IAM for the Digital Customer

Identity Relationship Management

New Innovations in Consent, Privacy, and User-Managed

Access

FORGEROCK.COM

Eve Maler VP Innovation & Emerging Technology @xmlgrrl #IRMSummit

November 5, 2014

3

The Web 1.0 and Web 2.0 dark ages

4

Apps using OAuth and OpenID Connect hint at a better, if not perfect, way

5

What about selective person-to-person sharing?

6

Our choices have been ugly…or expensive and proprietary

7

Killing – or even wounding – the password kills impersonation

8

IoT 2.0 is here – and it too needs authorization

9

OpenIDConnect UMA

OAuth 2.0

The new Venn of access control

10

UMA in a nutshell ■  Draft standard for “authorization V.next” ■  Profile and application of OAuth V2.0 ■  Set of authorization, privacy, and consent APIs

■  Work Group of the Kantara Initiative ■  Not an “XACML killer”

■  Founder, chair, and “chief UMAnitarian”: ■  Heading to V1.0 in early 2015

11

Introducing the OpenUMA community project

www.forgerock.org/openuma

12

UMA is about interoperable, RESTful authorization-as-a-service

Has standardized APIs for privacy and “selective sharing”

Outsources protection to a centralizable authorization server

“authz provider”

(AzP)

“authz relying party”

(AzRP)

identity provider

(IdP)

SSO relying party (RP)

13

Use-case scenario domains Health

Financial

Education

Personal

Government

Media

Behavioral

Web

Mobile

API

IoT

14

UMA-enabled systems can respect user policies such as…

Only let my tax preparer with email TP1234@gmail.com and using client app TaxThis access my bank account data if they have authenticated strongly, and not after tax season is over.

Let my health aggregation app and my doctor’s office client app access my wifi-enabled scale API and my fitness wearable API to view and download the results they generate.

When a person driving a vehicle with an unknown ID comes into contact with my Solar Freakin’ Driveway, alert me and require my access approval.

16

We invite you to join us in the OpenUMA project!

Thank you!

FORGEROCK.COM

Eve Maler VP Innovation & Emerging Technology eve.maler@forgerock.com @xmlgrrl #IRMSummit