SlideShare ist ein Scribd-Unternehmen logo

CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?

CloudIDSummit
CloudIDSummit

Nishant Kaushik, Chief Architect, Identropy Stress and nervous tension are now serious social problems in all parts of the Galaxy, and it is in order that this situation should not be in any way exacerbated that I will reveal in advance that the answer is No. But Identity is the New Perimeter and the Great Enabler of Next. Establishing that big bold idea, this session will lay out what we mean by Identity, and how attributes, relationships, identifiers, entitlements and the notion of Context fit into the ever-expanding branches of identity management like lifecycle management, provisioning, verification, compliance and federation.

TechnologieSeele & Geist
1 von 81
Downloaden Sie, um offline zu lesen
Is  Iden'ty  the  Answer  to  the  Great  Ques'on   of  Life,  the  Universe,  and  Everything?   Nishant  Kaushik  /  Chief  Architect   @NishantK  
Is  Iden'ty  the  Answer  to  the  Great  Ques'on   of  Life,  the  Universe,  and  Everything?   Nishant  Kaushik  /  Chief  Architect   @NishantK  
In  the  beginning  the  Universe   was  created.       This  has  made  a  lot  of  people   very  angry  and  has  been   widely  regarded  as  a  bad   move.  
In  the  beginning  the  Internet   was  created   without  an  Iden'ty  layer.     This  has  made  a  lot  of  people   very  angry  and  has  been   widely  regarded  as  a  bad   move.  
So,  What  is  Iden'ty?  
Iden'ty  =  Context   Trust   Transparency   Convenience   Security   Privacy   Community  
Interac've  Subjec'vity  Frameworks   “Just  as  Einstein  observed   that  space  was  not  an   absolute  but  depended  on   the  observer’s  movement  in   space,  and  that  'me  was   not  an  absolute,  but   depended  on  the  observer’s   movement  in  'me,  so  it  is   now  realized  that  numbers   are  not  absolute,  but   depend  on  the  observer’s   movement  in  restaurants.”  
PuUng  Context  in  Context   Simplest  
PuUng  Context  in  Context   Simple  
PuUng  Context  in  Context   Complex  
PuUng  Context  in  Context   Most  Complex  
Let’s  Not  Forget   I  ache,  therefore  I  am.  
Context  In  Ac'on:  Hiring  Amy,  Part  1   Recrui'ng  App   Social  Login   Authen'ca'on   Service   Iden'ty   Verifica'on  Service   Iden'ty  Store   Service  
Context  In  Ac'on:  Hiring  Amy,  Part  2   Recrui'ng  App   Social  Login   Authen'ca'on   Service   A^ribute  Exchange   Service   Iden'ty  Store   Service   Authorize  Data   Release   A^ribute  Authority  
Context  in  Ac'on:  A  Day  in  the  Life  of  Amy   Company  Portal   Social  Login   Authen'ca'on   Service   Iden'ty  Store   Service   Launch  box.net   Passive  Step-­‐up  Authen<ca<on   JIT  Provisioning  &   Federated  AuthN   A^ribute  Exchange   Service  
Context  in  Ac'on:  A  Day  in  the  Life  of  Amy  (Alt.)   Iden'ty  Store   Service   Logs  in  with   personal  account,   then  requests   access  to  company   site   Iden'ty  Hub   Service   Authen'ca'on   Service   Step-­‐up  Authen<ca<on  via   Iden<ty  Verifica<on   Register  for  Iden<ty  Event   No<fica<ons  via     Graph  API  
Context  in  Ac'on:  Amy  Unleashed   Recommenda'on   Service   Walks  into  retail  store  and  uses   their  Recommenda<on  Service.     Directs  service  to  the   Iden<ty  Oracle  using  her  mobile   Various   Authorita've   Sources     Iden'ty  Oracle   Service   Requests  access  to  personaliza<on   data.  User  policy  enforced  via  UMA   Log  out  &   Dispose  
So,  What  is  Iden'ty,  Really?  
(De)Construc'ng  Iden'ty   A^ribute:  A  property  of  a  subject  that  may  have  zero  or   more  values   Hair  Color:  Blond   Age:  31   Name:  Janet  Munroe  Title:  VP,  Engineering   Loca'on:  40.783147,  -­‐73.971277   Mobile:  212-­‐555-­‐2962   Roles:  Github  Admin,  SOX12,   Developer,  …  
(De)Construc'ng  Iden'ty   A^ribute  Asser'on:  A  statement  that  conveys   informa'on  about  a^ributes  of  a  subject  
(De)Construc'ng  Iden'ty   A^ribute  Authority:  A  system  en'ty  that  produces   a^ribute  asser'ons  
(De)Construc'ng  Iden'ty   Claim:  An  a^ribute  asser'on  made  by  one  en'ty  about   another  en'ty  
(De)Construc'ng  Iden'ty   Iden'fier:  A  representa'on  mapped  to  a  subject  en'ty   that  uniquely  refers  to  it   589-25-6029 465-05-6873 034-39-7383 945-27-4834 437-52-0358 576-23-2957 085-72-2068
Rela'onships  Bring  it  all  Together  
So,  What’s  a  Magrathean  to  do?   For  Applica'ons,  it’s  been  a  DIY  world,  baby!  
So,  What’s  a  Magrathean  to  do?   For  Applica'ons,  it’s  been  a  DIY  world,  baby!   User  Tables   Roles  &  Policies   Registra'on  Processes   User  Administra'on   Profile  Management   Security  Enforcement  
Enterprises  have  a  Problem  on  their  Hands   @NishantK  //  @Identropy  
Businesses  have  a  Problem  on  their  Hands  
Users  have  a  Problem  on  their  Hands  
Enter  Iden'ty  &  Access  Management   “The  History  of  every  major  Galac'c  Civiliza'on  tends   to  pass  through  three  dis'nct  and  recognizable  phases,   those  of  Survival,  Inquiry  and  Sophis'ca'on,  otherwise   known  as  the  How,  Why  and  Where  phases.”    
Enter  Iden'ty  &  Access  Management   “The  History  of  every  major  Galac'c  Civiliza'on  tends   to  pass  through  three  dis'nct  and  recognizable  phases,   those  of  Survival,  Inquiry  and  Sophis'ca'on,  otherwise   known  as  the  How,  Why  and  Where  phases.”     The  Goal   • Reduce  security  risks  while  empowering  users   • Ensure  compliance  with  corporate  policies  and  regulatory  requirements   • Drama'cally  reduce  the  cost  of  providing  and  managing  access  to  valuable  corporate  resources   • Increase  produc'vity  and  opera'onal  efficiency   • Enable  IT  to  be  more  responsive  to  evolving  business  requirements  
Let’s  Look  at  the  “I”  in  IAM  
Iden'ty  Management  as  Coordinator   Iden'ty  Management   Who,  What,  When,   Where,  Why   SaaS  Apps   On-­‐Prem  Apps   Partner  Apps   Authorita've   Sources   Self  and  Administra've   Sources   Social  Iden''es   Business,  Security  &   Compliance  Policies   Other  Assets  
Iden'ty  Management  as  Coordinator   Iden'ty  Management   Who,  What,  When,   Where,  Why   SaaS  Apps   On-­‐Prem  Apps   Authorita've   Sources   Self  and  Administra've   Sources   Social  Iden''es   Business,  Security  &   Compliance  Policies   Partner  Apps   Other  Assets  
Lifecycle  of  an  Enterprise  Iden'ty   Joiner  →  Mover  →  Leaver  Processes   Registra'on   Termina'on   Access  De-­‐Provisioning   Access  Provisioning   Rou'ne  Updates  Enable/Disable   Compliance   Policies   Business  &   Security  Policies  
Iden'ty  Registra'on   “The  Guide  is  defini've.  Reality  is   frequently  inaccurate.”  
The  Typical  Employee  On-­‐Boarding   ID  Store   Iden'ty  Provider   Trust   HR  Applica'on   A^ribute  Authority  
The  Typical  Contractor  On-­‐Boarding   ID  Store   Iden'ty  Provider   Trust   Contractor  Database/Spreadsheet   A^ribute  Authority  
Adding  Automa'on   HR  Applica'on   Trust   A^ribute  Authori'es   Contractor  DB   ID  Store   Iden'ty  Provider   Provisioning  System  
Transi'oning  to  an  Online  World   System(s)  of  Record   ID  Store   Iden'ty  Provider   Trust   A^ribute  Authori'es   Provisioning  System   Recrui'ng/Registra'on  App   Self-­‐Asserted  Claims  
Iden'ty  Proofing   System  of  Record   ID  Store   Provisioning  System   Recrui'ng/Registra'on  App   Iden'ty  Proofing  Service   A^ribute  Authori'es   Self-­‐Asserted  Claims  
Iden'ty  Proofing   ID  Store   User  Registra'on  Portal   Iden'ty  Proofing  Service   A^ribute  Authori'es   Self-­‐Asserted  Claims  
Social  Iden'ty  Proofing   ID  Store   User  Registra'on  Portal   Iden'ty  Proofing  Service   Risk  Score  
Access  Provisioning  &  De-­‐Provisioning   “To  summarize  the  summary  of  the   summary:  people  are  a  problem.”  
