CIS14: Filling the “authentication goes here” Hole in Identity

•

0 gostou•394 visualizações

Michael Barrett, FID O Alliance A report on the headway the FIDO Alliance is making in establishing standards that enable easily interoperable authentication, covering the high-level technical architecture of these new authentication protocols and giving an update on progress.

Tecnologia

Michael Barrett, president of the
FIDO Alliance
Cloud
Iden*ty
Summit
July,

2014

www.fidoalliance.org
Copyright 2014, The FIDO Alliance
All Rights Reserved
1

Rampant online attacks
3

•  Major hacks have been
targeted at password
databases within Online
Gaming, Financial Services,
Social Media organizations
•  Password Re-use is a
significant problem – technical
analysis of data breaches have
shown that 76% of passwords
used across multiple sites.

Opportunity for Better Authentication is Upon Us
For
Users
For
Organiza0ons

Painful to Use

•  25
Accounts

•  8
Logins
/
Day

•  6.5
Passwords

Difficult to Secure

•  $5.5M
/
Data
Breach

•  $15M
/
PWD
Reset

•  $60+

/

Token

For
the
Ecosystem

Impossible to Scale

•  Fragmented

•  Inﬂexible

•  Slow
to
Adopt

3

JUST EASY
“BETTER
AUTHENTICATION”
JUST BAD
HighSecurityLow UNPLEASANT
Low High
Usability
Authentication is not a Continuum…
5

Common authentication plumbing
Users
Cloud/Enterprise
Devices
Federation
Open Standard
Plug-In Approach
Interoperable Ecosystem
Usable
Authentication
WHAT IS NEEDED

FIDO -‐ Unique Approach
Any Device.AnyApplication.AnyAuthenticator.
Standardized Protocols
Local authentication
unlocks app specific key
Key used to authenticate
to server

Improved security

Unique cryptographic secret created per
user account + device + site
•  Protection against brute force attacks
•  Segmentation of risk
•  Protection against unintentional disclosure

FIDO’s Explosive growth
Industry
Standard
Feb 2013 May 2014 Next
6

118

Companies Companies
Public
Launch
Public Review
Spec
Companies

Marrying FIDO to IdenGty
With
thanks
to
Paul
Madsen
(whose
slides
I
stole…)

Generic federaGon ﬂow diagram
Copyright © 2014 Ping Identity Corp.All rights reserved. 13

Complementary
. 14
•  FIDO
•  Insulates authentication
server from specific
authenticators
•  Focused solely on primary
authentication
•  Does not support attribute
sharing
•  Can communicate details of
authentication from device
to server
•  Federation
–  Insulates application from
specific identity providers
–  Does not address primary
authentication
–  Does enable secondary
authentication & attribute
sharing
–  Can communicate details of
authentication from IdP to SP

High

Low

High

Low

Frequency

of
login

Assurance

status

quo

High

Low

High
Low

Frequency

of
login

Assurance

status

quo

federa0on

SSO
slide

No
more

‘Passsword123’

bump

High

Low

High

Low

Frequency

of
login

Assurance

status

quo

federa0on

FIDO

Con0nuum

FIDO implicaGons
•  FIDO supports a range of assurance – determined by the specifics of the local
authentication
•  Recall – “Unique cryptographic secret created per user account +
device + site”
•  Implication is multiple registrations & authentications – which may be sub-
optimal from the user’s PoV

High

Low

High

Low

Frequency

of
login

Assurance

status

quo

federa0on

FIDO
+

federa0on

FIDO

CALL TO ACTION
•  AUTHENTICATION IS A FUNDAMENTAL PROBLEM AND
IT IS AN INDUSTRY PROBLEM
•  NO ONE COMPANY CAN FIX THIS PROBLEM
•  JOIN FIDO ALLIANCE – HELP FIX
•  OPPORTUNITY TO CREATE NEW SERVICES, NEW
MARKETS, NEW INNOVATIONS, NEW BUSINESSES AND
NEW REVENUE MODELS
•  TAKE THE LEADERSHIP, INCLUDE FIDO SUPPORT AT
THE SOURCE ON YOUR DEVICES
•  FIDO READY COMMERCIAL PRODUCTS ARE AVAILABLE
IN THE MARKET
•  MAKE THE CONNECTED WORLD SECURE, PRIVATE,
FRAUD FREE , EASY TO USE AND STAY CONNECTED

