What a great ForgeRock European Open Identity Summit !

Chateau BehoustLast week, ForgeRock hosted its first european Open Identity Summit, in the “Chateau de Béhoust” just outside Paris. For two and half days, our 110+ visitors, a mix of customers, prospect customers, partners and consultants, could attend presentations, meet and greet with ForgeRock employees, have lengthy discussions with peers, exchanging experience or use case scenarios around the ForgeRock Open Identity Stack. All of this in a very relaxed and friendly atmosphere.

All of the presentations have been filmed and will be available shortly through our web site and the summit page. If you missed the event and want to get a feel of the content, please check Simon Moffat’s review.

As usual, I’ve taken a few pictures of the event.

Thanks to all attendees and sponsors of the event. And see you next year for the second edition of our ForgeRock summits.

LP0_0488LP0_0538LP0_0595


Filed under: General Tagged: conference, ForgeRock, france, identity, ois13, Open, openam, opendj, OpenIdentityStack, openidm, Paris, summit

European Open Identity Summit – Review

This week saw the first European Open Identity Summit hosted by identity management vendor ForgeRock [1].  Following hot on the heels of the US summit, that was in Pacific Grove, California in June, the sold out European event, brought together customers, partners, vendors and analysts from the likes of Salesforce, Deloitte, Forrester and Kuppinger Cole amongst others.

Whilst the weather was typically October-esque, the venue was typically French chateau, set in panoramic grounds, with great hosting, food and wine to keep everyone in a relaxed mood.

The agenda brought together the key themes of the modern identity era, such as standards adoption (XACML, SAML2, OAuth2, OpenID Connect, SCIM), modern implementation approaches (JSON, API, REST) through to the vision for modern identity enablement for areas such as mobile and adaptive authentication, all whilst allowing customers and partners a chance to collaborate and swap war stories with some great networking.


Consumer Identity As A Revenue Generator

I have discussed the evolution of identity management on several occasions over the years (not least in August!), with the current iteration seeing a strong focus on utilising the identity of the consumer, as an approach to help drive new and existing revenue, for services and applications.  By capturing consumer identity details, either via portal facing registration systems, or making services available online, brand stickiness can be increased and a more relationship based approach can be developed. Developing platforms for consumer focused identity, requires several key components, mainly scale, modularity and agility.


Salesforce Expand Identity Offering

One of the key announcements at the summit was the expansion of the identity offering, by CRM software as a service giants, Salesforce.  With the Identity Connect platform, Salesforce and ForgeRock have entered into an OEM agreement, where the ForgeRock Open Identity Stack is used to enable the Salesforce solution to allow enterprises to seamlessly integrate with existing on-premise identity directories, with additional SSO capabilities.  Salesforce hope the solution will accelerate the onboarding of new and existing client accounts into their portfolio of online services. This is yet another example of organisations seeing customer identity as a key strategic component of business enablement and revenue generation.


Passwords Are Dead...Long Live The Password!

One of this years keynote speakers was Forrester's Eve Maler.  Always an articulate presenter, Eve dropped the bombshell that 'passwords are dead...'.  Whilst this isn't probably the most surprising announcement in the identity and infosec worlds, there is still to be defined, a clear way to replace the use of passwords as an authentication mechanism.  This is a topic I have blogged on multiple occasions (The Problem With Passwords Again, Still - Oct 2012, The Password Is Dead (Long Live The Password) - Feb 2012, Passwords And Why They're Going Nowhere - Mar 2013).  The failures of password use, storage and implementation are well known, but they are now too well embedded technically and psychologically, that a simple passage to something resembling biometric sustainability is somewhat remote.  Answers on a postcard with how that can be obtained!


The Future is Bright

Everyone loves modern - modern art, modern fashion, cutting edge music, the latest tech gadgets, but where does that leave modern identity management?  Modern in this respect, shouldn't just be focused on the new and shiny.  It needs to be focused on the new and useful.  Mobile devices are clearly the key component for information access, either via smart phones or tablets.  The desktop is dead and the laptop not far behind.  Modern identity needs to integrate seamlessly with mobile devices, utilising native technologies and loosely coupled REST based APIs and integration points.  Modern identity must also be convenient and easy to use.  Security in general is bypassed when too restrictive or complex and modern identity is no different.  For authentication and authorization processes to be effective, they need to convenient, good looking and easy to use.


