SlideShare uma empresa Scribd logo

Respect Connect: From Social Login to Personal Cloud Login

Transferir como PPTX, PDF
D
drummondreed

A webinar from Respect Network that explains the evolutionary progression of federated identity protocols, why social logins from companies like Facebook, Twitter, and LinkedIn have been so successful, and why the next evolutionary step is personal cloud login based a direct P2P connection with a user's personal cloud.

TecnologiaNegócios
1 de 46
Respect Connect: From Social Login to Personal Cloud Login 2013-09-10 Dan Blum, Principal Consultant Drummond Reed, CTO Gary Rowe, CEO
• Digital identity and privacy challenges • Federated identity in context • Social login advantages and disadvantages • How personal cloud login works using Respect Connect • Personal cloud login advantages and disadvantages • Respect Consulting and Management Perspectives 2
Introducing: Dan Blum, Principal Consultant and Chief Security Architect 3 • Internationally-recognized security and identity expert • 1998-2009: Burton Group – Principal Consultant for large enterprises, leading technology providers – Research Director for Identity and Privacy Strategies (IDPS) – Lead author on initial IDPS Reference Architecture – Consultant for U.S. E-Authentication and Canadian Cyber-Authentication programs (2004-2006) – Research Director for Security and Risk Management Strategies (SRMS) and lead author on SRMS Reference Architecture • 2010-2013: VP & Distinguished Analyst at Gartner – Agenda manager for security reference architecture – Lead analyst for cloud security and other topics – Won Golden Quill Award in 2011 • March 2013: Joined Respect Network to develop consulting practice and create peer cloud security guidance
4 The Problem: For many people, managing personal identity and data on the net is… Too much work Too unsafe Too distractingToo many passwords OVERWHELMING
• Weak or duplicated passwords • Forgotten passwords • Complex login procedures • Account lockout • The help desk blues • Misdirected communications • Accounts that live on past termination of business relationships 5
My personal life Social network Email service Media service Benefits Bank Health care provider My employer’s domains Corporate Directory HR Too Many Silos of Identity Government Professional social network My professional persona 6
• Technical Definition: Technologies, standards and agreements that enable use of identity, credentials and attributes across autonomous domains • Value Proposition – Reduced sign-on (users) – Reduced help desk support – Establish business communities 7
Site or Business Relying Party (RP) Browser Identity Provider (IDP) User Request access Redirect to IDP Request sign-on to RP Discover IDP Authenticate userProvide token (or link)* Provide token or assertion (or link) Provide temporary token Access resources Provide access to resource, or session with user •Token from IDP known as token, assertion or claim in various standards. May be passed directly or as link 8
Bridging Silos My employer’s domains My personal life My professional persona Corporate Directory HR Social network Email service Media service Professional social network Benefits Bank Health care provider Government Cloud, or SCM Federated Identity or other SSO Relationship 9
10 Pair wise federations Early 2000s Small clusters Minimal industry penetration SAML, highly customized Various LOAs Industry federations Early 2000s to present Small, medium and large Low industry penetration SAML, X.509, rich topologies Various LOAs Open ID 1 NIH InCommon Nordic WAYF CAC Supply chains LOA PIV Broad federations Early 2010s to present Large to very large Growing industry penetration SAML , OAuth, OpenID Connect Limited use cases Low to low/medium LOA Enterprise to SaaS Large e- commerce ecosystems Social login systems LOA
2013-20152000 2005 2010 Enterprise space User-centric space SAML 1.0 Shibboleth SAML 1.1 Liberty ID-FF WS-* Government space X.509 EAP profiles (X.509 + SAML) OpenID 1.0 OpenID 2.0 OAuth 1.0 Interop OpenID Connect OAuth 2.0 Government id cards, e.g. FIPS 201 SAML 2.0 11 Respect Connect UMA, …
• Scalability issues – Interoperability (minor) – Legal and trust issues (major) • Incentive, or power, mismatches – Causing some federations to fail • Privacy issues (emergent) 12
• Definition: The ability to access a web site or application using an account on a social network • Value proposition – Reduced sign-on friction (users and RPs) – Obtain customer data (RPs) – Gain market share and leverage (IDPs) 13
14
• Architecture 15 Relying Party Site Social Network Your social graph Real name Birthday Home town Links to photos Relatives Family, children Friends Other data Or use another service OAuth
Advantages and Drawbacks of Social Login Advantages (user) • Reduced sign-on friction • Ease of use • Social features of RP’s app Drawbacks (user) • Deep privacy concerns—exposing your real personal information to all the social networker’s partners • Lack of control • Lack of portability • Building in a dependency on a third party Advantages (RP) • Reduced sign-on friction • Ease of development • Leverage personal data Drawbacks (RP) • Having a third party in the middle of customer relationships • Lack of trust by users • Risk of changing terms and costs • Building in a dependency on a third party 16
