for
  implementing your Network Identity system
• Complementary SI Strategic Partnerships

26
Network Identity
Create the foundation for supporting federated
identity and liberty-enabled services in the
future by developing a network identity
infrastructure today

• Reap the immediate benefits
• Flexible administrative controls
• Improved user experience
• Ubiquitous enforcement of security policies
• Containment of administrative costs

27