SlideShare a Scribd company logo

Identity 3.0 and Oracle

Download as PPTX, PDF
B
Bram van Pelt

This is the slidedeck which I used in the #Amis25 conference

Presentations & Public Speaking
1 of 35
A match made in heaven or is hell freezing over? Bram van Pelt Identity 3.0 and Oracle
Who Am I • Bram van Pelt • Expert lead Security • Security Consultant
What will we be covering Agenda • The evolution of the identity • Identity 3.0 • Oracle POC implementation
Definitions • Account • Identity • User
The history of digital Identity
Identity 1.0 • Jericho Forum • De-perimeterisation • COA Framework
COA Framework • Technologies – Endpoint security – Secure communications – Secure data (DRM)
COA Framework • Processes – People Lifecycle Management – Risk Management – Information Lifecycle Management – Device Lifecycle Management – Enterprise Lifecycle Management
COA Framework • Services – Identity management and federation – Policy Management – Information Classification – Information Asset Management – Audit
Identity 2.0 • Securely collaborating in clouds • Identity, Entitlement & Access Management Commandments
Identity, Entitlement & Access Management Commandments • 14 Guidelines on how to secure an identity • An Entity can have multiple, separate Persona (Identities) and related unique identifiers • The source of the attribute should be as close to the authoritative source as possible • A resource owner must define Entitlement (Resource Access Rules)
Identity 3.0 • Bring your own identity • Using identity to enhance privacy • “We believe that with a single global identity eco-system all this is possible.”
Identity 3.0 definitions • External identifier A provider for attributes other than the user. • Core identifier The “bring your own identity” attribute provider • Persona A mix of attributes which are provided by the core identifier and optionally external identifiers
Identity 3.0 principles: Risk • Decisions around identity are taken by the entity that is assuming the risk; with full visibility of the identity and attributes of all the entities in the transaction chain. • Attributes of an Identity will be signed by the authoritative source for those attributes.
Identity 3.0 principles: Privacy • Every entity shall need only one identity which is unique and private unto the entity; there will be no body issuing or recording identities. • The Identity ecosystem will be privacy enhancing; attributes will be minimised, asserting only such information that is relevant to the transaction. • Entities will only maintain attributes for which they are the authoritative source.
Identity 3.0 principles: Functionality • The digital representation and function of an entity type will be indistinguishable from another entity type, and will be interchangeable in operation. • The Identity ecosystem will operate without the need for identity brokers, CA of last resort or other centralized infrastructure. • Identity shall be (as much as possible) invisible to the end user; identity and attribute verification and exchange should be a background operation until such time that increased levels of user verification is required.
The inner workings
Inner workings • Personas • One way trust
Persona’s 19 [Entity: Organization] Government [Entity: Person] Yourself Citizen Persona with authoritative (cryptographically) signed attributes Date of Birth = 01 Jan 2000 Place of Birth = London, UK Sex at Birth = Male Name at Birth = John Doe Citizenship = Full British Issued = 01 Jan 2015 Revalidation = gid.citizen.gov.uk
Trust
One way trust • I trust you, so you can access my resources • Does not mean you can access unauthenticated
How does this work? • Site demands identity • You give your attrbutes • Your login to the External identifier
How does this work? • Reusable • Web of identities
Why would you want this • No more user storage • Personalisation options • Transparancy to end users • Enhanced privacy
How would we build this? • Ingredients: – The core identity and identifier – The persona’s implementation – The external identifier / authenticators
The core identity and Identifier • This is a personal device which you have on you, if possible… • Phones • Dyn-dns via browsers • Personal component
The Persona implementation • Basically an “identity cookbook” • Trusts to identifiers • One way cryptographic trust – Signed attributes
The external identifier / authenticator • Basically an external identification source • Chosen by the application
How would we build this? • Oracle Weblogic Server – SAML Trust to an access manager • Oracle Access Manager – Key retrieval using dyndns – External authentication (Using SAML or OAuth2) • Personal authenticators… – Todo…
Let’s picture it
What do we need • Oracle: – Authentication modules to authenticate using DYNDNS / IPV6 – Personal authenticators – Expanded control over authentication chains
YOU
Special Thanks • Global Identity Foundation • Jericho Forum
• Bram van Pelt • Twitter: @BramPelt • LinkedIn: http://linkedin.com/in/bram-van-pelt- 77a15021
Identity 3.0 and Oracle

