Consumer Identity & Access Management a · CIAM = Minise Risk + Customer Delight Bring-Your-Own-Identity will further expand ... Consumer Identity & Access Management Platform big

mia

am

iaa Consumer Identity & Access Management

SAI Avondconferentie

Ward Duchamps

11 oktober 2016© 2016 miaa Guard cvba. All Rights Reserved. Strictly Confidential.

mia

a

2

CIAM brings Privacy by Design

CIAM = Minise Risk + Customer Delight

Bring-Your-Own-Identity will further expand

Standards are good, managed SaaS is better

Identity standards are ready to use

IoT is now the Identity-of-Things

1

2

3

4

5

6

mia

am

iaa 1CIAM = Minimise Risk + Customer Delight [1]

[1] Ian Glazer, Salesforce, 2016

mia

a CIAM facilitates mutual Trust

4 SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved

Consumer Brand

TRUST

Consumer trusts Brand

• Clear intention of Brand: “show me what you do with my data”

• History of interaction: “you didn’t spam me in the last 6 months”

• Referenced by others: “my friends trust you too”

Brand trusts Consumer

• Clear intention of Customer: “show me your real identity and we give you more”

• History of interaction: “you’ve been here before, paid your bills,…”

• Referenced by others: “we trust your Identitiy Provider”

mia

a Bridging Security with Customer Experience [1]

Eliminate multiple logins to gain access to services

• So, one identity hub interconnecting multiple services

• Security: Single Sign-on with customer’s consent, central control

• CX: Remove friction, engage longer

Provide a common user experience across all channels

• So, same identity for web and for mobile

• Security: Strict guidelines for all developers: web and mobile

• CX: customers expect consistency across all touchpoints: web, mobile, physicalGive to Get !


[1] Forrester, Q&A: 10 Questions To Ask Before Deploying Customer Identity And Access Management, 2016

mia

a Identity-centric integration


surveysrating & review

portal ads

loyalty

Consumer Identity & AccessManagementPlatform

big data

mailingbilling

e-shop

CRM

mia

a Case: French Media brand

7SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved

Personal data element CIAM Fan support platform

Email campaigning platform

Gamification platform

name: master slave slave slave

UUID primary key foreign key foreign key foreign key

id e-mail master (slave) slave (slave)

id facebook master - - -

gender master slave slave slave

home: country master slave slave slave

home: full address master - - -

newsletter opt-in slave/source - master slave

T&C master - - -

last login master - - -

fan: favourite team - master - -

fan: top-10 players - master - -

prize: shipping address (slave) - - master

prize: shoe size (slave) - - master

mia

a Case: Global retail brand

8SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved

BrandZ profile

name: An Leroy

UUID: 786523DFD242FH

id e-mail:

id facebook: an.leroy

gender: female

BrandZ profile

name: An Leroy


id e-mail: [email protected]


gender: female

birth date: 8 Nov 2002

InitialregistrationEnrichmentwithGamification

FurtherenrichmentwhenvisitingSubBrandY

BrandZ profile

name: An Leroy


id e-mail: [email protected]


gender: female

birth date: 8 Nov 2002

SubBrandY segment

address: 1 Eagle Ave, Otis

shoe size: 37

newsletter: Y Weekly

T&C: yes, on July 29, 2016

mia

am

iaa 2CIAM brings Privacy By Design

mia

a Global Data Protection Regulation (a.k.a. GDPR)

Some legal requirements

• Data protection by design

• Right to be forgotten

• Controlled by data subject

Managed CIAM can help to comply

• Governance of Consumer Identity data

• Out-of-the-box ‘Forget me’

• Out-of-the-box and scalable Self-service

• Controlled personal data rather than difficult anonymisation techniques


mia

a Case: Global retail brand

Managing Terms acceptance

"terms": {"vFirst": {

"status": true,"identifier": 2,"timestamp": "2014-01-31 11:47:37"

},"vLatest": {

"status": true,"identifier": 3,"timestamp": "2015-05-01 01:23:12"

}},

Managing Opt-in/out’s

"partnersOffers": {"status": true,"creation": {

"clientId": z91bziey209zboiu,"origin": ”site1.example.com/page?123","timestamp": "2014-01-31 11:47:37"

},"lastUpdate": {

"clientId": yuaop12eb8Pbhiz,"origin": ”site2.example.com/page?987","timestamp": "2015-02-17 08:54:12"

}},


mia

a Email versus Generation Z

“For the forthcoming generations known as Gen Z (those born after 1990) it has been speculated that email is becoming irrelevant.” [1]


[1] growthbusiness.co.uk, Will Generation Z be the death of email?

mia

a Case: Flemish media brand

7% of170.000 social registrants choose to not share their email address.


