Your SlideShare is downloading. ×
CIS13: Follow the Money
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CIS13: Follow the Money

139
views

Published on

Andrew Nash …

Andrew Nash
Despite what we may wish to implement in our identity architectures, large-scale identity deployments are driven by financial value. This session examines recent thinking on how identity attribute models are likely to be deployed, the values and roles of the various participants and the challenges of how value is distributed among the participants.

Published in: Technology, Business

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
139
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Follow  the  Money   Business  Filters  on  Technology  
  • 2. Things  don’t  get  simpler  …   •  Iden:ty  is  no  longer  about  3  par:es   •  A?ributes  are  as  interes:ng  as  iden:fiers   •  Fresh  informa:on  is  a  business  driver   •  Iden:ty  assurance  is  giving  way  to   a?ribute  confidence   •  Consumer  IDPs  are  in  full  swing   •  Useful  systems  can  be  built  without  being   the  account  owner   •  Brand  recogni:on  is  as  important  as  trust     Internet  ID  is  not  just  about  anonymity   •  Iden::es  and  a?ributes  are  a  mul:-­‐ variable  calculus   UMA   Identity Provider Relying Party The 3-Party Model User
  • 3. Iden:ty  Ecosystem  En::es   Attribute Exchange Attribute Providers Identity Provider Relying Parties User Authorization Manager
  • 4. Who  Adds  Value  &  What  is  it?   •  Aggrega:on  of  service  capabili:es  tends  to  confuse  the   conversa:on   –  Not  clear  that  *any*  provider  can  cover  all  aspects   •  Authen:ca:on  services  don’t  provide  iden:ty   •  IDP’s  may  provide  iden::es,  more     frequently  provide  iden:fiers   •  IDPs  outside  of  enterprise  context     do  not  originate  iden:ty  a?ributes   –  Not  authorita:ve(?)  &not  a  fresh  source   •  Internet2  work  on  a?ribute  format   –  Seman:cs  are  less  understood  
  • 5. Verified  Phone  #’s   •  Any  may  be  “correct”  or  sufficient   •  It  costs  more  to  do  “be?er”   •  Most  of  these  may  be  devalued  by  so  mobile   providers  including  Twilio   Syntac'cally   Correct   Allocated   #   Response  Consistently   Asserted   Account   Holder  Name   Match   Posi've   Event   Temporal/   Spa'al   Correla'on  
  • 6. Authorita:ve  Sources   •  Loca:on   – No  longer  the  purview  of  telcos   –   compliance  constraints   •  Sources  of  a  “verified”  mobile  #   – OnTrac,  UPS,  FEDEX  enable  package  tracking   – Yelp  delivers  recommenda:ons  to  my  phone   – Not  :ed  to  an  “address”   – Usually  :ed  to  an  iden:fier  
  • 7. Fresh  Informa:on  Delivery   •  When  is  fresh  informa:on  delivered?   •  My  iden:ty  validated  and  an     iden:fier  issued  5  years  ago   –  As  useful  as  a  birth  cer:ficate   –  Not  appropriate  for  transac:onal  value   •  What  channels  are  used   –  IDPs  may  not  wish  to  be  in  the  informa:on  flow   –  Fresh  data  criteria  may  be  different  to  session  limits   and  may  be  set  by  different  policy  domains   •  AXN  A?ribute  Criteria   –  Refresh  Rate  
  • 8. Deriving  A?ribute     Confidence   Data  Type   Metric   Availability/   Timing   Metric   Geographic   Coverage   Metric   Refresh  Rate   Metric   Authorita:ve   5   Real-­‐:me   1   Global   3   Real-­‐Time   5   Aggregated   4   Not  Real-­‐:me   0   Na:onal   2   Daily   4   Direct  Captured   3   State/Provence   1   Weekly   3   Self  Asserted   2   N/A   0   Monthly   2   Derived   1   Annually   1   N/A   0   Never   0   This  is  a    derived  a+ribute   Verifica'on  Method   Metric   Level  of  Confidence   Metric   Coverage  Amount   Metric   Currency/   Refresh  Date   Verified  by  Issuer   4   High   3   Full   3   Actual  Date   Verified  by  3rd  Party   3   Med   2   Par:al   2   Out  of  Band   2   Low   1   Minimal   1   Not  Verified   1   None   0   N/A   0   N/A   0   LOC  (level  of  confidence)  =  fcn(Data  Type,  Verifica'on  Method,  Refresh  Rate,  Currency)   Pricing  =  fcn  (LOC,  Coverage,  AMribute  Type)  
  • 9. A?ribute  Exchange  Networks   Attribute Exchange Attribute Providers Relying Parties Attributes Source Attributes Simple Attribute Exchange
  • 10. A?ribute  Redistribu:on     in  the  Enterprise   Attribute Exchange Attribute Providers Enterprise Relying PartiesAttributes Source Attributes Enterprise Internal Attribute Distribution
  • 11. IDP     Trusted  Iden:ty  Establishment   Attribute Exchange Attribute Providers Identity Provider Verified Identity Login Client Verified Identity/Credential Establishment & Use
  • 12. Trusted  IDs  with     Associated  A?ributes   Attribute Exchange Attribute Providers Identity Providers Verified Identity Identity Attributes Verified Identity/Credential + Attribute Exchange
  • 13. USER   RELYING  PARTY   If  I  had  more  :me,  I  would  have   wri?en  less…  
  • 14. Direct  A?ribute  Associa:on   Attribute Exchange Attribute Providers Relying Parties Attributes Direct to RP Model
  • 15. Policy  based  Facilita:on   Attribute Exchange Attribute Providers Relying Parties Attributes Control + AccountingControl + Accounting Facilitated Direct to RP Model
  • 16. Layered  Ecosystem   •  Why  is  it  everyone  talks  about  authen:ca:on?   •  Our  ubiquitous  biometrics  sign-­‐in  apis   suppor:ng  mul:ple  biometrics  types  will  solve   all  your  problems   •  I  have  TPMs  in  every  xyz  product  on  earth  –  I   should  be  in  the  Iden:ty  Business   •  I  own  70%  of  the  PC  market  –  I  should  be  an   IDP  
  • 17. Abstract   Despite  what  we  may  wish  to  implement  in  our   iden:ty  architectures,  large-­‐scale  iden:ty   deployments  are  driven  by  financial  value.  This   session  examines  recent  thinking  on  how   iden:ty  a?ribute  models  are  likely  to  be   deployed,  the  values  and  roles  of  the  various   par:cipants  and  the  challenges  of  how  value  is   distributed  among  the  par:cipants.  

×