SlideShare a Scribd company logo
February 2017
Benefits and Risks of a Single
Identity
Gabriella Davis
Technical Director - IBM Lifetime Champion
The Turtle Partnership
DEV-1078
IBM Connect 2017 Conference
Who Am I?
Admin	of	all	things	and	especially	quite	
complicated	things	where	the	fun	is	
Working	with	security	,	healthchecks,	
single	sign	on,	design	and	deployment	of	
IBM	technologies	and	things	that	they	talk	
to	
Stubborn	and	relentless	problem	solver	
Lives	in	London	about	half	of	the	Ame	
gabriella@turtlepartnership.com	
twiDer:	gabturtle	
Awarded	the	first	IBM	LifeAme	
Achievement	Award	for	CollaboraAon	
SoluAons
Roadmap ForThis Session
✤ What is single identity and why would I care?
✤ What technologies are available to me?
✤ What needs to be in place for single identity to work
well
✤ The risks of single identity in an IOT and online world
What DoWe Mean By
Single Identity?
• Identity Management

• I am an individual but one that is part of this group

• I take my individuality into different systems

• I take information about me across different systems

• This is the difference between federation and single sign on
Things have gotten a bit
more complicated than that..
Multiple systems and standards including
SAML, OpenID, OAuth, Facebook Login

Users require logins across personal,
consumer, and enterprise systems
Individual
Identities Across Systems
Attributes Within Systems
An individual will have separate identities across different systems,
where some attributes are shared such as email or name and others
might be system specific. As the user moves between systems their
individual identity remains the same.
Why Is Having A Single Identity
Valuable?
Preferences Behaviour
& History
Patterns
BeingPresent
how i use the
system, how i
prefer to work
with it, what parts
of it i prefer to see
/ engage with

what I do, what
i have interacted
with in the past,
what I reuse or
repeat

spotting ways in
which I reuse or
repeat in order to
present information
to me that I might
not be aware of or
highlight information
that the pattern says
I should be
interested in
just because i’m using
system A doesn’t mean
someone in system B can’t
find and interact with me. I
have one identity if signed
onto multiple systems.
Key Components of Single Identity
Authentication
Authentication is critical to ensure Gab
Davis in SystemA is the same as Gab
Davis in SystemB and the information that
goes with that ‘Gab Davis” is correct
✤ Hello - have you met my friend?
✤ Is trust transferable?
Trust
Once you create a way in you
are establishing a security level
as that of the lowest entry point
✤ Access rights
✤ Identity data such as name or
email
✤ System specific attributes such
as your favourite drink
Attributes
Sparkling Wine

Flute
White Wine
Glass
Standard Wine
Glass
Light Red
Wine Glass
Blod Red
Wine Glass
Common
Authentication
Technologies
FEDERATION
OAUTH
OPENID
IWA
Password Synchronisation
This ISN’T Single Identity
Synchronising passwords across
different systems
Sametime
LDAP
Connections
LDAP
Traveler
Authentication
Password
Synchronisation
Tool
You’re not the same person, you’re just using the sam
password
You’re not the same person,
you’re just using the same
password
Single LDAP Source
This Kind-Of Is - At Its Most Basic
Authenticating against a single
password in a single place
Sametime
Network
Login
Connections
Mail
LDAP
Password
Technically you are the same person as you
authenticate using the same identity but that’s it, there
is no other information being held or exchanged.
This Is Closer - but not quite
IWA/Kerberos/SPNEGO
✤ The single authentication to Windows has granted
access to other systems using the same identity
1 2 3 4 5
ACTIVE
DIRECTORY
GENERATES
TOKEN
USER TRIES TO
ACCESS A
WEBSITE
BROWSER
SENDS IWA
TOKEN TO THE
WEB SERVER
ALONG WITH
USER NAME
THE WEB
SERVER
CONTACTS
ACTIVE
DIRECTORY TO
VALIDATE
TOKEN AND
RETRIEVE THE
USER’S NAME
STEPS
USER LOGS
INTO WINDOWS
Federated Login Is Single Identity
Security Assertion Markup Language
16
1 2 3 4 5
USER ATTEMPTS
TO LOG IN TO A
WEBSITE
USER IS
REDIRECTED TO
IDENTITY
PROVIDER
IDENTITY PROVIDER
REQUESTS
AUTHENTICATION OR (IF
USER IS LOGGED IN)
RETURNS CREDENTIALS
USER IS REDIRECTED
BACK TO ORIGINAL
SITE WITH SAML
ASSERTION
ATTACHED
ORIGINAL SITE USES
ITS SAML SERVICE
PROVIDER TO
CONFIRM SAML
ASSERTION AND
GRANT ACCESS
STEPS
✤ Simple SAML Steps
SAML - Federated Single Identity
17
✤ IdP - Identity Provider (SSO)
✤ ADFS (Active Directory Federation Services)
✤ can be combined with IWA
✤ TFIM (Tivoli Federated Identity Manager)
✤ SP - Service Provider
✤ IBM Domino (web federated login)
✤ IBM SmartCloud
✤ IBM Notes (requires ID Vault) (notes federated login)
SAML Behaviour
✤ IdP (Identity Providers) use HTTP or SOAP to communicate to SP (Service
Providers) via XML based assertions
✤ Assertions have three roles
✤ Authentication
✤ Authorisation
✤ Retrieving Attributes
✤ Many kinds of authentication methods are supported depending on your
chosen IdP
✤ Once initially federated no subsequent password or credentials are passed
Federation For Social Systems
OAuth / OpenID / Facebook Login!
OpenID is identify federation