Recommended

Pki Digital Id Itmc University Wisconsin
Pki Digital Id Itmc University WisconsinPki Digital Id Itmc University Wisconsin
Pki Digital Id Itmc University WisconsinNicholas Davis
 
Identity Proofing to provision accurately
Identity Proofing to provision accuratelyIdentity Proofing to provision accurately
Identity Proofing to provision accuratelyDavid Kelts, CIPT
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authorityKrutiShah114
 
The lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationThe lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationLev Maltsev
 
eDem&eGov 2014
eDem&eGov 2014eDem&eGov 2014
eDem&eGov 2014Denys A. Flores, PhD
 
E commerce security
E commerce securityE commerce security
E commerce securityRoha1234567
 
Identity-Based Privacy (IBP)
Identity-Based Privacy (IBP)Identity-Based Privacy (IBP)
Identity-Based Privacy (IBP)Igor Zboran
 
Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark WebTom Kranz
 

Recommended

Pki Digital Id Itmc University Wisconsin
Pki Digital Id Itmc University WisconsinPki Digital Id Itmc University Wisconsin
Pki Digital Id Itmc University WisconsinNicholas Davis
 
Identity Proofing to provision accurately
Identity Proofing to provision accuratelyIdentity Proofing to provision accurately
Identity Proofing to provision accuratelyDavid Kelts, CIPT
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authorityKrutiShah114
 
The lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationThe lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationLev Maltsev
 
eDem&eGov 2014
eDem&eGov 2014eDem&eGov 2014
eDem&eGov 2014Denys A. Flores, PhD
 
E commerce security
E commerce securityE commerce security
E commerce securityRoha1234567
 
Identity-Based Privacy (IBP)
Identity-Based Privacy (IBP)Identity-Based Privacy (IBP)
Identity-Based Privacy (IBP)Igor Zboran
 
Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark WebTom Kranz
 
Privacy & Security on the Web - Tools on Mozilla Firefox
Privacy & Security on the Web - Tools on Mozilla FirefoxPrivacy & Security on the Web - Tools on Mozilla Firefox
Privacy & Security on the Web - Tools on Mozilla FirefoxAbhiram Ravikumar
 
Identity-Based Privacy (IBP) - Cloud Computing and Privacy Protection
Identity-Based Privacy (IBP) - Cloud Computing and Privacy ProtectionIdentity-Based Privacy (IBP) - Cloud Computing and Privacy Protection
Identity-Based Privacy (IBP) - Cloud Computing and Privacy ProtectionIgor Zboran
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI InfrastructureShubham Sharma
 
Internet of Everything & WebRTC
Internet of Everything & WebRTCInternet of Everything & WebRTC
Internet of Everything & WebRTCIgor Zboran
 
Sovereign identity
Sovereign identitySovereign identity
Sovereign identityI am currently looking for a good job with a great company!
 
App Authentication
App AuthenticationApp Authentication
App AuthenticationTrevayne Van Niekerk
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity ManagementKarthikeyan Dhayalan
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureVinod Wilson
 
FirstNet ICAM
FirstNet ICAMFirstNet ICAM
FirstNet ICAMAdam Lewis
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Andrew Hughes
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methodslapao2014
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsRivetz
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructuresFrancesco Chicchiriccò
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web SecurityKamil Lelonek
 
Public Digital Identity as a Service
Public Digital Identity as a ServicePublic Digital Identity as a Service
Public Digital Identity as a ServicePT Datacomm Diangraha
 
Lessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idLessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idDavid Kelts, CIPT
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinCalvin Cheng
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxBrian Pichman
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationLiam Cleary [MVP]
 
Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Mydex CIC
 

More Related Content

What's hot

Privacy & Security on the Web - Tools on Mozilla Firefox
Privacy & Security on the Web - Tools on Mozilla FirefoxPrivacy & Security on the Web - Tools on Mozilla Firefox
Privacy & Security on the Web - Tools on Mozilla FirefoxAbhiram Ravikumar
 
