Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Copyright © 2015 ForgeRock, all rights reserved.
Mobile & IoT:
The Evolution of Identity
Copyright © 2015 ForgeRock, all rights reserved. 2
My Identity [email protected] Solutions Director at ForgeRock
@SimonMoffatt | www.simonmoffatt.com
Copyright © 2015 ForgeRock, all rights reserved. 3
Technology Evolution
Redundancy of Point
Products
Emergence of Digital
Transformation
A powerful personal computer in my back pocket
Copyright © 2015 ForgeRock, all rights reserved. 4
How do I login seamlessly from my
smart phone or tablet ?Why can't I login once to the different
brands of the same organisation ?
Why doesn't your app / product know
who am I automatically?Why do I have to login at all?
Consumer Evolution
Copyright © 2015 ForgeRock, all rights reserved. 5
Let me get
this right: I
have to log in
again to see
my loyalty
points?
Copyright © 2015 ForgeRock, all rights reserved. 6
How do I roll-out new services for any
device or thing?How do I scale to support hundreds
of millions of users and devices?
How do I personalise services and
reduce risk using context?
How do I roll out identity services in
weeks not months and years?
Organisational Evolution
Copyright © 2015 ForgeRock, all rights reserved. 7
Consistent
Omni channel DemandAgility Convenience Consistency
Rapid user
onboarding
Response to
spikes in
demand
Cross
application
Single
Sign On
Bring
Your
Own
Identity
Bring
Your
Own
Device
Digital
-v-
Physical
Laptop
Mobile
IoT
Home
Work
Abroad
Rapid data
sharing
Copyright © 2015 ForgeRock, all rights reserved. 8
Identity Evolution
Employees
Consumers
Employees &
Partners
Things
PerimeterPerimeter
Federation
Perimeter-less
Federation
Cloud / SaaS
Perimeter-less
Federation
Cloud
SaaS
Mobility
Copyright © 2015 ForgeRock, all rights reserved. 9
Mobile Friendly Authorization
Web 1.0: providing out of date information – repetition,
security & practicality issues
Web 2.0: OAuth2 – identity provider data reuse; token
based infrastructures with refresh to reduce password relogin
Copyright © 2015 ForgeRock, all rights reserved. 10
Mobile Identity Store
• Mobile becomes main access point
to online services – including
banking
• Requires strong authentication
• Secure storage of credentials,
access tokens, cookies, id tokens,
history, email …
• Remote wipe & token removal
• Ability to perform single-sign-on and
one touch / swipe log in
Copyright © 2015 ForgeRock, all rights reserved. 11
Let's Introduce IoT!!
Copyright © 2015 ForgeRock, all rights reserved. 12
IoT Data Capture & Sharing
• Smart and Constrained-devices collecting data
• Connecting either directly or via
communications brokers to cloud based
aggregation and analytics systems
• Devices need unique identifiers
• Registering and authenticating devices to APIs
and services
• Consumer devices linked and associated to
physical identity
• Traditional web registration – perhaps via social
media
• Requirements to share data to trusted 3rd parties
• Devices “acting” on behalf on the underlying user
Copyright © 2015 ForgeRock, all rights reserved. 13
Modern Data Sharing ServicesTransparent Consent & Revocation
Ability to share
personal data
Transparent & simple
consent
Strict revocation
rules
Consumer identity data is often required to integrate to 3rd
parties for service
enrichment or data exchange – can data be securely shared?
End users require simple to understand and transparent consent dialogues – do
they know who they shared data with and why?
Sharing data can be simple – but can that access be revoked and strictly enforced?
Copyright © 2015 ForgeRock, all rights reserved. 14
Phones: Smart Clients to Smart Data
Image: http://blogs.adobe.com/digitaleurope/fr/web-analytics-fr/the-know-you-for-the-marketing-the-big-data-must-be-smart-data/
Big
Data
Context
Semantics
Identity
• “Big data” evolving to “Smart
data”
• Data used to power 3rd
party
integrations, mash ups,
services all integrated using
micro service APIs
• Clients to that data are
modular simple to describe
apps / task processors for
reporting, sharing, analysing
data analytics
• Smart devices are classic app
holders
• Access to those apps
becoming more fine grained
and controlled
Copyright © 2015 ForgeRock, all rights reserved. 15
Phones: Smarter Clients to Smarter Data
NFC
Enablement
Cloud
Delivery
Identity
• NFC enabled applications and
physical objects allow for
dynamic “tap” style integration
• Automatic processing of digital
identity information. E.g.
payment services, ordering
services
• Physical identity locally
authenticated to device –
biometrics / secure pin
• Contextual AuthX
• NFC interaction allows transfer
of data/funds/application
interactionhttp://www.techspot.com/guides/385-everything-about-nfc/
Copyright © 2015 ForgeRock, all rights reserved. 16
What Does The Future Hold?
• Smart data to replace big data
– tagged by identity
• Mobile devices to represent
our identity
• Secure consent and
revocation needed for IoT data
management
• Relationship management
needed to associate devices,
to data and identities
• Blockchain technology to
validate access requests /
audit history??
Identity
Context
Relationships
Smart Clients
Copyright © 2015 ForgeRock, all rights reserved.
ForgeRock
ForgeRock
ForgeRockIdentity
ForgeRock blog.forgerock.com
Forgerock.com
Questions / Comments / Thoughts?