Versions Compared

Old Version 1

changes.mady.by.user jim mason

Saved on

compared with

New Version Current

changes.mady.by.user jimm1

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Key Points

  1. proprietary and open-source solutions for apps and services
  2. TOIP - interoperable identities, wallets etc



References

Reference_description_with_linked_URLs_______________________Notes______________________________________________________________


https://solutionsreview.com/identity-management/the-10-best-free-and-open-source-identity-management-tools/Best free open source IAM solutions - 2019
https://trustoverip.org/about/faq/m TOIP Trust Over IPTOIP - Trust Over IP open identity management standardsprotocol framework


IAM concepts
https://trustoveripvonx.org/wp-content/uploads/sites/98/2020/05/toip_introduction_050520.pdfTOIP Foundation White Paper
https://www.forbes.com/sites/vipinbharathan/2020/05/09/trust-is-foundational/#4e9a44a4a61eTOIP article - Vipin
https://trustoverip.org/wp-content/uploads/sites/98/2020/05/toip_050520_primer.pdfIdentity Primer - logical use cases
https://www.w3.org/TR/did-core/W3C DID standard
https://w3c-ccg.github.io/did-primer/W3C DID Primer
https://dlt.mobi/wp-content/uploads/2019/09/MOBI-Vehicle-Identity-Standard-v1.0-Preview.pdfMOBI VID Standard
C:\Users\Jim Mason\Documents\My Kindle Content\Blockchain for SSI - Kindle book
IAM conceptsio/about/VON - vonx.io

https://github.com/pawan-cy/tys/blob/master/README.md#method-name

DID-TYS-did-model-requirements-github.pdf

TYS DID framework reqmts - github - Trust Your Supplier


IAM-The Future Of Identity And Access Management.pdfFuture of Identity and Access Management - Forrester - 2019

https://www.slideshare.net/AlgoSec/zero-trust-framework-for-network-security

IAM-ZTX-framework-algoseczerotrustforforresterv1-181022130430.pdf

Zero Trust extension framework - 2018

https://docs.oracle.com/cd/E19798-01/821-1841/bnbxk/index.html

jee-security-concepts-docs.oracle.com-What Are Realms Users Groups and Roles.pdf

JEE IAM concepts - 2010 - Oracle


End point management solutions

IBM DataPower - hardware, software - proprietary, expensive

Apigee - proprietary, expensive


https://wso2.com/identity-and-access-management/why-open-source/

WSO2  open source stack


https://github.com/Netflix/zuul/wikiZUUL IAM open source wiki
https://github.com/Netflix/zuulZUUL github
http://www.baeldung.com/spring-rest-with-zuul-proxySpring REST using ZUUL proxy
http://blog.ippon.tech/jhipster-3-0-introducing-microservices/JHipster using ZUUL


https://syncope.apache.org/Apache Syncope  open source stack

https://www.openiam.com/

https://www.openiam.com/products/identity-governance/ce-vs-ee-feature-comparison/

OpenIAM proprietary, expensive
https://seekingalpha.com/article/4355864-okta-chrome-of-identity-managementOkta proprietary, expensive - Cloud IAM SAAS







Key Concepts


Identity Management



ToIP - Trust Over IP Identity Management standards

Here's an announcement of a new Linux Foundation project - ToIP - Trust Over IP to securely manage digital identities on a p2p basis. While there are many organizations working on DID / SSI ( Sovrin, Civic etc ), this project looks to be an open project to work on common issues across all SSI networks and trust providers. That's why IBM, Mastercard etc are joining.

...

When it's rolled out, it can have a similar impact to what SQL did for databases - 1 protocol to manage them all.
Jim

Layers of the TOIP solution stack

The interactive version of the TOIP stacks

https://trustoverip.org/wp-content/toip-model/


A side by side depiction of a 4 layer trust over ip technology and governance stack.


Article - TOIP foundation - Vipin Bharathan

https://www.forbes.com/sites/vipinbharathan/2020/05/09/trust-is-foundational/#4e9a44a4a61e

...

Provides the rules and monitoring to ensure the 3 parties follow defined guidelines in creating identities, issuing credentials and verifying credentials for a given domain. Using blockchain, smart contracts, this governance may be decentralized in a peer to peer model eliminating the need for centralized trust services in some instances.

