Key challenges
This presentation is the property of its rightful owner.
Sponsored Links
1 / 14

Key Challenges PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Key Challenges. Mergers, Supply Chain, Outsourcing, Partnering, Globalization, …. Integration Imperative. Cloud Computing. Compliance++. Why the Focus on the Cloud?. The cloud cadence is the fastest way to get users new capabilities – including on-premises

Download Presentation

Key Challenges

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Key challenges

Key Challenges

Mergers, Supply Chain, Outsourcing, Partnering, Globalization, …

Integration Imperative

Cloud Computing


Why the focus on the cloud

Why the Focus on the Cloud?

  • The cloud cadence is the fastest way to get users new capabilities – including on-premises

  • State-of-the-art cloud architectures provide the highest availability and scale with good TCO

  • Significant innovation occurring on the internet; ensure headroom for your solutions

Implications 1 2

Implications (1/2)

  • In some ways, nothing new here. Just more challenging…

    • As predicted, growing need for access while crossing boundaries

    • Still need to be able to provision, authenticate, and authorize

    • Still need to track, manage, and report

    • With high-availability, high-scale, great management, low TCO, …

  • But increasingly organizations control less of the solution

    • Applications and developers can be in other organizations and are probably on different or new platforms

    • Identities and profiles can be external – and need to be “validated”

  • And the regulatory complexity is growing

Implications 2 2

Implications (2/2)

  • “Hybrid” is the Norm

    • Current systems and applications remain critical indefinitely

    • And you need to be able to integrate with applications in other organizations and with SaaS solutions

  • Want to be able to deliver applications that are accessible to any device running anywhere

Seamless experiences in a hybrid world

Seamless Experiences in a Hybrid World

Enterprise’s Partners


(Potentially not AD)

Enterprise’s Customers



(Facebook, Google, Live)



(DMV, banks, credit agencies)

Fed Svc

Fed Svc

Fed Svc

Example of Microsoft Services



Office 365










SQL Azure

InTune(device management)

App/Service management




Identity Management

Emerging technologies that can help

Emerging Technologies That Can Help

  • Claims-Based Identity

    • Organizations like RBAC, entitlements, and other policy-driven approaches

    • The claims model provides a comprehensive foundation to enable these solutions in a distributed, cloud-friendly manner – learn more at

    • The technology generalizes the proven mechanisms found in Kerberos, PKI, SAML, ACLs, RBAC, Entitlements, …

    • These technologies are embedded in products from MS, IBM, Oracle, Ping as well as many existing and emerging standards

    • Enables cross-organization collaboration and new scenarios; e.g. distributed delegation; distributed groups and role management; high-scale, capability-based access control; …

Why claims allow crossing of boundaries

Why claims allow crossing of boundaries

  • OED Definitions:

    • An assertion is a “confident and forceful statement of fact or belief”.

    • A claim is “an assertion of the truth of something, typically one which is disputed or in doubt”.

      • Better than: “To state as being the case, without being able to give proof” (TD 0910)

      • A claim is always spoken by some entity, and the fact that a claim is signed by that entity does not in itself reduce that doubt.

  • Essence is building an infrastructure in which relying parties can deal with doubt

Emerging technologies that can help1

Emerging Technologies That Can Help

  • Need-to-know Internet:

    • Internet services operating on behalf of ALL actors assume other services may be rogue and defend themselves

    • Identity information released is ONLY that required for transaction to complete (proportionality).

    • Contextual linking should be opt-in by individuals in return for benefits – not done by services or behind their backs

    • Compliance requirement: Profile information must be isolated from natural identity

    • Audit requirements should be proportionate to context (e.g. financial transactions, youth sites, search engines)

    • Audit information should be visible only to auditors and only as required – not weaken overall Internet security and privacy

Build minimal disclosure into identification

Build minimal disclosure into Identification

  • Clarify how identifiers relate to minimal disclosure:

    • Wrong:

      • Generally, identifiers, and/or attributes will uniquely characterise an entity within a particular context.

    • Right:

      • Identity: A representation of an entity in the form of one or more attributes that allow the entity or entities to be sufficiently distinguished within a context.

Emerging technologies that can help2

Emerging Technologies That Can Help

  • Cloud directory++ that

    • Synchronizes with and synergizes with enterprise directory

    • Shares a logical schema with enterprise and device directories

    • Is multi-tenant

    • Is secure (more than lip service!)

    • Is based on “Privacy By Design”

      • Privacy of individuals

      • Privacy of enterprises

    • Supports “hybrid applications”

      • E.g. Sharepoint

    • Shares and supports common policy system

Cloud identity conceptual architecture

Cloud Identity Conceptual Architecture







Directory Service

Authentication, Claims Transformation




Data Models











Multi-tenant, Extensible, Secure Identity Store

Looking ahead

Looking Ahead

  • Identity Fabric (Look at Windows Azure ACS V2)

    • Loosely coupled approach built on interoperable protocols and claims-based architecture

    • Integrated authentication and authorization spanning Servers, cloud hosting environments, private clouds, extranets, and clients

    • Authorization that enables coordinated, cross-system policies

  • Seamless Experiences

    • Borderless collaboration – BYOI SSO, integrated connectivity

    • Deep integration applications

    • Integrated device management, group policy

Integrated Management

Developer Ecosystem

Seamless Experiences




Looking ahead1

Looking Ahead

  • Developer Ecosystem

    • Standards-based protocols for integration

    • Great developer assets - Visual Studio and Marketplace integration

  • Integrated Management

    • Common management on-premises and in the cloud

    • Common experience across directories, applications and services

    • Enhanced self-service

Integrated Management

Developer Ecosystem

Seamless Experiences




  • Login