Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
mia
am
iaa Consumer Identity & Access Management
SAI Avondconferentie
Ward Duchamps
11 oktober 2016© 2016 miaa Guard cvba. All Rights Reserved. Strictly Confidential.
mia
a
2
CIAM brings Privacy by Design
CIAM = Minise Risk + Customer Delight
Bring-Your-Own-Identity will further expand
Standards are good, managed SaaS is better
Identity standards are ready to use
IoT is now the Identity-of-Things
1
2
3
4
5
6
mia
am
iaa 1CIAM = Minimise Risk + Customer Delight [1]
[1] Ian Glazer, Salesforce, 2016
mia
a CIAM facilitates mutual Trust
4 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
Consumer Brand
TRUST
Consumer trusts Brand
• Clear intention of Brand: “show me what you do with my data”
• History of interaction: “you didn’t spam me in the last 6 months”
• Referenced by others: “my friends trust you too”
Brand trusts Consumer
• Clear intention of Customer: “show me your real identity and we give you more”
• History of interaction: “you’ve been here before, paid your bills,…”
• Referenced by others: “we trust your Identitiy Provider”
mia
a Bridging Security with Customer Experience [1]
Eliminate multiple logins to gain access to services
• So, one identity hub interconnecting multiple services
• Security: Single Sign-on with customer’s consent, central control
• CX: Remove friction, engage longer
Provide a common user experience across all channels
• So, same identity for web and for mobile
• Security: Strict guidelines for all developers: web and mobile
• CX: customers expect consistency across all touchpoints: web, mobile, physicalGive to Get !
5 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
[1] Forrester, Q&A: 10 Questions To Ask Before Deploying Customer Identity And Access Management, 2016
mia
a Identity-centric integration
6 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
surveysrating & review
portal ads
loyalty
Consumer Identity & AccessManagementPlatform
big data
mailingbilling
e-shop
CRM
mia
a Case: French Media brand
7SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
Personal data element CIAM Fan support platform
Email campaigning platform
Gamification platform
name: master slave slave slave
UUID primary key foreign key foreign key foreign key
id e-mail master (slave) slave (slave)
id facebook master - - -
gender master slave slave slave
home: country master slave slave slave
home: full address master - - -
newsletter opt-in slave/source - master slave
T&C master - - -
last login master - - -
fan: favourite team - master - -
fan: top-10 players - master - -
prize: shipping address (slave) - - master
prize: shoe size (slave) - - master
mia
a Case: Global retail brand
8SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
BrandZ profile
name: An Leroy
UUID: 786523DFD242FH
id e-mail:
id facebook: an.leroy
gender: female
BrandZ profile
name: An Leroy
UUID: 786523DFD242FH
id e-mail: [email protected]
id facebook: an.leroy
gender: female
birth date: 8 Nov 2002
InitialregistrationEnrichmentwithGamification
FurtherenrichmentwhenvisitingSubBrandY
BrandZ profile
name: An Leroy
UUID: 786523DFD242FH
id e-mail: [email protected]
id facebook: an.leroy
gender: female
birth date: 8 Nov 2002
SubBrandY segment
address: 1 Eagle Ave, Otis
shoe size: 37
newsletter: Y Weekly
T&C: yes, on July 29, 2016
mia
am
iaa 2CIAM brings Privacy By Design
mia
a Global Data Protection Regulation (a.k.a. GDPR)
Some legal requirements
• Data protection by design
• Right to be forgotten
• Controlled by data subject
Managed CIAM can help to comply
• Governance of Consumer Identity data
• Out-of-the-box ‘Forget me’
• Out-of-the-box and scalable Self-service
• Controlled personal data rather than difficult anonymisation techniques
11 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
mia
a Case: Global retail brand
Managing Terms acceptance
"terms": {"vFirst": {
"status": true,"identifier": 2,"timestamp": "2014-01-31 11:47:37"
},"vLatest": {
"status": true,"identifier": 3,"timestamp": "2015-05-01 01:23:12"
}},
Managing Opt-in/out’s
"partnersOffers": {"status": true,"creation": {
"clientId": z91bziey209zboiu,"origin": ”site1.example.com/page?123","timestamp": "2014-01-31 11:47:37"
},"lastUpdate": {
"clientId": yuaop12eb8Pbhiz,"origin": ”site2.example.com/page?987","timestamp": "2015-02-17 08:54:12"
}},
12 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
mia
a Email versus Generation Z
“For the forthcoming generations known as Gen Z (those born after 1990) it has been speculated that email is becoming irrelevant.” [1]
13 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
[1] growthbusiness.co.uk, Will Generation Z be the death of email?
mia
a Case: Flemish media brand
7% of170.000 social registrants choose to not share their email address.
