SlideShare una empresa de Scribd logo

Reengineering Digital Identity Through an Ecological Lens

CloudIDSummit
CloudIDSummit

This document summarizes a presentation on reengineering digital identity. It discusses how digital identities have evolved in different contexts or "niches" like banking, retail, etc. due to different pressures. It argues federated identity often fails because identities are too specialized to their original context. The document advocates dropping down to the level of specific identity attributes ("assertions") rather than abstract identities, and letting relying parties define what attributes they need, as their requirements define an identity. It suggests taking an ecological/memetic view of digital identity evolution could improve federation by recognizing specialized contexts and allowing flexible recombination of identity attributes.

TecnologíaEmpresariales
1 de 10
Descargar para leer sin conexión
Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 1 Reengineering Digital Identity Cloud Identity Summit 2013 Napa, California, 12 July 2013 Steve Wilson Lockstep Group swilson@lockstep.com.au @steve_lockstep “Imagine that a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log in to her bank” Howard Schmidt, 2011 Identity of course is one of the inherent currencies of humanity. It’s something that we hold dear, take for granted, and experience instinctively. But like much of the human condition, our regular experience of identity doesn’t carry over perfectly into cyber space. We have made a bit of a mess of the “analogue to digital” conversion. One problem is that our intuitions about digital identity are imperfect. Identity federation is without doubt an important response to the chaotic and ad hoc authentication that has emerged in cyberspace but federation is too often shaped by flawed intuitions.
Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 2 At least three major federated identity projects in Australia have been discontinued for their sheer complexity (I will explore the flaws in the classic business case later) • IIA 2FA Scheme • Trust Centre • MAMBO Promising start-ups and products similarly have failed. If Microsoft could not succeed with CardSpace, as exemplar of the Laws of Identity then something is wrong with the foundations • Sxipper • CardSpace Harder than it looks Too many federated identity programs fail Successful identity federations: monocultures The great majority of successful identity federations are PKI–based and sector-specific; that is, they are two-fold monocultures. This in itself is no bad thing, but it does point to inherent challenges in sustainability of techno- logically heterogeneous, cross-sector identity frameworks. • US Federal PKI • SAFE BioPharma • Australian Access Federation (tertiary ed) • BankID (Scandinavian banks plus govt)
Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 3 Problem: Legal novelty S RP Broker S RP Before After The business case for at least two large federated identity projects in Australia was a simple before-and-after schematic. The problem statement was depicted as the profusion of bilateral arrangements that subsist today between Subjects and Relying Parties. The solution was shown as a much simpler system of multilateral arrangements brokered by a central authentication hub. But this reasoning compares apples and oranges. Legal novelty cont. S RP Broker S RP Before After The flaw in this business case is that the multilateral arrangements on the right are more complex and more weighty than the simple bilateral ones on the left. The sheer legal novelty of brokered identity verification means that fresh analysis is needed by parties before they can participate, adding to the total cost. Some RPs will not be able to accept the new way of doing things and will maintain their old bilateral relationships. It is not possible to say that reducing the absolute number of contracts through federation will in and of itself reduce the total cost, without knowing what the precise cost of the legal work really is.
Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 4 Internet Industry Assoc. 2005 “We’ve never seen any- thing like this before” Legal counsel for IdPs, RPs The proof that the “after” picture in the simple schematic business case is more expensive than it looks came out of the Australian Internet Industry Association’s attempted federation of 2FA providers. This project commissioned a reputable law firm to draft participation agreements for IdPs and RPs (and Lockstep designed the technical architecture). Template agreements were tabled with management at retailers, airlines, financial institutions, government agencies and so on, all of whom had signed an MOU committing to the project. Yet several legal counsel responded that while they understood what we were trying to do, they had no experience in such a novel form of agreement, and they could not tell how long it would take to negotiate. Commercial lawyers are unaccustomed to unusual contracts; the time & expense of negotiating such proposals are unbounded. Where did they all come from? The very variety of authenticators begs an ecological sort of explanation. As with natural speciation, different authentication mechanisms have probably evolved in response to different environmental pressures. If the Martian identerati were to come to Earth, the first thing they’d notice would be the great profusion of authentication mechanisms …
Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 5 Identity is memetic The concept of memetics spun out of the ideas of evolutionary biologist Richard Dawkins, who coined the term “meme” meaning an inherited unit of human culture, analogous to the gene. Digital Identities can be unpacked into discrete technology and business traits or memes. Examples include registration process, evidence of ID, user interface, the physical form factor, number of authentication factors, algorithms, key lengths, liability arrangements and so on. The nature of these memes range from strict standards imposed by regulators, through to conventions or simple habits for identifying people. All of these memes relate to risk management, and each of them shifts more or less gradually over time as local risk environments change. For example, key length has increased steadily in response to the growing risk of brute force attack. Certain memes stabilise at different rates in different ecosystems; for example, in government, the hash algorithm SHA-1 has been widely superseded by SHA-256, but the new meme is slower to take hold in commerce because a different mix of environmental pressures applies, like affordability and legacy interoperability. Security tactics like Two Factor Authentication can jump ecosystems: retail banking got the idea of 2FA from enterprise security at high tech companies. Basel II HIPAA HSPD-12 FTRA AML/CTF PIV PIV-I ` 512 1024 2048 4096
Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 6 Silos are NICHES! This ecological mindset might lead to a more generous understanding of the dreaded identity silos. We can see them now as ecological niches in different ecosystems, like banking, retail and government. And we might temper some of the grander expectations of the new identity frameworks. We should probably be more sceptical about the prospects of taking an identity like a student card out of its original context and using it in another such as banking.* It’s a lot like taking a saltwater fish and dropping it into a fresh water tank. As MIT’s Dazza Greenwood said in 2002: All identity is ‘local’. The further away from a pre-specified business context an identity credential becomes, the less valuable it is. * Ref: http://www.whitehouse.gov/blog/2011/01/07/national-program-office-enhancing-online-trust-and-privacy. Silos are NICHES! Security Fraud Privacy Convenience Accessibility Basel II, KYC, AML/CTF Professional standards Electronic Verification Single view of customer Security Fraud Privacy Convenience Accessibility Basel II, KYC, AML/CTF Professional standards Electronic Verification Single view of customer Selection pressures in existing ecosystems The ecological frame illuminates that different selection pressures affect different business environments. Identity memes evolve over time within existing ecosystems and niches. Examples of selection pressures include fraud trends, privacy, convenience, accessibility, regulations (like Basel II, KYC rules, AML, HIPAA & HSPD-12), professional standards, and disruptive new business models like branchless banking demanding new methods for electronic verification of identity. Before we expend too much effort building artificial new identity ecosystems, we should pay attention to existing business ecosystems. Banking Retail Employment Corporate regulations Tertiary education Healthcare The professions Banking Retail Employment Corporate regulations Tertiary education Healthcare The professions
Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 7 LOA 1 LOA 2 LOA 3 LOA 4 Organisms evolve over time to suit very particular ecological niches; species usually struggle when moved suddenly from one local environment to another. Federated Identity often fails to account for the specialisation of evolved identities. As we’ve seen, the ‘fine print’ around high assurance identities (with regards to liability arrangements for instance) can mean they simply break when applied outside their original contexts. In Australia, we found it’s much harder than expected to get bank-issued identities to interoperate even with other banks, which indicates how very specific these identities are, despite their superficial similarities. Consider that all fish look pretty much alike. So imagine for a moment trying to establish just four artificial aquaria representing archetypal aquatic environments, say freshwater stream, tidal estuary, coral reef and deep ocean. No matter how hard we try to design the aquaria, only a very few fish would actually do well in any of them. And artificial habitats hosting unusual mixtures of organisms require constant care and intervention to stave off collapse. Drop down a level Relationships Identities Assertions / Claims Presentation Transport Deeper network layers Digital Identity might be conceptualised in an OSI-like stack. Each identity is a proxy for an individual in a relationship, and is built from an ensemble of assertions (aka attributes or claims) relevant to the relationship. In sophisticated open IdM schemes, each attribute is presented via protocols like OAuth, OpenID Connect, SAML and XACML, and transported via security primitives like JWK and X.509. Identity Management to date has focused at the highest level on the sharing of abstract identities, as if each identity is a thing. It could be more fruitful to drop down a level, and deal instead with concrete assertions, like name, date of birth, professional qualifications, residential address, account numbers etc.
Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 8 0% 20% 40% 60% 80% 100% A1 A2 A3 A4 A5 A6 Sequencing identity into assertions Identity Provider A1 Given name 90% A4 Gender 35% A2 Address 90% A5 Qualifications 25% A3 DOB 90% A6 Residency 25% It’s common these days to hear about the “identity spectrum”, ranging typically from anonymity through socially verified to ‘fully’ verified authentication. It’s good to acknowledge a plurality of identity, but the spectrum metaphor is too one dimensional. Here’s a richer visualisation of the multi-facetted requirements that each Relying Party has vis a vis the personal details of a Subject that are relevant to them. Consider hypothetically that there are six attributes of potential interest to a range of RPs: given name, address, date of birth, gender, university qualifications and residential status. And imagine that a certain IdP is able to vouch for name, address and DOB to a very high level of confidence, but has less certainty over the other attributes. This IdP defines a surface for its Subjects in a six dimension ‘assertion space’. 0% 20% 40% 60% 80% 100% A1 A2 A3 A4 A5 A6 IDP RP1 RP1: A bank A1 Given name 80% A4 Gender 0% A2 Address 80% A5 Qualifications 0% A3 DOB 80% A6 Residency 0% Now consider as a Relying Party a bank wishing to identify a new account holder. The bank has a high degree of interest in the new customer’s name, address and date of birth, but it doesn’t care about gender, residency or qualifications. The bank’s identification requirement also defines a surface, shown in green, which is readily compared to the Identity Provider. The IdP completely covers this RP’s requirement. Sequencing identity into assertions cont.
Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 9 0% 20% 40% 60% 80% 100% A1 A2 A3 A4 A5 A6 IDP RP2 RP2: A gaming site A1 Given name 0% A4 Gender 0% A2 Address 0% A5 Qualifications 0% A3 DOB 90% A6 Residency 0% Now here’s a free gaming site catering for adults, in a jurisdiction where they must verify the age of players. This RP has no interest at all in name, address or any other attributes but it does need a high level of confidence in date of birth. The RP’s surface here is just a single point, and once again the IdP completely covers the RP’srequirement. Sequencing identity into assertions cont. 0% 20% 40% 60% 80% 100% A1 A2 A3 A4 A5 A6 IDP RP3 RP1: A hospital employer A1 Given name 50% A4 Gender 0% A2 Address 50% A5 Qualifications 90% A3 DOB 0% A6 Residency 90% Finally take a hospital that needs to check the bona fides of a new doctor being hired. Under new medical credentialing rules designed to address malpractice, the hospital is much more concerned with the candidate’s residential status and professional qualifications than they are in their ‘real’ name and address. And here we see vividly that the IdP is not able to cover the RP’s needs. And here we are reminded vividly of the fact that Relying Parties call the shots in IdM. No “identity” automatically confers rights on a Subject unless the RP is satisfied by each and every attribute. Identification in this sense is always carried out by the RP. And so in a very real sense, the Subject’s identity in the RP’s context is created by the RP. Sequencing identity into assertions cont.
Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 10 Recombinant ID engineering Employee Bank customerA memetic and ecological treatment of Digital Identity brings several fresh possibilities. It should improve the success rate of federation by clarifying why identity elements are the way they are. Memetics provides a conceptual frame within which identities may be sequenced and their components more carefully reassembled in much the same way as recombinant genetic engineering. The ecological theory is explanatory and predictive. For instance, it explains why social logon has spread so rapidly― literally like weeds―as the new online social environment is like bare earth, with no established dominant species. And we’ve actually seen identity memetics at work in the wild: 2FA password fobs jumped from high tech firms in the 90s to Internet banking in the 00s, in much the same way as genes sometimes jump between bacteria. Proof of ID Online regn form Hand signed regn form Token Proof of ID Token2nd Factor 2nd Factor Conclusions Identities evolve Ecological frame redoubles context Identity is in the eye of the RP There are no “IdPs”, only APs We must sequence abstract identities into concrete assertions Let’s drop down a level Yield to the Relyingpartyrati!

