A webinar from Respect Network that explains the evolutionary progression of federated identity protocols, why social logins from companies like Facebook, Twitter, and LinkedIn have been so successful, and why the next evolutionary step is personal cloud login based a direct P2P connection with a user's personal cloud.
ICT role in 21st century education and its challenges
Respect Connect: From Social Login to Personal Cloud Login
1. Respect Connect: From Social Login to
Personal Cloud Login
2013-09-10
Dan Blum, Principal Consultant
Drummond Reed, CTO
Gary Rowe, CEO
2. • Digital identity and privacy challenges
• Federated identity in context
• Social login advantages and disadvantages
• How personal cloud login works using Respect Connect
• Personal cloud login advantages and disadvantages
• Respect Consulting and Management Perspectives
2
3. Introducing: Dan Blum, Principal Consultant and
Chief Security Architect
3
• Internationally-recognized security and identity expert
• 1998-2009: Burton Group
– Principal Consultant for large enterprises, leading technology providers
– Research Director for Identity and Privacy Strategies (IDPS)
– Lead author on initial IDPS Reference Architecture
– Consultant for U.S. E-Authentication and Canadian Cyber-Authentication
programs (2004-2006)
– Research Director for Security and Risk Management Strategies (SRMS) and
lead author on SRMS Reference Architecture
• 2010-2013: VP & Distinguished Analyst at Gartner
– Agenda manager for security reference architecture
– Lead analyst for cloud security and other topics
– Won Golden Quill Award in 2011
• March 2013: Joined Respect Network to develop consulting
practice and create peer cloud security guidance
4. 4
The Problem: For many
people, managing
personal identity and data
on the net is…
Too much work Too unsafe
Too distractingToo many
passwords
OVERWHELMING
5. • Weak or duplicated passwords
• Forgotten passwords
• Complex login procedures
• Account lockout
• The help desk blues
• Misdirected communications
• Accounts that live on past termination of business
relationships
5
7. • Technical Definition: Technologies, standards and agreements that enable
use of identity, credentials and attributes across autonomous domains
• Value Proposition
– Reduced sign-on (users)
– Reduced help desk support
– Establish business communities
7
8. Site or Business
Relying Party (RP) Browser Identity Provider (IDP)
User
Request access
Redirect to IDP
Request sign-on to RP
Discover IDP
Authenticate userProvide token (or link)*
Provide token or assertion (or link)
Provide temporary token
Access resources
Provide access
to resource, or
session with
user
•Token from IDP known as token, assertion or claim in
various standards. May be passed directly or as link
8
9. Bridging Silos
My employer’s
domains
My personal
life
My professional
persona
Corporate
Directory
HR
Social
network
Email
service Media
service
Professional
social network
Benefits
Bank
Health care
provider
Government
Cloud, or
SCM
Federated
Identity or
other SSO
Relationship
9
10. 10
Pair wise federations
Early 2000s
Small clusters
Minimal industry penetration
SAML, highly customized
Various LOAs
Industry federations
Early 2000s to present
Small, medium and large
Low industry penetration
SAML, X.509, rich topologies
Various LOAs
Open
ID 1
NIH
InCommon
Nordic
WAYF
CAC
Supply
chains
LOA
PIV
Broad federations
Early 2010s to present
Large to very large
Growing industry penetration
SAML , OAuth, OpenID Connect
Limited use cases
Low to low/medium LOA
Enterprise
to SaaS
Large e-
commerce
ecosystems
Social login systems
LOA
11. 2013-20152000 2005 2010
Enterprise
space
User-centric
space
SAML 1.0
Shibboleth
SAML 1.1
Liberty ID-FF
WS-*
Government
space
X.509
EAP profiles
(X.509 + SAML)
OpenID 1.0
OpenID 2.0
OAuth 1.0
Interop
OpenID Connect
OAuth 2.0
Government id cards,
e.g. FIPS 201
SAML 2.0
11
Respect Connect
UMA, …
12. • Scalability issues
– Interoperability (minor)
– Legal and trust issues (major)
• Incentive, or power, mismatches
– Causing some federations to fail
• Privacy issues (emergent)
12
13. • Definition: The ability to access a web site or application
using an account on a social network
• Value proposition
– Reduced sign-on friction (users and RPs)
– Obtain customer data (RPs)
– Gain market share and leverage (IDPs)
13
15. • Architecture
15
Relying Party Site Social Network
Your social graph
Real name
Birthday
Home town
Links to photos
Relatives
Family, children
Friends
Other data
Or use another service
OAuth
16. Advantages and Drawbacks of Social Login
Advantages (user)
• Reduced sign-on friction
• Ease of use
• Social features of RP’s app
Drawbacks (user)
• Deep privacy concerns—exposing
your real personal information to all
the social networker’s partners
• Lack of control
• Lack of portability
• Building in a dependency on a third
party
Advantages (RP)
• Reduced sign-on friction
• Ease of development
• Leverage personal data
Drawbacks (RP)
• Having a third party in the middle of
customer relationships
• Lack of trust by users
• Risk of changing terms and costs
• Building in a dependency on a third
party
16
17. 17
• Inconsistent rules or no rules
• Unreadable privacy policies
• Unwanted advertising - Spam, spam, spam