Access  Provisioning  is…   …the  crea'on,  maintenance  and  deac'va'on  of  user   objects  and  user  a^ributes,  as  they  exist  in  one  or  more   systems,  directories  or  applica'ons,  in  response  to   automated  or  interac've  business  processes       Source:  h^p://en.wikipedia.org/wiki/Provisioning#User_provisioning    
Access  Provisioning  is…   …the  crea'on,  maintenance  and  deac'va'on  of  user   objects  and  user  a^ributes,  as  they  exist  in  one  or  more   systems,  directories  or  applica'ons,  in  response  to   automated  or  interac've  business  processes       This  Covers   • Crea'ng  and  Dele'ng  User  Accounts   • Upda'ng  their  A^ributes   • Assigning  and  Removing  Privileges   • Password  Management  (Change,  Reset,  Sync,  Recovery)   Source:  h^p://en.wikipedia.org/wiki/Provisioning#User_provisioning    
The  Basic  Manual  Approach   Employee/Contractor   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   HR  Manager   Applica'on  Admins/Helpdesk   APPROVED Access  Request   Form   Ops  Team  
Marvin  the  Paranoid  Android  Says…   We’re  talking  about  lost  produc'vity  and  error  prone   processes.  Your  IT  staff  is  burdened  with  tasks  well   below  their  levels.  Don’t  even  begin  to  ask  me  about   handling  updates  and  moves,  what  with  the  lack  of   tracking  and  clarity  on  policies  or  processes.       And  if  someone  leaves?  I  could  tell  you  all  the  access   you  need  to  cancel  or  delete  since  you  clearly  won’t   know.  But  why  bother?  What’s  the  point,  really?    
Tradi'onal  Provisioning  Architecture   Employee/Contractor   IT  Admins/  Developers   Consultants   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)  
Marvin  the  Paranoid  Android  Says…   The  first  ten  million  enhancements  are  the  worst,  and   the  second  ten  million  enhancements,  they  were  the   worst  too.  The  third  ten  million  I  didn’t  enjoy  at  all.   Axer  that  I  went  into  a  bit  of  a  decline.     It’s  the  armies  of  developers  and  consultants  you   need  to  hire  in  this  job  that  really  get  you  down.  
The  Compliance  Problem   Employee/Contractor   IT  Admins/  Developers   Consultants   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
Marvin  the  Paranoid  Android  Says…   My  capacity  for  happiness  at  the  prospect  of…     …gathering  all  that  data  from  different  applica'ons,   running  axer  and  nagging  all  my  applica'on   administrators  and  business  owners  to  get  them  to   help  me,  then  trying  to  put  it  into  spreadsheets  that   my  managers  can  actually  use  without  rubber   stamping  them  or  wan'ng  to  throw  their  computers   down  an  elevator  shax…     …you  could  fit  into  a  matchbox  without  taking  out  the   matches  first.  
The  Birth  of  a  New  Solu'on  Category   Employee/Contractor   IT  Admins/  Developers   Consultants   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on   Applica'on   Recer'fica'on  
Marvin  the  Paranoid  Android  Says…   I  suppose  you  want  me  to  configure,  manage  and   maintain  two  of  these  beasts?     I’m  not  going  to  enjoy  this.  
The  Cloud  Problem  Cometh   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on   Admins/Helpdesk   Business  Users   Manual   Fulfillment  
Marvin  the  Paranoid  Android  Says…   You  think  you’ve  got  problems?  What  are  you   supposed  to  do  if  you  are  a  manically  depressed   robot?  
When  SaaS  A^acks  (the  Enterprise  Market)   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   AD   Directory   Synchroniza<on  
Marvin  the  Paranoid  Android  Says…   You  may  not  see  the  folly  of  opening  up  all  those   connec'ons  to  your  internal  IT  environment,  but  then   your  logic  circuits  don’t  compare  to  mine.     And  to  try  and  model  all  those  SaaS  apps  privileges   into  your  AD  environment  so  that  you  can  con'nue  to   give  users  a  single  management  and  request  portal?   Not  even  the  Googleplex  Star  Thinker,  which  can   calculate  the  trajectory  of  every  single  dust  par'cle   throughout  a  five-­‐week  Dangrabad  Beta  sand  blizzard   can  do  that!  
We  Could  Try  Some  Extensions…   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
We  Could  Try  Some  Extensions…   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
SCIM?   Whither  the  Standardized  Solu'on?   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
Marvin  the  Paranoid  Android  Says…   I  suppose  I  could  hang  around  and  wait  for  another   five  hundred  and  seventy-­‐six  thousand  million,  three   thousand  five  hundred  and  seventy-­‐nine  years.  
The  Requisite  Cloud-­‐Based  Solu'on   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Cloud-­‐based   Iden'ty  Bridge  
Marvin  the  Paranoid  Android  Says…   Here  I  am,  brain  the  size  of  a  planet  and  they  ask  me   to  build  a  bridge.  Call  that  job  sa<sfac<on?  ‘Cos  I   don’t.  
IDaaS  Solu'ons  –  The  First  Wave   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   AD   Directory   Synchroniza<on   Cloud-­‐based  SSO   SAML  /   Oauth/   Form   Filling  
Marvin  the  Paranoid  Android  Says…   I  could  tell  you  that  it  ignores  everything  that  is   deployed  on-­‐premises,  and  assumes  that  you   something  else  to  manage  the  iden'ty  store.  I   suppose  it  might  be  relevant  that  de-­‐provisioning  is  a   problem  area,  and  that  there  is  a  lack  of  governance   controls.  And  all  the  problems  of  directory   synchroniza'on  will  show  up  here…     …but  I  don’t  suppose  you’ll  be  very  interested  in   knowing  that.  
IDaaS  Solu'ons  –  The  Next  Wave   Employee/Contractor   On-­‐Prem   Iden'ty  Bridge   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Cloud-­‐based   Provisioning  System  
Marvin  the  Paranoid  Android  Says…   Good  idea,  if  you  ask  me.  It’s  brilliant.     But  they’re  not.  
Iden'ty  Termina'on   “Very  few  ma^resses  have  ever  come  to   life  again.”  
Typical  Enterprise  Person  Termina'on   System  of  Record   ID  Store   Internal  Applica'ons  User  Stores  
Adding  Automa'on   System  of  Record   ID  Store   Internal  Applica'ons  User  Stores   Provisioning  System  
Adding  Automa'on   System  of  Record   ID  Store   Internal  Applica'ons  User  Stores   Provisioning  System   •  Account  Reten'on  Period   •  Re'rees   •  Rehires   •  Scheduled  Termina'on  with   Warning  and  Extensions  
The  Myth  of  SSO-­‐Based  De-­‐Provisioning   System  of  Record   ID  Store   Internal  Applica'ons  (SSO)  User  Stores   SSO  System  
Marvin  the  Paranoid  Android  Says…   They’ve  spent  the  last  five  years  building  it.  They  think   they’ve  got  it  right  but  they  haven’t.  First  off,  the   meter  on  those  accounts  is  s'll  running.  And  they’re   ac've,  which  means  they  can  be  logged  into.  And  they   can  be  exploited  in  ways  that  circumvent  SSO.  And  did   no  one  stop  to  consider  mobile  access?     There’s  nothing  I  can  do.  It’s  on  an  independent  circuit   from  the  others.  
The  Future  is  Pull  
From  “Owning”  The  Iden'ty…  
…  To  “Bring  Your  Own”  Iden'ty  
Where  Iden'ty  Is  A  Many  Layered  Thing   Identity Verification API Integrations Socially Verified Identities Federatio nIdentity Brokers
A  Pull-­‐Based  Iden'ty  Model   Employee/Contractor   On-­‐Prem   Iden'ty  Bridge   A^ribute  Authori'es   IDaaS  Pla{orm   JIT  Provisioning   AXribute  Request   Change  No<fica<on   De-­‐Provisioning  Push   Bring  Your  Own  Iden<ty  
A  Final  Thought   “Here's  an  interes'ng  li^le  no'on.  Did  you   realize  that  most  people's  lives  are   governed  by  telephone  numbers?”  
Connect,  Discuss   blog.talkingiden'ty.com   @NishantK   Learn  More   Identropy.com   @Identropy  