Recomendados

NoHidingInTheCloud
NoHidingInTheCloudNoHidingInTheCloud
NoHidingInTheCloudJoan Ross
 
Blockchain Overview
Blockchain OverviewBlockchain Overview
Blockchain Overviewsnewell4
 
Identity progress-linked-digital-world
Identity progress-linked-digital-worldIdentity progress-linked-digital-world
Identity progress-linked-digital-worldMEDICI
 
Enterprise Blockchain
Enterprise BlockchainEnterprise Blockchain
Enterprise Blockchainsnewell4
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Ulf Mattsson
 
Verifiable credentials explained by CCI
Verifiable credentials explained by CCIVerifiable credentials explained by CCI
Verifiable credentials explained by CCIKaliya "Identity Woman" Young
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018Kaliya "Identity Woman" Young
 
Become a blockchain expert and join the blockchain revolution
Become a blockchain expert and join the blockchain revolutionBecome a blockchain expert and join the blockchain revolution
Become a blockchain expert and join the blockchain revolutionBlockchain Council
 

Recomendados

NoHidingInTheCloud
NoHidingInTheCloudNoHidingInTheCloud
NoHidingInTheCloudJoan Ross
 
Blockchain Overview
Blockchain OverviewBlockchain Overview
Blockchain Overviewsnewell4
 
Identity progress-linked-digital-world
Identity progress-linked-digital-worldIdentity progress-linked-digital-world
Identity progress-linked-digital-worldMEDICI
 
Enterprise Blockchain
Enterprise BlockchainEnterprise Blockchain
Enterprise Blockchainsnewell4
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Ulf Mattsson
 
Verifiable credentials explained by CCI
Verifiable credentials explained by CCIVerifiable credentials explained by CCI
Verifiable credentials explained by CCIKaliya "Identity Woman" Young
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018Kaliya "Identity Woman" Young
 
Become a blockchain expert and join the blockchain revolution
Become a blockchain expert and join the blockchain revolutionBecome a blockchain expert and join the blockchain revolution
Become a blockchain expert and join the blockchain revolutionBlockchain Council
 
My DocSafe white paper 1
My DocSafe white paper 1My DocSafe white paper 1
My DocSafe white paper 1danielstachowiak
 
E-billing technology: maintaining a cutting edge
E-billing technology: maintaining a cutting edgeE-billing technology: maintaining a cutting edge
E-billing technology: maintaining a cutting edgeLSG
 
The future of digital identity initial perspective
The future of digital identity initial perspectiveThe future of digital identity initial perspective
The future of digital identity initial perspectiveFuture Agenda
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
Future of digital identity initial perspective - final lr
Future of digital identity initial perspective - final lrFuture of digital identity initial perspective - final lr
Future of digital identity initial perspective - final lrFuture Agenda
 
How AI is changing legal due diligence
How AI is changing legal due diligenceHow AI is changing legal due diligence
How AI is changing legal due diligenceImprima
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Kaliya "Identity Woman" Young
 
Technologies for Lawyers - Legal Sector
Technologies for Lawyers - Legal SectorTechnologies for Lawyers - Legal Sector
Technologies for Lawyers - Legal SectorSatya Pal
 
No byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleNo byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleLogicalis
 
Insurance for Cyber Risks
Insurance for Cyber RisksInsurance for Cyber Risks
Insurance for Cyber Riskssmithjgdc
 
Israel ministry of justice
Israel ministry of justiceIsrael ministry of justice
Israel ministry of justiceEyal Vardi
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementPrabath Siriwardena
 
Shaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsShaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsImperva
 
