SlideShare a Scribd company logo

CIS14: Trusted Tokens: An Identity Game Changer

CloudIDSummit
CloudIDSummit

Steven Lewis, Advanced Systems Engineering Corporation (ASEC) Real-world contextual use case scenarios and the associated token standards, specifications, and integration approach to implement interoperable trust chains and identity propagation within and across operating environments.

Technology
1 of 24
Download to read offline
Trusted  Tokens:     An  Iden/ty  Game  Changer   Steven  Lewis  
What  we  learned:  Trusted  Iden//es       2   •  Trust  starts  with  the  user   •  Trust  must  con1nue  thru  service  chaining     •  Context  for  run  1me  access  control   •  Fully  supported  standards  and  interoperability   •  Web  SSO,  SAML2,  Oauth2,  OpenID  Connect,  WS-­‐Trust,  JWT   •  Support  for  both  RESTful  and  SOAP  services   Every  Web  Service  Client  and  Provider   create/use  non-­‐standard  “Trust”  tokens   STS Handles All Security Token Processing Without  STS   With STS STS
Extending  use  of  Secure  Token  Services   (STS)   •  Significant  flexibility  to  our  web  applica1ons   –  Separates  the  authen1ca1on  from  the  applica1on/services   •  Provides  the  ability  to  support  single  or  mul1-­‐factor  authen1ca1on  external  to  the   applica1on   –  Acts  as  an  authen1ca1on  bridge  between  applica1ons  that  require  dual   hos1ng  in  public  and  internal  facing   •  Provides  federated  aPributes  to  our  enterprise  directories  for  use  within   desktop   –  Connects  our  provisioning  services  to  the  token  services   •  Needed  for  authoriza1on  services   –  Enables  authoriza1on  services  to  derive  a  complete  context  of  the  person  and   non-­‐person  en11es,  and  services  reques1ng  data   3  
4   The  Data  Challenge  
The  IdAM  Challenge   5  
Securing  Access  to  Data   6  Governance   Governance  
Access Control: A Top Ten List of Red Herrings Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   7  
1.  Discover  the  Silver  Bullet   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   8              We’ll  Never  “Arrive”  
2.  Add  More  Un/l  Finally  Secure   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   9  
3.  Solve  at  the  Point  of  Vulnerability   8/4/14   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   10  
4.  Let  IT  Manage  Security   8/4/14   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   11   1.  Mission  ascends   2.  Heat  rises   3.  Wax  melts   4.  Feathers  detach   5.  Opera1on  aborts   6.  World  watches  
5.  A  Friendly  GUI  is  Nice  to  Have   8/4/14   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   12   “Dude!  It’s  ALL  about  the  Interface!”  
6.  “Policy  is  SoYware.  Not  my  bag!”   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   13   •  Informa/on  Security   Officer   •  Privacy  Officer   •  Risk  Management   Officer   •  Privacy  Manager   •  Security  Analyst   •  Compliance  &  Risk    
7.  Policy  =  SoYware     Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   14   Doré’s  Confusio   Linguarum*     *  “I  dunno.  Ask  the   Legal  Department.”   .  .  .  and  moreover,  we  believe,  Natural   Language  
8.  Access  Control     =  Subject  +  Resource  +  Ac/on.   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   15  
9.    ABAC  Product  is  The  Answer   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   16  
10.  Oh  yeah.  Goha  think  about  Audit.   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   17  
Overall  Use  Case   18   Internal   Applica1on   External   Applica1on   External   STS   Internal   STS   File   Services   External   Trust   IWA   PKI   Kerberos   APributes   Providers   External   APribute    Provisioning   Desktop   DAC   External   Internal  
Use  Case  1:     Externalize  Authen1ca1on   •  Standup  an  external   applica1on  that  can   support  the  use  of  an   External  STS   •  Provide  the  ability  for   future  integra1on  to   support  service  chaining   19   External   Applica1on   External   STS   SAML   APributes   Providers   Other   Applica1on   Partners   Data   Exchanges  
Use  Case  2:     Re-­‐pladorming  of  Applica1on   •  Rehost  “External   Applica1on”  suppor1ng   IWA  Authen1ca1on  but  also   s1ll  provide  aPributes  that   were  required  from   External  Network   •  Prepare  for  future   integra1on  to  receive  data   from  “External  Applica1on”   20   Internal   Applica1on   External   STS   Internal   STS   External   Trust   APributes   Providers   X.509  APribute   Sharing  Profile   SAML  
Use  Case  2b:      Data  Exchanges   •  Enable  “Internal”  and   “External”  applica1on   interconnect  services   via  service  chaining   21   Internal   Applica1on   External   STS   Internal   STS   External   Trust   APributes   Providers   X.509  APribute   Sharing  Profile   SAML   External   Applica1on   SAML   Other   Applica1on   Partners   Data   Exchanges   Data   Exchanges  
Use  Case  3:     Provisioning   •  Standup  External   APribute  Provisioning   Service  to  retrieve   External  Network   APribute  Provider  data   for  use  on  Internal   Network   22   External   STS   Internal   STS   External   Trust   APributes   Providers   External   APribute    Provisioning   X.509  APribute   Sharing  Profile  
Use  Case  4:     Desktop  Claims   •  Leverage  the  external   aPributes  provided  for   authoriza1on  services   on  desktop   23   File   Services   Kerberos   Desktop   DAC  
Thank  you  