Empfohlen

BrainDocs Solution Update Feb 2013
BrainDocs Solution Update Feb 2013BrainDocs Solution Update Feb 2013
BrainDocs Solution Update Feb 2013Boulder Equity Analytics
 
Intralinks Uses Hybrid Computing to Blaze a Compliance Trail Across the Regul...
Intralinks Uses Hybrid Computing to Blaze a Compliance Trail Across the Regul...Intralinks Uses Hybrid Computing to Blaze a Compliance Trail Across the Regul...
Intralinks Uses Hybrid Computing to Blaze a Compliance Trail Across the Regul...Dana Gardner
 
CIS14: Identity at Scale: Building from the Ground Up
CIS14: Identity at Scale: Building from the Ground UpCIS14: Identity at Scale: Building from the Ground Up
CIS14: Identity at Scale: Building from the Ground UpCloudIDSummit
 
CIS14: Spinning New Threads with Existing Identity Systems
CIS14: Spinning New Threads with Existing Identity SystemsCIS14: Spinning New Threads with Existing Identity Systems
CIS14: Spinning New Threads with Existing Identity SystemsCloudIDSummit
 
CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
CIS14: Bringing Crypto Back: Web Authentication without Bearer TokensCIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
CIS14: Bringing Crypto Back: Web Authentication without Bearer TokensCloudIDSummit
 
CIS14: PingOne IDaaS: What You Need to Know
CIS14: PingOne IDaaS: What You Need to KnowCIS14: PingOne IDaaS: What You Need to Know
CIS14: PingOne IDaaS: What You Need to KnowCloudIDSummit
 
CIS14: Handling Identity in AllJoyn 14.06
CIS14: Handling Identity in AllJoyn 14.06CIS14: Handling Identity in AllJoyn 14.06
CIS14: Handling Identity in AllJoyn 14.06CloudIDSummit
 
2014 07-19 id cloud summit
2014 07-19 id cloud summit2014 07-19 id cloud summit
2014 07-19 id cloud summitCloudIDSummit
 

Empfohlen

BrainDocs Solution Update Feb 2013
BrainDocs Solution Update Feb 2013BrainDocs Solution Update Feb 2013
BrainDocs Solution Update Feb 2013Boulder Equity Analytics
 