OAuth is authorisation 

OpenID is built on OAuth
Simplified OAuth Process
1 2 3 4 5
USER ASKS
FACEBOOK (THE
CONSUMER) TO
POST ON THEIR
ACTIVITY STREAM
FACEBOOK GOES TO
CONNECTIONS (THE
SERVICE PROVIDER)
AND ASKS FOR
PERMISSION TO
POST
THE SERVICE PROVIDER
GIVES THE CONSUMER A
SECRET KEY TO GIVE TO THE
USER AND A URL FOR THE
USER TO CLICK ON
THE USER CLICKS ON
THE URL AND
AUTHENTICATES WITH
THE SERVICE
PROVIDER
THE SERVICE
PROVIDER , SATISFIED
THE SECRET KEY IS
GOOD, WILL NOW ALLOW
THE CONSUMER ACCESS
TO ITS SERVICES
STEPS
IBM Products As SAML Service
Providers
✤ Verse on premises and cloud
✤ Domino
✤ Notes - both on premises and Smartcloud
✤ Connections
✤ WebSphere
Preparation For Federation
Directories and Data
IDENTITY
LOCATION
HISTORY
SYSTEMS
Identity
✤ Directories that are well constructed and maintained
✤ names
✤ data
✤ accounts
✤ Tie directories together with a common key
Systems
✤ Authorisation
✤ Access Levels
✤ Data Security
✤ Identifying shared attributes
✤ Configuring custom attributes in LDAP and the IdP
Location
✤ Different behaviour in different locations
✤ Locations define data
✤ Why are you here? What is your role?
History
✤ What have you done before
✤ Patterns of behaviour
✤ Suggestions based on history, location and identity
Risks
Personas
✤ Do you want to tie everything together?
✤ Do you have the same persona everywhere?
✤ Is the language you use, your opinions, your
political views common everywhere
✤ and something you want to share?
Federation
✤ Once all systems are integrated all systems are vulnerable
✤ You are only as protected as your least secure password /
authentication model
✤ Understand what services or service providers you have
authorised, what information they hold , what their
privacy policies are and what their security policies are
✤ Make sure users understand they have to logout
OAuth/OpenID
✤ Theft of credentials
✤ Excessive access and data rights
✤ Theft of data
✤ Brute force guessing of credentials
✤ URL redirects or interceptions through incomplete URL requests
✤ Token interceptions
✤ Puts the user in control - this is not a bad thing
IOT & Identity
Internet OfThings
✤ A physical device with embedded internet connectivity and
“always on” status
✤ The beauty of IOT devices is that they are integrated into your life
✤ there’s no individual authentication
✤ They know everything they need to know simply because of
their placement or setup
✤ Their true value is in learning about those things we discussed
earlier, preferences, behaviour, patterns
RisksWith IOT
✤ Physical devices may now come with built in
connectivity as an added feature
✤ Companies who didn’t deploy them for that feature
may also not have security policies in place to disable
or limit it
✤ Risk assessment happens too late
RisksWith IoT
✤ Privacy
✤ Safety
✤ Data Bleed
✤ Additional operational expenses
Summary
Prepare
✤ Have a good directory and define security policies such as token
expiration
✤ Protect At Every Point Of Entry
✤ You don’t put a value on the information but someone else will
✤ Your identity has value
✤ Train users to log out, clean caches and understand what multi
system access means
✤ Include risk assessment for IoT in any hardware purchasing and
deployment
Lots of Good
✤ More passwords and stronger passwords don’t lead to better security
✤ Avoiding passwords entirely but authenticating based on existing
information can be more secure
✤ Users are more likely to engage with systems that have fewer
barriers to entry
✤ The more systems know about us, how we work and what we need
the better they can serve us
✤ There are enormous volumes of data being produced across systems
that can be used to save time, cost and effort
Questions?
Notices and disclaimers
Copyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial
publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS"
WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION,
INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted
according to the terms and conditions of the agreements under which they are provided.
IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms
apply.”
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used
IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM
operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are
provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any
relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal
advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law
Notices and disclaimers continued
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly
available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility
or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those
products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s
products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights,
trademarks or other intellectual property right.
IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management
System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social
Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™,
PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®,
Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®,
Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many
jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available
on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