Recommended

Secrets as Code
Secrets as CodeSecrets as Code
Secrets as CodeJohann Gyger
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Paul Fremantle
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && WirelessLuis Grangeia
 
Web servers for the Internet of Things
Web servers for the Internet of ThingsWeb servers for the Internet of Things
Web servers for the Internet of ThingsAlexandru Radovici
 
Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginnersn|u - The Open Security Community
 
The use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityThe use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityPing Identity
 
Nick Stephens-how does someone unlock your phone with nose
Nick Stephens-how does someone unlock your phone with noseNick Stephens-how does someone unlock your phone with nose
Nick Stephens-how does someone unlock your phone with noseGeekPwn Keen
 

Recommended

Secrets as Code
Secrets as CodeSecrets as Code
Secrets as CodeJohann Gyger
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Paul Fremantle
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && WirelessLuis Grangeia
 
Web servers for the Internet of Things
Web servers for the Internet of ThingsWeb servers for the Internet of Things
Web servers for the Internet of ThingsAlexandru Radovici
 
Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginnersn|u - The Open Security Community
 
The use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityThe use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityPing Identity
 
Nick Stephens-how does someone unlock your phone with nose
Nick Stephens-how does someone unlock your phone with noseNick Stephens-how does someone unlock your phone with nose
Nick Stephens-how does someone unlock your phone with noseGeekPwn Keen
 
2012 -2013 RSA Install
2012 -2013 RSA Install2012 -2013 RSA Install
2012 -2013 RSA InstallRobert Jones
 
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...NebulaInc
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Lecture 5 - Webservers for the Internet of Things
Lecture 5 - Webservers for the Internet of ThingsLecture 5 - Webservers for the Internet of Things
Lecture 5 - Webservers for the Internet of ThingsAlexandru Radovici
 
Join FIWARE Lab
Join FIWARE LabJoin FIWARE Lab
Join FIWARE LabFederico Michele Facca
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 
nessus
nessusnessus
nessusMuhammad Yasin
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 
presentation_finals
presentation_finalspresentation_finals
presentation_finalsShivashish Kumar
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan NovikovOWASP Russia
 
Huiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attackHuiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attackGeekPwn Keen
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)Sam Bowne
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
 
FIWARE Global Summit - Connecting to IoT
FIWARE Global Summit - Connecting to IoTFIWARE Global Summit - Connecting to IoT
FIWARE Global Summit - Connecting to IoTFIWARE
 
Why HTTP Won't Work For The Internet of Things
Why HTTP Won't Work For The Internet of ThingsWhy HTTP Won't Work For The Internet of Things
Why HTTP Won't Work For The Internet of Thingskellogh
 
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...CanSecWest
 
CIS14: Authentication: Elderly People's Ankles
CIS14: Authentication: Elderly People's AnklesCIS14: Authentication: Elderly People's Ankles
CIS14: Authentication: Elderly People's AnklesCloudIDSummit
 
CIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk PostureCIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk PostureCloudIDSummit
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCloudIDSummit
 
CIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCloudIDSummit
 
Cis14 google's account chooser
Cis14 google's account chooserCis14 google's account chooser
Cis14 google's account chooserCloudIDSummit
 
CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...
CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...
CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...CloudIDSummit
 

More Related Content

What's hot

2012 -2013 RSA Install
2012 -2013 RSA Install2012 -2013 RSA Install
2012 -2013 RSA InstallRobert Jones
 
