Upload
forgerock
View
453
Download
0
Tags:
Embed Size (px)
DESCRIPTION
EVE MALER, VP Innovation & Emerging Technology, ForgeRock, at the European IRM Summit 2014.
Citation preview
IAM for the Digital Customer
Identity Relationship Management
New Innovations in Consent, Privacy, and User-Managed
Access
FORGEROCK.COM
Eve Maler VP Innovation & Emerging Technology @xmlgrrl #IRMSummit
November 5, 2014
3
The Web 1.0 and Web 2.0 dark ages
4
Apps using OAuth and OpenID Connect hint at a better, if not perfect, way
5
What about selective person-to-person sharing?
6
Our choices have been ugly…or expensive and proprietary
7
Killing – or even wounding – the password kills impersonation
8
IoT 2.0 is here – and it too needs authorization
9
OpenIDConnect UMA
OAuth 2.0
The new Venn of access control
10
UMA in a nutshell ■ Draft standard for “authorization V.next” ■ Profile and application of OAuth V2.0 ■ Set of authorization, privacy, and consent APIs
■ Work Group of the Kantara Initiative ■ Not an “XACML killer”
■ Founder, chair, and “chief UMAnitarian”: ■ Heading to V1.0 in early 2015
11
Introducing the OpenUMA community project
www.forgerock.org/openuma
12
UMA is about interoperable, RESTful authorization-as-a-service
Has standardized APIs for privacy and “selective sharing”
Outsources protection to a centralizable authorization server
“authz provider”
(AzP)
“authz relying party”
(AzRP)
identity provider
(IdP)
SSO relying party (RP)
13
Use-case scenario domains Health
Financial
Education
Personal
Government
Media
Behavioral
Web
Mobile
API
IoT
14
UMA-enabled systems can respect user policies such as…
Only let my tax preparer with email [email protected] and using client app TaxThis access my bank account data if they have authenticated strongly, and not after tax season is over.
Let my health aggregation app and my doctor’s office client app access my wifi-enabled scale API and my fitness wearable API to view and download the results they generate.
When a person driving a vehicle with an unknown ID comes into contact with my Solar Freakin’ Driveway, alert me and require my access approval.
16
We invite you to join us in the OpenUMA project!
Thank you!
FORGEROCK.COM
Eve Maler VP Innovation & Emerging Technology [email protected] @xmlgrrl #IRMSummit