17 • Inconsistent rules or no rules • Unreadable privacy policies • Unwanted advertising - Spam, spam, spam • Increasingly sensitive financial, medical and social data in the hands of data brokers • One faux pas online may hurt your reputation forever
18 Source: Differentiate with Privacy-Led Marketing Practices A Forrester Consulting Thought Leadership Paper Commissioned by Neustar July 2013
19 Source: Differentiate with Privacy-Led Marketing Practices A Forrester Consulting Thought Leadership Paper Commissioned by Neustar July 2013
Personal Cloud Login 20
Introducing: Drummond Reed, CTO 21 • 1995-2007: Co-Founder & CTO, Cordance • 2004 – Co-Chair, OASIS XDI Technical Committee • 2005 – Founding Board Member, OpenID Foundation • 2009 – 2010 Executive Director, Information Card Foundation • 2010 – Founding Executive Director, Open Identity Exchange • 2011: Co-Founder Respect Network
• A cloud-based platform the individual owns and controls – My oasis on the Internet • Available from a cloud service provider (CSP) or self-hosted • A secure, lifetime personal data repository with NO ambiguity in terms of who controls the data – Store any kind of data—binary, structured, application, preference • A place to manage connections, relationships, communications • A platform for applications—much like a personal computer or smartphone—but accessible from all your devices 22
A peer-to-peer network of personal and business clouds that provides interoperability, portability, and trust between members 23
• Definition: The ability to access a web site or application using a personal cloud • Value proposition – Reduced sign-on friction (users and RPs) – Increased trust (users and RPs) – Safe data sharing in either direction (users and RPs) – Lifetime data subscriptions (users and RPs) – CSPs gain market share, leverage and new revenue streams 24
25 The next 3 screens show the actual user experience today for Facebook Login at The San Francisco Examiner
26
27
28
29 Personal cloud login works just like social login except there’s no social network in the middle—the connection is directly with the user’s own personal cloud Business Cloud
30 The next 3 screens show what the user experience would look like for Respect Connect personal cloud login at The San Francisco Examiner
31
32 Login with Respect Connect Okay Cancel drummond@connect.meEmail Drummond ReedName 98133Zip code* The San Francisco Examiner Member since May 2014 Respect Connections 304 Personal cloud data requested: Permissions requested: Send daily news summary Send weekly news summary All data shared under the Respect Trust Framework
33
34 The secret to making personal cloud login work is that each cloud belongs to a personal cloud network—this is how the Respect Connect button does its magic
35 This also means each Connect button is a way for new users to join the network
36 The next 3 screens show the Respect Connect user experience if the user does not yet have a personal cloud
37
38 Login with Respect Connect Continue Cancel Enter any one of the following: If you already have a personal cloud Cloud name Mobile phone number Email address Remember me on this device If you do not yet have a personal cloud Learn more about personal clouds Join Respect Network now in 30 seconds
39
40 In all cases, 100% of the user’s login data is stored securely in his/her personal cloud Personal Cloud • Under the user’s exclusive authority and control • Portable for life to any personal cloud provider (or self-hosted) • Not visible to any other party or app without the user’s permission • Protected by the user’s choice of strong authentication and encryption offered by the CSP
Advantages and Drawbacks of Personal Cloud Login Advantages (user) • Reduced sign-on • Privacy • Portability • Empowerment • View provider reputation Drawbacks (user) • Something new to sign up for • Will take time to gain adoption • Must trust CSP and Respect Network Advantages (RP) • Reduced sign-on • Leverage personal data with consent • Gain user trust • Direct, permissioned subscription • No social network dependency Drawbacks (RP) • Small user base (at first) • Social graph data only by permission • Overhead of consent management 41
Conclusion
• Leverage our world-class team to help organizations: – Determine how and when to leverage personal clouds – Better understand and gain business advantage from personal clouds – Assess and develop enterprise security architecture – Assess and develop cloud security architecture – Architect and build next generation identity management systems – Develop federated identity architecture • Delivering consulting via: – 1- 3 day workshops delivered onsite – Custom consulting leveraging our consultants and our partners – We can deliver custom consulting, longer term 43
• CRM Meets VRM: How a Personal Cloud Network Will Enable Real Vendor Relationship Management • Connecting the Internet of Things to the Internet of People • Trust and Reputation on a Personal Cloud Network 44
Gary Rowe, CEO Drummond Reed, Founder Dan Blum, Principal Consultant gary@respectnetwork.com drummond@respectnetwork.com dan@respectnetwork.com 45
• CRM Meets VRM: How a Personal Cloud Network Will Enable Real Vendor Relationship Management • Connecting the Internet of Things to the Internet of People • Trust and Reputation on a Personal Cloud Network 46