Identity-Based Privacy (IBP) - Cloud Computing and Privacy Protection
Identity-Based Privacy (IBP) - Cloud Computing and Privacy ProtectionIdentity-Based Privacy (IBP) - Cloud Computing and Privacy Protection
Identity-Based Privacy (IBP) - Cloud Computing and Privacy ProtectionIgor Zboran
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI InfrastructureShubham Sharma
 
Internet of Everything & WebRTC
Internet of Everything & WebRTCInternet of Everything & WebRTC
Internet of Everything & WebRTCIgor Zboran
 

What's hot (6)

Privacy & Security on the Web - Tools on Mozilla Firefox
Privacy & Security on the Web - Tools on Mozilla FirefoxPrivacy & Security on the Web - Tools on Mozilla Firefox
Privacy & Security on the Web - Tools on Mozilla Firefox
 
Identity-Based Privacy (IBP) - Cloud Computing and Privacy Protection
Identity-Based Privacy (IBP) - Cloud Computing and Privacy ProtectionIdentity-Based Privacy (IBP) - Cloud Computing and Privacy Protection
Identity-Based Privacy (IBP) - Cloud Computing and Privacy Protection
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
 
Internet of Everything & WebRTC
Internet of Everything & WebRTCInternet of Everything & WebRTC
Internet of Everything & WebRTC
 
Sovereign identity
Sovereign identitySovereign identity
Sovereign identity
 
App Authentication
App AuthenticationApp Authentication
App Authentication
 

Similar to Identity 3.0 and Oracle

IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureVinod Wilson
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Andrew Hughes
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methodslapao2014
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsRivetz
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructuresFrancesco Chicchiriccò
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web SecurityKamil Lelonek
 
Public Digital Identity as a Service
Public Digital Identity as a ServicePublic Digital Identity as a Service
Public Digital Identity as a ServicePT Datacomm Diangraha
 
Lessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idLessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idDavid Kelts, CIPT
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinCalvin Cheng
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxBrian Pichman
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationLiam Cleary [MVP]
 
Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Mydex CIC
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Hai Nguyen
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 

Similar to Identity 3.0 and Oracle (20)

Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architecture
 
FirstNet ICAM
FirstNet ICAMFirstNet ICAM
FirstNet ICAM
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methods
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain Transactions
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructures
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web Security
 
Public Digital Identity as a Service
Public Digital Identity as a ServicePublic Digital Identity as a Service
Public Digital Identity as a Service
 
Lessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idLessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect id
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptx
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 

Recently uploaded

Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSebastiano Panichella
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)Basil Achie
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdf
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 