Intralinks Uses Hybrid Computing to Blaze a Compliance Trail Across the Regul...
Intralinks Uses Hybrid Computing to Blaze a Compliance Trail Across the Regul...Intralinks Uses Hybrid Computing to Blaze a Compliance Trail Across the Regul...
Intralinks Uses Hybrid Computing to Blaze a Compliance Trail Across the Regul...Dana Gardner
 
CIS14: Identity at Scale: Building from the Ground Up
CIS14: Identity at Scale: Building from the Ground UpCIS14: Identity at Scale: Building from the Ground Up
CIS14: Identity at Scale: Building from the Ground UpCloudIDSummit
 
CIS14: Spinning New Threads with Existing Identity Systems
CIS14: Spinning New Threads with Existing Identity SystemsCIS14: Spinning New Threads with Existing Identity Systems
CIS14: Spinning New Threads with Existing Identity SystemsCloudIDSummit
 
CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
CIS14: Bringing Crypto Back: Web Authentication without Bearer TokensCIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
CIS14: Bringing Crypto Back: Web Authentication without Bearer TokensCloudIDSummit
 
CIS14: PingOne IDaaS: What You Need to Know
CIS14: PingOne IDaaS: What You Need to KnowCIS14: PingOne IDaaS: What You Need to Know
CIS14: PingOne IDaaS: What You Need to KnowCloudIDSummit
 
CIS14: Handling Identity in AllJoyn 14.06
CIS14: Handling Identity in AllJoyn 14.06CIS14: Handling Identity in AllJoyn 14.06
CIS14: Handling Identity in AllJoyn 14.06CloudIDSummit
 
2014 07-19 id cloud summit
2014 07-19 id cloud summit2014 07-19 id cloud summit
2014 07-19 id cloud summitCloudIDSummit
 
CIS14: NSTIC: Identity Enables a New Digital Relationship
CIS14: NSTIC: Identity Enables a New Digital RelationshipCIS14: NSTIC: Identity Enables a New Digital Relationship
CIS14: NSTIC: Identity Enables a New Digital RelationshipCloudIDSummit
 
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...CloudIDSummit
 
CIS13: Identity Tech Overview: Less Pain, More Gain
CIS13: Identity Tech Overview: Less Pain, More GainCIS13: Identity Tech Overview: Less Pain, More Gain
CIS13: Identity Tech Overview: Less Pain, More GainCloudIDSummit
 
CIS14: Authorization: It's What's for Dessert
CIS14: Authorization: It's What's for DessertCIS14: Authorization: It's What's for Dessert
CIS14: Authorization: It's What's for DessertCloudIDSummit
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS14: Best Practices You Must Apply to Secure Your APIs
CIS14: Best Practices You Must Apply to Secure Your APIsCIS14: Best Practices You Must Apply to Secure Your APIs
CIS14: Best Practices You Must Apply to Secure Your APIsCloudIDSummit
 
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...CIS14: Case Study: Using a Federated Identity Service for Faster Application ...
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...CloudIDSummit
 
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...CloudIDSummit
 
CIS14: Early Peek at PingFederate Administrative REST API
CIS14: Early Peek at PingFederate Administrative REST APICIS14: Early Peek at PingFederate Administrative REST API
CIS14: Early Peek at PingFederate Administrative REST APICloudIDSummit
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCloudIDSummit
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)
•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)
•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)Katie Amps
 
A105_Vaskelis
A105_VaskelisA105_Vaskelis
A105_VaskelisDarius Vaskelis
 
Vinix Unplugged Unconference 2012
Vinix Unplugged Unconference 2012Vinix Unplugged Unconference 2012
Vinix Unplugged Unconference 2012Marco Ghezzi
 
Sr8 cm3falcón h daniela so en smartv
Sr8 cm3falcón h daniela so en smartvSr8 cm3falcón h daniela so en smartv
Sr8 cm3falcón h daniela so en smartvDaniz Smile
 
Chapter 9
Chapter 9Chapter 9
Chapter 9Vipin Pachauri
 
Wie kommt der Professor auf mein Handy?
Wie kommt der Professor auf mein Handy?Wie kommt der Professor auf mein Handy?
Wie kommt der Professor auf mein Handy?Martin Ebner
 
Implicaciones de la Ley de Datos Personales en el Sector Privado
Implicaciones de la Ley de Datos Personales en el Sector PrivadoImplicaciones de la Ley de Datos Personales en el Sector Privado
Implicaciones de la Ley de Datos Personales en el Sector PrivadoGrupo Megamedia
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
What is ? Modern business questions 2014
What is ? Modern business questions 2014What is ? Modern business questions 2014
What is ? Modern business questions 2014Exo Futures
 

Weitere ähnliche Inhalte

Andere mochten auch

CIS14: NSTIC: Identity Enables a New Digital Relationship
CIS14: NSTIC: Identity Enables a New Digital RelationshipCIS14: NSTIC: Identity Enables a New Digital Relationship
CIS14: NSTIC: Identity Enables a New Digital RelationshipCloudIDSummit
 
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...CloudIDSummit
 
CIS13: Identity Tech Overview: Less Pain, More Gain
CIS13: Identity Tech Overview: Less Pain, More GainCIS13: Identity Tech Overview: Less Pain, More Gain
CIS13: Identity Tech Overview: Less Pain, More GainCloudIDSummit
 
CIS14: Authorization: It's What's for Dessert
CIS14: Authorization: It's What's for DessertCIS14: Authorization: It's What's for Dessert
CIS14: Authorization: It's What's for DessertCloudIDSummit
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS14: Best Practices You Must Apply to Secure Your APIs
CIS14: Best Practices You Must Apply to Secure Your APIsCIS14: Best Practices You Must Apply to Secure Your APIs
CIS14: Best Practices You Must Apply to Secure Your APIsCloudIDSummit
 
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...CIS14: Case Study: Using a Federated Identity Service for Faster Application ...
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...CloudIDSummit
 
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...CloudIDSummit
 
CIS14: Early Peek at PingFederate Administrative REST API
CIS14: Early Peek at PingFederate Administrative REST APICIS14: Early Peek at PingFederate Administrative REST API
CIS14: Early Peek at PingFederate Administrative REST APICloudIDSummit
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCloudIDSummit
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)
•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)
•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)Katie Amps
 
Vinix Unplugged Unconference 2012
Vinix Unplugged Unconference 2012Vinix Unplugged Unconference 2012
Vinix Unplugged Unconference 2012Marco Ghezzi
 
Sr8 cm3falcón h daniela so en smartv
Sr8 cm3falcón h daniela so en smartvSr8 cm3falcón h daniela so en smartv
Sr8 cm3falcón h daniela so en smartvDaniz Smile
 
Wie kommt der Professor auf mein Handy?
Wie kommt der Professor auf mein Handy?Wie kommt der Professor auf mein Handy?
Wie kommt der Professor auf mein Handy?Martin Ebner
 
Implicaciones de la Ley de Datos Personales en el Sector Privado
Implicaciones de la Ley de Datos Personales en el Sector PrivadoImplicaciones de la Ley de Datos Personales en el Sector Privado
Implicaciones de la Ley de Datos Personales en el Sector PrivadoGrupo Megamedia
 

Andere mochten auch (20)

CIS14: NSTIC: Identity Enables a New Digital Relationship
CIS14: NSTIC: Identity Enables a New Digital RelationshipCIS14: NSTIC: Identity Enables a New Digital Relationship
CIS14: NSTIC: Identity Enables a New Digital Relationship
 
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...
 
