Respect Connect: From Social Login to Personal Cloud Login
-
Upload
drummondreed -
Category
Technology
-
view
2.417 -
download
0
description
Transcript of Respect Connect: From Social Login to Personal Cloud Login
Respect Connect: From Social Login to Personal Cloud Login2013-09-10Dan Blum, Principal ConsultantDrummond Reed, CTOGary Rowe, CEO
2
Today’s Presentation Will Cover
• Digital identity and privacy challenges
• Federated identity in context
• Social login advantages and disadvantages
• How personal cloud login works using Respect Connect
• Personal cloud login advantages and disadvantages
• Respect Consulting and Management Perspectives
3
Introducing: Dan Blum, Principal Consultant and Chief Security Architect
• Internationally-recognized security and identity expert• 1998-2009: Burton Group
– Principal Consultant for large enterprises, leading technology providers– Research Director for Identity and Privacy Strategies (IDPS)– Lead author on initial IDPS Reference Architecture– Consultant for U.S. E-Authentication and Canadian Cyber-Authentication
programs (2004-2006)– Research Director for Security and Risk Management Strategies (SRMS) and
lead author on SRMS Reference Architecture
• 2010-2013: VP & Distinguished Analyst at Gartner– Agenda manager for security reference architecture– Lead analyst for cloud security and other topics– Won Golden Quill Award in 2011
• March 2013: Joined Respect Network to develop consulting practice and create peer cloud security guidance
4
The Problem: For many people, managing
personal identity and data on the net is…
Too much work Too unsafe
Too distractingToo many passwords
OVERWHELMING
5
Problems for Individuals are Business Problems
• Weak or duplicated passwords• Forgotten passwords• Complex login procedures• Account lockout• The help desk blues• Misdirected communications• Accounts that live on past termination of business
relationships
My personal life
Social network
Email service Media
service
Benefits
Bank
Health care provider
My employer’s domains
Corporate Directory
HR
Too Many Silos of IdentityGovernment
Professional social network
My professional persona
6
The Solution: Federated Identity• Technical Definition: Technologies, standards and agreements that enable
use of identity, credentials and attributes across autonomous domains• Value Proposition
– Reduced sign-on (users)– Reduced help desk support– Establish business communities
7
Federated Identity Architecture
Site or BusinessRelying Party (RP) Browser Identity Provider (IDP)
User
Request accessRedirect to IDP
Request sign-on to RPDiscover IDP
Authenticate userProvide token (or link)*
Provide token or assertion (or link)
Provide temporary token
Access resources
Provide accessto resource, or
session with user
•Token from IDP known as token, assertion or claim in various standards. May be passed directly or as link
8
Bridging SilosMy employer’s
domains
My personal life
My professional persona
Corporate Directory
HR
Social network
Email service Media
service
Professional social network
Benefits
Bank
Health care provider
Government
Cloud, or SCM
Federated Identity or other SSO
Relationship
9
History of Federated Identity
10
Pair wise federationsEarly 2000sSmall clustersMinimal industry penetrationSAML, highly customizedVarious LOAs
Industry federationsEarly 2000s to presentSmall, medium and largeLow industry penetrationSAML, X.509, rich topologiesVarious LOAs
OpenID 1
NIH
InCommon
Nordic WAYF
CAC
Supply chains
LOA
PIV
Broad federationsEarly 2010s to presentLarge to very largeGrowing industry penetrationSAML , OAuth, OpenID ConnectLimited use casesLow to low/medium LOA
Enterprise to SaaS Large e-
commerce ecosystems
Social login systems
LOA
2013-2015
Evolution of Major Federated Identity Standards2000 2005 2010
Enterprisespace
User-centricspace
SAML 1.0Shibboleth
SAML 1.1Liberty ID-FFWS-*
Governmentspace
X.509 EAP profiles(X.509 + SAML)
OpenID 1.0OpenID 2.0
OAuth 1.0
Interop
OpenID Connect
OAuth 2.0
Government id cards, e.g. FIPS 201
SAML 2.0
11
Respect ConnectUMA, …
12
Federated Identity Challenges
• Scalability issues– Interoperability (minor)– Legal and trust issues (major)
• Incentive, or power, mismatches– Causing some federations to fail
• Privacy issues (emergent)
13
Social Login
• Definition: The ability to access a web site or application using an account on a social network
• Value proposition– Reduced sign-on friction (users and RPs)– Obtain customer data (RPs)– Gain market share and leverage (IDPs)
14
Social Login Market Share
15
Social Login
• Architecture
Relying Party Site Social Network
Your social graphReal nameBirthdayHome townLinks to photosRelativesFamily, childrenFriendsOther data
Or use another service
OAuth
16
Advantages and Drawbacks of Social Login
Advantages (user)• Reduced sign-on friction• Ease of use• Social features of RP’s app
Drawbacks (user)• Deep privacy concerns—exposing
your real personal information to all the social networker’s partners
• Lack of control• Lack of portability• Building in a dependency on a third
party
Advantages (RP)• Reduced sign-on friction• Ease of development• Leverage personal data
Drawbacks (RP)• Having a third party in the middle of
customer relationships • Lack of trust by users• Risk of changing terms and costs • Building in a dependency on a third
party
17
Privacy Crises
• Inconsistent rules or no rules• Unreadable privacy policies • Unwanted advertising - Spam, spam, spam• Increasingly sensitive financial, medical and social data
in the hands of data brokers• One faux pas online may hurt your reputation forever
18
Do People Care?