Ecm sales training sample day 1
Ecm sales training sample day 1Ecm sales training sample day 1
Ecm sales training sample day 1DataVault
 
David shrier, weige wu, alex pentland mit blockchain
David shrier, weige wu, alex pentland mit blockchainDavid shrier, weige wu, alex pentland mit blockchain
David shrier, weige wu, alex pentland mit blockchainIT Strategy Group
 
Cybersecurity1
Cybersecurity1Cybersecurity1
Cybersecurity1Lisa Martinez
 
Blockchain for Business: What, How, Why & USE CASES
Blockchain for Business: What, How, Why & USE CASESBlockchain for Business: What, How, Why & USE CASES
Blockchain for Business: What, How, Why & USE CASESmichaelmcgowan27
 
Trademark Attorneys Clearly Useful, Data Shows
Trademark Attorneys Clearly Useful, Data ShowsTrademark Attorneys Clearly Useful, Data Shows
Trademark Attorneys Clearly Useful, Data Showsabutterman
 
Jan 2017 Submission to AG Re: Metadata use in civil proceedings
Jan 2017 Submission to AG Re: Metadata use in civil proceedingsJan 2017 Submission to AG Re: Metadata use in civil proceedings
Jan 2017 Submission to AG Re: Metadata use in civil proceedingsTimothy Holborn
 
Top 10 reasons to get a blockchain expert certification
Top 10 reasons to get a blockchain expert certificationTop 10 reasons to get a blockchain expert certification
Top 10 reasons to get a blockchain expert certificationBlockchain Council
 
CIS13: Managing Mobility with Identity Standards
CIS13: Managing Mobility with Identity StandardsCIS13: Managing Mobility with Identity Standards
CIS13: Managing Mobility with Identity StandardsCloudIDSummit
 
CIS13: Don't Panic! How to Apply Identity Concepts to the Business
CIS13: Don't Panic! How to Apply Identity Concepts to the BusinessCIS13: Don't Panic! How to Apply Identity Concepts to the Business
CIS13: Don't Panic! How to Apply Identity Concepts to the BusinessCloudIDSummit
 

Más contenido relacionado

La actualidad más candente

E-billing technology: maintaining a cutting edge
E-billing technology: maintaining a cutting edgeE-billing technology: maintaining a cutting edge
E-billing technology: maintaining a cutting edgeLSG
 
The future of digital identity initial perspective
The future of digital identity initial perspectiveThe future of digital identity initial perspective
The future of digital identity initial perspectiveFuture Agenda
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
Future of digital identity initial perspective - final lr
Future of digital identity initial perspective - final lrFuture of digital identity initial perspective - final lr
Future of digital identity initial perspective - final lrFuture Agenda
 
How AI is changing legal due diligence
How AI is changing legal due diligenceHow AI is changing legal due diligence
How AI is changing legal due diligenceImprima
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Kaliya "Identity Woman" Young
 
Technologies for Lawyers - Legal Sector
Technologies for Lawyers - Legal SectorTechnologies for Lawyers - Legal Sector
Technologies for Lawyers - Legal SectorSatya Pal
 
No byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleNo byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleLogicalis
 
Insurance for Cyber Risks
Insurance for Cyber RisksInsurance for Cyber Risks
Insurance for Cyber Riskssmithjgdc
 
Israel ministry of justice
Israel ministry of justiceIsrael ministry of justice
Israel ministry of justiceEyal Vardi
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementPrabath Siriwardena
 
Shaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsShaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsImperva
 
Ecm sales training sample day 1
Ecm sales training sample day 1Ecm sales training sample day 1
Ecm sales training sample day 1DataVault
 
David shrier, weige wu, alex pentland mit blockchain
David shrier, weige wu, alex pentland mit blockchainDavid shrier, weige wu, alex pentland mit blockchain
David shrier, weige wu, alex pentland mit blockchainIT Strategy Group
 
Blockchain for Business: What, How, Why & USE CASES
Blockchain for Business: What, How, Why & USE CASESBlockchain for Business: What, How, Why & USE CASES
Blockchain for Business: What, How, Why & USE CASESmichaelmcgowan27
 
Trademark Attorneys Clearly Useful, Data Shows
Trademark Attorneys Clearly Useful, Data ShowsTrademark Attorneys Clearly Useful, Data Shows
Trademark Attorneys Clearly Useful, Data Showsabutterman
 
Jan 2017 Submission to AG Re: Metadata use in civil proceedings
Jan 2017 Submission to AG Re: Metadata use in civil proceedingsJan 2017 Submission to AG Re: Metadata use in civil proceedings
Jan 2017 Submission to AG Re: Metadata use in civil proceedingsTimothy Holborn
 
Top 10 reasons to get a blockchain expert certification
Top 10 reasons to get a blockchain expert certificationTop 10 reasons to get a blockchain expert certification
Top 10 reasons to get a blockchain expert certificationBlockchain Council
 

La actualidad más candente (20)

My DocSafe white paper 1
My DocSafe white paper 1My DocSafe white paper 1
My DocSafe white paper 1
 
E-billing technology: maintaining a cutting edge
E-billing technology: maintaining a cutting edgeE-billing technology: maintaining a cutting edge
E-billing technology: maintaining a cutting edge
 
The future of digital identity initial perspective
The future of digital identity initial perspectiveThe future of digital identity initial perspective
The future of digital identity initial perspective
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-cloud
 