Mais conteúdo relacionado

Mais procurados

FIDO Technical Specifications Overview

FIDO Alliance

FIDO Authentication Opportunities in Healthcare

FIDO Alliance

Introduction to the FIDO Alliance

FIDO Alliance

Javelin Research 2017 State of Authentication Report

FIDO Alliance

FIDO Certified Program: The Value of Certification

FIDO Alliance

Introduction to FIDO Biometric Authentication

FIDO Alliance

FIDO Biometric Certification Program

FIDO Alliance

Is Government Data as Safe as it Could Be?

Samsung SDS America

Authenticate 2021: Welcome Address

FIDO Alliance

FIDO Alliance Today: Status and News

FIDO Alliance

Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...

FIDO Alliance

FIDO in Government

FIDO Alliance

Global Regulatory Landscape for Strong Authentication

FIDO Alliance

Introduction to the FIDO Alliance: Vision & Status

FIDO Alliance

FIDO Alliance Vision and Status

FIDO Alliance

Tatyana-Arnaudova - English

Tatyana Arnaudova

Identiverse 2020 - Account Recovery with 2FA

Kelley Robinson

FIDO And the Future of User Authentication

FIDO Alliance

Managing Identity without Boundaries

Ping Identity

Kookmin Bank FIDO Case Study

FIDO Alliance

Mais procurados (20)

FIDO Technical Specifications Overview

FIDO Authentication Opportunities in Healthcare

Introduction to the FIDO Alliance

Javelin Research 2017 State of Authentication Report

FIDO Certified Program: The Value of Certification

Introduction to FIDO Biometric Authentication

FIDO Biometric Certification Program

Is Government Data as Safe as it Could Be?

Authenticate 2021: Welcome Address

FIDO Alliance Today: Status and News

Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...

FIDO in Government

Global Regulatory Landscape for Strong Authentication

Introduction to the FIDO Alliance: Vision & Status

FIDO Alliance Vision and Status

Tatyana-Arnaudova - English

Identiverse 2020 - Account Recovery with 2FA

FIDO And the Future of User Authentication

Managing Identity without Boundaries

Kookmin Bank FIDO Case Study

Destaque

CIS14: Kantara - Enabling Trusted and Secure Online Access to Government of C...

CloudIDSummit

In the last 10yrs, our Industry has done a great job defining standards and protocols on federating identities across boundaries. However, at cloud scale, there are still some gaps for distributed and multi-tenant applications. In this presentation, Praerit will explore the current situation with the audience; explore some of the more complex problems around use of identities within applications; and provide insight into some of the work being done in AWS to address these gaps.

CIS 2015- Beyond Federation Protocols- Praerit Garg

CloudIDSummit

OpenId Connect in Shibboleth Identity Provider

Misagh Moayyed

Microsoft Azure Identity and O365

Kris Wagner

CAS IU Presentation

Misagh Moayyed

How to CASifying PeopleSoft and Integrating CAS and ADFS

John Gasper

Looking to reduce the number of post-it notes you see stuck around the office? Seeking to automate your user creation processes for Office 365? Or maybe you’re interested in single sign-on for everything you host in the cloud? Are you questioning what a cloud identity is? This session will take you through the basics of identity in the Microsoft Cloud and show you how to set up and configure Office 365 with Azure Active Directory using the Azure Active Directory Synchronization Connect tools.

JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365

Scott Hoag

CIS14: Working with OAuth and OpenID Connect

CloudIDSummit

2016 09-15 unicon-iam-update

Lasbrey Nwachukwu

Mit 2014 introduction to open id connect and o-auth 2

Justin Richer

タイトル：『Standard-based Identity (1)』概要：デジタル・アイデンティティの世界は、ここ数年で OpenID Connect、SAML、SCIM、OAuth等の連携のためのプロトコルの標準化が進みました。その結果、我々は複数の組織やサービス間で ID情報を連携して、新しいしくみやサービスを作ることがより容易に行えるようになりました。本セッションでは、これらのID情報連携プロトコルについて、あらためて基本からわかりやすく解説します。 ID & IT Management Conference 2016 Sep 16, 2016 URL：https://nosurrender.jp/idit2016/program.html#DE02

Standard-based Identity (1)

Masaru Kurahayashi

Increased trust in an online identity = increased mitigation of the risk of fraud. As an enterprise interacts with a person via the Internet, it may be prudent, for certain transactions, to have more evidence of that person’s identity. Web Access Management systems include some proprietary features to force “stepped-up authentication.” But luckily, new OAuth2 profiles like UMA and OpenID Connect offer a standards based approach to achieve inter-domain trust elevation. This slideshows includes a high level overview of the Enterprise UMA use case and some of the useful OpenID Connect features that can be leveraged to create centralized authentication policies.