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...NebulaInc
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Lecture 5 - Webservers for the Internet of Things
Lecture 5 - Webservers for the Internet of ThingsLecture 5 - Webservers for the Internet of Things
Lecture 5 - Webservers for the Internet of ThingsAlexandru Radovici
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan NovikovOWASP Russia
 
Huiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attackHuiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attackGeekPwn Keen
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)Sam Bowne
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
 
FIWARE Global Summit - Connecting to IoT
FIWARE Global Summit - Connecting to IoTFIWARE Global Summit - Connecting to IoT
FIWARE Global Summit - Connecting to IoTFIWARE
 
Why HTTP Won't Work For The Internet of Things
Why HTTP Won't Work For The Internet of ThingsWhy HTTP Won't Work For The Internet of Things
Why HTTP Won't Work For The Internet of Thingskellogh
 
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...CanSecWest
 

What's hot (16)

2012 -2013 RSA Install
2012 -2013 RSA Install2012 -2013 RSA Install
2012 -2013 RSA Install
 
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
Nebula Webinar | Private Cloud Security: Practical Solutions for a Challengin...
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Lecture 5 - Webservers for the Internet of Things
Lecture 5 - Webservers for the Internet of ThingsLecture 5 - Webservers for the Internet of Things
Lecture 5 - Webservers for the Internet of Things
 
Join FIWARE Lab
Join FIWARE LabJoin FIWARE Lab
Join FIWARE Lab
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)
 
nessus
nessusnessus
nessus
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android Applications
 
presentation_finals
presentation_finalspresentation_finals
presentation_finals
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov
 
Huiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attackHuiming Liu-'resident evil' of smart phones--wombie attack
Huiming Liu-'resident evil' of smart phones--wombie attack
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.
 
FIWARE Global Summit - Connecting to IoT
FIWARE Global Summit - Connecting to IoTFIWARE Global Summit - Connecting to IoT
FIWARE Global Summit - Connecting to IoT
 
Why HTTP Won't Work For The Internet of Things
Why HTTP Won't Work For The Internet of ThingsWhy HTTP Won't Work For The Internet of Things
Why HTTP Won't Work For The Internet of Things
 
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...CSW2017 Enrico branca What if encrypted communications are not as secure as w...
CSW2017 Enrico branca What if encrypted communications are not as secure as w...
 

Viewers also liked

CIS14: Authentication: Elderly People's Ankles
CIS14: Authentication: Elderly People's AnklesCIS14: Authentication: Elderly People's Ankles
CIS14: Authentication: Elderly People's AnklesCloudIDSummit
 
CIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk PostureCIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk PostureCloudIDSummit
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCloudIDSummit
 
CIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCloudIDSummit
 
Cis14 google's account chooser
Cis14 google's account chooserCis14 google's account chooser
Cis14 google's account chooserCloudIDSummit
 
CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...
CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...
CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...CloudIDSummit
 
CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, ...
CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, ...CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, ...
CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, ...CloudIDSummit
 
CIS14: Continuous Authentication: Don’t Even Think about It
CIS14: Continuous Authentication: Don’t Even Think about ItCIS14: Continuous Authentication: Don’t Even Think about It
CIS14: Continuous Authentication: Don’t Even Think about ItCloudIDSummit
 
CIS13 - What if Identity Was Pass-By-Reference?
CIS13 - What if Identity Was Pass-By-Reference?CIS13 - What if Identity Was Pass-By-Reference?
CIS13 - What if Identity Was Pass-By-Reference?CloudIDSummit
 
CIS14: Identity Management for the Cloud
CIS14: Identity Management for the CloudCIS14: Identity Management for the Cloud
CIS14: Identity Management for the CloudCloudIDSummit
 
CIS14: User-Managed Access
CIS14: User-Managed AccessCIS14: User-Managed Access
CIS14: User-Managed AccessCloudIDSummit
 
CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)CloudIDSummit
 
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCloudIDSummit
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in ActionCloudIDSummit
 
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCloudIDSummit
 
CIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCloudIDSummit
 

Viewers also liked (17)

CIS14: Authentication: Elderly People's Ankles
CIS14: Authentication: Elderly People's AnklesCIS14: Authentication: Elderly People's Ankles
CIS14: Authentication: Elderly People's Ankles
 
CIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk PostureCIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
 
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You ThinkCIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
CIS14: SCIM: Why It’s More Important, and More Simple, Than You Think
 
CIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open StandardsCIS14: Securing the Internet of Things with Open Standards
CIS14: Securing the Internet of Things with Open Standards
 
Cis14 google's account chooser
Cis14 google's account chooserCis14 google's account chooser
Cis14 google's account chooser
 
CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...
CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...
CIS14: Zen and the Art of Cloud Adoption—a Practitioner’s Viewpoint on Findin...
 
CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, ...
CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, ...CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, ...
CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, ...
 
CIS14: Continuous Authentication: Don’t Even Think about It
CIS14: Continuous Authentication: Don’t Even Think about ItCIS14: Continuous Authentication: Don’t Even Think about It
CIS14: Continuous Authentication: Don’t Even Think about It
 
CIS13 - What if Identity Was Pass-By-Reference?
CIS13 - What if Identity Was Pass-By-Reference?CIS13 - What if Identity Was Pass-By-Reference?
CIS13 - What if Identity Was Pass-By-Reference?
 
CIS14: Identity Management for the Cloud
CIS14: Identity Management for the CloudCIS14: Identity Management for the Cloud
CIS14: Identity Management for the Cloud
 
CIS14: Id.me
CIS14: Id.meCIS14: Id.me
CIS14: Id.me
 
CIS14: User-Managed Access
CIS14: User-Managed AccessCIS14: User-Managed Access
CIS14: User-Managed Access
 
CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)
 
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in Action
 
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity LifecycleCIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
CIS14: Identity Souffle: Creating a Well-baked Identity Lifecycle
 
CIS14: Google's Identity Toolkit
CIS14: Google's Identity ToolkitCIS14: Google's Identity Toolkit
CIS14: Google's Identity Toolkit
 

Similar to CIS14: Trusted Tokens: An Identity Game Changer

Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'tsMinded Security
 
Advanced Threats In The Enterprise
Advanced Threats In The EnterpriseAdvanced Threats In The Enterprise
Advanced Threats In The EnterprisePriyanka Aash
 
Geek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeekNightHyderabad
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Luca Bongiorni
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationJustin Richer
 
DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications
DEVNET-1190 Targeted Threat (APT) Defense for Hosted ApplicationsDEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications
DEVNET-1190 Targeted Threat (APT) Defense for Hosted ApplicationsCisco DevNet
 
44CON London 2015 - Inside Terracotta VPN
44CON London 2015 - Inside Terracotta VPN44CON London 2015 - Inside Terracotta VPN
44CON London 2015 - Inside Terracotta VPN44CON
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
 
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Codemotion
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMhackingtrialpay
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
CIS14: Implementing MITREid
CIS14: Implementing MITREidCIS14: Implementing MITREid
CIS14: Implementing MITREidCloudIDSummit
 

Similar to CIS14: Trusted Tokens: An Identity Game Changer (20)

Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'ts
 
Advanced Threats In The Enterprise
Advanced Threats In The EnterpriseAdvanced Threats In The Enterprise
Advanced Threats In The Enterprise
 
Geek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the Internet
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
 
DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications
DEVNET-1190 Targeted Threat (APT) Defense for Hosted ApplicationsDEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications
DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications
 
44CON London 2015 - Inside Terracotta VPN
44CON London 2015 - Inside Terracotta VPN44CON London 2015 - Inside Terracotta VPN
44CON London 2015 - Inside Terracotta VPN
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud Attacks
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
 
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
IoT Meets Security
IoT Meets SecurityIoT Meets Security
IoT Meets Security
 
Security Issues in Internet of Things
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
TrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACMTrialPay Security Tech Talk at Stanford ACM
TrialPay Security Tech Talk at Stanford ACM
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
 
CIS14: Implementing MITREid
CIS14: Implementing MITREidCIS14: Implementing MITREid
CIS14: Implementing MITREid
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