More Related Content

What's hot

Communities of practice
Communities of practice Communities of practice
Communities of practice
Nirmala Selvaraju
 
株式会社サイカ_会社説明資料
株式会社サイカ_会社説明資料株式会社サイカ_会社説明資料
株式会社サイカ_会社説明資料
XICA CO.,LTD.
 
Active Directoryに公開したプリンタを解除
Active Directoryに公開したプリンタを解除Active Directoryに公開したプリンタを解除
Active Directoryに公開したプリンタを解除
Michio Koyama
 
How to commit a project in svn using svn plugin in anypoint studio
How to commit a project in svn using svn plugin in anypoint studioHow to commit a project in svn using svn plugin in anypoint studio
How to commit a project in svn using svn plugin in anypoint studio
Sudha Ch
 
猿でもわかるコンテナ
猿でもわかるコンテナ猿でもわかるコンテナ
猿でもわかるコンテナ
Tsuyoshi Miyake
 
AVFoundationを使った無音カメラアプリの作り方
AVFoundationを使った無音カメラアプリの作り方AVFoundationを使った無音カメラアプリの作り方
AVFoundationを使った無音カメラアプリの作り方
Takashi Ohtsuka
 
Kubernetes超入門
Kubernetes超入門Kubernetes超入門
Kubernetes超入門
Takashi Suzuki
 
Lecture 4 Les registres de langue
Lecture 4 Les registres de langue Lecture 4 Les registres de langue
Lecture 4 Les registres de langue
Christophe Gagne
 
Stream on SharePoint, an overview - JcGonzalez.pptx
Stream on SharePoint, an overview - JcGonzalez.pptxStream on SharePoint, an overview - JcGonzalez.pptx
Stream on SharePoint, an overview - JcGonzalez.pptx
Juan Carlos Gonzalez
 
Communities of Practice: Employee Motivation for Engagement
Communities of Practice: Employee Motivation for EngagementCommunities of Practice: Employee Motivation for Engagement
Communities of Practice: Employee Motivation for Engagement
Marianne Meindertsma
 
Apiドキュメンテーションツールを使いこなす【api blueprint編】
Apiドキュメンテーションツールを使いこなす【api blueprint編】Apiドキュメンテーションツールを使いこなす【api blueprint編】
Apiドキュメンテーションツールを使いこなす【api blueprint編】
dcubeio
 
How to use microsoft teams
How to use microsoft teamsHow to use microsoft teams
How to use microsoft teams
Dhananjay Naldurgkar
 
Hipとは?
Hipとは?Hipとは?
Hipとは?
Takuma Miki
 
SharePoint Online Communication Sites お手軽サイト作成
SharePoint Online Communication Sites お手軽サイト作成SharePoint Online Communication Sites お手軽サイト作成
SharePoint Online Communication Sites お手軽サイト作成
Hirofumi Ota
 
0から始めるコンテナの学び方(Kubernetes Novice Tokyo #14 発表資料)
0から始めるコンテナの学び方(Kubernetes Novice Tokyo #14 発表資料)0から始めるコンテナの学び方(Kubernetes Novice Tokyo #14 発表資料)
0から始めるコンテナの学び方(Kubernetes Novice Tokyo #14 発表資料)
NTT DATA Technology & Innovation
 