CIS13: Identity Tech Overview: Less Pain, More Gain
CIS13: Identity Tech Overview: Less Pain, More GainCIS13: Identity Tech Overview: Less Pain, More Gain
CIS13: Identity Tech Overview: Less Pain, More Gain
 
CIS14: Authorization: It's What's for Dessert
CIS14: Authorization: It's What's for DessertCIS14: Authorization: It's What's for Dessert
CIS14: Authorization: It's What's for Dessert
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
CIS14: Best Practices You Must Apply to Secure Your APIs
CIS14: Best Practices You Must Apply to Secure Your APIsCIS14: Best Practices You Must Apply to Secure Your APIs
CIS14: Best Practices You Must Apply to Secure Your APIs
 
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...CIS14: Case Study: Using a Federated Identity Service for Faster Application ...
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...
 
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
 
CIS14: Early Peek at PingFederate Administrative REST API
CIS14: Early Peek at PingFederate Administrative REST APICIS14: Early Peek at PingFederate Administrative REST API
CIS14: Early Peek at PingFederate Administrative REST API
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the Enterprise
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
 
•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)
•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)
•ABSOLUTELY EMIRATES MAMA MEDIA PACK 2016_V3.mj (1)
 
A105_Vaskelis
A105_VaskelisA105_Vaskelis
A105_Vaskelis
 
Vinix Unplugged Unconference 2012
Vinix Unplugged Unconference 2012Vinix Unplugged Unconference 2012
Vinix Unplugged Unconference 2012
 
Sr8 cm3falcón h daniela so en smartv
Sr8 cm3falcón h daniela so en smartvSr8 cm3falcón h daniela so en smartv
Sr8 cm3falcón h daniela so en smartv
 
Chapter 9
Chapter 9Chapter 9
Chapter 9
 
Wie kommt der Professor auf mein Handy?
Wie kommt der Professor auf mein Handy?Wie kommt der Professor auf mein Handy?
Wie kommt der Professor auf mein Handy?
 
Implicaciones de la Ley de Datos Personales en el Sector Privado
Implicaciones de la Ley de Datos Personales en el Sector PrivadoImplicaciones de la Ley de Datos Personales en el Sector Privado
Implicaciones de la Ley de Datos Personales en el Sector Privado
 

Ähnlich wie CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
What is ? Modern business questions 2014
What is ? Modern business questions 2014What is ? Modern business questions 2014
What is ? Modern business questions 2014Exo Futures
 
Moving To MicroServices
Moving To MicroServicesMoving To MicroServices
Moving To MicroServicesDavid Walker
 
Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Den Reymer
 
AI and IoT innovation - an industry focus
AI and IoT innovation - an industry focusAI and IoT innovation - an industry focus
AI and IoT innovation - an industry focusAmazon Web Services
 
Cyber Threats and Data Privacy in a Digital World
Cyber Threats and Data Privacy in a Digital WorldCyber Threats and Data Privacy in a Digital World
Cyber Threats and Data Privacy in a Digital Worldqubanewmedia
 
Get Access Case Study
Get Access Case StudyGet Access Case Study
Get Access Case Studymmmmmrob
 
Why service design
Why service designWhy service design
Why service designShaun West
 
Building a Culture of Innovation - AWS Partner Summit Mumbai 2018.pdf
Building a Culture of Innovation - AWS Partner Summit Mumbai 2018.pdfBuilding a Culture of Innovation - AWS Partner Summit Mumbai 2018.pdf
Building a Culture of Innovation - AWS Partner Summit Mumbai 2018.pdfAmazon Web Services
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
DevSecCon London 2018: How to fit threat modelling into agile development: sl...
DevSecCon London 2018: How to fit threat modelling into agile development: sl...DevSecCon London 2018: How to fit threat modelling into agile development: sl...
DevSecCon London 2018: How to fit threat modelling into agile development: sl...DevSecCon
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
Reducing Tickets and Crushing SLAs with StatusPage
Reducing Tickets and Crushing SLAs with StatusPageReducing Tickets and Crushing SLAs with StatusPage
Reducing Tickets and Crushing SLAs with StatusPageAtlassian
 
AI And IOT Processor Operation Business Technology Information Finance
AI And IOT Processor Operation Business Technology Information FinanceAI And IOT Processor Operation Business Technology Information Finance
AI And IOT Processor Operation Business Technology Information FinanceSlideTeam
 
Globalization and VPEC-T
Globalization and VPEC-TGlobalization and VPEC-T
Globalization and VPEC-TRichard Veryard
 
How to Stay on Top of Users' Identities and their Access Rights
How to Stay on Top of Users' Identities and their Access RightsHow to Stay on Top of Users' Identities and their Access Rights
How to Stay on Top of Users' Identities and their Access RightsIvanti
 
Pimp Your BIRT Reports
Pimp Your BIRT ReportsPimp Your BIRT Reports
Pimp Your BIRT Reportsmicajblock
 

Ähnlich wie CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything? (20)

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
 
What is ? Modern business questions 2014
What is ? Modern business questions 2014What is ? Modern business questions 2014
What is ? Modern business questions 2014
 
Moving To MicroServices
Moving To MicroServicesMoving To MicroServices
Moving To MicroServices
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015
 
AI and IoT innovation - an industry focus
AI and IoT innovation - an industry focusAI and IoT innovation - an industry focus
AI and IoT innovation - an industry focus
 
Cyber Threats and Data Privacy in a Digital World
Cyber Threats and Data Privacy in a Digital WorldCyber Threats and Data Privacy in a Digital World
Cyber Threats and Data Privacy in a Digital World
 
Get Access Case Study
Get Access Case StudyGet Access Case Study
Get Access Case Study
 
