WSO2Con ASIA 2016: WSO2.Telco IDS – Mobile as Identity

WSO2.TelcoIDGatewayYourphoneisyouriden<ty

CharithDeSilvaWSO2.Telco

AboutWSO2.Telco

Telco Innovation

Visionary Platform

Community engagement

Only co-branded OEM partner of WSO2

3

DH

VISION Empower Telcos globally in their quest to extract value from OTT businesses and remain relevant in the digital age MISSION Apply agility to a legacy landscape by offering seamless Telco / OTT interoperability to enable agile business VISIONARY TEAM Built from MNO Digital Centre of Excellence combined with digital industry veterans VISIONARY PLATFORM Ground breaking WSO2 Code base & Telco Digital Innovation

OnlyWSO2CO-BRANDEDOEMPARTNER•  WSO2productscombinedtocreaterobustprovensolu<on•  WetrackWSO2coreroadmap•  WeenableMNOs&enterprisestoacceleratedigitaltransforma<on

DIGITALSUCCESS•  3stateoftheartDIGITALHUBSinAsia•  4LocalAPIGateways•  3internalmicroservicesand400APIsexposedin9months

DHDHDH

HQ

DH

WhatWeAreBuilttoAchieve

Iden<tyCrisis?

Lengthyregistra-onExposeddata SecurityBreach Spam

TheSolu<on:MobileConnect

WSO2.TelcoMobileConnectAccelerator:Architecture

6

CUSTOMER LOGIN Desktop/mobile service access request Operator discovery

Authentication

SERVICE PROVIDER

4

WSO2.Telco MCX solution

1 2

3

API exchange

Security – One Step at a Time

Enter PIN

wireless PKI (LoA4)

User attributes Anonymous authentication

Enter PIN (LoA3)

Click “OK” / Seamless

(LoA2)

Higher levels of assurance

Combine with other APIs e.g. add-to-bill

User identity, attributes and context

MobileConnectSecuritylevels

USSD, smartphone app– Confirm or deny, Header enrichment, SMS click URL, SMS OTP Used to build a large base of enabled users

LoA 2 Medium

USSD “Enter PIN”, smartphone app - Enter PIN May allow premium authentication services

LoA 3 High

SIM mobile signature , wPKI non-repudiation based on wireless Public Key Infrastructure (wPKI), requires crypto-SIM and applet

LoA 4 Very High

Iden<tyGateway

WSO2.Telco Claim Handler

Local to IdP claim

mapping WSO2.Telco

OpenIDToken Builder

IN Authentication Framework

Local to SP claim mapping

IdP to local claim mapping

Local to SP claim mapping

IdP to local claim mapping

Out

LOA composite authentication

handler

HE SMS OTP

USSD confirm

USSD PIN

Smart phone app

Sim applet (compliant)

Authenticators

Identity Gateway

Demo

•  Registra<on•  Login

–  LoA2–USSDClickOK/SMS–  LoA3–USSDPIN–  Smartphone

•  OperatorReports

UseCase:LoA2&LoA3USSD/SMS

Doing a funds transfer, bank to bank for a friend in need…

Customer Logs in Service Provider

1

API Exchange

2

Operator Discovery

3

OpenID connect by WSO2.Telco

WSO2.Telco ID Gateway

USSD

SMS

4 Clicked ok & logged in Authentication Request

5

MNO

UseCase:LoA2HeaderEnrichmentCustomer Logs in Service Provider

1

API Exchange

2

Operator Discovery

3

Authentication via HE

WSO2.Telco ID Gateway HE

4

Logged in

Shopping online

UseCase–SriLanka

World’sfirstmobileconnectImplementa<on

UseCase-India

ID Gateway Hub

MobileOperator

SMSCUSSDHeaderEnrichment

ProtocolConversion

MobileOperator

SMSCUSSDHeaderEnrichment

OpenIDConnect

RESTAPI

RESTAPI

WebServices

MobileOperator

SMSCUSSDHeaderEnrichment

Na<veProtocols

Protocol Conversion

BeyondIden<ty

•  Mone<za<onforIDPs•  GovernanceforIDPs&APIs•  Accelera<onofMNOservicecrea<ons•  BuiltinAPIsforOperators•  Mul<-MNOAPIs

Opensource

•  h^ps://github.com/WSO2Telco

ThankYou