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

Mike Schwartz

Open Trust Taxonomy for Federation Operators - if you are interested in new technologies to enable trust across multiple domains, you should consider joining the OTTO WG at Kantara. These slides are a quick overview of the work, with links to enable you to find out more. Mutli-party Federations help drive down the legal and techincal cost of SSO and collaboration for technologies like SAML, OAuth, and PKI. It's a trust model that makes sense when you have a reasonably sized ecosystem--not millions, but thousands.

Kantara OTTO slides

Mike Schwartz

Destaque (13)

CIS14: Kantara - Enabling Trusted and Secure Online Access to Government of C...

CIS 2015- Beyond Federation Protocols- Praerit Garg

OpenId Connect in Shibboleth Identity Provider

Microsoft Azure Identity and O365

CAS IU Presentation

How to CASifying PeopleSoft and Integrating CAS and ADFS

JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365

CIS14: Working with OAuth and OpenID Connect

2016 09-15 unicon-iam-update

Mit 2014 introduction to open id connect and o-auth 2

Standard-based Identity (1)

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

Kantara OTTO slides

Semelhante a CIS14: Filling the “authentication goes here” Hole in Identity

Last year was a year of great progress for the FIDO Alliance and standards-based strong authentication. Tens of millions of FIDO-enabled devices are now in use worldwide. There are over 100 FIDO Certified™ products available, and nearly 250 organizations are now taking part in the Alliance, including more than a dozen trade association partners. The market is clearly showing that now is the time to deploy FIDO authentication to modernize failing password systems. These slides address: – The uptake in global momentum – Details on FIDO’s recent submission to the World Wide Web Consortium – The Alliance’s plans and strategy for 2016 and what this means to you and your organization in the upcoming year We encourage you and your colleagues to view these slides to catch up on what happened in 2015 and to learn how FIDO’s explosive growth can benefit your organization in 2016. You can listen to the webinar audio here: https://fidoalliance.org/events/fido-alliance-year-in-review-webinar/

FIDO Alliance: Year in Review Webinar slides from January 20 2016

FIDO Alliance

Introduction to FIDO Alliance

FIDO Alliance

With FIDO 1.0 standards published in December, 2015, mainstream product adoption and service deployment has begun with more announcement planned for the RSA Security Conference 2015. This webinar will feature FIDO highlights from the conference and a discussion of how governments and enterprises are engaging with FIDO Alliance and the new wave of innovative authentication solutions FIDO standards enable, with a special focus on how the US Government is positioning FIDO within the context of NSTIC (National Strategy for Trusted Identities in Cyberspace).

FIDO® for Government & Enterprise - Presentation

FIDO Alliance

Fido Overview: Status and Future

FIDO Alliance

Introduction to FIDO Alliance by Brett McDowell, FIDO Alliance, Executive Director from the FIDO Alliance Seminar in New York City on March 3, 2016, entitled "Key Trends in Strong Authentication" The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.

Introduction to FIDO Alliance

FIDO Alliance

kill-chain-presentation-v3

Shawn Croswell

Compliance & Identity access management

Prof. Jacques Folon (Ph.D)

DOCOMO Joins FIDO Alliance Board of Directors

FIDO Alliance

Javelin Research's State of Strong Authentication 2019 Report Webinar

FIDO Alliance

FIDO UAF (Universal Second Factor Framework) Specifications: Overview & Tutorial by Todd Thiemann, Nok Nok Labs The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.