The summit was a great event, that produced some interesting and thought provoking discussions, highlighting identity management as a key component of many organisations' go-to-market approach for 2014 and beyond.


[1] - For audience transparency, the author is employed by ForgeRock.

European Open Identity Summit – Review

This week saw the first European Open Identity Summit hosted by identity management vendor ForgeRock [1].  Following hot on the heels of the US summit, that was in Pacific Grove, California in June, the sold out European event, brought together customers, partners, vendors and analysts from the likes of Salesforce, Deloitte, Forrester and Kuppinger Cole amongst others.

Whilst the weather was typically October-esque, the venue was typically French chateau, set in panoramic grounds, with great hosting, food and wine to keep everyone in a relaxed mood.

The agenda brought together the key themes of the modern identity era, such as standards adoption (XACML, SAML2, OAuth2, OpenID Connect, SCIM), modern implementation approaches (JSON, API, REST) through to the vision for modern identity enablement for areas such as mobile and adaptive authentication, all whilst allowing customers and partners a chance to collaborate and swap war stories with some great networking.


Consumer Identity As A Revenue Generator

I have discussed the evolution of identity management on several occasions over the years (not least in August!), with the current iteration seeing a strong focus on utilising the identity of the consumer, as an approach to help drive new and existing revenue, for services and applications.  By capturing consumer identity details, either via portal facing registration systems, or making services available online, brand stickiness can be increased and a more relationship based approach can be developed. Developing platforms for consumer focused identity, requires several key components, mainly scale, modularity and agility.


Salesforce Expand Identity Offering

One of the key announcements at the summit was the expansion of the identity offering, by CRM software as a service giants, Salesforce.  With the Identity Connect platform, Salesforce and ForgeRock have entered into an OEM agreement, where the ForgeRock Open Identity Stack is used to enable the Salesforce solution to allow enterprises to seamlessly integrate with existing on-premise identity directories, with additional SSO capabilities.  Salesforce hope the solution will accelerate the onboarding of new and existing client accounts into their portfolio of online services. This is yet another example of organisations seeing customer identity as a key strategic component of business enablement and revenue generation.


Passwords Are Dead...Long Live The Password!

One of this years keynote speakers was Forrester's Eve Maler.  Always an articulate presenter, Eve dropped the bombshell that 'passwords are dead...'.  Whilst this isn't probably the most surprising announcement in the identity and infosec worlds, there is still to be defined, a clear way to replace the use of passwords as an authentication mechanism.  This is a topic I have blogged on multiple occasions (The Problem With Passwords Again, Still - Oct 2012, The Password Is Dead (Long Live The Password) - Feb 2012, Passwords And Why They're Going Nowhere - Mar 2013).  The failures of password use, storage and implementation are well known, but they are now too well embedded technically and psychologically, that a simple passage to something resembling biometric sustainability is somewhat remote.  Answers on a postcard with how that can be obtained!


The Future is Bright

Everyone loves modern - modern art, modern fashion, cutting edge music, the latest tech gadgets, but where does that leave modern identity management?  Modern in this respect, shouldn't just be focused on the new and shiny.  It needs to be focused on the new and useful.  Mobile devices are clearly the key component for information access, either via smart phones or tablets.  The desktop is dead and the laptop not far behind.  Modern identity needs to integrate seamlessly with mobile devices, utilising native technologies and loosely coupled REST based APIs and integration points.  Modern identity must also be convenient and easy to use.  Security in general is bypassed when too restrictive or complex and modern identity is no different.  For authentication and authorization processes to be effective, they need to convenient, good looking and easy to use.


The summit was a great event, that produced some interesting and thought provoking discussions, highlighting identity management as a key component of many organisations' go-to-market approach for 2014 and beyond.


[1] - For audience transparency, the author is employed by ForgeRock.