• Increasingly sensitive financial, medical and social data
in the hands of data brokers
• One faux pas online may hurt your reputation forever
18. 18
Source: Differentiate with Privacy-Led Marketing Practices
A Forrester Consulting Thought Leadership Paper Commissioned by Neustar
July 2013
19. 19
Source: Differentiate with Privacy-Led Marketing Practices
A Forrester Consulting Thought Leadership Paper Commissioned by Neustar
July 2013
22. • A cloud-based platform the individual owns and controls
– My oasis on the Internet
• Available from a cloud service provider (CSP) or self-hosted
• A secure, lifetime personal data repository with NO ambiguity in
terms of who controls the data
– Store any kind of data—binary, structured, application, preference
• A place to manage connections, relationships, communications
• A platform for applications—much like a personal computer or
smartphone—but accessible from all your devices
22
23. A peer-to-peer network of personal and business clouds that
provides interoperability, portability, and trust between members
23
24. • Definition: The ability to access a web site or application
using a personal cloud
• Value proposition
– Reduced sign-on friction (users and RPs)
– Increased trust (users and RPs)
– Safe data sharing in either direction (users and RPs)
– Lifetime data subscriptions (users and RPs)
– CSPs gain market share, leverage and new revenue streams
24
25. 25
The next 3 screens show the actual user
experience today for Facebook Login
at The San Francisco Examiner
29. 29
Personal cloud login works just like social
login except there’s no social network in the
middle—the connection is directly with the
user’s own personal cloud
Business Cloud
30. 30
The next 3 screens show what the
user experience would look like for
Respect Connect personal cloud login
at The San Francisco Examiner
32. 32
Login with Respect Connect
Okay Cancel
drummond@connect.meEmail
Drummond ReedName
98133Zip code*
The San Francisco Examiner
Member since May 2014
Respect
Connections 304
Personal cloud data requested: Permissions requested:
Send daily news summary
Send weekly news summary
All data shared under the Respect
Trust Framework
34. 34
The secret to making personal cloud login
work is that each cloud belongs to a
personal cloud network—this is how the
Respect Connect button does its magic
35. 35
This also means each Connect button is a
way for new users to join the network
36. 36
The next 3 screens show the Respect
Connect user experience if the user
does not yet have a personal cloud
38. 38
Login with Respect Connect
Continue Cancel
Enter any one of the following:
If you already
have a personal
cloud
Cloud name
Mobile phone number
Email address
Remember me on this device
If you do not yet have
a personal cloud
Learn more about
personal clouds
Join Respect Network
now in 30 seconds
40. 40
In all cases, 100% of the user’s login data
is stored securely in his/her personal cloud
Personal Cloud
• Under the user’s exclusive
authority and control
• Portable for life to any personal
cloud provider (or self-hosted)
• Not visible to any other party or
app without the user’s permission
• Protected by the user’s choice of
strong authentication and
encryption offered by the CSP
41. Advantages and Drawbacks of Personal Cloud
Login
Advantages (user)
• Reduced sign-on
• Privacy
• Portability
• Empowerment
• View provider reputation
Drawbacks (user)
• Something new to sign up for
• Will take time to gain adoption
• Must trust CSP and Respect Network
Advantages (RP)
• Reduced sign-on
• Leverage personal data with consent
• Gain user trust
• Direct, permissioned subscription
• No social network dependency
Drawbacks (RP)
• Small user base (at first)
• Social graph data only by permission
• Overhead of consent management
41
43. • Leverage our world-class team to help organizations:
– Determine how and when to leverage personal clouds
– Better understand and gain business advantage from personal clouds
– Assess and develop enterprise security architecture
– Assess and develop cloud security architecture
– Architect and build next generation identity management systems
– Develop federated identity architecture
• Delivering consulting via:
– 1- 3 day workshops delivered onsite
– Custom consulting leveraging our consultants and our partners
– We can deliver custom consulting, longer term
43
44. • CRM Meets VRM: How a Personal Cloud Network Will Enable
Real Vendor Relationship Management
• Connecting the Internet of Things to the Internet of People
• Trust and Reputation on a Personal Cloud Network
44
45. Gary Rowe, CEO
Drummond Reed, Founder
Dan Blum, Principal Consultant
gary@respectnetwork.com
drummond@respectnetwork.com
dan@respectnetwork.com
45
46. • CRM Meets VRM: How a Personal Cloud Network Will Enable
Real Vendor Relationship Management
• Connecting the Internet of Things to the Internet of People
• Trust and Reputation on a Personal Cloud Network
46
Notas do Editor
Early pairwise Sun, Hewitt and AmexIndustry federationsAlso Danish NemLogNationwide InsuranceFidelity NetbenefitsAetna medical billing system with NaviMedix (300K providers)DHS GFIPM (failed?) – loss of control by SPs, loss of DoS cables to wikileaks is the standard example