CIS13: Providing High Value Consumer Services as a Relying Party - IDaaS: What Works and What Doesn't

377 views
297 views

Published on

George Fletcher, Chief Architect for Consumer Identity Services, AOL, Inc.
This year AOL rolled out a games development platform that supports "micro" payment transactions. While the platform supports multiple identity providers and functions as a relying party, unfortunately, the outsourcing of identity is not as simple as it should be. This talk will cover the identity aspects of the system and the challenges both past and present.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
377
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS13: Providing High Value Consumer Services as a Relying Party - IDaaS: What Works and What Doesn't

  1. 1. High  Value  Consumer   Transactions   A  Relying  Party's  Perspective  
  2. 2. Image by Andrew Horne
  3. 3. Image by TheeErin
  4. 4. So… what’s the context? — Consumer  to  business     — Relying  Party  supporting  Identity  Federation   —  User  in  control   — High  value  transactions   —  Specifically  micro-­‐payments    
  5. 5. Games  Platform  
  6. 6. Purchase  Flow  
  7. 7. What we learned Complicated   •  Customer  Service   o  finding  the  user's   account   •  Access  problems  due  to   issues  with  the  IdP   •  Account  recovery   Works   •  Identity  Federation  for   Authentication   •  Challenge  before  purchase  
  8. 8. Relying Party trends •  Moving  away  from  identity  federation  for  authentication   •  Using  social  login  for  attribute  collection   o  RP's  really  like  this   •  Desire  to  control  the  entire  user  experience  
  9. 9. What is driving these trends? •  User  Experience  Concerns   o  Account  recovery   o  Forgot  IdP  /  Login  confusion   o  Merging  duplicate  accounts   o  Linking  multiple  federated  identities  together   o  Authentication  from  Mobile  apps   o  Delegation   o  User's  account  "blocked"  at  the  IdP   o  Customer  Service  Support  
  10. 10. What is driving these trends? •  Business  Concerns   o  Liability  and  dependence  on  external  party  (no  contracts)   o  IdP  policy  mismatch  with  RP  policies  (e.g.  data  use  policy)   o  ROI  for  identity  federation  (or  lack  there  of)   o  Lack  of  knowledge/understanding  value  of  identity  federation   •  Technical  Concerns   o  Legacy  system  already  dependent  on  username/password   o  Lack  of  a  successful  identity  standard  (or  maybe  too  many   viable  ones)   o  Recyled  identifiers  
  11. 11. Critical for the RP What  is  my  risk  in  supporting  Identity  Federation?   •  How  many  customers  will  I  gain?   o  lower  barrier  to  entry   •  How  many  customers  will  I  lose  if  something  goes  wrong?   •  What  use  cases  do  I  need  to  handle  now  that  I'm  relying  on   another  entity?   •  How  much  does  it  cost  to  implement  the  mitigation  flows   for  these  new  use  cases?  
  12. 12. Easy solution •  Make  it  easy  for  every  RP   to  be  their  own  IdP   •  RP  controls  all  the  flows   •  No  new  flows  to  deal  with   •  Well  understood  user   experience  patterns  
  13. 13. Problem Ignores  the  User   •  Yet  another  site  asking  for   a  password   •  Identifier/Password   management  nightmare   •  Consumer  almost   guaranteed  to  be   compromised  
  14. 14. Real solution •  Trust  frameworks  to  provide  some  assurances  between  RPs   and  IdPs   •  Industry  best  practices  for  the  new  flows   •  IDaaS  provider  targeted  at  consumer  services   o  Easy  for  startups  to  leverage   o  Mitigations  for  unexpected  outages   o  Support  for  Federated  Identity  Providers  
  15. 15. Questions & Maybe Answers  Contact  Information    george.fletcher@teamaol.com http://twitter.com/gffletch http://about.me/georgefletcher

×