Why service design
Why service designWhy service design
Why service design
 
Building a Culture of Innovation - AWS Partner Summit Mumbai 2018.pdf
Building a Culture of Innovation - AWS Partner Summit Mumbai 2018.pdfBuilding a Culture of Innovation - AWS Partner Summit Mumbai 2018.pdf
Building a Culture of Innovation - AWS Partner Summit Mumbai 2018.pdf
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
DevSecCon London 2018: How to fit threat modelling into agile development: sl...
DevSecCon London 2018: How to fit threat modelling into agile development: sl...DevSecCon London 2018: How to fit threat modelling into agile development: sl...
DevSecCon London 2018: How to fit threat modelling into agile development: sl...
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 
E-Commerce & E-Business in Layman Terms......
E-Commerce & E-Business in Layman Terms......E-Commerce & E-Business in Layman Terms......
E-Commerce & E-Business in Layman Terms......
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web Summit
 
Reducing Tickets and Crushing SLAs with StatusPage
Reducing Tickets and Crushing SLAs with StatusPageReducing Tickets and Crushing SLAs with StatusPage
Reducing Tickets and Crushing SLAs with StatusPage
 
AI And IOT Processor Operation Business Technology Information Finance
AI And IOT Processor Operation Business Technology Information FinanceAI And IOT Processor Operation Business Technology Information Finance
AI And IOT Processor Operation Business Technology Information Finance
 
Globalization and VPEC-T
Globalization and VPEC-TGlobalization and VPEC-T
Globalization and VPEC-T
 
How to Stay on Top of Users' Identities and their Access Rights
How to Stay on Top of Users' Identities and their Access RightsHow to Stay on Top of Users' Identities and their Access Rights
How to Stay on Top of Users' Identities and their Access Rights
 
Pimp Your BIRT Reports
Pimp Your BIRT ReportsPimp Your BIRT Reports
Pimp Your BIRT Reports
 

Mehr von CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

Mehr von CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Kürzlich hochgeladen

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 

Kürzlich hochgeladen (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 

CIS13: Is Identity the Answer to the Great Question of Life, the Universe, and Everything?