Future of digital identity initial perspective - final lr
Future of digital identity initial perspective - final lrFuture of digital identity initial perspective - final lr
Future of digital identity initial perspective - final lr
 
How AI is changing legal due diligence
How AI is changing legal due diligenceHow AI is changing legal due diligence
How AI is changing legal due diligence
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
 
Technologies for Lawyers - Legal Sector
Technologies for Lawyers - Legal SectorTechnologies for Lawyers - Legal Sector
Technologies for Lawyers - Legal Sector
 
No byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleNo byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettle
 
Insurance for Cyber Risks
Insurance for Cyber RisksInsurance for Cyber Risks
Insurance for Cyber Risks
 
Israel ministry of justice
Israel ministry of justiceIsrael ministry of justice
Israel ministry of justice
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access Management
 
Shaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsShaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 Steps
 
Ecm sales training sample day 1
Ecm sales training sample day 1Ecm sales training sample day 1
Ecm sales training sample day 1
 
David shrier, weige wu, alex pentland mit blockchain
David shrier, weige wu, alex pentland mit blockchainDavid shrier, weige wu, alex pentland mit blockchain
David shrier, weige wu, alex pentland mit blockchain
 
Cybersecurity1
Cybersecurity1Cybersecurity1
Cybersecurity1
 
Blockchain for Business: What, How, Why & USE CASES
Blockchain for Business: What, How, Why & USE CASESBlockchain for Business: What, How, Why & USE CASES
Blockchain for Business: What, How, Why & USE CASES
 
Trademark Attorneys Clearly Useful, Data Shows
Trademark Attorneys Clearly Useful, Data ShowsTrademark Attorneys Clearly Useful, Data Shows
Trademark Attorneys Clearly Useful, Data Shows
 
Jan 2017 Submission to AG Re: Metadata use in civil proceedings
Jan 2017 Submission to AG Re: Metadata use in civil proceedingsJan 2017 Submission to AG Re: Metadata use in civil proceedings
Jan 2017 Submission to AG Re: Metadata use in civil proceedings
 
Top 10 reasons to get a blockchain expert certification
Top 10 reasons to get a blockchain expert certificationTop 10 reasons to get a blockchain expert certification
Top 10 reasons to get a blockchain expert certification
 

Destacado

CIS13: Managing Mobility with Identity Standards
CIS13: Managing Mobility with Identity StandardsCIS13: Managing Mobility with Identity Standards
CIS13: Managing Mobility with Identity StandardsCloudIDSummit
 
CIS13: Don't Panic! How to Apply Identity Concepts to the Business
CIS13: Don't Panic! How to Apply Identity Concepts to the BusinessCIS13: Don't Panic! How to Apply Identity Concepts to the Business
CIS13: Don't Panic! How to Apply Identity Concepts to the BusinessCloudIDSummit
 
CIS13: Which Way Forward
CIS13: Which Way ForwardCIS13: Which Way Forward
CIS13: Which Way ForwardCloudIDSummit
 
CIS13: How Enterprises Go Mobile: An Introduction to MobileIT
CIS13: How Enterprises Go Mobile: An Introduction to MobileITCIS13: How Enterprises Go Mobile: An Introduction to MobileIT
CIS13: How Enterprises Go Mobile: An Introduction to MobileITCloudIDSummit
 
CIS14: Identity Management is a People Problem (But It Shouldn’t Be!)
CIS14: Identity Management is a People Problem (But It Shouldn’t Be!)CIS14: Identity Management is a People Problem (But It Shouldn’t Be!)
CIS14: Identity Management is a People Problem (But It Shouldn’t Be!)CloudIDSummit
 
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCloudIDSummit
 
CIS13: Impact of Mobile Computing on IT
CIS13: Impact of Mobile Computing on ITCIS13: Impact of Mobile Computing on IT
CIS13: Impact of Mobile Computing on ITCloudIDSummit
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCloudIDSummit
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCloudIDSummit
 
CIS13: Security's New Normal: Is Cloud the Answer?
CIS13: Security's New Normal: Is Cloud the Answer?CIS13: Security's New Normal: Is Cloud the Answer?
CIS13: Security's New Normal: Is Cloud the Answer?CloudIDSummit
 
CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requir...
CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requir...CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requir...
CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requir...CloudIDSummit
 
CIS13: Identity—The Great Enabler of Next
CIS13: Identity—The Great Enabler of NextCIS13: Identity—The Great Enabler of Next
CIS13: Identity—The Great Enabler of NextCloudIDSummit
 
CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...
CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...
CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...CloudIDSummit
 
CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ec...
CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ec...CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ec...
CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ec...CloudIDSummit
 
CIS14: PingAccess 101
CIS14: PingAccess 101CIS14: PingAccess 101
CIS14: PingAccess 101CloudIDSummit
 

Destacado (15)

CIS13: Managing Mobility with Identity Standards
CIS13: Managing Mobility with Identity StandardsCIS13: Managing Mobility with Identity Standards
CIS13: Managing Mobility with Identity Standards
 
CIS13: Don't Panic! How to Apply Identity Concepts to the Business
CIS13: Don't Panic! How to Apply Identity Concepts to the BusinessCIS13: Don't Panic! How to Apply Identity Concepts to the Business
CIS13: Don't Panic! How to Apply Identity Concepts to the Business
 
CIS13: Which Way Forward
CIS13: Which Way ForwardCIS13: Which Way Forward
CIS13: Which Way Forward
 
CIS13: How Enterprises Go Mobile: An Introduction to MobileIT
CIS13: How Enterprises Go Mobile: An Introduction to MobileITCIS13: How Enterprises Go Mobile: An Introduction to MobileIT
CIS13: How Enterprises Go Mobile: An Introduction to MobileIT
 
CIS14: Identity Management is a People Problem (But It Shouldn’t Be!)
CIS14: Identity Management is a People Problem (But It Shouldn’t Be!)CIS14: Identity Management is a People Problem (But It Shouldn’t Be!)
CIS14: Identity Management is a People Problem (But It Shouldn’t Be!)
 
