Event Recording

Paul Fremantle - Borderless Identity: Managing Identity in a Complex World


Log in and watch the full video!

Keynote at the European Identity & Cloud Conference 2014

May 13-16, 2014 at Munich, Germany

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
So I would like to welcome our next speaker, Paul Freemantle from w S O two morning, Paul. Good morning. I hope you also had a pleasant night. I
Had a very good night. Yes.
And you will talk to us about borderless identity. Thank you. Thanks a lot.
Good morning, everybody. It's it's a bit of a punishing schedule. Isn't it to be still here at about seven last night and then have a, a bunch of detailed technical presentations at eight 30 in the morning. So I appreciate the people who've made it this morning. So, ah, here we are the clicker. So this is not, I just put this up as an example. This is about me, but, but the reason I put this up is that in that simple description of me are five different identities and, and five different email addresses that I have been issued by various organizations or created to solve different problems in my life. And, and I think this is one of the challenges of today is that identity is a fluid issue. And those identities that we have are crossing different borders and are creating different challenges. And that's what I'm gonna talk about today is how to deal with those problems.
And the, one of the things I'd like to do is just to look at the big view and this slide, which I actually stole from one of my customers who stole it from a, from a research company at Kenney to give them full credit. I think really captures the changes that I've seen in my working life. When I first got a job, I was a student with IBM and in those days, IBM did everything. If you went into the stationary cupboard, there were IBM pencils. If you went into the photocopy room, it was an IBM photocopier. If you book travel, it was the IBM travel agent. It was literally a complete universe. And the reason why was that in those days, the facts was a, was a new invention that was making life simpler and quicker and easier. And in order to order a pencil, you had to fill in a form in and in triplicate with carbons or photocopy it and mail it somewhere.
So to, to do those things was very expensive across organization. And that black line is tracing the reduction in the cost of doing cross organization transactions. And as you can see, it's approaching zero. And what that's doing is creating a completely new world in which businesses do not operate on their own. They operate in connected webs in this, in this chart, they're called value webs. I call them ecosystems and, and these ecosystems are creating what we call connected businesses. And I've also heard the term from a lot of people, digital businesses. And let me give you some examples of some different connected businesses. And then we're gonna look at how those affect identity and why they, they bring complete new challenges to how we deal with and manage identity. So the idea of a connected business, I don't, I it's a, it's a overloaded term and, and all these terms are overloaded.
I, I mean a business where the, the connections really span every part of that business. And a simple example is connected car where we are seeing car manufacturers linking to telematics in the car, creating app stores for in car systems, linking their supply chains, linking to emergency services, really trying to create a, a, a complete ecosystem around the car that is digital and connected. Yesterday. We heard from Barbara Mandel from Daimler about some of the risk challenges associated with that connected car. For instance, Daimler won the connected car of the year last year with their Mercedes. It's creating some challenges around identity because what connected car is doing is it's reconnecting car manufacturers to their customers. Instead of it being only a relationship between the dealer and the customer, it's a full relationship, not just between the car manufacturer and the customer, but also the, the, the partners, the people who build apps that go into that car and the customers.
And then even further down the supply chain, if your car can send a message to the, to head office to say, I think some part is about to break down. Then you can connect that to the car, supply the car part supplier, and have it in the right place. And that's a huge supply chain. Another example of this is what Boeing is doing. They are building an ecosystem, which you might call connected plane. In fact is really a connected supply chain. They're trying to solve exactly this problem of how do I make sure that when a plane lands in Munich and it needs a new part, I can get that part there before the plane lands and replace it in time. So I can keep the planes in the air. And they're doing this by creating a powerful cloud ecosystem with very complex identity requirements.
Similarly, we see people in government trying to create connected government by connecting all the different aspects of government and putting a single identity model or, or a connected identity model across that. And this doesn't just apply to these few industries, this examples, a apply all over the place. So for example, Hilti is a Swiss tool manufacturer, and they are connecting their tools. They're putting GPS, internet connected devices in every tool so that they can actually manage the tools in a cloud environment and connect those to the building sites and the people managing the building sites that need them. So these kind of businesses are happening everywhere. And one of the key challenges behind this is the ability to offer and manage APIs. And I'm not gonna talk much about that. That's a whole subject of its own, but API management and taking your business concepts and exposing them out to other parties is a key part of creating a connected business.
And one of the biggest challenges around identity and access control that there is. So a connected business is not just about your internal identities. It's not just about your identities with your partners. It's about the identities of your partners, customers, and your partners partners, because it's connecting not just you with your partners, with your customers, but actually beyond that into the, into the whole supply chain, into the whole ecosystem. And that's why those five identities of mine are suddenly incredibly important because I may be a partner of yours or a customer of a partner of yours in multiple different ways. And those different identities may come to you somehow. And you need to, to understand that these are really old Paul and that he's already a customer via some other model. Maybe I, I actually do drive a Mercedes. It's not, it's not a flash Mercedes, it's a Mercedes veto van, but, you know, so I, I drive a Mercedes and I happen to use this tool or whatever I'm coming at at you from multiple different angles.
And so ecosystems are really important to this new world and having an identity strategy that solves these ecosystem problems is challenging. The old identity model was about borders. It was about either you are in my world, or you are out of it. And if you're in my world, then I assume everything's fine. This is the VPN model. You know, once you're on the VPN, you're in, if you're not on the VPN, you're out and it's fundamentally, unfortunately, a broken model, it doesn't support ecosystems. And of course we've seen through, you know, Snowden and, and previous security issues. That it's a very bad assumption to make that once you're in, you're in, that's a, that's a really, a really broken assumption to make.