Recomendados

How Respect Network Will Make VRM Work
How Respect Network Will Make VRM WorkHow Respect Network Will Make VRM Work
How Respect Network Will Make VRM Work
drummondreed
 
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
ProductNation/iSPIRT
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access management
Gluu
 
Esecurity e202
Esecurity e202Esecurity e202
Esecurity e202
Carl Frappaolo
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
Pvrtechnologies Nellore
 
AISA - v6 - Damien Manuel
AISA - v6 - Damien ManuelAISA - v6 - Damien Manuel
AISA - v6 - Damien Manuel
Damien Manuel
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365
Joanne Klein
 

Recomendados

How Respect Network Will Make VRM Work
How Respect Network Will Make VRM WorkHow Respect Network Will Make VRM Work
How Respect Network Will Make VRM Work
drummondreed
 
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
ProductNation/iSPIRT
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access management
Gluu
 
Esecurity e202
Esecurity e202Esecurity e202
Esecurity e202
Carl Frappaolo
 
Cloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorizationCloud keybank privacy and owner authorization
Cloud keybank privacy and owner authorization
Pvrtechnologies Nellore
 
AISA - v6 - Damien Manuel
AISA - v6 - Damien ManuelAISA - v6 - Damien Manuel
AISA - v6 - Damien Manuel
Damien Manuel
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365
Joanne Klein
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
SharePoint Saturday Belgium 2014 - A practical guide for navigating the clouds
SharePoint Saturday Belgium 2014 - A practical guide for navigating the cloudsSharePoint Saturday Belgium 2014 - A practical guide for navigating the clouds
SharePoint Saturday Belgium 2014 - A practical guide for navigating the clouds
BIWUG
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
Authentic8
 
Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summary
Brandon Dunlap
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
Moshe Ferber
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
John Lewis
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
Vishal Sharma
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhere
F5 Networks
 
NGN Company Profile November08
NGN Company Profile November08NGN Company Profile November08
NGN Company Profile November08
Serdar Salepcioglu
 
IT Consulting Services and Technology Solutions | Ampcus -USA
IT Consulting Services and Technology Solutions | Ampcus -USAIT Consulting Services and Technology Solutions | Ampcus -USA
IT Consulting Services and Technology Solutions | Ampcus -USA
Unified11
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and Compliance
Josh Tullo
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
Kim Jensen
 
Privacy Preserved Data Augmentation using Enterprise Data Fabric
Privacy Preserved Data Augmentation using Enterprise Data FabricPrivacy Preserved Data Augmentation using Enterprise Data Fabric
Privacy Preserved Data Augmentation using Enterprise Data Fabric
Atif Shaikh
 