The Evolution of Identity & Access Management

Identity and access management is going through a renaissance.  Organisations, both public and private have spent thousands of hours (and dollars) implementing and managing infrastructure that can manage the creation of identity information, as well as management of the authentication and authorization tasks associated with those identities.  Many organisations do this stuff, because they have to.  They're too large to perform these tasks manually, or perhaps have external regulations that require that they have a handle on the users who access their key systems. But how and why is all this changing?



The Enterprise and The Perimeter

Changing Identities
15 years ago, identity and access management was focused on stuff that happened within the corporate firewall.  Employees joined the company, were entered into the payroll system and 'IT' set them up on the necessary systems they needed.  That setup process was often manual, inconsistent and perhaps involved several different application and system owners and administrators.  IT being IT, would look to try and automate that account creation process.  This was driven partly by business benefits (new employees don't need to wait 3 days for to get working) and also the costs savings associated with migrating manual tasks to a centralised provisioning system.


Cloud, Services & The Modern Enterprise

Organisations are not the same as they were 15 years.  I talked about this recently with the onset of the 'modern' enterprise.  What does that mean?  Due to economic changes and changes in working patterns,  organisations are now multifaceted complex beasts.  No one team or department can be associated with a single process or business function.  Supply chains are now swollen by outsourced providers, all rapidly engaged and critical to short term product launches or business deliverables.  These business changes rely heavily on an agile identity management and authentication infrastructure, that can not only quickly engage new partners or suppliers, but also track, authorize, audit and remove users when they are no longer required or a partner contract expires.

Continually Connected

Identity from a consumer sense has also altered.  More and more individuals have an identity context on line.  That could be something like a Facebook or LinkedIn account, right through to personal email, banking and ecommerce as well as consumer outsourced services such as Spotify, Kindle books or iTunes.  Individuals are embracing applications and services that can give them non-physical access to experiences or data stores, all centred about their own identity.  These online consumer identities are only as valid of course, if the identity owner is able to connect to those services and sites.  That connectivity is now ubiquitous, making life experiences richer, whilst increasing demands for consumer scale infrastructure.

Standards and More Standards

I recently watched the Gartner on demand catch up series of the recent Catalyst event, that was neatly titled the "Identity Standards Smackdown".  A panel of 5 leading identity go-getters, represented some of the emerging and long standing IAM standards, promoting their worth in the current landscape.  The five represented were OAuth2, SCIM, XACML, OpenID Connect and SAML2.  The details of each are all varied and there are numerous pro's and con's to each.  What is interesting, is that we are now at a position where all of these standards are now playing a part in both public and private enterprise adoption, acting as catalysts for new service offerings by services and software vendors, as well as acting as a yardstick to aid comparisons, maturity metrics, interoperability and more.

The standards all play slightly different parts in the provisioning, authentication and authorization life cycle, but the healthy debate goes to show the both end user and vendor interest in this space is as hot as it has even been.

By Simon Moffatt

The Evolution of Identity & Access Management

Identity and access management is going through a renaissance.  Organisations, both public and private have spent thousands of hours (and dollars) implementing and managing infrastructure that can manage the creation of identity information, as well as management of the authentication and authorization tasks associated with those identities.  Many organisations do this stuff, because they have to.  They're too large to perform these tasks manually, or perhaps have external regulations that require that they have a handle on the users who access their key systems. But how and why is all this changing?



The Enterprise and The Perimeter

Changing Identities
15 years ago, identity and access management was focused on stuff that happened within the corporate firewall.  Employees joined the company, were entered into the payroll system and 'IT' set them up on the necessary systems they needed.  That setup process was often manual, inconsistent and perhaps involved several different application and system owners and administrators.  IT being IT, would look to try and automate that account creation process.  This was driven partly by business benefits (new employees don't need to wait 3 days for to get working) and also the costs savings associated with migrating manual tasks to a centralised provisioning system.


Cloud, Services & The Modern Enterprise

Organisations are not the same as they were 15 years.  I talked about this recently with the onset of the 'modern' enterprise.  What does that mean?  Due to economic changes and changes in working patterns,  organisations are now multifaceted complex beasts.  No one team or department can be associated with a single process or business function.  Supply chains are now swollen by outsourced providers, all rapidly engaged and critical to short term product launches or business deliverables.  These business changes rely heavily on an agile identity management and authentication infrastructure, that can not only quickly engage new partners or suppliers, but also track, authorize, audit and remove users when they are no longer required or a partner contract expires.