14 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
10 15 20 25 30 35 40 45 50 55 60 65
#socialAge spread Social
10 15 20 25 30 35 40 45 50 55 60 65
#socialwoemailAge spread Social refusing to share email
mia
a Case: Flemish media brand
15 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
mia
am
iaa 3Bring-Your-Own-Identity will further
expand
mia
a What is Identity?
Entity is something that has separate and distinct existence and that can be identified in a context [1]
17 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
[2] ISO 29115[1] ITU-T X.1252
Weekday Identity
UUID: JR102
name: Griet Verlinden
role: doctor
expertise: cardiology
Weekend Identity
UUID: JR407
name: Griet Verlinden
favourte music: house
smoker: no
Identity is a set of attributes related to an entity [2] www.website.com
www.website.com
mia
a Psychoanalytisch oogpunt
18 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
[1] Paul Verhaege, Identiteit, Bezige Bij, 2012
“Identiteit bestaat uit een verzameling van kenmerken die ons op het lijf geschreven zijn door anderen” [1]
mia
a Out-of-the-box BYOI
38 out-of-the-box Identity Providers[1]
• Amazon
• AOL
• Blogger
• Disqus
• DocCheck
• Doximity
• FiMnet
• Flickr
• Foursquare
• Google+
• LiveJournal
• MediKey
• Medy
• Microsoft Account
• Mixi
• MYDIGIPASS.COM
• Netlog
19 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
• Odnoklassniki
• OneKey
• OpenID
• PayPal
• Renren
• Salesforce
• Sina Weibo
• SoundCloud
• Tencent Weibo
• Tumblr
• VeriSign
• VK
• WordPress
• Yahoo!
[1] Janrain, Identity Providers, 2016
mia
a Emerging signs of expansion in BYOD
20 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
mia
a
Windows Azure
• Azure grew from 5,5 Mio to 9,5 Mio tenants in 12 months period[1]
• One tenant is one company, organisation
• Or, one tenant is one Identity Provider
21 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
[1] Kim Cameron, Microsoft, 2016
mia
a Case: Reality competition broadcast
• +80% registered via social network
• Passwords are about to disappear?
mia
am
iaa 4Identity standards are ready to use
mia
a OpenID Connect
OpenID Connect
• Laat gebruiker toe om te kiezen welke Identityattributen worden gedeeld met een merk
• Gebruikt onderliggend OAuth2.0
• Gebruikt eenbeveiligd ID Token met gestandaardiseerd data schema voor Identity in JSON formaat
OAuth
• Heeft geen notie van Identity
• Is een Access Granting Protocol, met standaard message flows gebaseerd op JSON, REST en HTTP
• Typisch gebruik:BrandX: “Hi User, login is required”User: “Hi Facebook, you can grant access to my name, email and interests to BrandX”BrandX: “Hi User, thank you for your grant, you are now logged in”
28 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
mia
a OpenID Connect
Wat is OpenID Connect?
• Standaardisatie rond Internet Identity
• Simple Federation Protocol met een gestandaardiseerde uitwisseling van identity data tussen OP (OpenID Identity Provider) en RP (Relying Party)
• Status: Final Specifications. Ready to use. Interoperability testen tussen 14 leden van de OpenID Foundation
Wie ondersteunt het initiatief?
• OpenID Foundation[1]
• Leden: AOL, Deutsche Telekom, Facebook, Google, Microsoft, Mitre Corporation, mixi, Nomura Research Institute, Orange, PayPal, Ping Identity, Salesforce, etc.
29 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
[1] http://openid.net
mia
a OpenID Foundation – Working Groups
Heart WG
• Gezondheidssector, patient, privacy van medisch dossier, b.v.o patient kiest om zijn electronissch dossier te
delen met zorgverstrekkero patient kiest om deel te nemen aan clinical trialo mantelzorger kiest on behalf of patient om
dossier te delen
MODRNA WG
• Mobile Connect initiatief van de GSMA:
Make mobile phone as the means of choice for authentication, and replace all passwords and hardware tokens
• Deelnemers: Ping, Orange, Verizon, Telefonica, Deutsche Telecom
• Iedere Mobile Operator kan een OpenID Connect Identity Provider worden
• De Mobile Operator kan zelf kiezen welke authentificatie methode gebruikt wordt, b.v. SIM en/of PIN
30 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
mia
a OpenID Foundation – Certification program
OpenID Connect Certification
• Self-certification
• Public results of conformance tests
Possible outcome
• Self-regulated industry of Identity Providers
• Easy route to make your own brand a trustworthy Identity Provider
• Exampleso Deutsche Telekom (“Telekom login”)o Google (“Google Federated Identity”)o PayPal(“Login with PayPal”)
31 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
mia
am
iaa 5Standards are good,
managed SaaS are better
mia
a SaaS market overview
CIAM features
• Commoditised use cases
• Flexibility to adapt to rapidly changing business and competitive requirements
• Scalability, stability, performance
• Keep up to date with changing API’s of popular social networks: Facebook, Google, Twitter
• Born in the cloud
CIAM Vendor landscape
• Janrain
• Gigya
• Salesforce
• Ping Identity
33 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
mia
a Managed identity & access services market overview
Why build on managed services?
