Give a little background about ForgeRock Securing over 500 Million Identities Built for telco-scale Huge enterprise implementations Capital efficient Truly global in nature Multi-national engineering centers 400+ large enterprise & government customers
We have been helping governments worldwide and, in addition to Norway, have a number of impressive deployments.
Consumer trust of businesses has never been great. But it’s demonstrably at an ebb in the post-Snowden era when it comes to personal data. There’s qualitative and quantitative evidence telling the story. Image source: https://www.flickr.com/photos/vincrosbie/16301598031/
It’s imperative to build and maintain trusted digital relationships
The project involved a collaboration between Government Digital Service, Department for Work and Pensions, Warwickshire County Council, Mydex and Verizon to design an attribute exchange hub. The hub was built by Verizon with Warwickshire County Council building the relying party gateway to the hub. The attribute provider components were built by Verizon. The project team designed the attribute exchange hub based on [Separate identity assurance and attribute exchange hubs with attributes passing through the attribute exchange hub]. This was selected for a number of reasons: ● identity assurance has already been designed and developed as a common capability within the government platform (ie GOV.UK Verify) ● identity assurance and attribute exchange can be treated as separate “services”, each simpler in its own right and each able to develop at its own speed ● sending all of the messaging via the hub, rather than point to point between relying parties and attribute providers, simplifies on-boarding, and provides a consistent point for logging, auditing and billing. It better meets a number of the design principles established in the Discovery project (See: http://www.ukauthority.com/UKA-Local-Digital/entry/5958/local-and-central-government-work-together-to-explore-online-eligibility-checking-within-digitised-services)
Okay, so why enable personal data sharing? Data quality and accuracy -- one US study: only 5% agreement between medications listed in EHRs and what patients actually take This gap affects cost, efficiency, and satisfaction as well Improved clinical research sets – one UK study: over half the respondents supported use of their data by commercial organizations for research A floor of 17% were not willing to share data at all Better care – Philips did a study with Banner Health Patients with chronic disease using a smart device and an app would tend to leverage continuously monitored vital signs Shorter, less expensive, less ER-intensive stay: savings averaged 10 days/year and $27K/year (See: http://well.blogs.nytimes.com/2016/03/31/let-patients-read-their-medical-records/?_r=0) (See: http://www.wellcome.ac.uk/News/Media-office/Press-releases/2016/WTP060240.htm) Image sources: http://www.serkworks.com/rocket-surgery-institute/ https://upload.wikimedia.org/wikipedia/en/d/dc/Lab_Rats_Film_Poster.jpg http://www.mastgeneralstore.com/products/id-1426/magnet_-_i_love_lucy_vitameatavegamin
So that’s a business-based reward-centric viewpoint Beyond the business-based risk-centric viewpoint of regulatory compliance, why should businesses do what individuals want regarding personal control? The IoT brings new volumes and sources of data, and new use cases for people wanting to share that data CareKit added person-to-person sharing in the Apple ecosystem Dumb socks vs. smart socks – need a solution in wider ecosystems
With apologies to John Gilmore’s famous saying about the ‘net and censorship You have to make the right thing to do be the easiest thing to do IT manages hundreds of API-fronted apps in the enterprise (and some outside). Alice is an employee who needs to delegate constrained access to app features/functions to fellow employees and partners within the ecosystem, giving IT – and herself – centralized visibility into the access granted. Image source: &quot;John Gilmore Portrait&quot; by Neurosynthetic - Own work. Licensed under CC BY-SA 4.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:John_Gilmore_Portrait.jpg#/media/File:John_Gilmore_Portrait.jpg
Bringing the business owner closer to permission management and providing a standardized API access model
New regulations are not just codifying current data protection practice Many are giving user consent a much greater role in the privacy picture At the same time, more organizations are recognizing that personal data has got to be a shared asset You need to provide custodianship but also a relationship (See: https://iapp.org/media/pdf/resource_center/GDPR-final.pdf)
The UMA architecture has these three pieces. ForgeRock will deliver the two key pieces on the top in order to help you protect your API/application (policy enforcement points) and let your users set up sharing preferences (policy decision point).
Canberra Executive Breakfast - A Citizen-Centric Approach to Identity