The Identity Server A New Layer of Enterprise Infrastructure

1
The Identity ServerA New Layer of Enterprise
Infrastructure

• Digital Identity World
• October 9, 2002

Lance HoodVP Products, OneName Corporation
2
Key topics

• Identity is an important foundation for Web
  services
• Identity Web is ideal architecture for Web
  identity services
• Identity servers are new layer of enterprise
  infrastructure
• Real world solutions

3
What would happen if?
We could share identity information from
databases, directories and applications

• with the same ease and breadth as we share
  documents on the Web
• we would have an Identity Web.

4
An Identity Web that linked data, directories and
applications could

• Provide permission-based privacy protection for
  regulatory compliance
• Unify portals among business partners
• Synchronize and protect inventory data among
  suppliers
• Enable trusted e-business from any device

5
Identity across boundaries

• Benefits
• Stronger business relationships
• Increased revenue
• Increased productivity
• Reduced costs
• Competitive advantage

• Barriers
• Persistent identifiers
• Security
• Privacy
• Evolving data definitions
• Obsolete data

Identity services will allow any business to
establish an identity Web
6
Evolution of the Identity Web
Web Servers
Logical Organization and Linking
Web Pages(HTML)
File Servers
Files
Physical Organization and Storage
Digital Content (the Web)
7
From enterprise to Web identity
EnterpriseDirectoryServices(LAN)
WebIdentityServices(Internet)
Deploymentarchitecture
Directory ormetadirectoryserver
Federatedidentity servernetwork
LDAPDSML
XNS
Standardprotocol
Hierarchicaldirectory (X.500)
Web (linkedXML documents)
Datamodel
LAN
Internet
8
Document linking vs. identity linking
HTML
HTML
XML
XML
Contract
Contract
URI
URI
Contract
HTML
HTML
XML
XML
Contract
URI
URI
URI
Contract
Contract
Both require document markup, exchange protocol
and addressing/linking
9
XNS identity protocol
Identity
Persistent global addressing,logical naming,
cross-domain mapping
Addressing
Schema sharing, versioning,intelligent forms,
receipts
Data Sharing
Authentication, Web SSO, authorization,
certification, auditing
Access Controls
Permission management, privacy regulation
compliance
Usage Controls
Persistent links, chain-of authority, workflow
Update ControlsLinking Synchronization
10
Federated/distributed identity
Identity server
Identity server
XML
XML
XML
XML
XML
XML
Trustboundary
XML
XML
XML
XML
XML
XML
Identity server
Identity server
Identityclient
PlainText
WML
HTML
XML
11
Role of identity in Web services
12
Identity Services Segmentation
Data Control
Meta Directories
Directories
Minimal Access Usage/Update
RDMS
Intranet Web Servers
Internet Web Servers
DesktopApplications
Application Domain
Cross-Domain ExtraNet Internet
Data Sharing/Integration
13
Identity services in the enterprise
Browser
Application ID
Application
Browser ID
XNSIdentityRoot
Logical
Web (HTML over HTTP)
Web Portal (HTML Cookies over HTTP)
Web Services (XML over SOAP)
Web Identity Services (XNS over SOAP)
Enterprise Security
Enterprise Security
Enterprise Security
Enterprise Directory
Enterprise Directory
Enterprise Directory
Enterprise Integration
Enterprise Integration
Enterprise Integration
Physical
Application
Application
Application
Persistence
Persistence
Persistence
LDAPIdentityRoot
Domain
Domain
Domain
14
The identity services layer
Pure Identity (Actors)
Presentation
Servlet
Servlet
Servlet
Servlet
Servlet
Servlet
Webserver
SOAPserver
Otherprotocols
Identityprocessing
XNS
ID app
ID app
ID app
ID app
ID app
Identity server
Businessprocessing
DSML
App
App
Metadirectory
App
Application server
LDAP
Relational data-base server
Object data-base server
Directoryserver
Persistence
Pure Data (Bits)
15
Identity server integration architecture
Web Portal
Other Identity Server
Wireless Portal
Web ServiceConsumer
HTML Servlet
WML Servlet
SOAP Connector
SOAP Connector
SOAP Connector
SOAP Connector
Firewall
SOAP Connector
SOAP Connector
SOAP Connector
SOAP Connector
Identity Application
Identity Application
Identity Application
XNS Base Services
IdentityDocument(XML)
IdentityDocument(XML)
IdentityDocument(XML)
IdentityDocument(XML)
Identity Server
OneName Integration Suite
SAML Adapter
LDAP Adapter (JNDI)
JDBC Adapter
Enterprise Security Server(e.g., Netegrity)
Enterprise Directory Server (e.g., Active
Directory)
Enterprise Database Server (e.g., SQL Server)
16
Permission based data exchange

• Customer data distributed based on privacy
  agreements
• Changes to data automatically published to
  partners
• Disclosure to distribution groups updated if
  privacy agreement changes

XNS Links
Partner Identity Documents
DistributionIdentity Web Service
DistributionGroup 1
DistributionGroup 1
DistributionGroup 1
JDBC Adapter
Customer Identity Documents
Legacy Data
Permissions
Account Data
17
E-Loan / Mortgage Example
Supporting Services
Consumer
Personal Identity

• XNS PersonalIdentity
• Wallet
• Keys
• Credentials
• Contracts

XNS Linked Contracts
XNS Form Submission
TransactionRepository
Executed E-Loan Agreement
18
Developing identity applications
3 Build/integrate with client application
Indirect
Direct
Target Application
1 Define messages and data
InterfaceApplication
Web Services Consumer
XSD
WSDL
Web Services Consumer
SOAP
UML
Web Services Provider Implementation
Identity Server
2 Implement service
19
Summary

• Identity servers provide the identity
  infrastructure needed for Web services
• Identity servers enable valuable, strategic,
  e-business initiatives
• Identity servers can be deployed incrementally

20
www.onename.com

• 206-812-6000
• sales_at_onename.com