10 15 20 25 30 35 40 45 50 55 60 65

#socialAge spread Social

10 15 20 25 30 35 40 45 50 55 60 65

#socialwoemailAge spread Social refusing to share email

mia

a Case: Flemish media brand


mia

am

iaa 3Bring-Your-Own-Identity will further

expand

mia

a What is Identity?

Entity is something that has separate and distinct existence and that can be identified in a context [1]


[2] ISO 29115[1] ITU-T X.1252

Weekday Identity

UUID: JR102

name: Griet Verlinden

id: [email protected]

role: doctor

expertise: cardiology

Weekend Identity

UUID: JR407



favourte music: house

smoker: no

Identity is a set of attributes related to an entity [2] www.website.com

www.website.com

mia

a Psychoanalytisch oogpunt


[1] Paul Verhaege, Identiteit, Bezige Bij, 2012

“Identiteit bestaat uit een verzameling van kenmerken die ons op het lijf geschreven zijn door anderen” [1]

mia

a Out-of-the-box BYOI

38 out-of-the-box Identity Providers[1]

• Amazon

• AOL

• Blogger

• Disqus

• DocCheck

• Doximity

• Facebook

• FiMnet

• Flickr

• Foursquare

• Google+

• Instagram

• LinkedIn

• LiveJournal

• MediKey

• Medy

• Microsoft Account

• Mixi

• MYDIGIPASS.COM

• Netlog


• Odnoklassniki

• OneKey

• OpenID

• PayPal

• QQ

• Renren

• Salesforce

• Sina Weibo

• SoundCloud

• Tencent Weibo

• Tumblr

• Twitter

• VeriSign

• VK

• WeChat

• WordPress

• Xing

• Yahoo!

[1] Janrain, Identity Providers, 2016

mia

a Emerging signs of expansion in BYOD


mia

a

Windows Azure

• Azure grew from 5,5 Mio to 9,5 Mio tenants in 12 months period[1]

• One tenant is one company, organisation

• Or, one tenant is one Identity Provider


[1] Kim Cameron, Microsoft, 2016

mia

a Case: Reality competition broadcast

• +80% registered via social network

• Passwords are about to disappear?

mia

am

iaa 4Identity standards are ready to use

mia

a OpenID Connect

OpenID Connect

• Laat gebruiker toe om te kiezen welke Identityattributen worden gedeeld met een merk

• Gebruikt onderliggend OAuth2.0

• Gebruikt eenbeveiligd ID Token met gestandaardiseerd data schema voor Identity in JSON formaat

OAuth

• Heeft geen notie van Identity

• Is een Access Granting Protocol, met standaard message flows gebaseerd op JSON, REST en HTTP

• Typisch gebruik:BrandX: “Hi User, login is required”User: “Hi Facebook, you can grant access to my name, email and interests to BrandX”BrandX: “Hi User, thank you for your grant, you are now logged in”


mia

a OpenID Connect

Wat is OpenID Connect?

• Standaardisatie rond Internet Identity

• Simple Federation Protocol met een gestandaardiseerde uitwisseling van identity data tussen OP (OpenID Identity Provider) en RP (Relying Party)

• Status: Final Specifications. Ready to use. Interoperability testen tussen 14 leden van de OpenID Foundation

Wie ondersteunt het initiatief?

• OpenID Foundation[1]

• Leden: AOL, Deutsche Telekom, Facebook, Google, Microsoft, Mitre Corporation, mixi, Nomura Research Institute, Orange, PayPal, Ping Identity, Salesforce, etc.


[1] http://openid.net

mia

a OpenID Foundation – Working Groups

Heart WG

• Gezondheidssector, patient, privacy van medisch dossier, b.v.o patient kiest om zijn electronissch dossier te

delen met zorgverstrekkero patient kiest om deel te nemen aan clinical trialo mantelzorger kiest on behalf of patient om

dossier te delen

MODRNA WG

• Mobile Connect initiatief van de GSMA:

Make mobile phone as the means of choice for authentication, and replace all passwords and hardware tokens

• Deelnemers: Ping, Orange, Verizon, Telefonica, Deutsche Telecom

• Iedere Mobile Operator kan een OpenID Connect Identity Provider worden

• De Mobile Operator kan zelf kiezen welke authentificatie methode gebruikt wordt, b.v. SIM en/of PIN


mia

a OpenID Foundation – Certification program

OpenID Connect Certification

• Self-certification

• Public results of conformance tests

Possible outcome

• Self-regulated industry of Identity Providers

• Easy route to make your own brand a trustworthy Identity Provider

• Exampleso Deutsche Telekom (“Telekom login”)o Google (“Google Federated Identity”)o PayPal(“Login with PayPal”)


mia

am

iaa 5Standards are good,

managed SaaS are better

mia

a SaaS market overview

CIAM features

• Commoditised use cases

• Flexibility to adapt to rapidly changing business and competitive requirements

• Scalability, stability, performance

• Keep up to date with changing API’s of popular social networks: Facebook, Google, Twitter

• Born in the cloud

CIAM Vendor landscape

• Janrain

• Gigya

• Salesforce

• Ping Identity


mia

a Managed identity & access services market overview

Why build on managed services?