• Allows you to focus on your core
• Improves your process performance
• Enables continued access to new technology
34 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
mia
a Managed identity & access services market overview
35 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
2014: First identity & access management delivered as Managed Service
2008:First access management delivered as SaaS
niche hyped reviled industrialised commoditisedstandardised
perc
epti
on
maturity
“”
Gartner Predictions July 2013: Managed and Hosted Services for Access Management are likely to become mainstream between 5 and 10 years
2005:First identity management delivered as SaaS
mia
a Accelerating integration: SaaS + managed services
36 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
• Combining:o the power of an open integration-ready
platformo the power of a managed service provider
that deliver the first results in a matter of months, even given the complexity of Client
• To offer Client:
o much faster time-to-marketo cost avoidance thanks to best practice and
experienceo reduced risk by avoiding toothing problems
mia
am
iaa 6IoT is now the Identity-of-Things
mia
a IoT Example: the resulting profiles in Janrain
45 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
Janrain data
UUID: JR132
name: Ann Leah
facebook:[email protected]: pet-owner
loyalty: 1542 2322 3188
address: unknown, France
subscriptions:newsletters = yespromotions = yesloyalty sms = no
private group:PG123 as primary-admin
Janrain data
UUID: JR102
name: Griet Verlinden
roles: veterinary, pet-owner
practice: 650 Ave DLPC, 30470 France
private group:PG034 as primary-adminPG078 as delegated-adminPG123 as delegated-admin
Janrain data
UUID: JR133
name: Snoozy
birthdate: 11 June 2016
breed: labrador retriever
veterinary ref:#Leah
breeder ref:
alergies:none at 20 July 2016vaccinations:combination 20 July 2016parvo 20 July 2016corona 20 July 2016
private group: PG123
mia
a IoT Example: extending the private group
46 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
role =family-member
role =pet-owner
role =breeder
role =veterinary
Private Group data
group id: PG123
created on: 12 June 2016
item type: petsshared profile
shared profile
mia
am
iaa miaa Guard – Company Profile
mia
a miaa managed services
plan build run
SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved48
to drive access governance, to determine policies, to model data governance, to model integration patterns
to install and integrate Janrain-based solutions and do the roll-out, possibly using miaa add-ons
to provide expert support, to help maintain, monitor, review, audit, and secure Janrain integrations
Advisory services Integration services Operational services
mia
a Typical deployment plan
50 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
miaaIntegrationModelling
miaaPanelSetTailoring
miaaFrontEndOnboardingwave-1
miaaPushConnectorfor mailing
miaaPushConnectorfor gamification
miaaUserMigration
miaaFrontEndOnboardingwave-2
miaaImplementingPolicyChecker
miaaImplementingUserInvitor
months
miaaPushConnectorfor CRM
mia
a miaa plug-ins for Janrain
51 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
miaaPushConnector©
miaaProfileValidator©
miaaCallTranslator©
miaaPolicyChecker©
miaaUserInvitor©
miaaPrivateGroups©
Front-End Back-End
Community
mia
a miaa ServiceDesk
Benefits perceived by clients:
• Insight in client’s context
• Local language in EU
• Local business hours in EU
• Strong SLA’s for incidents
• Strong SLA’s for requests
52 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
contact usGet in touch! We will gladly help you
suppor [email protected]
+1 971 407 1414 (US)+32 78 481 004 (EU)
suppor t.miaaguard.com
11:30 pm PST
9:00 am PST
mia
a
53
CIAM brings Privacy by Design
CIAM = Minise Risk + Customer Delight
Bring-Your-Own-Identity will further expand
Standards are good, managed SaaS is better
Identity standards are ready to use
IoT is now the Identity-of-Things
1
2
3
4
5
6
mia
a Exit ticket
Ga naar http://socrative.com
Selecteer Student Login
Kies Room Name: YP0483
Vraag 1: Benoem twee dingen die je mee neemt uit deze sessie
Vraag 2: Waar wil je verder over praten aan de toog?
Vraag 3: Wil je dat we je contacteren voor een verdere kennismaking?
54 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved
mia
am
iaa
Ward [email protected]
+32 488 873 886
miaa Guard cvbaMartelarenplein 20E, 3000 Leuven, Belgium
BE 0824.719.140
Carlo Schü[email protected]
+32 477 616 638
miaa Guard cvbaMartelarenplein 20E, 3000 Leuven, Belgium
BE 0824.719.140