Continually Connected

Identity from a consumer sense has also altered.  More and more individuals have an identity context on line.  That could be something like a Facebook or LinkedIn account, right through to personal email, banking and ecommerce as well as consumer outsourced services such as Spotify, Kindle books or iTunes.  Individuals are embracing applications and services that can give them non-physical access to experiences or data stores, all centred about their own identity.  These online consumer identities are only as valid of course, if the identity owner is able to connect to those services and sites.  That connectivity is now ubiquitous, making life experiences richer, whilst increasing demands for consumer scale infrastructure.

Standards and More Standards

I recently watched the Gartner on demand catch up series of the recent Catalyst event, that was neatly titled the "Identity Standards Smackdown".  A panel of 5 leading identity go-getters, represented some of the emerging and long standing IAM standards, promoting their worth in the current landscape.  The five represented were OAuth2, SCIM, XACML, OpenID Connect and SAML2.  The details of each are all varied and there are numerous pro's and con's to each.  What is interesting, is that we are now at a position where all of these standards are now playing a part in both public and private enterprise adoption, acting as catalysts for new service offerings by services and software vendors, as well as acting as a yardstick to aid comparisons, maturity metrics, interoperability and more.

The standards all play slightly different parts in the provisioning, authentication and authorization life cycle, but the healthy debate goes to show the both end user and vendor interest in this space is as hot as it has even been.

By Simon Moffatt

ForgeRock Open Identity Summit comes to Europe…

Join us for the Open Identity Stack Summit Europe, on 14-16 October 2013 at the Domaine de Béhoust, France.

We will be gathering at ForgeRock’s luxe Chateau, Domaine de Béhoust (just outside Paris), where our Open Identity Stack community will delve into OpenAM, OpenIDM, and OpenDJ best practices, use cases, how-tos, and more.

We’ve been saying for a long time that identity & access management (IAM) must be reconstructed to adapt to today’s problems. Modern APIs, standards, scale, speed, and modular architecture are all needed for successful modern IAM deployments. The agenda will include dynamic working sessions addressing the latest IAM developments, including mobility, identity bridge, and customer case studies.

A call for papers is open. If you are doing something interesting with the Open Identity Stack and you would like to share the experience by presenting a session at the summit, send your proposal by September 4.

ForgeRock’s chateau is large, but registration is limited. Therefore, I encourage you to reserve your spot and register quickly !

If you want to get a feel of the atmosphere of the conference, check the photo album from the first ForgeRock Open Identity Summit or get a glimpse at the skills of one of our keynote speakers :
LP0_8856I hope to see you at ForgeRock’s chateau in October !

 


Filed under: General Tagged: conference, europe, ForgeRock, france, identity, openam, opendj, OpenIdentityStack, openidm, opensource, summit

The Rise & Protection of the API Economy

Nearly every decent web site and application will have an application programming interface (API) of some sort.  This may simply be another interface into the applications most advanced administrative controls, controls which perhaps are used by only 5% of users and would clutter up even the most clearly designed user interfaces.  To make those controls open to end users, they have traditionally been exposed in a programmatic manner, that only deep technologists would look at or need to use.  In addition, those API's were probably only ever exposed to private internal networks, where their protection from a security perspective was probably less of a concern.




API's Today

As more organizations (and consumers of course) leverage applications and services online, there is an increasing percentage of web based API's.  A quick book search on Amazon produces over 200  results with regards to their design.  Undergraduate computer science courses will often have a module on basic web programming, with the simplest examples now choosing to build out an API instead of a full blown user interface driven application.  Many consumer focused applications and social networking sites such as Twitter, Google and Facebook, all lean heavily towards API level features.


