Information is the new currency and as more “things” come online the volume of data will dramatically increase. Typically, this data is stored in multiple repositories and different personas have different levels of access.
In this webinar, which was recorded on August 18th, 2015, you can learn how to answer key questions to today’s tough challenges:
How do we keep sensitive data, secure it and make it accessible?
How do we manage authorization policies related to this data?
How do we manage entitlements for not only web apps, but also users, devices and things?
ForgeRock’s Senior Software Developer, Andy Forrest, discussed the challenges and solutions surrounding Entitlements.
Founded four years ago, by five guys who had an idea
They were working for sun microsystems – very innovative. Built java & solaris etc
They had a big software & hardware biz, and a huge IAM biz, globally successful
Late 2000s, acquired by Oracle
Oracle already had IAM. Proprietary fusion apps
Sun had commercial open source, telco-scale IAM
Lots of Sun IAM ppl left to found ForgeRock to continue the commercial open source portfolio under a diff name
Now read slide
We’ve got a lot of the SunIAM guys employed with ForgeRock now
We’ve got some of the best investors in the world backing us now. Accel series A: Facebook
Foundation Capital: Netflix Series A
Sun Co-Founder Scott McNealy is our marquee advisor and he grew Sun into a multi-billion dollar company
Introduce myself
What is big data?
4 points
buzz word
revenue, business
privacy, consumer
protect
Big data is essentially information, our data, collected, collated and utilised to bring value
Big data is only relevant if it gives value
Collect it all as you never know where the value may come
Two sides, consumer and privacy, business and revenue
Data is worth something to consumers and businesses and therefore needs protecting
Avalanche of data
authentication - proving who you say you are
authorisation - verifying what you’re allowed to carry out in a given context
policy?
ACLs
white lists / black lists
all in / all out
one dimension, the subject
RBAC
not who you are but you you’re apart of
two dimensions, the subject/group, the resource
employ door, door_close, door_open
Elaborate each point
P*P architecture
Needs a few more labels
How does it map to AM?
Why?
authentication has been the focus
welcome everyone, trust no one
IoT forces us to consider other types other than just web resources
We need to be able to express richer rules to define the relationships between subjects and devices
IoT devices are better described with attributes
UMA puts policy in the hands of the consumer
Now we’re talking about high scale policy management
This needs a little more thought
ABAC is a follow on from RBAC, the next evolution
Elaborate each point
Sun
Elaborate each point
12/13 diff
REST not only lightweight, simple and interoperable API but also eliminates the agent
Demo time
Main point is to demonstrate the engine via the UI
200 policies
200 sessions
10,000,000 users
20 milliseconds, 1% of two seconds
maybe needs deployment diagram
acceptable average web page load time
Elaborate each point
Tie back to presentation brief. Information is the new currency, information can take the form of big data and AM is ready to protect it.