OIS Architecture Review

20
Open Identity Stack

description

Presented by Jamie Nelson, VP of Engineering, ForgeRock at Open Stack Identity Summit, France 2013

Transcript of OIS Architecture Review

Page 1: OIS Architecture Review

Open Identity Stack

Page 2: OIS Architecture Review

2

Identity Products Today Stack vendors built by acquisition

The integrated stack is marketecture

Installation takes days

Integration is complex

Interface and UI proliferation

No module reuse

Closed source

Vendor lock in

Page 3: OIS Architecture Review

3

ForgeRock Vision Simple

Scalable

Modular

Embeddable

Common REST framework

Common UI model

Community participation

Page 4: OIS Architecture Review

4

Common Modules CREST (ForgeRock REST)

User Interface

JASPI for Authentication

REST endpoint protection (filters)

OAuth

Federation

Logging

Entitlements

Page 5: OIS Architecture Review

5

OpenAM

All in one

Simple war deployment

Platform independent Flexible and extensible

Highly available and scalable

Page 6: OIS Architecture Review

6

OpenAM

ForgeRock REST (Commons REST)

Protected Resources

WebAgents

JavaEEAgents

Web ServicesAgents

User Interface

End User Management

ForgeRock UI Framework

Core Services

Authentication Entitlements Session AuditngOAuth

Core Token Service OpenID Connect

Configuration

PolicyUser

ManagementSecure Token

ServiceXACML Federation

SPIs

Authentication Plugins

Policy Plugins

User MgmtPlugins

Token ServicePlugins

Federation Plugins

Persistence (OpenDJ)

Universal Gateway

Page 7: OIS Architecture Review

7

OpenAM

ForgeRock REST (Commons REST)

Protected Resources

WebAgents

JavaEEAgents

Web ServicesAgents

User Interface

End User

ForgeRock UI Framework

Core Services

Authentication Entitlements Session AuditOAuth

Core Token Service OpenID Connect

Configuration

PolicyUser

ManagementSecure Token

ServiceXACML Federation

SPIs

Authentication Plugins

Policy Plugins

User MgmtPlugins

Token ServicePlugins

Federation Plugins

Persistence (OpenDJ)

Universal Gateway

Management

Page 8: OIS Architecture Review

8

OpenAM Persistence

OpenAM Server

Polices

Users

Configuration

Tokens

Core Services

OpenDJ

OpenAM Server

Polices

Users

Configuration

Tokens

Core Services

OpenDJ

Page 9: OIS Architecture Review

9

OpenAM Persistence

OpenDJ

OpenAM Server

Polices

Users

Configuration

Tokens

Core Services

OpenAM Server

Polices

Users

Configuration

Tokens

Core Services

OpenDJ

Page 10: OIS Architecture Review

10

OpenIDM Lightweight provisioning

Next generation modular architecture

Built on resource oriented principles

Highly extensible

Self contained

Page 11: OIS Architecture Review

11

OpenIDM OSGI

Persistence (OrientDB)

ForgeRock UI Framework

ForgeRock REST Router

Business Logic (Javascript, Groovy, Java)

Authentication Filter (JASPI)

Jetty Web Server

ConfigurationManaged

Users Sync/ReconSystem

(Connectors)

Scheduler WorkflowAudit/Logs

Policy

Ext

ern

al R

eso

urc

es

Audit

Page 12: OIS Architecture Review

12

OpenIDM Commons OSGI

Persistence (OrientDB)

ForgeRock UI Framework

ForgeRock REST Router

Business Logic (Javascript, Groovy, Java)

Authentication Filter (JASPI)

Jetty Web Server

ConfigurationManaged

Users Sync/ReconSystem

(Connectors)

Scheduler Task ScannerAudit/Logs

Policy

Ext

ern

al R

eso

urc

es

Audit

Page 13: OIS Architecture Review

13

Identity Bridge Software appliance

■ Wizard configuration

Identity synchronization from enterprise to SaaS

Reporting and reconciliation

SAML2 and OAuth

Page 14: OIS Architecture Review

14

Identity Bridge OSGIConfiguration Wizard

OpenIDM

Business Logic (Javascript, Groovy, Java)

Authentication JASPI (AD and IWA)

Jetty Web Server

Salesforce and LDAP

OAuth

Sa

lesf

orc

eL

DA

P

Co

nne

cto

r

Federation

ForgeRock UI Framework

Reporting and Recon

Page 15: OIS Architecture Review

15

OpenDJ Lightweight

Embeddable

REST APIs

High availability

Secure out of the box

Flexible architecture

Page 16: OIS Architecture Review

16

OpenDJUser Interface

End User Management

ForgeRock UI Framework

ForgeRock REST

Core Server

Replication AuditingLDAPV3 Caching Monitoring

Password Policy

GroupsSchema

ManagementREST2LDAPAccess Control

Backend Services

Persistence Connectors LDIF MemoryChange Log

Java SDK/ LDAPv3

Web Application

REST2LDAP

ForgeRock REST

Page 17: OIS Architecture Review

17

OpenDJ CommonsUser Interface

End User Management

ForgeRock UI Framework

ForgeRock REST

Core Server

Replication AuditngLDAPV3 Caching Monitoring

Password Policy

GroupSchema

ManagementREST2LDAPAccess Control

Backend Services

Persistence Connector LDIF MemoryChange Log

Java SDK/ LDAPv3

Web Application

REST2LDAP

ForgeRock REST

Page 18: OIS Architecture Review

18

OpenDJ REST2LDAPUser Interface

Login/End User

ForgeRock UI Framework

OpenDJ Server

REST2LDAP

Core Services

ForgeRock REST

JASPI Authentication Module

Page 19: OIS Architecture Review

19

Single Webapp Stack

OpenAMAuthenticationAuthorizationFederation

OpenIDMUser Management

SyncronizationWorkflow

OpenDJ Persistence

Users/Tokens/Configuration

ForgeRock REST

ForgeRock UI Framework

Login/Registration/Self Service

Page 20: OIS Architecture Review

20

High Scale Elastic Stack

OpenAM

ForgeRock REST

ForgeRock UI Framework

Login/Registration/Self Service

ForgeRock REST

OpenDJ Distributor OpenDJ Distributor

OpenAM

ForgeRock REST

ForgeRock UI Framework

Login/Registration/Self Service

ForgeRock REST

OpenAM

ForgeRock REST

ForgeRock UI Framework

Login/Registration/Self Service

ForgeRock REST

OpenAM

ForgeRock REST

ForgeRock UI Framework

Login/Registration/Self Service

ForgeRock REST

OpenDJ OpenDJ OpenDJ OpenDJ OpenDJ OpenDJ OpenDJ

OpenIDM OpenIDM OpenIDM OpenIDM