  • 1. Is  Iden'ty  the  Answer  to  the  Great  Ques'on   of  Life,  the  Universe,  and  Everything?   Nishant  Kaushik  /  Chief  Architect   @NishantK  
  • 2. Is  Iden'ty  the  Answer  to  the  Great  Ques'on   of  Life,  the  Universe,  and  Everything?   Nishant  Kaushik  /  Chief  Architect   @NishantK  
  • 3. In  the  beginning  the  Universe   was  created.       This  has  made  a  lot  of  people   very  angry  and  has  been   widely  regarded  as  a  bad   move.  
  • 4. In  the  beginning  the  Internet   was  created   without  an  Iden'ty  layer.     This  has  made  a  lot  of  people   very  angry  and  has  been   widely  regarded  as  a  bad   move.  
  • 5. So,  What  is  Iden'ty?  
  • 6. Iden'ty  =  Context   Trust   Transparency   Convenience   Security   Privacy   Community  
  • 7. Interac've  Subjec'vity  Frameworks   “Just  as  Einstein  observed   that  space  was  not  an   absolute  but  depended  on   the  observer’s  movement  in   space,  and  that  'me  was   not  an  absolute,  but   depended  on  the  observer’s   movement  in  'me,  so  it  is   now  realized  that  numbers   are  not  absolute,  but   depend  on  the  observer’s   movement  in  restaurants.”  
  • 8. PuUng  Context  in  Context   Simplest  
  • 9. PuUng  Context  in  Context   Simple  
  • 10. PuUng  Context  in  Context   Complex  
  • 11. PuUng  Context  in  Context   Most  Complex  
  • 12. Let’s  Not  Forget   I  ache,  therefore  I  am.  
  • 13. Context  In  Ac'on:  Hiring  Amy,  Part  1   Recrui'ng  App   Social  Login   Authen'ca'on   Service   Iden'ty   Verifica'on  Service   Iden'ty  Store   Service  
  • 14. Context  In  Ac'on:  Hiring  Amy,  Part  2   Recrui'ng  App   Social  Login   Authen'ca'on   Service   A^ribute  Exchange   Service   Iden'ty  Store   Service   Authorize  Data   Release   A^ribute  Authority  
  • 15. Context  in  Ac'on:  A  Day  in  the  Life  of  Amy   Company  Portal   Social  Login   Authen'ca'on   Service   Iden'ty  Store   Service   Launch  box.net   Passive  Step-­‐up  Authen<ca<on   JIT  Provisioning  &   Federated  AuthN   A^ribute  Exchange   Service  
  • 16. Context  in  Ac'on:  A  Day  in  the  Life  of  Amy  (Alt.)   Iden'ty  Store   Service   Logs  in  with   personal  account,   then  requests   access  to  company   site   Iden'ty  Hub   Service   Authen'ca'on   Service   Step-­‐up  Authen<ca<on  via   Iden<ty  Verifica<on   Register  for  Iden<ty  Event   No<fica<ons  via     Graph  API  
  • 17. Context  in  Ac'on:  Amy  Unleashed   Recommenda'on   Service   Walks  into  retail  store  and  uses   their  Recommenda<on  Service.     Directs  service  to  the   Iden<ty  Oracle  using  her  mobile   Various   Authorita've   Sources     Iden'ty  Oracle   Service   Requests  access  to  personaliza<on   data.  User  policy  enforced  via  UMA   Log  out  &   Dispose  
  • 18. So,  What  is  Iden'ty,  Really?  
  • 19. (De)Construc'ng  Iden'ty   A^ribute:  A  property  of  a  subject  that  may  have  zero  or   more  values   Hair  Color:  Blond   Age:  31   Name:  Janet  Munroe  Title:  VP,  Engineering   Loca'on:  40.783147,  -­‐73.971277   Mobile:  212-­‐555-­‐2962   Roles:  Github  Admin,  SOX12,   Developer,  …  
  • 20. (De)Construc'ng  Iden'ty   A^ribute  Asser'on:  A  statement  that  conveys   informa'on  about  a^ributes  of  a  subject  
  • 21. (De)Construc'ng  Iden'ty   A^ribute  Authority:  A  system  en'ty  that  produces   a^ribute  asser'ons  
  • 22. (De)Construc'ng  Iden'ty   Claim:  An  a^ribute  asser'on  made  by  one  en'ty  about   another  en'ty  
  • 23. (De)Construc'ng  Iden'ty   Iden'fier:  A  representa'on  mapped  to  a  subject  en'ty   that  uniquely  refers  to  it   589-25-6029 465-05-6873 034-39-7383 945-27-4834 437-52-0358 576-23-2957 085-72-2068
  • 24. Rela'onships  Bring  it  all  Together  
  • 25. So,  What’s  a  Magrathean  to  do?   For  Applica'ons,  it’s  been  a  DIY  world,  baby!  
  • 26. So,  What’s  a  Magrathean  to  do?   For  Applica'ons,  it’s  been  a  DIY  world,  baby!   User  Tables   Roles  &  Policies   Registra'on  Processes   User  Administra'on   Profile  Management   Security  Enforcement  
  • 27. Enterprises  have  a  Problem  on  their  Hands   @NishantK  //  @Identropy  
  • 28. Businesses  have  a  Problem  on  their  Hands  
  • 29. Users  have  a  Problem  on  their  Hands  
  • 30. Enter  Iden'ty  &  Access  Management   “The  History  of  every  major  Galac'c  Civiliza'on  tends   to  pass  through  three  dis'nct  and  recognizable  phases,   those  of  Survival,  Inquiry  and  Sophis'ca'on,  otherwise   known  as  the  How,  Why  and  Where  phases.”    
  • 31. Enter  Iden'ty  &  Access  Management   “The  History  of  every  major  Galac'c  Civiliza'on  tends   to  pass  through  three  dis'nct  and  recognizable  phases,   those  of  Survival,  Inquiry  and  Sophis'ca'on,  otherwise   known  as  the  How,  Why  and  Where  phases.”     The  Goal   • Reduce  security  risks  while  empowering  users   • Ensure  compliance  with  corporate  policies  and  regulatory  requirements   • Drama'cally  reduce  the  cost  of  providing  and  managing  access  to  valuable  corporate  resources   • Increase  produc'vity  and  opera'onal  efficiency   • Enable  IT  to  be  more  responsive  to  evolving  business  requirements  
  • 32. Let’s  Look  at  the  “I”  in  IAM  
  • 33. Iden'ty  Management  as  Coordinator   Iden'ty  Management   Who,  What,  When,   Where,  Why   SaaS  Apps   On-­‐Prem  Apps   Partner  Apps   Authorita've   Sources   Self  and  Administra've   Sources   Social  Iden''es   Business,  Security  &   Compliance  Policies   Other  Assets  
  • 34. Iden'ty  Management  as  Coordinator   Iden'ty  Management   Who,  What,  When,   Where,  Why   SaaS  Apps   On-­‐Prem  Apps   Authorita've   Sources   Self  and  Administra've   Sources   Social  Iden''es   Business,  Security  &   Compliance  Policies   Partner  Apps   Other  Assets  
  • 35. Lifecycle  of  an  Enterprise  Iden'ty   Joiner  →  Mover  →  Leaver  Processes   Registra'on   Termina'on   Access  De-­‐Provisioning   Access  Provisioning   Rou'ne  Updates  Enable/Disable   Compliance   Policies   Business  &   Security  Policies  
  • 36. Iden'ty  Registra'on   “The  Guide  is  defini've.  Reality  is   frequently  inaccurate.”  
  • 37. The  Typical  Employee  On-­‐Boarding   ID  Store   Iden'ty  Provider   Trust   HR  Applica'on   A^ribute  Authority  
  • 38. The  Typical  Contractor  On-­‐Boarding   ID  Store   Iden'ty  Provider   Trust   Contractor  Database/Spreadsheet   A^ribute  Authority  
  • 39. Adding  Automa'on   HR  Applica'on   Trust   A^ribute  Authori'es   Contractor  DB   ID  Store   Iden'ty  Provider   Provisioning  System  
  • 40. Transi'oning  to  an  Online  World   System(s)  of  Record   ID  Store   Iden'ty  Provider   Trust   A^ribute  Authori'es   Provisioning  System   Recrui'ng/Registra'on  App   Self-­‐Asserted  Claims  
  • 41. Iden'ty  Proofing   System  of  Record   ID  Store   Provisioning  System   Recrui'ng/Registra'on  App   Iden'ty  Proofing  Service   A^ribute  Authori'es   Self-­‐Asserted  Claims  
  • 42. Iden'ty  Proofing   ID  Store   User  Registra'on  Portal   Iden'ty  Proofing  Service   A^ribute  Authori'es   Self-­‐Asserted  Claims  
  • 43. Social  Iden'ty  Proofing   ID  Store   User  Registra'on  Portal   Iden'ty  Proofing  Service   Risk  Score  
  • 44. Access  Provisioning  &  De-­‐Provisioning   “To  summarize  the  summary  of  the   summary:  people  are  a  problem.”  
  • 45. Access  Provisioning  is…   …the  crea'on,  maintenance  and  deac'va'on  of  user   objects  and  user  a^ributes,  as  they  exist  in  one  or  more   systems,  directories  or  applica'ons,  in  response  to   automated  or  interac've  business  processes       Source:  h^p://en.wikipedia.org/wiki/Provisioning#User_provisioning    