Dropbox presentation
Dropbox presentationDropbox presentation
Dropbox presentation
Kenton Larsen
 
Feedback-trappan
Feedback-trappanFeedback-trappan
微服務對IT人員的衝擊
微服務對IT人員的衝擊微服務對IT人員的衝擊
微服務對IT人員的衝擊
Philip Zheng
 
“…so, how are things really done around here?” - Culture
“…so, how are things really done around here?” - Culture“…so, how are things really done around here?” - Culture
“…so, how are things really done around here?” - Culture
László Árvai
 
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint SitesSensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Drew Madelung
 

What's hot (20)

Communities of practice
Communities of practice Communities of practice
Communities of practice
 
株式会社サイカ_会社説明資料
株式会社サイカ_会社説明資料株式会社サイカ_会社説明資料
株式会社サイカ_会社説明資料
 
Active Directoryに公開したプリンタを解除
Active Directoryに公開したプリンタを解除Active Directoryに公開したプリンタを解除
Active Directoryに公開したプリンタを解除
 
How to commit a project in svn using svn plugin in anypoint studio
How to commit a project in svn using svn plugin in anypoint studioHow to commit a project in svn using svn plugin in anypoint studio
How to commit a project in svn using svn plugin in anypoint studio
 
猿でもわかるコンテナ
猿でもわかるコンテナ猿でもわかるコンテナ
猿でもわかるコンテナ
 
AVFoundationを使った無音カメラアプリの作り方
AVFoundationを使った無音カメラアプリの作り方AVFoundationを使った無音カメラアプリの作り方
AVFoundationを使った無音カメラアプリの作り方
 
Kubernetes超入門
Kubernetes超入門Kubernetes超入門
Kubernetes超入門
 
Lecture 4 Les registres de langue
Lecture 4 Les registres de langue Lecture 4 Les registres de langue
Lecture 4 Les registres de langue
 
Stream on SharePoint, an overview - JcGonzalez.pptx
Stream on SharePoint, an overview - JcGonzalez.pptxStream on SharePoint, an overview - JcGonzalez.pptx
Stream on SharePoint, an overview - JcGonzalez.pptx
 
Communities of Practice: Employee Motivation for Engagement
Communities of Practice: Employee Motivation for EngagementCommunities of Practice: Employee Motivation for Engagement
Communities of Practice: Employee Motivation for Engagement
 
Apiドキュメンテーションツールを使いこなす【api blueprint編】
Apiドキュメンテーションツールを使いこなす【api blueprint編】Apiドキュメンテーションツールを使いこなす【api blueprint編】
Apiドキュメンテーションツールを使いこなす【api blueprint編】
 
How to use microsoft teams
How to use microsoft teamsHow to use microsoft teams
How to use microsoft teams
 
Hipとは?
Hipとは?Hipとは?
Hipとは?
 
SharePoint Online Communication Sites お手軽サイト作成
SharePoint Online Communication Sites お手軽サイト作成SharePoint Online Communication Sites お手軽サイト作成
SharePoint Online Communication Sites お手軽サイト作成
 
0から始めるコンテナの学び方(Kubernetes Novice Tokyo #14 発表資料)
0から始めるコンテナの学び方(Kubernetes Novice Tokyo #14 発表資料)0から始めるコンテナの学び方(Kubernetes Novice Tokyo #14 発表資料)
0から始めるコンテナの学び方(Kubernetes Novice Tokyo #14 発表資料)
 
Dropbox presentation
Dropbox presentationDropbox presentation
Dropbox presentation
 
Feedback-trappan
Feedback-trappanFeedback-trappan
Feedback-trappan
 
微服務對IT人員的衝擊
微服務對IT人員的衝擊微服務對IT人員的衝擊
微服務對IT人員的衝擊
 
“…so, how are things really done around here?” - Culture
“…so, how are things really done around here?” - Culture“…so, how are things really done around here?” - Culture
“…so, how are things really done around here?” - Culture
 
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint SitesSensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
 

Viewers also liked

Multiple,shared identity
Multiple,shared identityMultiple,shared identity
Multiple,shared identity
vshackley
 
AdminCamp 2011 Performance
AdminCamp 2011 PerformanceAdminCamp 2011 Performance
AdminCamp 2011 Performance
Ulrich Krause
 