Dallas websecuritygroup addressing-top-security-threats-v2
Dallas websecuritygroup addressing-top-security-threats-v2Dallas websecuritygroup addressing-top-security-threats-v2
Dallas websecuritygroup addressing-top-security-threats-v2
Dallas Web Security Group
 
Dallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group - February Meeting - Addressing Top Security ThreatsDallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group
 
Contractor Exposed Manufacturer's Sensitive Data
Contractor Exposed Manufacturer's Sensitive DataContractor Exposed Manufacturer's Sensitive Data
Contractor Exposed Manufacturer's Sensitive Data
Digital Shadows
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 Threats
Kim Jensen
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
ijtsrd
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
CloudMask inc.
 
How Personal Cloud Networks Enable New Business Models
How Personal Cloud Networks Enable New Business ModelsHow Personal Cloud Networks Enable New Business Models
How Personal Cloud Networks Enable New Business Models
drummondreed
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
Career Communications Group
 

Mais conteúdo relacionado

Mais procurados

SharePoint Saturday Belgium 2014 - A practical guide for navigating the clouds
SharePoint Saturday Belgium 2014 - A practical guide for navigating the cloudsSharePoint Saturday Belgium 2014 - A practical guide for navigating the clouds
SharePoint Saturday Belgium 2014 - A practical guide for navigating the clouds
BIWUG
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhere
F5 Networks
 
NGN Company Profile November08
NGN Company Profile November08NGN Company Profile November08
NGN Company Profile November08
Serdar Salepcioglu
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and Compliance
Josh Tullo
 
Privacy Preserved Data Augmentation using Enterprise Data Fabric
Privacy Preserved Data Augmentation using Enterprise Data FabricPrivacy Preserved Data Augmentation using Enterprise Data Fabric
Privacy Preserved Data Augmentation using Enterprise Data Fabric
Atif Shaikh
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
ijtsrd
 

Mais procurados (20)

Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
SharePoint Saturday Belgium 2014 - A practical guide for navigating the clouds
SharePoint Saturday Belgium 2014 - A practical guide for navigating the cloudsSharePoint Saturday Belgium 2014 - A practical guide for navigating the clouds
SharePoint Saturday Belgium 2014 - A practical guide for navigating the clouds
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
 
Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summary
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhere
 
NGN Company Profile November08
NGN Company Profile November08NGN Company Profile November08
NGN Company Profile November08
 
IT Consulting Services and Technology Solutions | Ampcus -USA
IT Consulting Services and Technology Solutions | Ampcus -USAIT Consulting Services and Technology Solutions | Ampcus -USA
IT Consulting Services and Technology Solutions | Ampcus -USA
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and Compliance
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
 
Privacy Preserved Data Augmentation using Enterprise Data Fabric
Privacy Preserved Data Augmentation using Enterprise Data FabricPrivacy Preserved Data Augmentation using Enterprise Data Fabric
Privacy Preserved Data Augmentation using Enterprise Data Fabric
 
Dallas websecuritygroup addressing-top-security-threats-v2
Dallas websecuritygroup addressing-top-security-threats-v2Dallas websecuritygroup addressing-top-security-threats-v2
Dallas websecuritygroup addressing-top-security-threats-v2
 
Dallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group - February Meeting - Addressing Top Security ThreatsDallas Web Security Group - February Meeting - Addressing Top Security Threats
Dallas Web Security Group - February Meeting - Addressing Top Security Threats
 
Contractor Exposed Manufacturer's Sensitive Data
Contractor Exposed Manufacturer's Sensitive DataContractor Exposed Manufacturer's Sensitive Data
Contractor Exposed Manufacturer's Sensitive Data
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 Threats
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
 

Semelhante a Respect Connect: From Social Login to Personal Cloud Login

Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
Career Communications Group
 
A Successful Data Strategy for Insurers in Volatile Times (EMEA)
A Successful Data Strategy for Insurers in Volatile Times (EMEA)A Successful Data Strategy for Insurers in Volatile Times (EMEA)
A Successful Data Strategy for Insurers in Volatile Times (EMEA)
Denodo
 
