EVE MALER, VP OF INNOVATION & EMERGING TECHNOLOGY, FORGEROCK
Existing notice-and-consent paradigms of privacy have begun to fail dramatically – and people have begun to notice. Now that Edward Snowden has burst our privacy bubble and IoT devices are recording our every move, it’s time for companies to break out of the privacy-as-compliance rut. In this session, learn about the User-Managed-Access (UMA) standard, ForgeRock’s OpenUMA project and how ForgeRock is developing solutions to ensure privacy and trust in the digital world.
Abstract: Existing notice-and-consent paradigms of privacy have begun to fail dramatically – and the EU Data Protection regulatory regime is shifting in response. Providing genuine and free choice in consented personal data sharing will no longer be optional – but fortunately, enabling consumer-controlled data sharing from cloud, mobile, and IoT sources is also good for your digitally transformed business. In this session, learn about how ForgeRock’s new solution based on the User-Managed Access (UMA) standard builds trust and strengthens privacy in the digital world.
Great, your organization is ready for digital transformation so you can achieve breakthrough growth or other key metrics.
Even if you manufacture outdoor clothing, it’s not a world solely of atoms anymore. Bits matter.
Your customers want to know how you can enable smart tracking of fitness and location through your products.
Your supply chain partners increasingly connect through APIs.
Your IT processes shifted off paper long ago.
So: Are you ready for all of the implications of digital transformation on your handling of personal data and how this affects both your customer relationships and your mitigation of risk?
----
Image source: https://www.flickr.com/photos/48746111@N04/4466093934 | CC BY-SA 2.0
With thanks to Jon Neiditz:
The Safe Harbor provision just died, demonstrating that…
Surveillance – which we can no longer deny exists – overrides traditional permitted bases for data transfer, leaving us to conclude that…
Individual consent, in the sense signaled by the forthcoming EU GDPR, will become the only bulletproof basis for international data transfer
Image sources:
http://www.abigailsconcierge.com/visitors-to-gig-harbor
http://odditymall.com/scary-peeper-a-peeping-tom-figurine-to-scare-people
http://www.zfi-inc.com/media/catalog/product/cache/1/image/9df78eab33525d08d6e5fb8d27136e95/0/0/0000763_executive-bulletproof-vest-protection-level-iii-a-made-by-marom-dolphin.jpeg
It’s not just about websites and web and mobile apps scraping personal information. Especially when it comes to the Internet of things, It’s also about the sheer number of data sources, the inability to limit collection, and the inability to manage consenting to collection one by one. You can’t keep clicking “I agree” every time your smart socks want to record a heel strike. People will have to get ahead of the curve – and they might actually want to share that data, but only with personal trainers, doctors, and third-party marathon training apps. But then we have the problem of interoperability. The smarthomedb.com site currently lists reviews of OVER A HUNDRED different companies serving the consumer IoT market already, in 36 product categories.
It’s emerging technology that mitigates risk of consent and data protection regulation like nothing else can
If you’re trying to deliver online financial services, to support small businesses or tax reporting, these scenarios are filled with requirements and opportunities for delegating access to others. An employee wants to give her accountant access to her last year’s earnings statement, or a sole proprietor wants to give his contract bookkeeper selective access to some accounts.
Recently we saw a story in the news about Audi enabling package delivery to parked unattended cars. Any car with an API could have that, if car owners could selectively enable access by others.
Citizens traveling across borders and those trying to access government services often have reason to authorize access by others to attributes about them, such as their financial status, to enable access to government services. This shouldn’t just be a matter of passive consent; it could be a matter of a long-running relationship.
Why is the AirBnB logo here? Imagine that you have a house chock-full of smart light bulbs and kitchen appliances made by different manufacturers. You’ve set them all up to work the way you want. Now you leave for a week, and you rent your place out through AirBnB. You want to give partial access to a partially trusted stranger, but only for a week! And then you want all the entitlements to expire. You’d better be able to do this conveniently from a single console.
Patient-centric, RESTful health data sharing is the focus of the demonstration we’ll show next.
Show recorded video (can be downloaded from here: https://drive.google.com/open?id=0B5Q4evmm_OOCN050RWtGSFhnV3c&authuser=0 )
The UMA architecture has these three pieces. ForgeRock will deliver the two key pieces on the top in order to help you protect your API/application (policy enforcement points) and let your users set up sharing preferences (policy decision point).
ForgeRock leads the industry in identity research, development, and solutions that put the customer at the center of your business. We have been moving aggressively to build innovative consumer-focused access management and privacy solutions based on the newly completed User-Managed Access (UMA) Version 1.0 standard, an effort led by our own Eve Maler, VP of Innovation and Emerging Technology in the ForgeRock office of the CTO. UMA was designed to give an individual a unified control point for authorizing who and what can get access to his or her personal data (such as contact information), content (such as health records), and services (such as access to a fitness API), no matter where the data lives online.