Why They're Popular

For the likes of the consumer focused social networking platforms, API's provide a powerful tool to promote developer adoption.  Increased developer adoption for the likes of Facebook, increase the attractiveness of the service being offered, especially if more versions of Angry Birds or Candy Crush are being released.  API's in this framework, are all about certain features and ease of use. The premise is focused on being able to expand and extend the underlying platform as quickly and simply as possible, using a variety of client libraries and languages.

From a more business focused web application, API's are more focused on integration, interoperability and customization.  Integration with regards to owned business logic and process, interoperability with regards to underlying system and language differences and customization, perhaps relating to user experience.

Many web services in general could be argued to be solely API driven.  Sites like the Google owned VirusTotal, which provides a virus checking aggregation service, can be accessed using a user interface or API.  The same could be applied to Google itself

Why They Need Protecting

As web services and applications switch to becoming more engine like in nature, with limited or no user interface at all, the protection of the underlying API becomes more important.  The increased popularity of REST as architecture for web API development, provides not only an increased ease of use for developers, but also simpler touch points for the authentication and authorization of endpoint clients.  Knowing which clients are accessing your API is critical, as is being able to restrict their access to certain features or URL's.

Like with many security related aspects, externalising the authentication and authorization aspect away from core API feature management, allows developers to focus on core use cases and consumer and business value, without worrying about security.


By Simon Moffatt

The Rise & Protection of the API Economy

Nearly every decent web site and application will have an application programming interface (API) of some sort.  This may simply be another interface into the applications most advanced administrative controls, controls which perhaps are used by only 5% of users and would clutter up even the most clearly designed user interfaces.  To make those controls open to end users, they have traditionally been exposed in a programmatic manner, that only deep technologists would look at or need to use.  In addition, those API's were probably only ever exposed to private internal networks, where their protection from a security perspective was probably less of a concern.




API's Today

As more organizations (and consumers of course) leverage applications and services online, there is an increasing percentage of web based API's.  A quick book search on Amazon produces over 200  results with regards to their design.  Undergraduate computer science courses will often have a module on basic web programming, with the simplest examples now choosing to build out an API instead of a full blown user interface driven application.  Many consumer focused applications and social networking sites such as Twitter, Google and Facebook, all lean heavily towards API level features.


Why They're Popular

For the likes of the consumer focused social networking platforms, API's provide a powerful tool to promote developer adoption.  Increased developer adoption for the likes of Facebook, increase the attractiveness of the service being offered, especially if more versions of Angry Birds or Candy Crush are being released.  API's in this framework, are all about certain features and ease of use. The premise is focused on being able to expand and extend the underlying platform as quickly and simply as possible, using a variety of client libraries and languages.

From a more business focused web application, API's are more focused on integration, interoperability and customization.  Integration with regards to owned business logic and process, interoperability with regards to underlying system and language differences and customization, perhaps relating to user experience.

Many web services in general could be argued to be solely API driven.  Sites like the Google owned VirusTotal, which provides a virus checking aggregation service, can be accessed using a user interface or API.  The same could be applied to Google itself

Why They Need Protecting

As web services and applications switch to becoming more engine like in nature, with limited or no user interface at all, the protection of the underlying API becomes more important.  The increased popularity of REST as architecture for web API development, provides not only an increased ease of use for developers, but also simpler touch points for the authentication and authorization of endpoint clients.  Knowing which clients are accessing your API is critical, as is being able to restrict their access to certain features or URL's.

Like with many security related aspects, externalising the authentication and authorization aspect away from core API feature management, allows developers to focus on core use cases and consumer and business value, without worrying about security.


By Simon Moffatt

Thanks to all participants of the 1st ForgeRock Open Identity Summit !

ForgeRock Open Identity Summit opening

I hope all attendees enjoyed the summit as much as I have. It’s been a real pleasure to meet face to face some of the project members, customers and partners I’ve interacted with, over emails and phone for the last 3 years, and to see again colleagues, ex-coworkers…

All the photos that I’ve captured during the summit are now publicly available on Flickr.

See you at the next summit !

[Update on June 19] The presentations from the summit are now online. Goto the Summit page and click on the Agenda.

LP0_8918LP0_8901LP0_8817


Filed under: General Tagged: conference, ForgeRock, identity, ois13, openam, opendj, openidm, photography, photos