• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Respect Connect: From Social Login to Personal Cloud Login
 

Respect Connect: From Social Login to Personal Cloud Login

on

  • 1,867 views

A webinar from Respect Network that explains the evolutionary progression of federated identity protocols, why social logins from companies like Facebook, Twitter, and LinkedIn have been so ...

A webinar from Respect Network that explains the evolutionary progression of federated identity protocols, why social logins from companies like Facebook, Twitter, and LinkedIn have been so successful, and why the next evolutionary step is personal cloud login based a direct P2P connection with a user's personal cloud.

Statistics

Views

Total Views
1,867
Views on SlideShare
1,005
Embed Views
862

Actions

Likes
1
Downloads
29
Comments
0

6 Embeds 862

http://respectnetwork.com 694
http://www.scoop.it 91
http://localhost 73
http://webcache.googleusercontent.com 2
http://consulting.respectnetwork.com 1
https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Early pairwise Sun, Hewitt and AmexIndustry federationsAlso Danish NemLogNationwide InsuranceFidelity NetbenefitsAetna medical billing system with NaviMedix (300K providers)DHS GFIPM (failed?) – loss of control by SPs, loss of DoS cables to wikileaks is the standard example
  • http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
  • http://marketingland.com/social-login-shares-saw-little-change-in-q2-janrain-says-50954

Respect Connect: From Social Login to Personal Cloud Login Respect Connect: From Social Login to Personal Cloud Login Presentation Transcript