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid EnvironmentCIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
 
CIS13: Impact of Mobile Computing on IT
CIS13: Impact of Mobile Computing on ITCIS13: Impact of Mobile Computing on IT
CIS13: Impact of Mobile Computing on IT
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization Standards
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
 
CIS13: Security's New Normal: Is Cloud the Answer?
CIS13: Security's New Normal: Is Cloud the Answer?CIS13: Security's New Normal: Is Cloud the Answer?
CIS13: Security's New Normal: Is Cloud the Answer?
 
CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requir...
CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requir...CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requir...
CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requir...
 
CIS13: Identity—The Great Enabler of Next
CIS13: Identity—The Great Enabler of NextCIS13: Identity—The Great Enabler of Next
CIS13: Identity—The Great Enabler of Next
 
CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...
CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...
CIS13: From Governance to Virtualization: The Expanding Arena of Privileged I...
 
CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ec...
CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ec...CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ec...
CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ec...
 
CIS14: PingAccess 101
CIS14: PingAccess 101CIS14: PingAccess 101
CIS14: PingAccess 101
 

Similar a Reengineering Digital Identity Through an Ecological Lens

Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
Transformation from Identity Stone Age to Digital Identity
Transformation from Identity Stone Age to Digital IdentityTransformation from Identity Stone Age to Digital Identity
Transformation from Identity Stone Age to Digital IdentityIJNSA Journal
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Patrick Florer
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...IRJET Journal
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonnORagh
 
Why Are Investors Excited About Cyber Security Startups, Again?
Why Are Investors Excited About Cyber Security Startups, Again?Why Are Investors Excited About Cyber Security Startups, Again?
Why Are Investors Excited About Cyber Security Startups, Again?OurCrowd
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technologyEzraGray1
 
How digital identities will help realise the true potential of DeFi
How digital identities will help realise the true potential of DeFiHow digital identities will help realise the true potential of DeFi
How digital identities will help realise the true potential of DeFiOliviaJune1
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Industrializing Blockchain in ASEAN
Industrializing Blockchain in ASEANIndustrializing Blockchain in ASEAN
Industrializing Blockchain in ASEANVarun Mittal
 

Similar a Reengineering Digital Identity Through an Ecological Lens (20)

Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
Transformation from Identity Stone Age to Digital Identity
Transformation from Identity Stone Age to Digital IdentityTransformation from Identity Stone Age to Digital Identity
Transformation from Identity Stone Age to Digital Identity
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
 
Why Are Investors Excited About Cyber Security Startups, Again?
Why Are Investors Excited About Cyber Security Startups, Again?Why Are Investors Excited About Cyber Security Startups, Again?
Why Are Investors Excited About Cyber Security Startups, Again?
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technology
 
How digital identities will help realise the true potential of DeFi
How digital identities will help realise the true potential of DeFiHow digital identities will help realise the true potential of DeFi
How digital identities will help realise the true potential of DeFi
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
S&P on DeFi
S&P on DeFiS&P on DeFi
S&P on DeFi
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
Industrializing Blockchain in ASEAN
Industrializing Blockchain in ASEANIndustrializing Blockchain in ASEAN
Industrializing Blockchain in ASEAN
 

Más de CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

Más de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Último

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Último (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Reengineering Digital Identity Through an Ecological Lens