FIDO UAF Specifications: Overview & Tutorial

FIDO Alliance

The FIDO Alliance Today: Status and News

FIDO Alliance

Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009

ClubHack

Introduction to FIDO: A New Model for Authentication

FIDO Alliance

Going Passwordless with Microsoft

FIDO Alliance

2014 IoT Forum_ Fido Alliance

COMPUTEX TAIPEI

Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues. In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including: Where are we now and Where are we going? Current Cyberrisks • Data Breach and Cloud Misconfigurations • Insecure Application User Interface (API) • The growing impact of AI and ML • Malware Attack • Single factor passwords • Insider Threat • Shadow IT Systems • Crime, espionage and sabotage by rogue nation-states • IoT • CCPA and GDPR • Cyber attacks on utilities and public infrastructure • Shift in attack vectors

CyberSecurity Update Slides

Jim Kaplan CIA CFE

Millions of customers trust Intuit with their most sensitive financial information. With that in mind, Intuit recently rolled out FIDO Authentication on its mobile apps to provide additional layers of security while simultaneously making the user experience more convenient. In this webinar, Marcio Mello, director & head of Product Management – Intuit Identity & Profile Platform, presents Intuit’s approach to enable FIDO Authentication, including: Intuit’s priorities in choosing a mobile strong authentication solution --The steps Intuit took to evaluate strong authentication solutions that met its security and usability requirements --Intuit’s evaluation of FIDO authentication vendors and solution chosen --The steps Intuit took to roll out FIDO Authentication, challenges faced and how they were overcome --Intuits login time and security results after deploying FIDO --Intuit’s advice for other service providers deploying FIDO Speakers: Marcio Mello, Director & Head of Product Management – Intuit Identity & Profile Platform Andrew Shikiar, Executive Director & CMO, FIDO Alliance

FIDO Alliance Webinar: Intuit's Journey with FIDO Authentication

FIDO Alliance

Cyber Security Seminar

Jeremy Quadri

BREACHED: Data Centric Security for SAP

UL Transaction Security

Beyond Passwords: FIDO & the Future of Consumer Authentication

FIDO Alliance

Semelhante a CIS14: Filling the “authentication goes here” Hole in Identity (20)

FIDO Alliance: Year in Review Webinar slides from January 20 2016

Introduction to FIDO Alliance

FIDO® for Government & Enterprise - Presentation

Fido Overview: Status and Future

Introduction to FIDO Alliance

kill-chain-presentation-v3

Compliance & Identity access management

DOCOMO Joins FIDO Alliance Board of Directors

Javelin Research's State of Strong Authentication 2019 Report Webinar

FIDO UAF Specifications: Overview & Tutorial

The FIDO Alliance Today: Status and News

Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009

Introduction to FIDO: A New Model for Authentication

Going Passwordless with Microsoft

2014 IoT Forum_ Fido Alliance

CyberSecurity Update Slides

FIDO Alliance Webinar: Intuit's Journey with FIDO Authentication

Cyber Security Seminar

BREACHED: Data Centric Security for SAP

Beyond Passwords: FIDO & the Future of Consumer Authentication

Mais de CloudIDSummit

CIS 2016 Content Highlights

CloudIDSummit

The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com. Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CloudIDSummit

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

CloudIDSummit

Mobile security, identity & authentication reasons for optimism 20150607 v2

CloudIDSummit

In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism. With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments. How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CloudIDSummit

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CloudIDSummit

Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them? In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CloudIDSummit

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CloudIDSummit

You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CloudIDSummit

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CloudIDSummit

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CloudIDSummit

The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CloudIDSummit

Companies and researchers are exploring ways to make software and hardware development easier for the masses. Soon you will be able to build your own autonomous drone, create a sensor that assess the watering needs of your plants, and develop a cat tracking device with minimal coding and hardware skills. What is the place of security and privacy in this exciting development? Are we building the next generation of Internet security vulnerabilities right now? In his talk Hannes Tschofenig will highlight challenges with Internet of Things, what role standardization plays, and what contributions ARM, a provider of microprocessor IP, is making to improve IoT security.

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CloudIDSummit

The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.

CIS 2015 The IDaaS Dating Game - Sean Deuby

CloudIDSummit

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CloudIDSummit

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CloudIDSummit

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CloudIDSummit

Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CloudIDSummit

Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CloudIDSummit

Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?

