1. OIDF Social Media for Retailers SummitMarch 8th, 2011 Steve Braunschweiger Eastman Kodak Company Senior IT Architect

2. Overview Objectives Enable the “One Kodak” Marketing strategy through B2C (Consumer) and B2B (Customer) “single identity” and “single sign-on” at Kodak hosted sites, Kodak licensed ASP sites and Kodak subscribed SaaS sites. Deployment Kodak is targeting 200,000 customers and 60 million consumers. Consumers choose their OpenID identity provider and self-provision their account. Customers only use the Kodak OpenID identity provider and the customer account provisioning is managed by Kodak. Results [too early] Lessons Learned The B2C and B2B experience and infrastructure must be separate. Authentication is a critical service requiring the highest levels of availability. Security is a moving target requiring continuous investment. 2

4. Customer: the user to whom Kodak sells business products.

5. Business Partner: A third party commercial entity conducting business with Kodak under contract. (e.g., Software firm contracted to co-develop a new product with Kodak; Channel Partner that resells Kodak product)

6. Retiree: a former Kodak employee receiving recurring payments under the Kodak retirement system based on past service as an employee.

7. CSRs: A Call Center Agent/Call Service Representative that handles incoming or outgoing customer calls for a business. A CSR might handle account inquiries, customer complaints or support issues.3

8. Kodak Consumer OpenID Sign In 4

9. Kodak Customer OpenID Sign In 5

11. Authentication service should work for Kodak, ASP and Cloud hosted websites.

12. Service should consist of an “Identity Consumer”, an “Identity Provider” and an “Identity/User Data Object Store”.

13. The “Identity Consumer” and “Identity Provider” components should be able to run either local to a web application or through remote/central proxy services.

14. Service components must be OpenID standards based and able to be run On-premise or in the Cloud.

15. Key user profile and registration data should be stored in a “User Data Object Store” that can be easily queried by Kodak CRM systems.6

17. Channel Partner authenticates at the Kodak B2B Portal with their Kodak OpenID and needs to access Kodak’s instance of Oracle on Demand (OOD) SaaS. OOD only understands SAML based authentication and authorization. 7

19. The iPortal gives participating applications (web-sites) full control of the browser window and "injects“ simple portal managed navigation for seamless SSO access to other web sites.

20. The iPortal is based on industry supported light-weight web services integration technology that enables participating web sites to evolve independently of each other and of the iPortal application/integration services.

21. The iPortal application hosts a small set of highly customized customer facing first-contact screens (landing-page, global navigation bar and personalized “Dashboard”).

22. The iPortal manages and/or hosts B2B customer authentication services using industry standard OpenID protocol technology.8

24. 10

25. Requests For the technology What changes would you like to see in OpenID, OAuth, Portable Contacts, Activity Streams, etc. For the service providers What changes would you like to see from the ID and social network providers (Google, Facebook, Twitter, Yahoo, LinkedIn, Microsoft, AOL, PayPal, etc.) What changes would you like to see from system integrators or other third party aggregators of these services 11

26. 12