  • 1. Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 1 Reengineering Digital Identity Cloud Identity Summit 2013 Napa, California, 12 July 2013 Steve Wilson Lockstep Group swilson@lockstep.com.au @steve_lockstep “Imagine that a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log in to her bank” Howard Schmidt, 2011 Identity of course is one of the inherent currencies of humanity. It’s something that we hold dear, take for granted, and experience instinctively. But like much of the human condition, our regular experience of identity doesn’t carry over perfectly into cyber space. We have made a bit of a mess of the “analogue to digital” conversion. One problem is that our intuitions about digital identity are imperfect. Identity federation is without doubt an important response to the chaotic and ad hoc authentication that has emerged in cyberspace but federation is too often shaped by flawed intuitions.
  • 2. Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 2 At least three major federated identity projects in Australia have been discontinued for their sheer complexity (I will explore the flaws in the classic business case later) • IIA 2FA Scheme • Trust Centre • MAMBO Promising start-ups and products similarly have failed. If Microsoft could not succeed with CardSpace, as exemplar of the Laws of Identity then something is wrong with the foundations • Sxipper • CardSpace Harder than it looks Too many federated identity programs fail Successful identity federations: monocultures The great majority of successful identity federations are PKI–based and sector-specific; that is, they are two-fold monocultures. This in itself is no bad thing, but it does point to inherent challenges in sustainability of techno- logically heterogeneous, cross-sector identity frameworks. • US Federal PKI • SAFE BioPharma • Australian Access Federation (tertiary ed) • BankID (Scandinavian banks plus govt)
  • 3. Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 3 Problem: Legal novelty S RP Broker S RP Before After The business case for at least two large federated identity projects in Australia was a simple before-and-after schematic. The problem statement was depicted as the profusion of bilateral arrangements that subsist today between Subjects and Relying Parties. The solution was shown as a much simpler system of multilateral arrangements brokered by a central authentication hub. But this reasoning compares apples and oranges. Legal novelty cont. S RP Broker S RP Before After The flaw in this business case is that the multilateral arrangements on the right are more complex and more weighty than the simple bilateral ones on the left. The sheer legal novelty of brokered identity verification means that fresh analysis is needed by parties before they can participate, adding to the total cost. Some RPs will not be able to accept the new way of doing things and will maintain their old bilateral relationships. It is not possible to say that reducing the absolute number of contracts through federation will in and of itself reduce the total cost, without knowing what the precise cost of the legal work really is.
  • 4. Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 4 Internet Industry Assoc. 2005 “We’ve never seen any- thing like this before” Legal counsel for IdPs, RPs The proof that the “after” picture in the simple schematic business case is more expensive than it looks came out of the Australian Internet Industry Association’s attempted federation of 2FA providers. This project commissioned a reputable law firm to draft participation agreements for IdPs and RPs (and Lockstep designed the technical architecture). Template agreements were tabled with management at retailers, airlines, financial institutions, government agencies and so on, all of whom had signed an MOU committing to the project. Yet several legal counsel responded that while they understood what we were trying to do, they had no experience in such a novel form of agreement, and they could not tell how long it would take to negotiate. Commercial lawyers are unaccustomed to unusual contracts; the time & expense of negotiating such proposals are unbounded. Where did they all come from? The very variety of authenticators begs an ecological sort of explanation. As with natural speciation, different authentication mechanisms have probably evolved in response to different environmental pressures. If the Martian identerati were to come to Earth, the first thing they’d notice would be the great profusion of authentication mechanisms …
  • 5. Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 5 Identity is memetic The concept of memetics spun out of the ideas of evolutionary biologist Richard Dawkins, who coined the term “meme” meaning an inherited unit of human culture, analogous to the gene. Digital Identities can be unpacked into discrete technology and business traits or memes. Examples include registration process, evidence of ID, user interface, the physical form factor, number of authentication factors, algorithms, key lengths, liability arrangements and so on. The nature of these memes range from strict standards imposed by regulators, through to conventions or simple habits for identifying people. All of these memes relate to risk management, and each of them shifts more or less gradually over time as local risk environments change. For example, key length has increased steadily in response to the growing risk of brute force attack. Certain memes stabilise at different rates in different ecosystems; for example, in government, the hash algorithm SHA-1 has been widely superseded by SHA-256, but the new meme is slower to take hold in commerce because a different mix of environmental pressures applies, like affordability and legacy interoperability. Security tactics like Two Factor Authentication can jump ecosystems: retail banking got the idea of 2FA from enterprise security at high tech companies. Basel II HIPAA HSPD-12 FTRA AML/CTF PIV PIV-I ` 512 1024 2048 4096
  • 6. Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 6 Silos are NICHES! This ecological mindset might lead to a more generous understanding of the dreaded identity silos. We can see them now as ecological niches in different ecosystems, like banking, retail and government. And we might temper some of the grander expectations of the new identity frameworks. We should probably be more sceptical about the prospects of taking an identity like a student card out of its original context and using it in another such as banking.* It’s a lot like taking a saltwater fish and dropping it into a fresh water tank. As MIT’s Dazza Greenwood said in 2002: All identity is ‘local’. The further away from a pre-specified business context an identity credential becomes, the less valuable it is. * Ref: http://www.whitehouse.gov/blog/2011/01/07/national-program-office-enhancing-online-trust-and-privacy. Silos are NICHES! Security Fraud Privacy Convenience Accessibility Basel II, KYC, AML/CTF Professional standards Electronic Verification Single view of customer Security Fraud Privacy Convenience Accessibility Basel II, KYC, AML/CTF Professional standards Electronic Verification Single view of customer Selection pressures in existing ecosystems The ecological frame illuminates that different selection pressures affect different business environments. Identity memes evolve over time within existing ecosystems and niches. Examples of selection pressures include fraud trends, privacy, convenience, accessibility, regulations (like Basel II, KYC rules, AML, HIPAA & HSPD-12), professional standards, and disruptive new business models like branchless banking demanding new methods for electronic verification of identity. Before we expend too much effort building artificial new identity ecosystems, we should pay attention to existing business ecosystems. Banking Retail Employment Corporate regulations Tertiary education Healthcare The professions Banking Retail Employment Corporate regulations Tertiary education Healthcare The professions
