2015 Identity Summit - Stepping Up to New Data Protection Challenges
Transcript of 2015 Identity Summit - Stepping Up to New Data Protection Challenges
STEPPING UP TO NEWDATA PROTECTION CHALLENGES
USER-MANAGED ACCESS FOR GENUINE CONSENT
Markus Weber
67% of individuals are willing to share data
with companies.
It drops to 27% if the business is sharing
data with a third party.
- Accenture
The Impending Problem
Management
Management
Management
Data
Authorization
Data
Authorization
Data
Authorization
Copyright © Identity Summit 2015, all rights reserved.
The Impending Problem
Management
Data
Authorization
Data
Authorization
Data
Authorization
Copyright © Identity Summit 2015, all rights reserved.
UMA: User-Managed Access
Copyright © Identity Summit 2015, all rights reserved.
Is a standard built on OAuth2 Delivers externalized authorization Provides digital consent control to end users Allows to share data and revoke access to data
Why the need for UMA?OAuth2 focuses on authorizing the sharing of my data with me!
OAuth2OAuth2
OAu
th2 O
Auth2
OAuth2OAuth2
Copyright © Identity Summit 2015, all rights reserved.
Why the need for UMA?UMA allows me to authorize the sharing of my data with me and others
UMA
UMA
UMA UMA
UMA
UMAUMA
UMA
UMA UMA
UMA
UMAUMA
Copyright © Identity Summit 2015, all rights reserved.
Why the need for UMA?UMA extends authorization of share or don’t share
and includes fine-grained controls
OAuth2 UMA – Fine-Grained Controls
Copyright © Identity Summit 2015, all rights reserved.
Why the need for UMA?UMA extends authorization to include scopes – View, Download, Transmit
Copyright © Identity Summit 2015, all rights reserved.
Why the need for UMA?Externalizes authorization to a centralized hub!
One place to rule them all!
Copyright © Identity Summit 2015, all rights reserved.
The mechanism:
federated authorization
on top of OAuth
Copyright © Identity Summit 2015, all rights reserved.
This isn’t just slideware!We built this technology into our
products – and will demo it
Copyright © Identity Summit 2015, all rights reserved.
ForgeRock is delivering two key UMA components not long from now
(client)
OpenAM 13-basedUMA Provider
OpenIG 4-basedUMA Protector
Copyright © Identity Summit 2015, all rights reserved.
resource server authorization server
Demo
Copyright © Identity Summit 2015, all rights reserved.
Copyright © Identity Summit 2015, all rights reserved.
iSee TV
Angela
Eric
Child Regular☐ Adult
Copyright © Identity Summit 2015, all rights reserved.
iSee TV
Angela
Zachary
Child☐ Regular☐ Adult
Copyright © Identity Summit 2015, all rights reserved.
iSpyCamera
Angela
Brittany
View Move☐ On/Off
Why is it valuable to use a standard fornext-generation digital consent?
Copyright © Identity Summit 2015, all rights reserved.
ForgeRock helps you deliver customer consent and delegation
capabilities for successfuldigital transformation in aprivacy-sensitive world
Copyright © Identity Summit 2015, all rights reserved.
THANKS!
Markus Weber (@MWAtForgeRock)