Mais conteúdo relacionado
Semelhante a UMA - An Open Standard for Consent-Driven Personal Data Sharing (20)
Mais de Chris Adriaensen (7)
UMA - An Open Standard for Consent-Driven Personal Data Sharing
- 1. © 2016 ForgeRock. All rights reserved.
Chris Adriaensen
Senior Customer Engineer
chris.adriaensen@forgerock.com
@chrisadriaensen | @ForgeRock
An Open Standard
for Consent-Driven
Personal Data Sharing
© 2017 ForgeRock. All rights reserved.
- 2. © 2016 ForgeRock. All rights reserved.
BUSINESS DRIVERS
TECHNOLOGY FEATURES
PRIVACY
Transparency
Visualization of
Personal Data
Smart Things
Explosion of
Personal Data
Customer
Relationship
Management
Consent
Access of
Personal Data
Regulation
Government &
Industry Bodies
Privacy Drivers & Features
© 2017 ForgeRock. All rights reserved.
2
- 3. © 2016 ForgeRock. All rights reserved.
© 2017 ForgeRock. All rights reserved.
FEATURE
Privacy Approaches
Manual
TRANSPARENCY
Request Implicit
CONSENT
ACCESS SHARINGDATA
3
- 4. © 2016 ForgeRock. All rights reserved.
Requesting PartyClientsResources AccessResource Owner
User Interface
(GUI / PUI)
Application Interface
(REST / SOAP)
User Interface
(GUI / PUI)
Application
4
Privacy Architecture
© 2017 ForgeRock. All rights reserved.
- 5. © 2016 ForgeRock. All rights reserved.
Resource Owner
User Interface
(GUI / PUI)
Requesting PartyClientsResources Access
User Interface
(GUI / PUI)
Application Interface
(REST / SOAP)
Application
5
Privacy Challenge
© 2017 ForgeRock. All rights reserved.
?
IDIDIDID
ID
ID
ID
ID
ID
?
IDIDIDID
- 6. © 2016 ForgeRock. All rights reserved.
Requesting Party
User Interface
(GUI / PUI)
Resource Owner
User Interface
(GUI / PUI)
ClientsResources Access
Application Interface
(REST / SOAP)
Application
6
Transparency Identity Solution
© 2017 ForgeRock. All rights reserved.
ID
ID
ID
ID
ID
ID
ID
ID
IdentityID
- 7. © 2016 ForgeRock. All rights reserved.
Requesting Party
User Interface
(GUI / PUI)
Resource Owner
User Interface
(GUI / PUI)
ClientsResources Access
Application Interface
(REST / SOAP)
Application
7
Consent Access Solution
© 2017 ForgeRock. All rights reserved.
ID
ID
ID
ID
ID
IDID
Access
ID
ID
Identity
- 8. © 2016 ForgeRock. All rights reserved.
© 2017 ForgeRock. All rights reserved.
FEATURE
Privacy Approaches
Manual
TRANSPARENCY
Request Implicit
CONSENT
Strategy Explicit
API’s
SSH, LDAP, SQL,
SOAP & REST
Automated
SOAP & REST
ACCESS SHARINGDATA
Portal
8
- 9. © 2016 ForgeRock. All rights reserved.
CONSUMERENTERPRISE
OASIS
9
Open Standards
© 2017 ForgeRock. All rights reserved.
IETF, OIDF & KANTARA
OIDC
Identity
Federation
UMA
Access
Federation
OAuth
Access
Control Consent
Security Scalability
Browser
Client
Generic
Client
Statefull
Design
Stateless
Design
XML /
SOAP
JSON /
REST
JWT
Identity
2000+ 2010+
SAML
Identity
Federation
XACML
Access
Federation
WS-*
Access
SAML
Identity
- 10. © 2016 ForgeRock. All rights reserved. 10
OAuth 2.0 Standard
© 2017 ForgeRock. All rights reserved.
Resource
Server
Authorization
Server
Resource
Owner
Client
Access Validate
Manage
Authorize
Control
Owner-to-App
Sharing
Synchronous
Consent
Access
Integration
Access
Tokens
- 11. © 2016 ForgeRock. All rights reserved. 11
User Managed Access Standard
© 2017 ForgeRock. All rights reserved.
Resource
Server
Authorization
Server
Requesting
Party
Client
Authorize
Access Protect
Resource
Owner
Manage Manage
Control
Negotiate
Owner-to-Party
Sharing
Asynchronous
Consent
Access
Federation
Access
Tokens
- 12. © 2016 ForgeRock. All rights reserved.
Requesting PartyClientsResources AccessResource Owner
User Interface
(GUI / PUI)
Application Interface
(REST / SOAP)
User Interface
(GUI / PUI)
Application
12
Consent Standards
© 2017 ForgeRock. All rights reserved.
OAuth 2.0
Device Flow
OAuth 2.0
A/I Grant
User Managed
Access
OpenIDConnect
- 13. © 2016 ForgeRock. All rights reserved.
© 2017 ForgeRock. All rights reserved.
FEATURE
Privacy Approaches
Manual
TRANSPARENCY
Request Implicit
CONSENT
Strategy Explicit
API’s
SSH, LDAP, SQL,
SOAP & REST
Standards
SCIM, SAML &
OpenID Connect
OAuth 2.0 &
OpenID Connect
Automated
UMA
SOAP & REST
ACCESS SHARINGDATA
Portal
13
- 14. © 2016 ForgeRock. All rights reserved. 14
SolutionChallenge
Health Care Platform
Smart Devices
Unified Identity Platform
Patient Security
Patient Privacy
Patient Satisfaction
Patient Consent
Identity of Things
Patient Relationships
Single Patient View
© 2017 ForgeRock. All rights reserved.
“We are now able to design
innovative data-sharing and
consent technologies into our
HealthSuite Digital Platform
that make it possible to foster
consumer and patient trust.”
Jeroen Tas, CEO, Healthcare
Informatics Solutions & Services
- 15. © 2016 ForgeRock. All rights reserved. 15
DEMO
Session
© 2017 ForgeRock. All rights reserved.
- 16. © 2016 ForgeRock. All rights reserved.
Chris Adriaensen
Senior Customer Engineer
chris.adriaensen@forgerock.com
@chrisadriaensen | @ForgeRock
© 2017 ForgeRock. All rights reserved.
End of
SHOW