Certificate Management



Authentication Management




Identity Proofing

https://www.nist.gov/system/files/nstic-strength-identity-proofing-discussion-draft.pdf

...

Verification of presented identity information



US Real ID



Access Management ( RBAC )










Potential Value Opportunities



Potential Challenges



Candidate Solutions


See FOR MORE DETAILS  — Identity Management security concepts


Apache Syncope - IAM

https://syncope.apache.org/iam-scenario

...

  • Identity Store
    (as RDBMS, LDAP, Active Directory, meta- and virtual-directories), the repository for account data
  • Provisioning Engine
    synchronizes account data across identity stores and a broad range of data formats, models, meanings and purposes
  • Access Manager
    access mediator to all applications, focused on application front-end, taking care of authentication (Single Sign-On), authorization (OAuth, XACML) and federation (SAML, OpenID Connect).


Architecture

https://syncope.apache.org/architecture

...

Third-party applications are provided full access to IdM services by leveraging the REST interface, either via the Java SyncopeClient library (the basis of Admin UI, End-user UI and CLI) or plain HTTP calls.

ConnId

The Provisioning layer relies on ConnId; ConnId is designed to separate the implementation of an application from the dependencies of the system that the application is attempting to connect to.

...

The new ConnId project, featuring contributors from several companies, provides all that is required nowadays for a modern Open Source project, including an Apache Maven driven build, artifacts and mailing lists. Additional connectors – such as for SOAP, CSV, PowerShell and Active Directory – are also provided.


Syncope Concepts

https://cwiki.apache.org/confluence/display/SYNCOPE/Concepts

...

  • users (and roles, starting from release 1.1.0) stored in an external resource can be synchronized to Syncope using a connector instance
  • users (and roles, starting from release 1.1.0) stored in Syncope can be propagated to external resources using connector instances.


Syncope manual

http://syncope.apache.org/docs/reference-guide.html#introduction



Downloads

https://syncope.apache.org/downloads

https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap





WSO2 IAM



ZUUL IAM


ZULL Wiki

https://github.com/Netflix/zuul/wiki

...

Open-Sourcing Zuul article

https://medium.com/netflix-techblog/open-sourcing-zuul-2-82ea476cb2b3

...

This post will overview Zuul 2, provide details on some of the interesting features we are releasing today, and discuss some of the other projects that we’re building with Zuul 2.

How Zuul 2 Works

For context, here’s a high-level diagram of Zuul 2’s architecture:

...

We use Zuul at the entrypoint of all external traffic into Netflix’s cloud services and we’ve started using it for routing internal traffic, as well. We deploy the same core but with a substantially reduced amount of functionality (i.e. fewer filters). This allows us to leverage load balancing, self service routing, and resiliency features for internal traffic.

Open Source

The Zuul code that’s running today is the most stable and resilient version of Zuul yet. The various phases of evolving and refactoring the codebase have paid dividends and we couldn’t be happier to share it with you.

Today we are releasing many core features. Here are the ones we’re most excited about:

Server Protocols

  • HTTP/2 — full server support for inbound HTTP/2 connections
  • Mutual TLS — allow for running Zuul in more secure scenarios

Resiliency Features

  • Adaptive Retries — the core retry logic that we use at Netflix to increase our resiliency and availability
  • Origin Concurrency Protection — configurable concurrency limits to protect your origins from getting overloaded and protect other origins behind Zuul from each other

Operational Features

  • Request Passport — track all the lifecycle events for each request, which is invaluable for debugging async requests
  • Status Categories — an enumeration of possible success and failure states for requests that are more granular than HTTP status codes
  • Request Attempts — track proxy attempts and status of each, particularly useful for debugging retries and routing

...

We would love to hear from you and see all the new and interesting applications of Zuul. For instructions on getting started, please visit our wiki page.



Okta - Cloud IAM SAAS 


https://seekingalpha.com/article/4355864-okta-chrome-of-identity-management

okta-200626-IAM-king-seekingalpha.com-Okta The Chrome Of Identity Management.pdf


Image Added




Step-by-step guide for Example


Info


sample code block

Code Block
languagetext
titlesample code block
linenumberstrue
collapsetrue


Recommended Next Steps


 Page Properties
hiddentrue

Related issues

...