CIS14: Trusted Tokens: An Identity Game Changer

  • 1. Trusted  Tokens:     An  Iden/ty  Game  Changer   Steven  Lewis  
  • 2. What  we  learned:  Trusted  Iden//es       2   •  Trust  starts  with  the  user   •  Trust  must  con1nue  thru  service  chaining     •  Context  for  run  1me  access  control   •  Fully  supported  standards  and  interoperability   •  Web  SSO,  SAML2,  Oauth2,  OpenID  Connect,  WS-­‐Trust,  JWT   •  Support  for  both  RESTful  and  SOAP  services   Every  Web  Service  Client  and  Provider   create/use  non-­‐standard  “Trust”  tokens   STS Handles All Security Token Processing Without  STS   With STS STS
  • 3. Extending  use  of  Secure  Token  Services   (STS)   •  Significant  flexibility  to  our  web  applica1ons   –  Separates  the  authen1ca1on  from  the  applica1on/services   •  Provides  the  ability  to  support  single  or  mul1-­‐factor  authen1ca1on  external  to  the   applica1on   –  Acts  as  an  authen1ca1on  bridge  between  applica1ons  that  require  dual   hos1ng  in  public  and  internal  facing   •  Provides  federated  aPributes  to  our  enterprise  directories  for  use  within   desktop   –  Connects  our  provisioning  services  to  the  token  services   •  Needed  for  authoriza1on  services   –  Enables  authoriza1on  services  to  derive  a  complete  context  of  the  person  and   non-­‐person  en11es,  and  services  reques1ng  data   3  
  • 4. 4   The  Data  Challenge  
  • 6. Securing  Access  to  Data   6  Governance   Governance  
  • 7. Access Control: A Top Ten List of Red Herrings Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   7  
  • 8. 1.  Discover  the  Silver  Bullet   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   8              We’ll  Never  “Arrive”  
  • 9. 2.  Add  More  Un/l  Finally  Secure   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   9  
  • 10. 3.  Solve  at  the  Point  of  Vulnerability   8/4/14   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   10  
  • 11. 4.  Let  IT  Manage  Security   8/4/14   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   11   1.  Mission  ascends   2.  Heat  rises   3.  Wax  melts   4.  Feathers  detach   5.  Opera1on  aborts   6.  World  watches  
  • 12. 5.  A  Friendly  GUI  is  Nice  to  Have   8/4/14   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   12   “Dude!  It’s  ALL  about  the  Interface!”  
  • 13. 6.  “Policy  is  SoYware.  Not  my  bag!”   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   13   •  Informa/on  Security   Officer   •  Privacy  Officer   •  Risk  Management   Officer   •  Privacy  Manager   •  Security  Analyst   •  Compliance  &  Risk    
  • 14. 7.  Policy  =  SoYware     Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   14   Doré’s  Confusio   Linguarum*     *  “I  dunno.  Ask  the   Legal  Department.”   .  .  .  and  moreover,  we  believe,  Natural   Language  
  • 15. 8.  Access  Control     =  Subject  +  Resource  +  Ac/on.   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   15  
  • 16. 9.    ABAC  Product  is  The  Answer   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   16  
  • 17. 10.  Oh  yeah.  Goha  think  about  Audit.   Copyright  (c)  2014  by  nMed  LLC.  All  Rights   Reserved.   17  
  • 18. Overall  Use  Case   18   Internal   Applica1on   External   Applica1on   External   STS   Internal   STS   File   Services   External   Trust   IWA   PKI   Kerberos   APributes   Providers   External   APribute    Provisioning   Desktop   DAC   External   Internal  
  • 19. Use  Case  1:     Externalize  Authen1ca1on   •  Standup  an  external   applica1on  that  can   support  the  use  of  an   External  STS   •  Provide  the  ability  for   future  integra1on  to   support  service  chaining   19   External   Applica1on   External   STS   SAML   APributes   Providers   Other   Applica1on   Partners   Data   Exchanges  
  • 20. Use  Case  2:     Re-­‐pladorming  of  Applica1on   •  Rehost  “External   Applica1on”  suppor1ng   IWA  Authen1ca1on  but  also   s1ll  provide  aPributes  that   were  required  from   External  Network   •  Prepare  for  future   integra1on  to  receive  data   from  “External  Applica1on”   20   Internal   Applica1on   External   STS   Internal   STS   External   Trust   APributes   Providers   X.509  APribute   Sharing  Profile   SAML  
  • 21. Use  Case  2b:      Data  Exchanges   •  Enable  “Internal”  and   “External”  applica1on   interconnect  services   via  service  chaining   21   Internal   Applica1on   External   STS   Internal   STS   External   Trust   APributes   Providers   X.509  APribute   Sharing  Profile   SAML   External   Applica1on   SAML   Other   Applica1on   Partners   Data   Exchanges   Data   Exchanges  
  • 22. Use  Case  3:     Provisioning   •  Standup  External   APribute  Provisioning   Service  to  retrieve   External  Network   APribute  Provider  data   for  use  on  Internal   Network   22   External   STS   Internal   STS   External   Trust   APributes   Providers   External   APribute    Provisioning   X.509  APribute   Sharing  Profile  
  • 23. Use  Case  4:     Desktop  Claims   •  Leverage  the  external   aPributes  provided  for   authoriza1on  services   on  desktop   23   File   Services   Kerberos   Desktop   DAC