Source: Differentiate with Privacy-Led Marketing PracticesA Forrester Consulting Thought Leadership Paper Commissioned by NeustarJuly 2013
19
Do People Care?
Source: Differentiate with Privacy-Led Marketing PracticesA Forrester Consulting Thought Leadership Paper Commissioned by NeustarJuly 2013
Personal Cloud Login
20
21
Introducing: Drummond Reed, CTO
• 1995-2007: Co-Founder & CTO, Cordance• 2004 – Co-Chair, OASIS XDI Technical Committee• 2005 – Founding Board Member, OpenID
Foundation• 2009 – 2010 Executive Director, Information
Card Foundation• 2010 – Founding Executive Director, Open
Identity Exchange• 2011: Co-Founder Respect Network
22
What is a Personal Cloud?
• A cloud-based platform the individual owns and controls– My oasis on the Internet
• Available from a cloud service provider (CSP) or self-hosted• A secure, lifetime personal data repository with NO ambiguity in
terms of who controls the data– Store any kind of data—binary, structured, application, preference
• A place to manage connections, relationships, communications• A platform for applications—much like a personal computer or
smartphone—but accessible from all your devices
23
What is a Personal Cloud Network?
A peer-to-peer network of personal and business clouds that provides interoperability, portability, and trust between members
24
What is Personal Cloud Login?
• Definition: The ability to access a web site or application using a personal cloud
• Value proposition– Reduced sign-on friction (users and RPs)– Increased trust (users and RPs)– Safe data sharing in either direction (users and RPs)– Lifetime data subscriptions (users and RPs)– CSPs gain market share, leverage and new revenue streams
25
The next 3 screens show the actual user experience today for Facebook Login
at The San Francisco Examiner
26
27
28
29
Personal cloud login works just like social login except there’s no social network in the middle—the connection is directly with the
user’s own personal cloud
Business Cloud
30
The next 3 screens show what the user experience would look like for
Respect Connect personal cloud login at The San Francisco Examiner
31
32
Login with Respect Connect
Okay Cancel
Drummond ReedName
98133Zip
code*
The San Francisco ExaminerMember since May 2014
RespectConnection
s
304
Personal cloud data requested: Permissions requested:
Send daily news summary
Send weekly news summary
All data shared under the Respect Trust Framework
33
34
The secret to making personal cloud login work is that each cloud belongs to a
personal cloud network—this is how the Respect Connect button does its magic
35
This also means each Connect button is a way for new users to join the network
36
The next 3 screens show the Respect Connect user experience if the user does not yet have a personal cloud
37
38
Login with Respect Connect
Continue Cancel
Enter any one of the following:
If you already have a personal
cloud
Cloud name
Mobile phone number
Email address
Remember me on this device
If you do not yet have a personal
cloud
Learn more about personal clouds
Join Respect Network now in 30
seconds
39
40
In all cases, 100% of the user’s login data is stored securely in his/her personal cloud
Personal Cloud
• Under the user’s exclusive authority and control
• Portable for life to any personal cloud provider (or self-hosted)
• Not visible to any other party or app without the user’s permission
• Protected by the user’s choice of strong authentication and encryption offered by the CSP
41
Advantages and Drawbacks of Personal Cloud Login
Advantages (user)• Reduced sign-on• Privacy• Portability• Empowerment• View provider reputation
Drawbacks (user)• Something new to sign up for• Will take time to gain adoption• Must trust CSP and Respect Network
Advantages (RP)• Reduced sign-on• Leverage personal data with consent• Gain user trust• Direct, permissioned subscription• No social network dependency
Drawbacks (RP)• Small user base (at first)• Social graph data only by permission• Overhead of consent management
Conclusion
Respect Consulting
• Leverage our world-class team to help organizations:– Determine how and when to leverage personal clouds– Better understand and gain business advantage from personal clouds– Assess and develop enterprise security architecture – Assess and develop cloud security architecture– Architect and build next generation identity management systems– Develop federated identity architecture
• Delivering consulting via:– 1- 3 day workshops delivered onsite– Custom consulting leveraging our consultants and our partners– We can deliver custom consulting, longer term
43
44
Upcoming Respect Network Webinars
• CRM Meets VRM: How a Personal Cloud Network Will Enable Real Vendor Relationship Management
• Connecting the Internet of Things to the Internet of People• Trust and Reputation on a Personal Cloud Network
Gary Rowe, CEODrummond Reed, FounderDan Blum, Principal Consultant
[email protected]@respectnetwork.com
45
46
Upcoming Respect Network Webinars
• CRM Meets VRM: How a Personal Cloud Network Will Enable Real Vendor Relationship Management
• Connecting the Internet of Things to the Internet of People• Trust and Reputation on a Personal Cloud Network