  • 7. Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 7 LOA 1 LOA 2 LOA 3 LOA 4 Organisms evolve over time to suit very particular ecological niches; species usually struggle when moved suddenly from one local environment to another. Federated Identity often fails to account for the specialisation of evolved identities. As we’ve seen, the ‘fine print’ around high assurance identities (with regards to liability arrangements for instance) can mean they simply break when applied outside their original contexts. In Australia, we found it’s much harder than expected to get bank-issued identities to interoperate even with other banks, which indicates how very specific these identities are, despite their superficial similarities. Consider that all fish look pretty much alike. So imagine for a moment trying to establish just four artificial aquaria representing archetypal aquatic environments, say freshwater stream, tidal estuary, coral reef and deep ocean. No matter how hard we try to design the aquaria, only a very few fish would actually do well in any of them. And artificial habitats hosting unusual mixtures of organisms require constant care and intervention to stave off collapse. Drop down a level Relationships Identities Assertions / Claims Presentation Transport Deeper network layers Digital Identity might be conceptualised in an OSI-like stack. Each identity is a proxy for an individual in a relationship, and is built from an ensemble of assertions (aka attributes or claims) relevant to the relationship. In sophisticated open IdM schemes, each attribute is presented via protocols like OAuth, OpenID Connect, SAML and XACML, and transported via security primitives like JWK and X.509. Identity Management to date has focused at the highest level on the sharing of abstract identities, as if each identity is a thing. It could be more fruitful to drop down a level, and deal instead with concrete assertions, like name, date of birth, professional qualifications, residential address, account numbers etc.
  • 8. Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 8 0% 20% 40% 60% 80% 100% A1 A2 A3 A4 A5 A6 Sequencing identity into assertions Identity Provider A1 Given name 90% A4 Gender 35% A2 Address 90% A5 Qualifications 25% A3 DOB 90% A6 Residency 25% It’s common these days to hear about the “identity spectrum”, ranging typically from anonymity through socially verified to ‘fully’ verified authentication. It’s good to acknowledge a plurality of identity, but the spectrum metaphor is too one dimensional. Here’s a richer visualisation of the multi-facetted requirements that each Relying Party has vis a vis the personal details of a Subject that are relevant to them. Consider hypothetically that there are six attributes of potential interest to a range of RPs: given name, address, date of birth, gender, university qualifications and residential status. And imagine that a certain IdP is able to vouch for name, address and DOB to a very high level of confidence, but has less certainty over the other attributes. This IdP defines a surface for its Subjects in a six dimension ‘assertion space’. 0% 20% 40% 60% 80% 100% A1 A2 A3 A4 A5 A6 IDP RP1 RP1: A bank A1 Given name 80% A4 Gender 0% A2 Address 80% A5 Qualifications 0% A3 DOB 80% A6 Residency 0% Now consider as a Relying Party a bank wishing to identify a new account holder. The bank has a high degree of interest in the new customer’s name, address and date of birth, but it doesn’t care about gender, residency or qualifications. The bank’s identification requirement also defines a surface, shown in green, which is readily compared to the Identity Provider. The IdP completely covers this RP’s requirement. Sequencing identity into assertions cont.
  • 9. Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 9 0% 20% 40% 60% 80% 100% A1 A2 A3 A4 A5 A6 IDP RP2 RP2: A gaming site A1 Given name 0% A4 Gender 0% A2 Address 0% A5 Qualifications 0% A3 DOB 90% A6 Residency 0% Now here’s a free gaming site catering for adults, in a jurisdiction where they must verify the age of players. This RP has no interest at all in name, address or any other attributes but it does need a high level of confidence in date of birth. The RP’s surface here is just a single point, and once again the IdP completely covers the RP’srequirement. Sequencing identity into assertions cont. 0% 20% 40% 60% 80% 100% A1 A2 A3 A4 A5 A6 IDP RP3 RP1: A hospital employer A1 Given name 50% A4 Gender 0% A2 Address 50% A5 Qualifications 90% A3 DOB 0% A6 Residency 90% Finally take a hospital that needs to check the bona fides of a new doctor being hired. Under new medical credentialing rules designed to address malpractice, the hospital is much more concerned with the candidate’s residential status and professional qualifications than they are in their ‘real’ name and address. And here we see vividly that the IdP is not able to cover the RP’s needs. And here we are reminded vividly of the fact that Relying Parties call the shots in IdM. No “identity” automatically confers rights on a Subject unless the RP is satisfied by each and every attribute. Identification in this sense is always carried out by the RP. And so in a very real sense, the Subject’s identity in the RP’s context is created by the RP. Sequencing identity into assertions cont.
  • 10. Lockstep Consulting & Lockstep Technologies Copyright © Lockstep Consulting 2012-13 Lockstep Reengineering Identity CIS 2013 (1.2.1) Annotated Slides 10 Recombinant ID engineering Employee Bank customerA memetic and ecological treatment of Digital Identity brings several fresh possibilities. It should improve the success rate of federation by clarifying why identity elements are the way they are. Memetics provides a conceptual frame within which identities may be sequenced and their components more carefully reassembled in much the same way as recombinant genetic engineering. The ecological theory is explanatory and predictive. For instance, it explains why social logon has spread so rapidly― literally like weeds―as the new online social environment is like bare earth, with no established dominant species. And we’ve actually seen identity memetics at work in the wild: 2FA password fobs jumped from high tech firms in the 90s to Internet banking in the 00s, in much the same way as genes sometimes jump between bacteria. Proof of ID Online regn form Hand signed regn form Token Proof of ID Token2nd Factor 2nd Factor Conclusions Identities evolve Ecological frame redoubles context Identity is in the eye of the RP There are no “IdPs”, only APs We must sequence abstract identities into concrete assertions Let’s drop down a level Yield to the Relyingpartyrati!