• Allows you to focus on your core

• Improves your process performance

• Enables continued access to new technology


mia

a Managed identity & access services market overview


2014: First identity & access management delivered as Managed Service

2008:First access management delivered as SaaS

niche hyped reviled industrialised commoditisedstandardised

perc

epti

on

maturity

“”

Gartner Predictions July 2013: Managed and Hosted Services for Access Management are likely to become mainstream between 5 and 10 years

2005:First identity management delivered as SaaS

mia

a Accelerating integration: SaaS + managed services


• Combining:o the power of an open integration-ready

platformo the power of a managed service provider

that deliver the first results in a matter of months, even given the complexity of Client

• To offer Client:

o much faster time-to-marketo cost avoidance thanks to best practice and

experienceo reduced risk by avoiding toothing problems

mia

am

iaa 6IoT is now the Identity-of-Things

mia

a IoT Example: the resulting profiles in Janrain


Janrain data

UUID: JR132

name: Ann Leah

facebook:[email protected]: pet-owner

loyalty: 1542 2322 3188

address: unknown, France

subscriptions:newsletters = yespromotions = yesloyalty sms = no

private group:PG123 as primary-admin

Janrain data

UUID: JR102



roles: veterinary, pet-owner

practice: 650 Ave DLPC, 30470 France

private group:PG034 as primary-adminPG078 as delegated-adminPG123 as delegated-admin

Janrain data

UUID: JR133

name: Snoozy

birthdate: 11 June 2016

breed: labrador retriever

veterinary ref:#Leah

breeder ref:

alergies:none at 20 July 2016vaccinations:combination 20 July 2016parvo 20 July 2016corona 20 July 2016

private group: PG123

mia

a IoT Example: extending the private group


role =family-member

role =pet-owner

role =breeder

role =veterinary

Private Group data

group id: PG123

created on: 12 June 2016

item type: petsshared profile

shared profile

mia

am

iaa miaa Guard – Company Profile

mia

a miaa managed services

plan build run

SAI Avondconferentie - © 2016 miaa Guard cvba, all rights reserved48

to drive access governance, to determine policies, to model data governance, to model integration patterns

to install and integrate Janrain-based solutions and do the roll-out, possibly using miaa add-ons

to provide expert support, to help maintain, monitor, review, audit, and secure Janrain integrations

Advisory services Integration services Operational services

mia

a Typical deployment plan


miaaIntegrationModelling

miaaPanelSetTailoring

miaaFrontEndOnboardingwave-1

miaaPushConnectorfor mailing

miaaPushConnectorfor gamification

miaaUserMigration

miaaFrontEndOnboardingwave-2

miaaImplementingPolicyChecker

miaaImplementingUserInvitor

months

miaaPushConnectorfor CRM

mia

a miaa plug-ins for Janrain


miaaPushConnector©

miaaProfileValidator©

miaaCallTranslator©

miaaPolicyChecker©

miaaUserInvitor©

miaaPrivateGroups©

Front-End Back-End

Community

mia

a miaa ServiceDesk

Benefits perceived by clients:

• Insight in client’s context

• Local language in EU

• Local business hours in EU

• Strong SLA’s for incidents

• Strong SLA’s for requests


contact usGet in touch! We will gladly help you

suppor [email protected]

+1 971 407 1414 (US)+32 78 481 004 (EU)

suppor t.miaaguard.com

11:30 pm PST

9:00 am PST

mia

a

53

CIAM brings Privacy by Design

CIAM = Minise Risk + Customer Delight

Bring-Your-Own-Identity will further expand

Standards are good, managed SaaS is better

Identity standards are ready to use

IoT is now the Identity-of-Things

1

2

3

4

5

6

mia

a Exit ticket

Ga naar http://socrative.com

Selecteer Student Login

Kies Room Name: YP0483

Vraag 1: Benoem twee dingen die je mee neemt uit deze sessie

Vraag 2: Waar wil je verder over praten aan de toog?

Vraag 3: Wil je dat we je contacteren voor een verdere kennismaking?


mia

am

iaa

Ward [email protected]

+32 488 873 886

miaa Guard cvbaMartelarenplein 20E, 3000 Leuven, Belgium

BE 0824.719.140

Carlo Schü[email protected]

+32 477 616 638

miaa Guard cvbaMartelarenplein 20E, 3000 Leuven, Belgium

BE 0824.719.140

Documents

Consumer Identity & Access Management a · CIAM = Minise Risk + Customer Delight Bring-Your-Own-Identity will further expand ... Consumer Identity & Access Management Platform big