  • 46. Access  Provisioning  is…   …the  crea'on,  maintenance  and  deac'va'on  of  user   objects  and  user  a^ributes,  as  they  exist  in  one  or  more   systems,  directories  or  applica'ons,  in  response  to   automated  or  interac've  business  processes       This  Covers   • Crea'ng  and  Dele'ng  User  Accounts   • Upda'ng  their  A^ributes   • Assigning  and  Removing  Privileges   • Password  Management  (Change,  Reset,  Sync,  Recovery)   Source:  h^p://en.wikipedia.org/wiki/Provisioning#User_provisioning    
  • 47. The  Basic  Manual  Approach   Employee/Contractor   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   HR  Manager   Applica'on  Admins/Helpdesk   APPROVED Access  Request   Form   Ops  Team  
  • 48. Marvin  the  Paranoid  Android  Says…   We’re  talking  about  lost  produc'vity  and  error  prone   processes.  Your  IT  staff  is  burdened  with  tasks  well   below  their  levels.  Don’t  even  begin  to  ask  me  about   handling  updates  and  moves,  what  with  the  lack  of   tracking  and  clarity  on  policies  or  processes.       And  if  someone  leaves?  I  could  tell  you  all  the  access   you  need  to  cancel  or  delete  since  you  clearly  won’t   know.  But  why  bother?  What’s  the  point,  really?    
  • 49. Tradi'onal  Provisioning  Architecture   Employee/Contractor   IT  Admins/  Developers   Consultants   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)  
  • 50. Marvin  the  Paranoid  Android  Says…   The  first  ten  million  enhancements  are  the  worst,  and   the  second  ten  million  enhancements,  they  were  the   worst  too.  The  third  ten  million  I  didn’t  enjoy  at  all.   Axer  that  I  went  into  a  bit  of  a  decline.     It’s  the  armies  of  developers  and  consultants  you   need  to  hire  in  this  job  that  really  get  you  down.  
  • 51. The  Compliance  Problem   Employee/Contractor   IT  Admins/  Developers   Consultants   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
  • 52. Marvin  the  Paranoid  Android  Says…   My  capacity  for  happiness  at  the  prospect  of…     …gathering  all  that  data  from  different  applica'ons,   running  axer  and  nagging  all  my  applica'on   administrators  and  business  owners  to  get  them  to   help  me,  then  trying  to  put  it  into  spreadsheets  that   my  managers  can  actually  use  without  rubber   stamping  them  or  wan'ng  to  throw  their  computers   down  an  elevator  shax…     …you  could  fit  into  a  matchbox  without  taking  out  the   matches  first.  
  • 53. The  Birth  of  a  New  Solu'on  Category   Employee/Contractor   IT  Admins/  Developers   Consultants   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on   Applica'on   Recer'fica'on  
  • 54. Marvin  the  Paranoid  Android  Says…   I  suppose  you  want  me  to  configure,  manage  and   maintain  two  of  these  beasts?     I’m  not  going  to  enjoy  this.  
  • 55. The  Cloud  Problem  Cometh   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on   Admins/Helpdesk   Business  Users   Manual   Fulfillment  
  • 56. Marvin  the  Paranoid  Android  Says…   You  think  you’ve  got  problems?  What  are  you   supposed  to  do  if  you  are  a  manically  depressed   robot?  
  • 57. When  SaaS  A^acks  (the  Enterprise  Market)   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   AD   Directory   Synchroniza<on  
  • 58. Marvin  the  Paranoid  Android  Says…   You  may  not  see  the  folly  of  opening  up  all  those   connec'ons  to  your  internal  IT  environment,  but  then   your  logic  circuits  don’t  compare  to  mine.     And  to  try  and  model  all  those  SaaS  apps  privileges   into  your  AD  environment  so  that  you  can  con'nue  to   give  users  a  single  management  and  request  portal?   Not  even  the  Googleplex  Star  Thinker,  which  can   calculate  the  trajectory  of  every  single  dust  par'cle   throughout  a  five-­‐week  Dangrabad  Beta  sand  blizzard   can  do  that!  
  • 59. We  Could  Try  Some  Extensions…   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
  • 60. We  Could  Try  Some  Extensions…   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
  • 61. SCIM?   Whither  the  Standardized  Solu'on?   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Auditors   Applica'on   Recer'fica'on  
  • 62. Marvin  the  Paranoid  Android  Says…   I  suppose  I  could  hang  around  and  wait  for  another   five  hundred  and  seventy-­‐six  thousand  million,  three   thousand  five  hundred  and  seventy-­‐nine  years.  
  • 63. The  Requisite  Cloud-­‐Based  Solu'on   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Cloud-­‐based   Iden'ty  Bridge  
  • 64. Marvin  the  Paranoid  Android  Says…   Here  I  am,  brain  the  size  of  a  planet  and  they  ask  me   to  build  a  bridge.  Call  that  job  sa<sfac<on?  ‘Cos  I   don’t.  
  • 65. IDaaS  Solu'ons  –  The  First  Wave   Employee/Contractor   Provisioning   System   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   AD   Directory   Synchroniza<on   Cloud-­‐based  SSO   SAML  /   Oauth/   Form   Filling  
  • 66. Marvin  the  Paranoid  Android  Says…   I  could  tell  you  that  it  ignores  everything  that  is   deployed  on-­‐premises,  and  assumes  that  you   something  else  to  manage  the  iden'ty  store.  I   suppose  it  might  be  relevant  that  de-­‐provisioning  is  a   problem  area,  and  that  there  is  a  lack  of  governance   controls.  And  all  the  problems  of  directory   synchroniza'on  will  show  up  here…     …but  I  don’t  suppose  you’ll  be  very  interested  in   knowing  that.  
  • 67. IDaaS  Solu'ons  –  The  Next  Wave   Employee/Contractor   On-­‐Prem   Iden'ty  Bridge   Internal   Applica'ons   User  Stores   (SSO,  IdP,  Fed)   Cloud-­‐based   Provisioning  System  
  • 68. Marvin  the  Paranoid  Android  Says…   Good  idea,  if  you  ask  me.  It’s  brilliant.     But  they’re  not.  
  • 69. Iden'ty  Termina'on   “Very  few  ma^resses  have  ever  come  to   life  again.”  
  • 70. Typical  Enterprise  Person  Termina'on   System  of  Record   ID  Store   Internal  Applica'ons  User  Stores  
  • 71. Adding  Automa'on   System  of  Record   ID  Store   Internal  Applica'ons  User  Stores   Provisioning  System  
  • 72. Adding  Automa'on   System  of  Record   ID  Store   Internal  Applica'ons  User  Stores   Provisioning  System   •  Account  Reten'on  Period   •  Re'rees   •  Rehires   •  Scheduled  Termina'on  with   Warning  and  Extensions  
  • 73. The  Myth  of  SSO-­‐Based  De-­‐Provisioning   System  of  Record   ID  Store   Internal  Applica'ons  (SSO)  User  Stores   SSO  System  
  • 74. Marvin  the  Paranoid  Android  Says…   They’ve  spent  the  last  five  years  building  it.  They  think   they’ve  got  it  right  but  they  haven’t.  First  off,  the   meter  on  those  accounts  is  s'll  running.  And  they’re   ac've,  which  means  they  can  be  logged  into.  And  they   can  be  exploited  in  ways  that  circumvent  SSO.  And  did   no  one  stop  to  consider  mobile  access?     There’s  nothing  I  can  do.  It’s  on  an  independent  circuit   from  the  others.  
  • 75. The  Future  is  Pull  
  • 76. From  “Owning”  The  Iden'ty…  
  • 77. …  To  “Bring  Your  Own”  Iden'ty  
  • 78. Where  Iden'ty  Is  A  Many  Layered  Thing   Identity Verification API Integrations Socially Verified Identities Federatio nIdentity Brokers
  • 79. A  Pull-­‐Based  Iden'ty  Model   Employee/Contractor   On-­‐Prem   Iden'ty  Bridge   A^ribute  Authori'es   IDaaS  Pla{orm   JIT  Provisioning   AXribute  Request   Change  No<fica<on   De-­‐Provisioning  Push   Bring  Your  Own  Iden<ty  
  • 80. A  Final  Thought   “Here's  an  interes'ng  li^le  no'on.  Did  you   realize  that  most  people's  lives  are   governed  by  telephone  numbers?”  
  • 81. Connect,  Discuss   blog.talkingiden'ty.com   @NishantK   Learn  More   Identropy.com   @Identropy