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
Denodo
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
jbasney
 
Down to Business: Taking Action Quickly with Linked Data Services
Down to Business: Taking Action Quickly with Linked Data ServicesDown to Business: Taking Action Quickly with Linked Data Services
Down to Business: Taking Action Quickly with Linked Data Services
Inside Analysis
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Standards Customer Council
 

Semelhante a Respect Connect: From Social Login to Personal Cloud Login (20)

How Personal Cloud Networks Enable New Business Models
How Personal Cloud Networks Enable New Business ModelsHow Personal Cloud Networks Enable New Business Models
How Personal Cloud Networks Enable New Business Models
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
A Successful Data Strategy for Insurers in Volatile Times (EMEA)
A Successful Data Strategy for Insurers in Volatile Times (EMEA)A Successful Data Strategy for Insurers in Volatile Times (EMEA)
A Successful Data Strategy for Insurers in Volatile Times (EMEA)
 
Identity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptIdentity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.ppt
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to Earth
 
Identity and User Access Management.pptx
Identity and User Access Management.pptxIdentity and User Access Management.pptx
Identity and User Access Management.pptx
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
A Successful Data Strategy for Insurers in Volatile Times (ASEAN)
 
Sampo Kellomäki (Synergetics) @ PIDS seminar
Sampo Kellomäki (Synergetics) @ PIDS seminarSampo Kellomäki (Synergetics) @ PIDS seminar
Sampo Kellomäki (Synergetics) @ PIDS seminar
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
 
Identity federation & user centric identity
Identity federation & user centric identityIdentity federation & user centric identity
Identity federation & user centric identity
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
Down to Business: Taking Action Quickly with Linked Data Services
Down to Business: Taking Action Quickly with Linked Data ServicesDown to Business: Taking Action Quickly with Linked Data Services
Down to Business: Taking Action Quickly with Linked Data Services
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Respect Connect: From Social Login to Personal Cloud Login