CIS 2015 Identity Relationship Management in the Internet of Things

CloudIDSummit

Mais de CloudIDSummit (20)

CIS 2016 Content Highlights

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

Mobile security, identity & authentication reasons for optimism 20150607 v2

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CIS 2015 The IDaaS Dating Game - Sean Deuby

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CIS 2015 Identity Relationship Management in the Internet of Things

Último

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Real Time Object Detection Using Open CV

Khem

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Manulife - Insurer Innovation Award 2024

The Digital Insurer

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

MINDCTI Revenue Release Quarter One 2024

MIND CTI

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

CIS14: Filling the “authentication goes here” Hole in Identity

2. Problems, problems, problems

3. Rampant online attacks 3 •  Major hacks have been targeted at password databases within Online Gaming, Financial Services, Social Media organizations •  Password Re-use is a significant problem – technical analysis of data breaches have shown that 76% of passwords used across multiple sites.

4. Opportunity for Better Authentication is Upon Us For Users For Organiza0ons Painful to Use •  25 Accounts •  8 Logins / Day •  6.5 Passwords Difficult to Secure •  $5.5M / Data Breach •  $15M / PWD Reset •  $60+ / Token For the Ecosystem Impossible to Scale •  Fragmented •  Inﬂexible •  Slow to Adopt 3

5. JUST EASY “BETTER AUTHENTICATION” JUST BAD HighSecurityLow UNPLEASANT Low High Usability Authentication is not a Continuum… 5

6. What is FIDO?

7. Common authentication plumbing Users Cloud/Enterprise Devices Federation Open Standard Plug-In Approach Interoperable Ecosystem Usable Authentication WHAT IS NEEDED

8. FIDO -‐ Unique Approach Any Device.AnyApplication.AnyAuthenticator. Standardized Protocols Local authentication unlocks app specific key Key used to authenticate to server

9. Improved security Unique cryptographic secret created per user account + device + site •  Protection against brute force attacks •  Segmentation of risk •  Protection against unintentional disclosure

10. FIDO’s Explosive growth Industry Standard Feb 2013 May 2014 Next 6 118 Companies Companies Public Launch Public Review Spec Companies

11. TODAY

12. Marrying FIDO to IdenGty With thanks to Paul Madsen (whose slides I stole…)

14. Complementary . 14 •  FIDO •  Insulates authentication server from specific authenticators •  Focused solely on primary authentication •  Does not support attribute sharing •  Can communicate details of authentication from device to server •  Federation –  Insulates application from specific identity providers –  Does not address primary authentication –  Does enable secondary authentication & attribute sharing –  Can communicate details of authentication from IdP to SP

15. High Low High Low Frequency of login Assurance status quo

16. High Low High Low Frequency of login Assurance status quo federa0on SSO slide No more ‘Passsword123’ bump

17. High Low High Low Frequency of login Assurance status quo federa0on FIDO Con0nuum

18. FIDO implicaGons •  FIDO supports a range of assurance – determined by the specifics of the local authentication •  Recall – “Unique cryptographic secret created per user account + device + site” •  Implication is multiple registrations & authentications – which may be sub- optimal from the user’s PoV

19. High Low High Low Frequency of login Assurance status quo federa0on FIDO + federa0on FIDO

20. CALL TO ACTION •  AUTHENTICATION IS A FUNDAMENTAL PROBLEM AND IT IS AN INDUSTRY PROBLEM •  NO ONE COMPANY CAN FIX THIS PROBLEM •  JOIN FIDO ALLIANCE – HELP FIX •  OPPORTUNITY TO CREATE NEW SERVICES, NEW MARKETS, NEW INNOVATIONS, NEW BUSINESSES AND NEW REVENUE MODELS •  TAKE THE LEADERSHIP, INCLUDE FIDO SUPPORT AT THE SOURCE ON YOUR DEVICES •  FIDO READY COMMERCIAL PRODUCTS ARE AVAILABLE IN THE MARKET •  MAKE THE CONNECTED WORLD SECURE, PRIVATE, FRAUD FREE , EASY TO USE AND STAY CONNECTED

CIS14: Filling the “authentication goes here” Hole in Identity

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (13)

Semelhante a CIS14: Filling the “authentication goes here” Hole in Identity

Semelhante a CIS14: Filling the “authentication goes here” Hole in Identity (20)

Mais de CloudIDSummit

Mais de CloudIDSummit (20)

Último

Último (20)

CIS14: Filling the “authentication goes here” Hole in Identity