So borders don't work anymore, and it's not just ecosystems. It's bring your own device, bring your own laptop, bring your own key. It's about APIs. It's about internet of things. It's about cloud, of course, and, and the fact that we're using multiple different cloud SAS providers to do our everyday job. And of course, it's about old, old style problems as well, like mergers and acquisitions and these value webs. So we've seen problems with people trying to manage this as a single identity ecosystem. So what happens is you go from saying, okay, well, we're gonna solve this by using single sign on. We're gonna use a, a federated identity model like SAML, but soon we get identity spaghetti. We, it grows too much to be managed as a single system. And, and I have some history in this. I've been working on enterprise integration for 20 years and, and I've seen exactly the same challenges be try to solve by enterprise integration.
So the first step people tried to do was say, well, we're gonna do a, a single integration hub. That's like saying I'm gonna use SAML everywhere. And that failed because of all those multiple challenges we saw got piled onto it. And it became too much for a single system to manage. So then we saw people put in different ESBs in different departments and then build something called across ESB ESB, which tried to link those together. And actually that's a pretty good solution. When I first heard somebody say, well, I need an ESB to link MYB together. I thought, oh my God, they're, they're crazy. But actually that worked really well because it said I'm not going to try and have a uniform model everywhere that just doesn't scale. I can't manage, you know, 50 billion identities of internet, of things, devices in, in 2020 with that I need to federate.
And that's where we've ended up with, with enterprise integration and of course Federation across different identity ecosystems. And it identity models is going to be the same conclusion we're gonna come to in the identity model. So this model of trying to say, it's all uniform, it all looks the same. It, it all fits into a SAML bucket or an open ID connect bucket is not going to work because this is the reality of life. We have lots of different things, lots of different shapes and sizes, different, different holes and different things to fill those holes. And we're never gonna get away from that. It's gonna get worse. So these federated identity silos are going to cause problems because although it looks like we could connect them, they're actually disconnected. So we need to learn this lesson that a single monolithic identity system is not going to work.
So there are some things moving in a better model. And one of those is open ID connect. And the reason it's moving in a better model is it, it assumes that you can have multiple cooperating identity systems. So for example, the GSMA I've been working with, and they are trying to put in place a model, which allows you to use your mobile phone as your identifier across different networks. So I, I might be with one network, you might be with another network. And the same identity system will work across those networks because of open ID connect discovery, which allows any website to say, well, who is Paul's provider? And then I'll go to them. And, and this is a, this is a good solution. It's basically the model we saw in enterprise integration, which is the registry model of integration. It says that everybody has a uniform interface.
And then we go to a central registry and find out who I should talk to. So that's a big improvement because it no longer assumes there's one single place to talk to, but it doesn't solve the problem because the problem we still have is that there's more than one type of identity model. There's open ID connect. There's O worth two there's SAML two, there's lots of proprietary systems. There's old systems, there's Ws Federation, there's Facebook, there's multiple, you know, Salesforce. So this model is good, but it doesn't solve the problem. So what we need is what I call an enterprise identity bus. So we need something that can really link these together that can seamlessly help us transfer identities across different systems. So what does that mean? And that this is gonna sound like a silly example, but what this means is that you could use your Facebook login to get into Salesforce.
Now that may not be appropriate for your organization. But if I said, you could, you could use your Google login to get into say Salesforce and your company uses Google for there, internal apps and identity. Then that starts to make more sense. And if I can use that Google login to get into lots of different systems, that's very powerful. If I then say, well, actually you can use that Google login, but you can also use your internal identity from a SAML provider. And I can bridge across multiple of these seamlessly with just standard single sign on logins. Then this starts to become very powerful and it starts to accept that there isn't a single identity system. That's gonna solve this for anybody that you have to deal with diversity, you have to deal with the ecosystems and you have to deal with multiple identities. So what does an enterprise identity bus have to do?
Well, it's not just about tokens. It also has to deal with claims because every token brings with it claims. So it has to be able to map and bridge and broker between tokens. And it has to be able to map and bridge and broker between claims. And of course, these things don't work without provisioning. So you also need to be a provisioning bus. You need to be able to take provisioning requests in S P M L from one system and convert them into a skim request against another system or a Salesforce request or a Facebook request or whatever it happens to be Google. And you also need to be able to do just in time provisioning. If I come in with my Facebook identity, to my connected car, maybe they don't know that I've used this car before, but they have an identity for the car and they have an identity for me, and they need to provision me into the system, say, Paul is a new user of this car.
Then you need to be able to just in time provisioning, this is very, very important and very powerful. So that's really my message for today. I hope it's been useful and clear. I just wanted to leave you with a, a quick thing about who WSO two is because probably many of you haven't heard of us before. We are a open source open platform company that is solving this problem, and we are helping businesses become connected businesses. And what's our claim to fame is that we have done this in a single code base. We have a single open source code base that solves not just identity problems, not just creates an identity bus, but also helps do API management, internal integration and cloud platforms. So this is a, a very powerful model. And if you want to find out more, we have a, a booth up here and we're gonna be hit around to talk about it.
Our identity bus is launching next week. And if you come to the booth, we can tell you more about that. So I just wanna leave you with one final thought, which is what I think is so powerful about connected businesses and connected ecosystems and why this is not just a, a problem for you, but is actually an opportunity for you to do amazing things. And this quote from Jeff Bezos is about how, when you create a connected business, you create opportunities, not just for your own creativity, your own employee's abilities to come up with new ideas, but you actually create opportunities for your customers, your partners, and third parties, to be creative around your business, around your platform, and to create new opportunities. And that's really exciting. So I hope you, I hope you take this as an opportunity to be positive and enthusiastic about the opportunities this brings. Thank you.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00