  • Respect Connect: From Social Login to Personal Cloud Login 2013-09-10 Dan Blum, Principal Consultant Drummond Reed, CTO Gary Rowe, CEO
  • • Digital identity and privacy challenges • Federated identity in context • Social login advantages and disadvantages • How personal cloud login works using Respect Connect • Personal cloud login advantages and disadvantages • Respect Consulting and Management Perspectives 2
  • Introducing: Dan Blum, Principal Consultant and Chief Security Architect 3 • Internationally-recognized security and identity expert • 1998-2009: Burton Group – Principal Consultant for large enterprises, leading technology providers – Research Director for Identity and Privacy Strategies (IDPS) – Lead author on initial IDPS Reference Architecture – Consultant for U.S. E-Authentication and Canadian Cyber-Authentication programs (2004-2006) – Research Director for Security and Risk Management Strategies (SRMS) and lead author on SRMS Reference Architecture • 2010-2013: VP & Distinguished Analyst at Gartner – Agenda manager for security reference architecture – Lead analyst for cloud security and other topics – Won Golden Quill Award in 2011 • March 2013: Joined Respect Network to develop consulting practice and create peer cloud security guidance
  • 4 The Problem: For many people, managing personal identity and data on the net is… Too much work Too unsafe Too distractingToo many passwords OVERWHELMING
  • • Weak or duplicated passwords • Forgotten passwords • Complex login procedures • Account lockout • The help desk blues • Misdirected communications • Accounts that live on past termination of business relationships 5
  • My personal life Social network Email service Media service Benefits Bank Health care provider My employer’s domains Corporate Directory HR Too Many Silos of Identity Government Professional social network My professional persona 6
  • • Technical Definition: Technologies, standards and agreements that enable use of identity, credentials and attributes across autonomous domains • Value Proposition – Reduced sign-on (users) – Reduced help desk support – Establish business communities 7
  • Site or Business Relying Party (RP) Browser Identity Provider (IDP) User Request access Redirect to IDP Request sign-on to RP Discover IDP Authenticate userProvide token (or link)* Provide token or assertion (or link) Provide temporary token Access resources Provide access to resource, or session with user •Token from IDP known as token, assertion or claim in various standards. May be passed directly or as link 8
  • Bridging Silos My employer’s domains My personal life My professional persona Corporate Directory HR Social network Email service Media service Professional social network Benefits Bank Health care provider Government Cloud, or SCM Federated Identity or other SSO Relationship 9
  • 10 Pair wise federations Early 2000s Small clusters Minimal industry penetration SAML, highly customized Various LOAs Industry federations Early 2000s to present Small, medium and large Low industry penetration SAML, X.509, rich topologies Various LOAs Open ID 1 NIH InCommon Nordic WAYF CAC Supply chains LOA PIV Broad federations Early 2010s to present Large to very large Growing industry penetration SAML , OAuth, OpenID Connect Limited use cases Low to low/medium LOA Enterprise to SaaS Large e- commerce ecosystems Social login systems LOA
  • 2013-20152000 2005 2010 Enterprise space User-centric space SAML 1.0 Shibboleth SAML 1.1 Liberty ID-FF WS-* Government space X.509 EAP profiles (X.509 + SAML) OpenID 1.0 OpenID 2.0 OAuth 1.0 Interop OpenID Connect OAuth 2.0 Government id cards, e.g. FIPS 201 SAML 2.0 11 Respect Connect UMA, …
  • • Scalability issues – Interoperability (minor) – Legal and trust issues (major) • Incentive, or power, mismatches – Causing some federations to fail • Privacy issues (emergent) 12
  • • Definition: The ability to access a web site or application using an account on a social network • Value proposition – Reduced sign-on friction (users and RPs) – Obtain customer data (RPs) – Gain market share and leverage (IDPs) 13
  • 14
  • • Architecture 15 Relying Party Site Social Network Your social graph Real name Birthday Home town Links to photos Relatives Family, children Friends Other data Or use another service OAuth
  • Advantages and Drawbacks of Social Login Advantages (user) • Reduced sign-on friction • Ease of use • Social features of RP’s app Drawbacks (user) • Deep privacy concerns—exposing your real personal information to all the social networker’s partners • Lack of control • Lack of portability • Building in a dependency on a third party Advantages (RP) • Reduced sign-on friction • Ease of development • Leverage personal data Drawbacks (RP) • Having a third party in the middle of customer relationships • Lack of trust by users • Risk of changing terms and costs • Building in a dependency on a third party 16
  • 17 • Inconsistent rules or no rules • Unreadable privacy policies • Unwanted advertising - Spam, spam, spam • Increasingly sensitive financial, medical and social data in the hands of data brokers • One faux pas online may hurt your reputation forever
  • 18 Source: Differentiate with Privacy-Led Marketing Practices A Forrester Consulting Thought Leadership Paper Commissioned by Neustar July 2013
  • 19 Source: Differentiate with Privacy-Led Marketing Practices A Forrester Consulting Thought Leadership Paper Commissioned by Neustar July 2013
  • Personal Cloud Login 20
  • Introducing: Drummond Reed, CTO 21 • 1995-2007: Co-Founder & CTO, Cordance • 2004 – Co-Chair, OASIS XDI Technical Committee • 2005 – Founding Board Member, OpenID Foundation • 2009 – 2010 Executive Director, Information Card Foundation • 2010 – Founding Executive Director, Open Identity Exchange • 2011: Co-Founder Respect Network
  • • A cloud-based platform the individual owns and controls – My oasis on the Internet • Available from a cloud service provider (CSP) or self-hosted • A secure, lifetime personal data repository with NO ambiguity in terms of who controls the data – Store any kind of data—binary, structured, application, preference • A place to manage connections, relationships, communications • A platform for applications—much like a personal computer or smartphone—but accessible from all your devices 22
  • A peer-to-peer network of personal and business clouds that provides interoperability, portability, and trust between members 23
  • • Definition: The ability to access a web site or application using a personal cloud • Value proposition – Reduced sign-on friction (users and RPs) – Increased trust (users and RPs) – Safe data sharing in either direction (users and RPs) – Lifetime data subscriptions (users and RPs) – CSPs gain market share, leverage and new revenue streams 24
  • 25 The next 3 screens show the actual user experience today for Facebook Login at The San Francisco Examiner
  • 26
  • 27
  • 28
  • 29 Personal cloud login works just like social login except there’s no social network in the middle—the connection is directly with the user’s own personal cloud Business Cloud
  • 30 The next 3 screens show what the user experience would look like for Respect Connect personal cloud login at The San Francisco Examiner
  • 31
  • 32 Login with Respect Connect Okay Cancel drummond@connect.meEmail Drummond ReedName 98133Zip code* The San Francisco Examiner Member since May 2014 Respect Connections 304 Personal cloud data requested: Permissions requested: Send daily news summary Send weekly news summary All data shared under the Respect Trust Framework
  • 33
  • 34 The secret to making personal cloud login work is that each cloud belongs to a personal cloud network—this is how the Respect Connect button does its magic
  • 35 This also means each Connect button is a way for new users to join the network
  • 36 The next 3 screens show the Respect Connect user experience if the user does not yet have a personal cloud
  • 37
  • 38 Login with Respect Connect Continue Cancel Enter any one of the following: If you already have a personal cloud Cloud name Mobile phone number Email address Remember me on this device If you do not yet have a personal cloud Learn more about personal clouds Join Respect Network now in 30 seconds
  • 39
  • 40 In all cases, 100% of the user’s login data is stored securely in his/her personal cloud Personal Cloud • Under the user’s exclusive authority and control • Portable for life to any personal cloud provider (or self-hosted) • Not visible to any other party or app without the user’s permission • Protected by the user’s choice of strong authentication and encryption offered by the CSP
  • Advantages and Drawbacks of Personal Cloud Login Advantages (user) • Reduced sign-on • Privacy • Portability • Empowerment • View provider reputation Drawbacks (user) • Something new to sign up for • Will take time to gain adoption • Must trust CSP and Respect Network Advantages (RP) • Reduced sign-on • Leverage personal data with consent • Gain user trust • Direct, permissioned subscription • No social network dependency Drawbacks (RP) • Small user base (at first) • Social graph data only by permission • Overhead of consent management 41
  • Conclusion
  • • Leverage our world-class team to help organizations: – Determine how and when to leverage personal clouds – Better understand and gain business advantage from personal clouds – Assess and develop enterprise security architecture – Assess and develop cloud security architecture – Architect and build next generation identity management systems – Develop federated identity architecture • Delivering consulting via: – 1- 3 day workshops delivered onsite – Custom consulting leveraging our consultants and our partners – We can deliver custom consulting, longer term 43
  • • CRM Meets VRM: How a Personal Cloud Network Will Enable Real Vendor Relationship Management • Connecting the Internet of Things to the Internet of People • Trust and Reputation on a Personal Cloud Network 44
  • Gary Rowe, CEO Drummond Reed, Founder Dan Blum, Principal Consultant gary@respectnetwork.com drummond@respectnetwork.com dan@respectnetwork.com 45
  • • CRM Meets VRM: How a Personal Cloud Network Will Enable Real Vendor Relationship Management • Connecting the Internet of Things to the Internet of People • Trust and Reputation on a Personal Cloud Network 46