  • 1. Respect Connect: From Social Login to Personal Cloud Login 2013-09-10 Dan Blum, Principal Consultant Drummond Reed, CTO Gary Rowe, CEO
  • 2. • Digital identity and privacy challenges • Federated identity in context • Social login advantages and disadvantages • How personal cloud login works using Respect Connect • Personal cloud login advantages and disadvantages • Respect Consulting and Management Perspectives 2
  • 3. Introducing: Dan Blum, Principal Consultant and Chief Security Architect 3 • Internationally-recognized security and identity expert • 1998-2009: Burton Group – Principal Consultant for large enterprises, leading technology providers – Research Director for Identity and Privacy Strategies (IDPS) – Lead author on initial IDPS Reference Architecture – Consultant for U.S. E-Authentication and Canadian Cyber-Authentication programs (2004-2006) – Research Director for Security and Risk Management Strategies (SRMS) and lead author on SRMS Reference Architecture • 2010-2013: VP & Distinguished Analyst at Gartner – Agenda manager for security reference architecture – Lead analyst for cloud security and other topics – Won Golden Quill Award in 2011 • March 2013: Joined Respect Network to develop consulting practice and create peer cloud security guidance
  • 4. 4 The Problem: For many people, managing personal identity and data on the net is… Too much work Too unsafe Too distractingToo many passwords OVERWHELMING
  • 5. • Weak or duplicated passwords • Forgotten passwords • Complex login procedures • Account lockout • The help desk blues • Misdirected communications • Accounts that live on past termination of business relationships 5
  • 6. My personal life Social network Email service Media service Benefits Bank Health care provider My employer’s domains Corporate Directory HR Too Many Silos of Identity Government Professional social network My professional persona 6
  • 7. • Technical Definition: Technologies, standards and agreements that enable use of identity, credentials and attributes across autonomous domains • Value Proposition – Reduced sign-on (users) – Reduced help desk support – Establish business communities 7
  • 8. Site or Business Relying Party (RP) Browser Identity Provider (IDP) User Request access Redirect to IDP Request sign-on to RP Discover IDP Authenticate userProvide token (or link)* Provide token or assertion (or link) Provide temporary token Access resources Provide access to resource, or session with user •Token from IDP known as token, assertion or claim in various standards. May be passed directly or as link 8
  • 9. Bridging Silos My employer’s domains My personal life My professional persona Corporate Directory HR Social network Email service Media service Professional social network Benefits Bank Health care provider Government Cloud, or SCM Federated Identity or other SSO Relationship 9
  • 10. 10 Pair wise federations Early 2000s Small clusters Minimal industry penetration SAML, highly customized Various LOAs Industry federations Early 2000s to present Small, medium and large Low industry penetration SAML, X.509, rich topologies Various LOAs Open ID 1 NIH InCommon Nordic WAYF CAC Supply chains LOA PIV Broad federations Early 2010s to present Large to very large Growing industry penetration SAML , OAuth, OpenID Connect Limited use cases Low to low/medium LOA Enterprise to SaaS Large e- commerce ecosystems Social login systems LOA
  • 11. 2013-20152000 2005 2010 Enterprise space User-centric space SAML 1.0 Shibboleth SAML 1.1 Liberty ID-FF WS-* Government space X.509 EAP profiles (X.509 + SAML) OpenID 1.0 OpenID 2.0 OAuth 1.0 Interop OpenID Connect OAuth 2.0 Government id cards, e.g. FIPS 201 SAML 2.0 11 Respect Connect UMA, …
  • 12. • Scalability issues – Interoperability (minor) – Legal and trust issues (major) • Incentive, or power, mismatches – Causing some federations to fail • Privacy issues (emergent) 12
  • 13. • Definition: The ability to access a web site or application using an account on a social network • Value proposition – Reduced sign-on friction (users and RPs) – Obtain customer data (RPs) – Gain market share and leverage (IDPs) 13
  • 14. 14
  • 15. • Architecture 15 Relying Party Site Social Network Your social graph Real name Birthday Home town Links to photos Relatives Family, children Friends Other data Or use another service OAuth
  • 16. Advantages and Drawbacks of Social Login Advantages (user) • Reduced sign-on friction • Ease of use • Social features of RP’s app Drawbacks (user) • Deep privacy concerns—exposing your real personal information to all the social networker’s partners • Lack of control • Lack of portability • Building in a dependency on a third party Advantages (RP) • Reduced sign-on friction • Ease of development • Leverage personal data Drawbacks (RP) • Having a third party in the middle of customer relationships • Lack of trust by users • Risk of changing terms and costs • Building in a dependency on a third party 16
  • 17. 17 • Inconsistent rules or no rules • Unreadable privacy policies • Unwanted advertising - Spam, spam, spam • Increasingly sensitive financial, medical and social data in the hands of data brokers • One faux pas online may hurt your reputation forever
  • 18. 18 Source: Differentiate with Privacy-Led Marketing Practices A Forrester Consulting Thought Leadership Paper Commissioned by Neustar July 2013
  • 19. 19 Source: Differentiate with Privacy-Led Marketing Practices A Forrester Consulting Thought Leadership Paper Commissioned by Neustar July 2013