MAS202 - Customizing IBM Connections
MAS202 - Customizing IBM ConnectionsMAS202 - Customizing IBM Connections
MAS202 - Customizing IBM Connections
paulbastide
 
Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1
Gabriella Davis
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...
LetsConnect
 
IBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIIIBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode III
LetsConnect
 

Viewers also liked (6)

Multiple,shared identity
Multiple,shared identityMultiple,shared identity
Multiple,shared identity
 
AdminCamp 2011 Performance
AdminCamp 2011 PerformanceAdminCamp 2011 Performance
AdminCamp 2011 Performance
 
MAS202 - Customizing IBM Connections
MAS202 - Customizing IBM ConnectionsMAS202 - Customizing IBM Connections
MAS202 - Customizing IBM Connections
 
Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...
 
IBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIIIBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode III
 

Similar to Benefits and Risks of a Single Identity - IBM Connect 2017

A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration Solutions
Gabriella Davis
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
Forte Advisory, Inc.
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
amiinaaa
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Katherine Cola
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
Evernym
 
A A A
A A AA A A
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4
skimil
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric Identity
Eduserv Foundation
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
Richard Diver
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider
Tyrone Systems
 
Data security and compliancy in Office 365
Data security and compliancy in Office 365Data security and compliancy in Office 365
Data security and compliancy in Office 365
Microsoft TechNet - Belgium and Luxembourg
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businesses
B2BPlanner Ltd.
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
GlobalSign
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slides
Jim Kaplan CIA CFE
 
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Amazon Web Services
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secure
IIMBNSRCEL
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Wendy Knox Everette
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Web Services
 

Similar to Benefits and Risks of a Single Identity - IBM Connect 2017 (20)

A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration Solutions
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
 
A A A
A A AA A A
A A A
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric Identity
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider
 
Data security and compliancy in Office 365
Data security and compliancy in Office 365Data security and compliancy in Office 365
Data security and compliancy in Office 365
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businesses
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slides
 
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secure
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
 

More from Gabriella Davis

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin Tips
Gabriella Davis
 
. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project
Gabriella Davis
 
Domino Server Health - Monitoring and Managing
 Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing
Gabriella Davis
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
Gabriella Davis
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
Gabriella Davis
 
Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10
Gabriella Davis
 
An Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerAn Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for Docker
Gabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
Gabriella Davis
 
An introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerAn introduction to configuring Domino for Docker
An introduction to configuring Domino for Docker
Gabriella Davis
 
How To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryHow To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & Discovery
Gabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
Brand Yourself
Brand YourselfBrand Yourself
Brand Yourself
Gabriella Davis
 
Home Working
Home WorkingHome Working
Home Working
Gabriella Davis
 
The Imposter Syndrome
The Imposter SyndromeThe Imposter Syndrome
The Imposter Syndrome
Gabriella Davis
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
Gabriella Davis
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
Gabriella Davis
 
An Introduction To Docker
An Introduction To  DockerAn Introduction To  Docker
An Introduction To Docker
Gabriella Davis
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudSetting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Gabriella Davis
 

More from Gabriella Davis (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin Tips
 
. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project
 
Domino Server Health - Monitoring and Managing
 Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
 
Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10
 
An Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerAn Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for Docker
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
 
An introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerAn introduction to configuring Domino for Docker
An introduction to configuring Domino for Docker
 
How To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryHow To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & Discovery
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
Brand Yourself
Brand YourselfBrand Yourself
Brand Yourself
 
Home Working
Home WorkingHome Working
Home Working
 
The Imposter Syndrome
The Imposter SyndromeThe Imposter Syndrome
The Imposter Syndrome
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
 
An Introduction To Docker
An Introduction To  DockerAn Introduction To  Docker
An Introduction To Docker
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudSetting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
 

Recently uploaded

How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
moinahousna
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
LINUS PROJECTS (INDIA)
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Zilliz
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
kumarjarun2010
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
RaminGhanbari2
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
HackersList
 

Recently uploaded (20)

How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
 

Benefits and Risks of a Single Identity - IBM Connect 2017

  • 1. February 2017 Benefits and Risks of a Single Identity Gabriella Davis Technical Director - IBM Lifetime Champion The Turtle Partnership DEV-1078 IBM Connect 2017 Conference
  • 3. Roadmap ForThis Session ✤ What is single identity and why would I care? ✤ What technologies are available to me? ✤ What needs to be in place for single identity to work well ