SlideShare a Scribd company logo

Doing Authorisation, Consent, and Delegation Right with UMA - Paris Identity Summit 2016

Download as PPTX, PDF
ForgeRock
ForgeRock

Consumers are often bombarded with opt-in “requests” to share their personal data, losing trust as they assent. In this session, Eve Maler, will share insights and lessons learned from active PoCs that require a new generation of privacy and consent. Learn how UMA can be applied to authorization, consent, and delegation scenarios across a wide variety of sectors, and how the ForgeRock Identity Platform is delivering a practical UMA solution today.

Software
1 of 21
© 2016 ForgeRock. All rights reserved. Doing Authorisation, Consent, and Delegation Right with UMA Eve Maler | VP Innovation & Emerging Technology | @xmlgrrl Paris Identity Summit 15 November 2016
© 2016 ForgeRock. All rights reserved. flickr.com/photos/vincrosbie/16301598031/ CC BY-ND 2.0 In 2Q2016, US mobile operators added connected cars faster than mobile devices – and also faster than anything else Apr 2016
© 2016 ForgeRock. All rights reserved. Digital transformation challenges End users Regulations Industry Your organization
© 2016 ForgeRock. All rights reserved. Challenge scenarios
© 2016 ForgeRock. All rights reserved. Scenario 1: Citizen attribute sharing for benefit management Basic profile data service Eligibility answer service Handicap badge issuer app Consent and delegation manager • Monitor and make changes over time • Holds no PII itself • Data lives in multiple services natively In the next stage of the project … [t]he team will be investigating and testing this to further address the thorny issues of trust and transparency when gaining citizens’ permission. … “[E]ligibility for some services can be quite dynamic, for example, as the level of an individual’s in-work benefits varies, and it may be necessary to carry out on-going eligibility checks from time to time. [A new technology would give] the individual a place to go online where they can see and manage all the consents they have given to different organisations. Until now, managing ongoing consent was tricky,” [Ian Litton] added. “Typically, you asked individuals to consent at a point in time. They tick the T&Cs, which they never see again.” UK Authority Local Digital, 3rd March 2016 Health status service
© 2016 ForgeRock. All rights reserved. Employer- run tax data service Accounting app Employer- run sharing manager • Sharing with other parties • Implemented cross- service • Buy vs. build Scenario 2: Tax data sharing with an accountant
© 2016 ForgeRock. All rights reserved. Scenario 3: Sharing health data access in an ecosystem Fitness watch with cloud service MRI machine with cloud service Physician portal Health cloud with sharing manager EHR service PHR app 3rd party smart scale with cloud service Clinical research • Selective sharing for multi-way data flows • Enabling partner ecosystems
© 2016 ForgeRock. All rights reserved. Bonus scenario 3a: Family caregiver prescription management Inconsistency across the departments [makes it hard]. It would be easier if every department followed the same process even if you had to do it for each different requirements depending on who you are dealing with. 72 year old Aroha takes a number of prescriptions she asks her son to help her manage them through her patient portal. Aroha gives her son Bailey access to view her prescriptions through her patient portal. Bailey then asks the portal to send him notifications of his mum’s blood sugar levels.
© 2016 ForgeRock. All rights reserved. Introducing User-Managed Access (UMA)
© 2016 ForgeRock. All rights reserved. Privacy is not secrecy and privacy is not encryption Context Control Choice Respect The right moment to make the decision to share The ability to share just the right amount The true ability to say no and to change one’s mind Regard for one’s wishes and preferences
© 2016 ForgeRock. All rights reserved. resource server authorization server resource owner requesting party client manage control protect delegate revoke authorize manage access negotiate deny A federated authorization architecture in action data service sharing manager
© 2016 ForgeRock. All rights reserved. An experience of selectively sharing health data with UMA Patient view Doctor view
© 2016 ForgeRock. All rights reserved. “The enterprise interprets access control as damage and routes around it.”
© 2016 ForgeRock. All rights reserved. Scenario 4: Business app access sharing with partners Custom app/ service ZZ In-house IdP/AS Custom app/ service AA … Custom app/ service ZZ Custom app/ service AA … • Constrained delegated access • Central management of cloud/partner/app interactions • Automated pairing of services and entitlement provisioning
© 2016 ForgeRock. All rights reserved. Key benefits to users • Sharing, unsharing, and editing of sharing preferences allowed at any time, without external influence • Not just opt-in or opt-out when asked • A selective sharing paradigm for an IoT landscape that demands it • Possible to offer a service that centralizes sharing preference management across data services for user convenience • The central service doesn’t see any of the data • Data is fed fresh from each individual service • The user can selectively share whatever “grain” of access each data service offers • Such as read vs. write, or weight vs. fat mass
© 2016 ForgeRock. All rights reserved. Key benefits to service operators: consumer-facing • A permission model that scales for user growth • Enables living up to a promise of transparency and building trusted digital relationships • Enables addressing new regulations that demand freer choice in consent
© 2016 ForgeRock. All rights reserved. Key benefits to service operators: for the enterprise • Enables centralizing delegation and access control in loosely coupled environments for better governance • CASBs are built for SaaS vendor solutions, not internal apps • Standard security model based on existing well-understood technologies reduces complexity • OAuth, JWT, OpenID Connect... • Standard permission model encourages business ownership of entitlements • Too often, they’re still buried in procedural code
© 2016 ForgeRock. All rights reserved. Key benefits to service operators: for all use cases • Constrained delegation of resource access vs. impersonation • Now required when multiple factors – or no passwords at all – are in the mix • Also required for protecting API and streaming data
© 2016 ForgeRock. All rights reserved. Let me sum up
© 2016 ForgeRock. All rights reserved. The CMO and the CPO can and must meet in the middle “Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment. … In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller…” We value personal data as an asset Our customers’ wishes have value Our customers have their own reasons to share, not share, and mash up data, which we can address as value-add Risk management perspective Business perspective
© 2016 ForgeRock. All rights reserved. Thank you!

Recommended

Keynote : Customer Identity Builds Digital Trust - Paris Identity Summit
Keynote : Customer Identity Builds Digital Trust - Paris Identity SummitKeynote : Customer Identity Builds Digital Trust - Paris Identity Summit
Keynote : Customer Identity Builds Digital Trust - Paris Identity SummitForgeRock
 
Analyst Keynote: Putting Customers First Requires Innovation and Identity - P...
Analyst Keynote: Putting Customers First Requires Innovation and Identity - P...Analyst Keynote: Putting Customers First Requires Innovation and Identity - P...
Analyst Keynote: Putting Customers First Requires Innovation and Identity - P...ForgeRock
 
Build a Trust Platform to Enable a Frictionless Customer Experience
Build a Trust Platform to Enable a Frictionless Customer Experience Build a Trust Platform to Enable a Frictionless Customer Experience
Build a Trust Platform to Enable a Frictionless Customer Experience ForgeRock
 
Doing Authorisation, Consent, and Delegation Right with UMA - London Identity...
Doing Authorisation, Consent, and Delegation Right with UMA - London Identity...Doing Authorisation, Consent, and Delegation Right with UMA - London Identity...
Doing Authorisation, Consent, and Delegation Right with UMA - London Identity...ForgeRock
 
Canberra Executive Breakfast - A Citizen-Centric Approach to Identity
Canberra Executive Breakfast - A Citizen-Centric Approach to Identity Canberra Executive Breakfast - A Citizen-Centric Approach to Identity
Canberra Executive Breakfast - A Citizen-Centric Approach to Identity ForgeRock
 
The Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity GatewayThe Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity GatewayForgeRock
 
Customer Identity Builds Digital Trust - London Identity Summit
Customer Identity Builds Digital Trust - London Identity SummitCustomer Identity Builds Digital Trust - London Identity Summit
Customer Identity Builds Digital Trust - London Identity SummitForgeRock
 
Security & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things WebinarSecurity & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things WebinarForgeRock
 

Recommended

Keynote : Customer Identity Builds Digital Trust - Paris Identity Summit
Keynote : Customer Identity Builds Digital Trust - Paris Identity SummitKeynote : Customer Identity Builds Digital Trust - Paris Identity Summit
Keynote : Customer Identity Builds Digital Trust - Paris Identity SummitForgeRock
 
Analyst Keynote: Putting Customers First Requires Innovation and Identity - P...
Analyst Keynote: Putting Customers First Requires Innovation and Identity - P...Analyst Keynote: Putting Customers First Requires Innovation and Identity - P...
Analyst Keynote: Putting Customers First Requires Innovation and Identity - P...ForgeRock
 
Build a Trust Platform to Enable a Frictionless Customer Experience
Build a Trust Platform to Enable a Frictionless Customer Experience Build a Trust Platform to Enable a Frictionless Customer Experience
Build a Trust Platform to Enable a Frictionless Customer Experience ForgeRock
 
Doing Authorisation, Consent, and Delegation Right with UMA - London Identity...
Doing Authorisation, Consent, and Delegation Right with UMA - London Identity...Doing Authorisation, Consent, and Delegation Right with UMA - London Identity...
Doing Authorisation, Consent, and Delegation Right with UMA - London Identity...ForgeRock
 
Canberra Executive Breakfast - A Citizen-Centric Approach to Identity
Canberra Executive Breakfast - A Citizen-Centric Approach to Identity Canberra Executive Breakfast - A Citizen-Centric Approach to Identity
Canberra Executive Breakfast - A Citizen-Centric Approach to Identity ForgeRock
 
The Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity GatewayThe Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity GatewayForgeRock
 
Customer Identity Builds Digital Trust - London Identity Summit
Customer Identity Builds Digital Trust - London Identity SummitCustomer Identity Builds Digital Trust - London Identity Summit
Customer Identity Builds Digital Trust - London Identity SummitForgeRock
 
Security & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things WebinarSecurity & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things WebinarForgeRock
 
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...ForgeRock
 
No IoT Without Identity
No IoT Without Identity No IoT Without Identity
No IoT Without Identity ForgeRock
 
ForgeRock Gartner 2016 Security & Risk Management Summit
ForgeRock Gartner 2016 Security & Risk Management Summit ForgeRock Gartner 2016 Security & Risk Management Summit
ForgeRock Gartner 2016 Security & Risk Management Summit ForgeRock
 
NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...
NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...
NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...ForgeRock
 
Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)
Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)
Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)ForgeRock
 
Identity Relationship Management - The Right Approach for a Complex Digital W...
Identity Relationship Management - The Right Approach for a Complex Digital W...Identity Relationship Management - The Right Approach for a Complex Digital W...
Identity Relationship Management - The Right Approach for a Complex Digital W...ForgeRock
 
A Backstage Tour of Identity - Paris Identity Summit 2016
A Backstage Tour of Identity - Paris Identity Summit 2016A Backstage Tour of Identity - Paris Identity Summit 2016
A Backstage Tour of Identity - Paris Identity Summit 2016ForgeRock
 
NYC Identity Summit Tech Day: Authorization for the Modern World
NYC Identity Summit Tech Day: Authorization for the Modern WorldNYC Identity Summit Tech Day: Authorization for the Modern World
NYC Identity Summit Tech Day: Authorization for the Modern WorldForgeRock
 
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsUser-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsForgeRock
 
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...ForgeRock
 
NYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityNYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityForgeRock
 
ForgeRock: Identity Relationship Management is the Foundation for Your Digita...
ForgeRock: Identity Relationship Management is the Foundation for Your Digita...ForgeRock: Identity Relationship Management is the Foundation for Your Digita...
ForgeRock: Identity Relationship Management is the Foundation for Your Digita...ForgeRock
 
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...ForgeRock
 
Sydney Identity Summit: The Future's So Bright, I Gotta Wear Shades
Sydney Identity Summit: The Future's So Bright, I Gotta Wear ShadesSydney Identity Summit: The Future's So Bright, I Gotta Wear Shades
Sydney Identity Summit: The Future's So Bright, I Gotta Wear ShadesForgeRock
 
NYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous SecurityNYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous SecurityForgeRock
 
The Future of Digital Identity in the Age of the Internet of Things
The Future of Digital Identity in the Age of the Internet of ThingsThe Future of Digital Identity in the Age of the Internet of Things
The Future of Digital Identity in the Age of the Internet of ThingsForgeRock
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewForgeRock
 
Sydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and HighlightsSydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and HighlightsForgeRock
 
Sydney Identity Summit: Know (and Serve) Your Customers
Sydney Identity Summit: Know (and Serve) Your CustomersSydney Identity Summit: Know (and Serve) Your Customers
Sydney Identity Summit: Know (and Serve) Your CustomersForgeRock
 
Sydney Identity Summit: Delivering A Winning Member Experience
Sydney Identity Summit: Delivering A Winning Member ExperienceSydney Identity Summit: Delivering A Winning Member Experience
Sydney Identity Summit: Delivering A Winning Member ExperienceForgeRock
 
Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016
Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016
Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016ForgeRock
 
The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management ForgeRock
 

More Related Content

What's hot

Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...ForgeRock
 
No IoT Without Identity
No IoT Without Identity No IoT Without Identity
No IoT Without Identity ForgeRock
 
ForgeRock Gartner 2016 Security & Risk Management Summit
ForgeRock Gartner 2016 Security & Risk Management Summit ForgeRock Gartner 2016 Security & Risk Management Summit
ForgeRock Gartner 2016 Security & Risk Management Summit ForgeRock
 
NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...
NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...
NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...ForgeRock
 
Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)
Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)
Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)ForgeRock
 
Identity Relationship Management - The Right Approach for a Complex Digital W...
Identity Relationship Management - The Right Approach for a Complex Digital W...Identity Relationship Management - The Right Approach for a Complex Digital W...
Identity Relationship Management - The Right Approach for a Complex Digital W...ForgeRock
 
A Backstage Tour of Identity - Paris Identity Summit 2016
A Backstage Tour of Identity - Paris Identity Summit 2016A Backstage Tour of Identity - Paris Identity Summit 2016
A Backstage Tour of Identity - Paris Identity Summit 2016ForgeRock
 
NYC Identity Summit Tech Day: Authorization for the Modern World
NYC Identity Summit Tech Day: Authorization for the Modern WorldNYC Identity Summit Tech Day: Authorization for the Modern World
NYC Identity Summit Tech Day: Authorization for the Modern WorldForgeRock
 
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsUser-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsForgeRock
 
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...ForgeRock
 
NYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityNYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityForgeRock
 
ForgeRock: Identity Relationship Management is the Foundation for Your Digita...
ForgeRock: Identity Relationship Management is the Foundation for Your Digita...ForgeRock: Identity Relationship Management is the Foundation for Your Digita...
ForgeRock: Identity Relationship Management is the Foundation for Your Digita...ForgeRock
 
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...ForgeRock
 
Sydney Identity Summit: The Future's So Bright, I Gotta Wear Shades
Sydney Identity Summit: The Future's So Bright, I Gotta Wear ShadesSydney Identity Summit: The Future's So Bright, I Gotta Wear Shades
Sydney Identity Summit: The Future's So Bright, I Gotta Wear ShadesForgeRock
 
NYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous SecurityNYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous SecurityForgeRock
 
The Future of Digital Identity in the Age of the Internet of Things
The Future of Digital Identity in the Age of the Internet of ThingsThe Future of Digital Identity in the Age of the Internet of Things
The Future of Digital Identity in the Age of the Internet of ThingsForgeRock
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewForgeRock
 
Sydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and HighlightsSydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and HighlightsForgeRock
 
Sydney Identity Summit: Know (and Serve) Your Customers
Sydney Identity Summit: Know (and Serve) Your CustomersSydney Identity Summit: Know (and Serve) Your Customers
Sydney Identity Summit: Know (and Serve) Your CustomersForgeRock
 
Sydney Identity Summit: Delivering A Winning Member Experience
Sydney Identity Summit: Delivering A Winning Member ExperienceSydney Identity Summit: Delivering A Winning Member Experience
Sydney Identity Summit: Delivering A Winning Member ExperienceForgeRock
 

What's hot (20)

Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
 
No IoT Without Identity
No IoT Without Identity No IoT Without Identity
No IoT Without Identity
 
ForgeRock Gartner 2016 Security & Risk Management Summit
ForgeRock Gartner 2016 Security & Risk Management Summit ForgeRock Gartner 2016 Security & Risk Management Summit
ForgeRock Gartner 2016 Security & Risk Management Summit
 
NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...
NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...
NYC Identity Summit Business Day: Doing Authorization, Consent, and Delegatio...
 
Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)
Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)
Sydney Identity Summit: Using Identity to Build Digital Trust (Mike Ellis Intro)
 
Identity Relationship Management - The Right Approach for a Complex Digital W...
Identity Relationship Management - The Right Approach for a Complex Digital W...Identity Relationship Management - The Right Approach for a Complex Digital W...
Identity Relationship Management - The Right Approach for a Complex Digital W...
 
A Backstage Tour of Identity - Paris Identity Summit 2016
A Backstage Tour of Identity - Paris Identity Summit 2016A Backstage Tour of Identity - Paris Identity Summit 2016
A Backstage Tour of Identity - Paris Identity Summit 2016
 
NYC Identity Summit Tech Day: Authorization for the Modern World
NYC Identity Summit Tech Day: Authorization for the Modern WorldNYC Identity Summit Tech Day: Authorization for the Modern World
NYC Identity Summit Tech Day: Authorization for the Modern World
 
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsUser-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
 
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
 
NYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API SecurityNYC Identity Summit Tech Day: Best Practices for API Security
NYC Identity Summit Tech Day: Best Practices for API Security
 
ForgeRock: Identity Relationship Management is the Foundation for Your Digita...
ForgeRock: Identity Relationship Management is the Foundation for Your Digita...ForgeRock: Identity Relationship Management is the Foundation for Your Digita...
ForgeRock: Identity Relationship Management is the Foundation for Your Digita...
 
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
 
Sydney Identity Summit: The Future's So Bright, I Gotta Wear Shades
Sydney Identity Summit: The Future's So Bright, I Gotta Wear ShadesSydney Identity Summit: The Future's So Bright, I Gotta Wear Shades
Sydney Identity Summit: The Future's So Bright, I Gotta Wear Shades
 
NYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous SecurityNYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous Security
 
The Future of Digital Identity in the Age of the Internet of Things
The Future of Digital Identity in the Age of the Internet of ThingsThe Future of Digital Identity in the Age of the Internet of Things
The Future of Digital Identity in the Age of the Internet of Things
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
 
Sydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and HighlightsSydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and Highlights
 
Sydney Identity Summit: Know (and Serve) Your Customers
Sydney Identity Summit: Know (and Serve) Your CustomersSydney Identity Summit: Know (and Serve) Your Customers
Sydney Identity Summit: Know (and Serve) Your Customers
 
Sydney Identity Summit: Delivering A Winning Member Experience
Sydney Identity Summit: Delivering A Winning Member ExperienceSydney Identity Summit: Delivering A Winning Member Experience
Sydney Identity Summit: Delivering A Winning Member Experience
 

Viewers also liked

Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016
Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016
Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016ForgeRock
 
The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management ForgeRock
 
The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management ForgeRock
 
PSD2 e Instant payments: l’evoluzione attesa dei pagamenti online, in store e...
PSD2 e Instant payments: l’evoluzione attesa dei pagamenti online, in store e...PSD2 e Instant payments: l’evoluzione attesa dei pagamenti online, in store e...
PSD2 e Instant payments: l’evoluzione attesa dei pagamenti online, in store e...Accenture Italia
 
PSD2: Making it actionable
PSD2: Making it actionablePSD2: Making it actionable
PSD2: Making it actionableBackbase
 
The Future is Now: What’s New in ForgeRock Directory Services
The Future is Now: What’s New in ForgeRock Directory ServicesThe Future is Now: What’s New in ForgeRock Directory Services
The Future is Now: What’s New in ForgeRock Directory ServicesForgeRock
 

Viewers also liked (6)

Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016
Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016
Keynote: Tech, Trust, and Transformation - Paris Identity Summit 2016
 
The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management
 
The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management
 
PSD2 e Instant payments: l’evoluzione attesa dei pagamenti online, in store e...
PSD2 e Instant payments: l’evoluzione attesa dei pagamenti online, in store e...PSD2 e Instant payments: l’evoluzione attesa dei pagamenti online, in store e...
PSD2 e Instant payments: l’evoluzione attesa dei pagamenti online, in store e...
 
PSD2: Making it actionable
PSD2: Making it actionablePSD2: Making it actionable
PSD2: Making it actionable
 
The Future is Now: What’s New in ForgeRock Directory Services
The Future is Now: What’s New in ForgeRock Directory ServicesThe Future is Now: What’s New in ForgeRock Directory Services
The Future is Now: What’s New in ForgeRock Directory Services
 

Similar to Doing Authorisation, Consent, and Delegation Right with UMA - Paris Identity Summit 2016

Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeForgeRock
 
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...ForgeRock
 
Implications of GDPR in Conjunction with UMA
Implications of GDPR in Conjunction with UMAImplications of GDPR in Conjunction with UMA
Implications of GDPR in Conjunction with UMAForgeRock
 
Whitepaper: Cloud – A view on why it’s still overcast in CIOs’ minds - Happie...
Whitepaper: Cloud – A view on why it’s still overcast in CIOs’ minds - Happie...Whitepaper: Cloud – A view on why it’s still overcast in CIOs’ minds - Happie...
Whitepaper: Cloud – A view on why it’s still overcast in CIOs’ minds - Happie...Happiest Minds Technologies
 
Using Kafka in Your Organization with Real-Time User Insights for a Customer ...
Using Kafka in Your Organization with Real-Time User Insights for a Customer ...Using Kafka in Your Organization with Real-Time User Insights for a Customer ...
Using Kafka in Your Organization with Real-Time User Insights for a Customer ...confluent
 
Supporting Data Services Marketplace using Data Virtualization
Supporting Data Services Marketplace using Data VirtualizationSupporting Data Services Marketplace using Data Virtualization
Supporting Data Services Marketplace using Data VirtualizationDenodo
 
Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of ThingsPECB
 
Survey on Peer to Peer Car Sharing System Using Blockchain
Survey on Peer to Peer Car Sharing System Using BlockchainSurvey on Peer to Peer Car Sharing System Using Blockchain
Survey on Peer to Peer Car Sharing System Using BlockchainIRJET Journal
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use CasesNetskope
 
Cxo cockpit customer newsletter - october 2013
Cxo cockpit customer newsletter - october 2013Cxo cockpit customer newsletter - october 2013
Cxo cockpit customer newsletter - october 2013Richard Wolters
 
lendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLinklendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLinkKristina Quinn
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAkantarainitiative
 
Governance webinar 09062016
Governance webinar 09062016Governance webinar 09062016
Governance webinar 09062016Thierry RAMON
 
Governance webinar 09062016
Governance webinar 09062016Governance webinar 09062016
Governance webinar 09062016Thierry RAMON
 
Enterprise SaaS: A Mismatch Made in Heaven
Enterprise SaaS: A Mismatch Made in HeavenEnterprise SaaS: A Mismatch Made in Heaven
Enterprise SaaS: A Mismatch Made in HeavenStanton Jones
 
Learn How to Maximize Your ServiceNow Investment
Learn How to Maximize Your ServiceNow InvestmentLearn How to Maximize Your ServiceNow Investment
Learn How to Maximize Your ServiceNow InvestmentStave
 
Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14Russ Holmes
 
DV 2016: Making Sense of the Current Legal Landscape
DV 2016: Making Sense of the Current Legal LandscapeDV 2016: Making Sense of the Current Legal Landscape
DV 2016: Making Sense of the Current Legal LandscapeTealium
 

Similar to Doing Authorisation, Consent, and Delegation Right with UMA - Paris Identity Summit 2016 (20)

Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
 
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
 
Implications of GDPR in Conjunction with UMA
Implications of GDPR in Conjunction with UMAImplications of GDPR in Conjunction with UMA
Implications of GDPR in Conjunction with UMA
 
Whitepaper: Cloud – A view on why it’s still overcast in CIOs’ minds - Happie...
Whitepaper: Cloud – A view on why it’s still overcast in CIOs’ minds - Happie...Whitepaper: Cloud – A view on why it’s still overcast in CIOs’ minds - Happie...
Whitepaper: Cloud – A view on why it’s still overcast in CIOs’ minds - Happie...
 
Using Kafka in Your Organization with Real-Time User Insights for a Customer ...
Using Kafka in Your Organization with Real-Time User Insights for a Customer ...Using Kafka in Your Organization with Real-Time User Insights for a Customer ...
Using Kafka in Your Organization with Real-Time User Insights for a Customer ...
 
Supporting Data Services Marketplace using Data Virtualization
Supporting Data Services Marketplace using Data VirtualizationSupporting Data Services Marketplace using Data Virtualization
Supporting Data Services Marketplace using Data Virtualization
 
Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of Things
 
Survey on Peer to Peer Car Sharing System Using Blockchain
Survey on Peer to Peer Car Sharing System Using BlockchainSurvey on Peer to Peer Car Sharing System Using Blockchain
Survey on Peer to Peer Car Sharing System Using Blockchain
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases
 
Cxo cockpit customer newsletter - october 2013
Cxo cockpit customer newsletter - october 2013Cxo cockpit customer newsletter - october 2013
Cxo cockpit customer newsletter - october 2013
 
lendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLinklendingQB: A Mortgage Loan Origination System by MeridianLink
lendingQB: A Mortgage Loan Origination System by MeridianLink
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
 
Governance webinar 09062016
Governance webinar 09062016Governance webinar 09062016
Governance webinar 09062016
 
Governance webinar 09062016
Governance webinar 09062016Governance webinar 09062016
Governance webinar 09062016
 
Enterprise SaaS: A Mismatch Made in Heaven
Enterprise SaaS: A Mismatch Made in HeavenEnterprise SaaS: A Mismatch Made in Heaven
Enterprise SaaS: A Mismatch Made in Heaven
 
The Enterprise and SaaS
The Enterprise and SaaSThe Enterprise and SaaS
The Enterprise and SaaS
 
Learn How to Maximize Your ServiceNow Investment
Learn How to Maximize Your ServiceNow InvestmentLearn How to Maximize Your ServiceNow Investment
Learn How to Maximize Your ServiceNow Investment
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
 
Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14
 
DV 2016: Making Sense of the Current Legal Landscape
DV 2016: Making Sense of the Current Legal LandscapeDV 2016: Making Sense of the Current Legal Landscape
DV 2016: Making Sense of the Current Legal Landscape
 

More from ForgeRock

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationForgeRock
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyForgeRock
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication ForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyForgeRock
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)ForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...ForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)ForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...ForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...ForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
 

More from ForgeRock (20)

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 

Recently uploaded

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentVictorSzoltysek
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 

Recently uploaded (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 

Doing Authorisation, Consent, and Delegation Right with UMA - Paris Identity Summit 2016

  • 1. © 2016 ForgeRock. All rights reserved. Doing Authorisation, Consent, and Delegation Right with UMA Eve Maler | VP Innovation & Emerging Technology | @xmlgrrl Paris Identity Summit 15 November 2016
  • 2. © 2016 ForgeRock. All rights reserved. flickr.com/photos/vincrosbie/16301598031/ CC BY-ND 2.0 In 2Q2016, US mobile operators added connected cars faster than mobile devices – and also faster than anything else Apr 2016
  • 3. © 2016 ForgeRock. All rights reserved. Digital transformation challenges End users Regulations Industry Your organization
  • 4. © 2016 ForgeRock. All rights reserved. Challenge scenarios
  • 5. © 2016 ForgeRock. All rights reserved. Scenario 1: Citizen attribute sharing for benefit management Basic profile data service Eligibility answer service Handicap badge issuer app Consent and delegation manager • Monitor and make changes over time • Holds no PII itself • Data lives in multiple services natively In the next stage of the project … [t]he team will be investigating and testing this to further address the thorny issues of trust and transparency when gaining citizens’ permission. … “[E]ligibility for some services can be quite dynamic, for example, as the level of an individual’s in-work benefits varies, and it may be necessary to carry out on-going eligibility checks from time to time. [A new technology would give] the individual a place to go online where they can see and manage all the consents they have given to different organisations. Until now, managing ongoing consent was tricky,” [Ian Litton] added. “Typically, you asked individuals to consent at a point in time. They tick the T&Cs, which they never see again.” UK Authority Local Digital, 3rd March 2016 Health status service
  • 6. © 2016 ForgeRock. All rights reserved. Employer- run tax data service Accounting app Employer- run sharing manager • Sharing with other parties • Implemented cross- service • Buy vs. build Scenario 2: Tax data sharing with an accountant
  • 7. © 2016 ForgeRock. All rights reserved. Scenario 3: Sharing health data access in an ecosystem Fitness watch with cloud service MRI machine with cloud service Physician portal Health cloud with sharing manager EHR service PHR app 3rd party smart scale with cloud service Clinical research • Selective sharing for multi-way data flows • Enabling partner ecosystems
  • 8. © 2016 ForgeRock. All rights reserved. Bonus scenario 3a: Family caregiver prescription management Inconsistency across the departments [makes it hard]. It would be easier if every department followed the same process even if you had to do it for each different requirements depending on who you are dealing with. 72 year old Aroha takes a number of prescriptions she asks her son to help her manage them through her patient portal. Aroha gives her son Bailey access to view her prescriptions through her patient portal. Bailey then asks the portal to send him notifications of his mum’s blood sugar levels.
  • 9. © 2016 ForgeRock. All rights reserved. Introducing User-Managed Access (UMA)
  • 10. © 2016 ForgeRock. All rights reserved. Privacy is not secrecy and privacy is not encryption Context Control Choice Respect The right moment to make the decision to share The ability to share just the right amount The true ability to say no and to change one’s mind Regard for one’s wishes and preferences
  • 11. © 2016 ForgeRock. All rights reserved. resource server authorization server resource owner requesting party client manage control protect delegate revoke authorize manage access negotiate deny A federated authorization architecture in action data service sharing manager
  • 12. © 2016 ForgeRock. All rights reserved. An experience of selectively sharing health data with UMA Patient view Doctor view
  • 13. © 2016 ForgeRock. All rights reserved. “The enterprise interprets access control as damage and routes around it.”
  • 14. © 2016 ForgeRock. All rights reserved. Scenario 4: Business app access sharing with partners Custom app/ service ZZ In-house IdP/AS Custom app/ service AA … Custom app/ service ZZ Custom app/ service AA … • Constrained delegated access • Central management of cloud/partner/app interactions • Automated pairing of services and entitlement provisioning
  • 15. © 2016 ForgeRock. All rights reserved. Key benefits to users • Sharing, unsharing, and editing of sharing preferences allowed at any time, without external influence • Not just opt-in or opt-out when asked • A selective sharing paradigm for an IoT landscape that demands it • Possible to offer a service that centralizes sharing preference management across data services for user convenience • The central service doesn’t see any of the data • Data is fed fresh from each individual service • The user can selectively share whatever “grain” of access each data service offers • Such as read vs. write, or weight vs. fat mass
  • 16. © 2016 ForgeRock. All rights reserved. Key benefits to service operators: consumer-facing • A permission model that scales for user growth • Enables living up to a promise of transparency and building trusted digital relationships • Enables addressing new regulations that demand freer choice in consent
  • 17. © 2016 ForgeRock. All rights reserved. Key benefits to service operators: for the enterprise • Enables centralizing delegation and access control in loosely coupled environments for better governance • CASBs are built for SaaS vendor solutions, not internal apps • Standard security model based on existing well-understood technologies reduces complexity • OAuth, JWT, OpenID Connect... • Standard permission model encourages business ownership of entitlements • Too often, they’re still buried in procedural code
  • 18. © 2016 ForgeRock. All rights reserved. Key benefits to service operators: for all use cases • Constrained delegation of resource access vs. impersonation • Now required when multiple factors – or no passwords at all – are in the mix • Also required for protecting API and streaming data
  • 19. © 2016 ForgeRock. All rights reserved. Let me sum up
  • 20. © 2016 ForgeRock. All rights reserved. The CMO and the CPO can and must meet in the middle “Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment. … In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller…” We value personal data as an asset Our customers’ wishes have value Our customers have their own reasons to share, not share, and mash up data, which we can address as value-add Risk management perspective Business perspective
  • 21. © 2016 ForgeRock. All rights reserved. Thank you!

Editor's Notes

  1. Latest evidence: Spotify last August: simple privacy policy change alarmed customers Complaints, threats to leave (e.g. new Apple Music) Lesson: commoditized? low switching costs, lack of sensitivity can hurt you even if the change wasn’t materially negative Mobile Ecosystem Forum IoT consumer survey: trust issues biggest concern NEW: On The Dark Web, Medical Records Are A Hot Commodity: Medical records go for US$60 each NEW: “In January of this year, Melbourne’s largest hospital network was significantly impacted when a computer virus affected the hospitals Windows XP systems disrupting meal delivery and pathology results.” (See: http://www.dw.com/en/spotify-feels-the-burn-after-privacy-policy-flub/a-18665269) (See: http://www.fastcompany.com/3061543/on-the-dark-web-medical-records-are-a-hot-commodity) (See: http://securityaffairs.co/wordpress/49472/data-breach/data-breaches-healthcare-sector.html) (See: http://www.bizreport.com/2016/04/21-globally-have-concerns-that-iot-machines-will-take-over-t.html) Image source: https://www.flickr.com/photos/vincrosbie/16301598031/ (See: http://www.pcworld.com/article/3106410/iot-is-now-growing-faster-than-smartphones.html )
  2. [animation] End users: Customers, consumers, citizens, patients: They are cynical about data sharing in the post-Snowden era (see: Spotify), but demand a consistent digital experience across all channels [animation] Your organization: It’s trying to reach “escape velocity” with its strategic innovations, while navigating a cloud and API strategy that makes sense and a budget that never seems to grow. [animation] The regulatory landscape: With GDPR and PSD2 (the revised Payments Services Directive) recognizing both loosely coupled services and the autonomy of individuals, consent to share data has gotten a lot more important. And security and data protection are just the start of the conversation. [animation] The industry landscape: It now includes the Internet of Things, which require newly constrained user experiences, along with other new technologies that affect user trust models such as blockchain and microservices.
  3. In this familiar scenario, citizens interact with online data services to consent (authorize or permission) the transfer of some attributes about them elsewhere so that a decision can be made about whether they can be issued a handicap badge. Since in this UK scenario the citizen is currently responsible for re-applying for eligibility every three years, and eligibility can actually come and go fairly dynamically, it’s desirable for a citizen instead to monitor and control access to their attributes in more empowered way, so they can just shut off consent whenever they don’t need the badge anymore and don’t want others getting access to that data. To do this you can add a [animation] service that contains no PII itself but specializes in handling consent and delegation on the citizen’s behalf can make this monitoring and management over time possible, no matter how many data services are deployed. [summary animation]
  4. It’s not unusual these days to want to build person-to-person data-sharing capabilities into applications. We’re used to it in productivity suites, so why not [animation] when doing our taxes? The problem is that it’s not a core competency for any one company to run authorization services (same as the tax data service), and they’re likely to want to [animation] buy this functionality or even outsource it. Also, sharing with outsiders means that they and their applications, by definition, [animation] may be outside our own domain. It’s useful to address these challenges with an architecture that recognizes these boundaries. (In the UK, the equivalent to the US’s “W-2 form” would be the “P60 form”.) [summary animation]
  5. If you’re in the business of delivering a Health Cloud, and offer cloud services related to smart devices that you make, then it’s probably clear now why offering a sharing manager independently of your various data services for allowing patients to share data with physicians, caregivers, and others could be attractive for both compliance and your own company’s trustworthiness. But it’s also possible to allow [animation] two-way data flow, so that when providers generate data, patients can store it back in their PHRs in a permissioned fashion. And because authorized sharing is managed separately from data services, you can forge [animation] relationships with partners that make IoT devices and related cloud services. And patients could finally have a clear way to [animation] authorize the donation of their sensitive health data for use in clinical research. [summary animation]
  6. If you’re in the business of delivering a Health Cloud, and offer cloud services related to smart devices that you make, then it’s probably clear now why offering a sharing manager independently of your various data services for allowing patients to share data with physicians, caregivers, and others could be attractive for both compliance and your own company’s trustworthiness. But it’s also possible to allow [animation] two-way data flow, so that when providers generate data, patients can store it back in their PHRs in a permissioned fashion. And because authorized sharing is managed separately from data services, you can forge [animation] relationships with partners that make IoT devices and related cloud services. And patients could finally have a clear way to [animation] authorize the donation of their sensitive health data for use in clinical research. [summary animation]
  7. With apologies to John Gilmore’s famous saying about the ‘net and censorship IT manages hundreds of API-fronted apps in the enterprise (and some outside). Alice is an employee who needs to delegate constrained access to app features/functions to fellow employees and partners within the ecosystem, giving IT – and herself – centralized visibility into the access granted. Image source: "John Gilmore Portrait" by Neurosynthetic - Own work. Licensed under CC BY-SA 4.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:John_Gilmore_Portrait.jpg#/media/File:John_Gilmore_Portrait.jpg
  8. Inside the enterprise, the [animation] Share button in Google Apps gives us a good way for avoiding less-secure patterns like password-sharing. But even though enterprises may have hundreds of API-fronted services and apps, they probably don’t have Google’s resources to develop a nice delegated access model for them. Some services are [animation] owned by SaaS vendors, some are internal, some are legacy with an API shim. And sometimes employees need to share access with partners. …expand… [summary animation]
  9. New regulations are not just codifying current data protection practice Many are giving user consent a much greater role in the privacy picture At the same time, more organizations are recognizing that personal data has got to be a shared asset You need to provide custodianship but also a relationship (See: https://iapp.org/media/pdf/resource_center/GDPR-final.pdf)