1. Out-of-scope
1.1. Person centric 2020 vision
1.1.1. Personal orriented cockpit
1.1.2. personal accounts instead of corporate account
1.2. Access entitlment / authorization
1.3. Customer user account provisioning (really out of scope?)
1.3.1. Partners
1.3.1.1. Tools4ever?
1.3.2. Link created identity
1.4. Enable mobile app authentication (really out-of-scope?)
1.4.1. What is the mobile strategy
1.5. White labeled login page
2. Business goals
2.1. Improve maintainability
2.1.1. Tickets service
2.1.2. Reversed proxy
2.1.3. Simplify logging
2.2. Industry level
2.2.1. Support industry best practices
2.2.1.1. Customer in control of identity
2.2.1.1.1. Compliance of customer
2.2.1.1.2. Support of customer IT department
2.2.1.1.3. (save a lot of roadmap and support for Raet)
2.2.2. Support industry standards
2.2.2.1. SAML, OpenID Connect, federation, oauth
2.3. Enable disruptive UX
2.3.1. Support for pre-post employment authentication
2.3.1.1. Recruitement fase
2.3.1.2. onboarding
2.3.1.3. after termination
2.3.2. Support for role independent UI (UX)
2.3.2.1. No more l2/l3 portal but dynamic UI based authorization instead of authentication
2.3.2.2. Step authentication
2.3.3. Enable deeplinking from customer environment (ABN)
2.3.4. Enable new portal/navigation experience
2.4. Enable single sign on experience for partners
2.4.1. Become IDP for patner
2.4.2. Out of scope: Support provisioning of partners
2.4.2.1. Just in time provisioning
2.4.2.2. Employee data from HR core
2.4.2.3. Authorization data from ??
3. Domains
3.1. Administration office
3.2. User (l1-l3)
3.3. system to system (application authentication)
3.4. File exchange (=application authentication?)
4. Small companies?
4.1. Raet identity as a service (e.g using ping or azure ad)
4.2. Partner
4.3. Rely on their office 365 / google enviornment?
5. Compliance challenges
5.1. (Single) logout is and will not be supported
5.2. Session management
6. Multiple accounts?
7. sign sensitive transactions
7.1. Can be embedded in mobile app
8. Where are we
8.1. Broker is there
8.2. Ping directory for storage
8.3. Ping access for authentication
8.4. API for user provisioning from core system / portal to ping
8.5. 2 customer live (raet and boels)
8.6. Conclusion: base infra is there
9. Next
9.1. Replace reversed proxy
9.1.1. authentication
9.1.1.1. ping access
9.1.2. redirecting
9.1.2.1. ping access
9.1.3. authorization - which pages can a user access (pages can be marked as blocked)
9.1.4. Images style sheets
9.1.5. reversed proxy
9.1.5.1. ping access
9.1.6. Why: unmaintainable
10. Multi factor authentication
10.1. L1-l3 access
10.2. What responsibility do we take?
10.2.1. Raet or IDP
10.3. What technologies
10.3.1. SM|S
10.3.2. Authenticator
10.4. How to deal with the transition?
10.5. Provide 'strenght' info for authorization purposes
10.5.1. Step up authnetication
10.6. Certificates are 2nd factor, but are given for free. How to migrate and monetize this?
10.6.1. SMS is not secure enough anymore
10.6.2. Ceritfiicate is not indusytr pratice anymore
10.6.3. Tokens generators are most likely canidate
10.6.3.1. require self-service token infrastracture
10.6.3.2. New support support process
10.6.3.3. What can we move to partners/identity providers? What should we do our selves?
11. Use cases
11.1. Setup / update SSO without cloud solutions
11.1.1. Self-service SSO configuration
11.1.2. How to authenticate the first user?
11.1.3. What is the procedure?
11.1.3.1. IDP assurance level NIST
11.1.3.2. Create vs Update
11.1.3.3. Onboarding
12. Roadmap priority
12.1. Reversed proxy (risk reduction and crucial for IAM, cost: takes a lot of VM, blocking new technology use)
12.1.1. 4+ sprints
12.2. API access through Ping
12.2.1. Gateway
12.2.2. Hidden cost in CS on pingwin and gateway team
12.2.3. WSJF
12.2.4. 1-4 sprints?
12.3. MIgrate existing L1 customers
12.3.1. Customers on SAML
12.3.1.1. Uses reversed proxy which needs to be resplaced
12.3.2. Customers on SAML via surfconnect
12.3.3. XSSO customers
12.3.3.1. ??
12.3.4. Customers with username/password
12.3.5. Support other services
12.3.5.1. Mobile app
12.3.5.2. Community support
12.3.6. 2 factor support?
12.3.7. Estimate: Rest of the year
12.3.7.1. needs more scoping