  • 21. Introducing: Drummond Reed, CTO 21 • 1995-2007: Co-Founder & CTO, Cordance • 2004 – Co-Chair, OASIS XDI Technical Committee • 2005 – Founding Board Member, OpenID Foundation • 2009 – 2010 Executive Director, Information Card Foundation • 2010 – Founding Executive Director, Open Identity Exchange • 2011: Co-Founder Respect Network
  • 22. • A cloud-based platform the individual owns and controls – My oasis on the Internet • Available from a cloud service provider (CSP) or self-hosted • A secure, lifetime personal data repository with NO ambiguity in terms of who controls the data – Store any kind of data—binary, structured, application, preference • A place to manage connections, relationships, communications • A platform for applications—much like a personal computer or smartphone—but accessible from all your devices 22
  • 23. A peer-to-peer network of personal and business clouds that provides interoperability, portability, and trust between members 23
  • 24. • Definition: The ability to access a web site or application using a personal cloud • Value proposition – Reduced sign-on friction (users and RPs) – Increased trust (users and RPs) – Safe data sharing in either direction (users and RPs) – Lifetime data subscriptions (users and RPs) – CSPs gain market share, leverage and new revenue streams 24
  • 25. 25 The next 3 screens show the actual user experience today for Facebook Login at The San Francisco Examiner
  • 26. 26
  • 27. 27
  • 28. 28
  • 29. 29 Personal cloud login works just like social login except there’s no social network in the middle—the connection is directly with the user’s own personal cloud Business Cloud
  • 30. 30 The next 3 screens show what the user experience would look like for Respect Connect personal cloud login at The San Francisco Examiner
  • 31. 31
  • 32. 32 Login with Respect Connect Okay Cancel drummond@connect.meEmail Drummond ReedName 98133Zip code* The San Francisco Examiner Member since May 2014 Respect Connections 304 Personal cloud data requested: Permissions requested: Send daily news summary Send weekly news summary All data shared under the Respect Trust Framework
  • 33. 33
  • 34. 34 The secret to making personal cloud login work is that each cloud belongs to a personal cloud network—this is how the Respect Connect button does its magic
  • 35. 35 This also means each Connect button is a way for new users to join the network
  • 36. 36 The next 3 screens show the Respect Connect user experience if the user does not yet have a personal cloud
  • 37. 37
  • 38. 38 Login with Respect Connect Continue Cancel Enter any one of the following: If you already have a personal cloud Cloud name Mobile phone number Email address Remember me on this device If you do not yet have a personal cloud Learn more about personal clouds Join Respect Network now in 30 seconds
  • 39. 39
  • 40. 40 In all cases, 100% of the user’s login data is stored securely in his/her personal cloud Personal Cloud • Under the user’s exclusive authority and control • Portable for life to any personal cloud provider (or self-hosted) • Not visible to any other party or app without the user’s permission • Protected by the user’s choice of strong authentication and encryption offered by the CSP
  • 41. Advantages and Drawbacks of Personal Cloud Login Advantages (user) • Reduced sign-on • Privacy • Portability • Empowerment • View provider reputation Drawbacks (user) • Something new to sign up for • Will take time to gain adoption • Must trust CSP and Respect Network Advantages (RP) • Reduced sign-on • Leverage personal data with consent • Gain user trust • Direct, permissioned subscription • No social network dependency Drawbacks (RP) • Small user base (at first) • Social graph data only by permission • Overhead of consent management 41
  • 43. • Leverage our world-class team to help organizations: – Determine how and when to leverage personal clouds – Better understand and gain business advantage from personal clouds – Assess and develop enterprise security architecture – Assess and develop cloud security architecture – Architect and build next generation identity management systems – Develop federated identity architecture • Delivering consulting via: – 1- 3 day workshops delivered onsite – Custom consulting leveraging our consultants and our partners – We can deliver custom consulting, longer term 43
  • 44. • CRM Meets VRM: How a Personal Cloud Network Will Enable Real Vendor Relationship Management • Connecting the Internet of Things to the Internet of People • Trust and Reputation on a Personal Cloud Network 44
  • 45. Gary Rowe, CEO Drummond Reed, Founder Dan Blum, Principal Consultant gary@respectnetwork.com drummond@respectnetwork.com dan@respectnetwork.com 45
  • 46. • CRM Meets VRM: How a Personal Cloud Network Will Enable Real Vendor Relationship Management • Connecting the Internet of Things to the Internet of People • Trust and Reputation on a Personal Cloud Network 46

Notas do Editor

  1. Early pairwise Sun, Hewitt and AmexIndustry federationsAlso Danish NemLogNationwide InsuranceFidelity NetbenefitsAetna medical billing system with NaviMedix (300K providers)DHS GFIPM (failed?) – loss of control by SPs, loss of DoS cables to wikileaks is the standard example
  2. http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
  3. http://marketingland.com/social-login-shares-saw-little-change-in-q2-janrain-says-50954