Identity 3.0 and Oracle

  • 1. A match made in heaven or is hell freezing over? Bram van Pelt Identity 3.0 and Oracle
  • 2. Who Am I • Bram van Pelt • Expert lead Security • Security Consultant
  • 3. What will we be covering Agenda • The evolution of the identity • Identity 3.0 • Oracle POC implementation
  • 5. The history of digital Identity
  • 6. Identity 1.0 • Jericho Forum • De-perimeterisation • COA Framework
  • 7. COA Framework • Technologies – Endpoint security – Secure communications – Secure data (DRM)
  • 8. COA Framework • Processes – People Lifecycle Management – Risk Management – Information Lifecycle Management – Device Lifecycle Management – Enterprise Lifecycle Management
  • 9. COA Framework • Services – Identity management and federation – Policy Management – Information Classification – Information Asset Management – Audit
  • 10. Identity 2.0 • Securely collaborating in clouds • Identity, Entitlement & Access Management Commandments
  • 11. Identity, Entitlement & Access Management Commandments • 14 Guidelines on how to secure an identity • An Entity can have multiple, separate Persona (Identities) and related unique identifiers • The source of the attribute should be as close to the authoritative source as possible • A resource owner must define Entitlement (Resource Access Rules)
  • 12. Identity 3.0 • Bring your own identity • Using identity to enhance privacy • “We believe that with a single global identity eco-system all this is possible.”
  • 13. Identity 3.0 definitions • External identifier A provider for attributes other than the user. • Core identifier The “bring your own identity” attribute provider • Persona A mix of attributes which are provided by the core identifier and optionally external identifiers
  • 14. Identity 3.0 principles: Risk • Decisions around identity are taken by the entity that is assuming the risk; with full visibility of the identity and attributes of all the entities in the transaction chain. • Attributes of an Identity will be signed by the authoritative source for those attributes.
  • 15. Identity 3.0 principles: Privacy • Every entity shall need only one identity which is unique and private unto the entity; there will be no body issuing or recording identities. • The Identity ecosystem will be privacy enhancing; attributes will be minimised, asserting only such information that is relevant to the transaction. • Entities will only maintain attributes for which they are the authoritative source.
  • 16. Identity 3.0 principles: Functionality • The digital representation and function of an entity type will be indistinguishable from another entity type, and will be interchangeable in operation. • The Identity ecosystem will operate without the need for identity brokers, CA of last resort or other centralized infrastructure. • Identity shall be (as much as possible) invisible to the end user; identity and attribute verification and exchange should be a background operation until such time that increased levels of user verification is required.
  • 19. Persona’s 19 [Entity: Organization] Government [Entity: Person] Yourself Citizen Persona with authoritative (cryptographically) signed attributes Date of Birth = 01 Jan 2000 Place of Birth = London, UK Sex at Birth = Male Name at Birth = John Doe Citizenship = Full British Issued = 01 Jan 2015 Revalidation = gid.citizen.gov.uk
  • 20. Trust
  • 21. One way trust • I trust you, so you can access my resources • Does not mean you can access unauthenticated
  • 22. How does this work? • Site demands identity • You give your attrbutes • Your login to the External identifier
  • 23. How does this work? • Reusable • Web of identities
  • 24. Why would you want this • No more user storage • Personalisation options • Transparancy to end users • Enhanced privacy
  • 25. How would we build this? • Ingredients: – The core identity and identifier – The persona’s implementation – The external identifier / authenticators
  • 26. The core identity and Identifier • This is a personal device which you have on you, if possible… • Phones • Dyn-dns via browsers • Personal component
  • 27. The Persona implementation • Basically an “identity cookbook” • Trusts to identifiers • One way cryptographic trust – Signed attributes
  • 28. The external identifier / authenticator • Basically an external identification source • Chosen by the application
  • 29. How would we build this? • Oracle Weblogic Server – SAML Trust to an access manager • Oracle Access Manager – Key retrieval using dyndns – External authentication (Using SAML or OAuth2) • Personal authenticators… – Todo…
  • 31. What do we need • Oracle: – Authentication modules to authenticate using DYNDNS / IPV6 – Personal authenticators – Expanded control over authentication chains
  • 32. YOU
  • 33. Special Thanks • Global Identity Foundation • Jericho Forum
  • 34. • Bram van Pelt • Twitter: @BramPelt • LinkedIn: http://linkedin.com/in/bram-van-pelt- 77a15021

Editor's Notes

  1. An account is a digital representation of a user An identity is a collection of accounts of a user A user is a natural person
  2. Technology, Process, Services
  3. For a full rundown, see: https://collaboration.opengroup.org/jericho/Jericho%20Forum%20Identity%20Commandments%20v1.0.pdf
  4. The full risk principles are: - Decisions around identity are taken by the entity that is assuming the risk; with full visibility of the identity and attributes of all the entities in the transaction chain. - Attributes of an Identity will be signed by the authoritative source for those attributes. - Identity will work off-line as well as on-line; with a lack of on-line verification simply another factor in the risk equation.
  5. The full privacy principles are: -Every entity shall need only one identity which is unique and private unto the entity; there will be no body issuing or recording identities. -The Identity ecosystem will be privacy enhancing; attributes will be minimised, asserting only such information that is relevant to the transaction. -Entities will only maintain attributes for which they are the authoritative source. -The identity of one entity to another will be cryptographically unique; negating the need for user-names or passwords and minimising attribute aggregation. -The biometrics (or other authentication method) of an entity will remain within the sole control of the entity; biometric information will not be used, exchanged or stored outside of the entities sole control.
  6. The full functionalityprinciples are: -The digital representation and function of an entity type will be indistinguishable from another entity type, and will be interchangeable in operation. -The Identity ecosystem will operate without the need for identity brokers, CA of last resort or other centralized infrastructure. -Identity will be simply expandable to encompass the security of data; E-mail (for example) can be encrypted simply by having an entities e-mail attributes shared with them. -Identity shall be (as much as possible) invisible to the end user; identity and attribute verification and exchange should be a background operation until such time that increased levels of user verification is required. -Everyone plays their part – no more!
  7. Example wallet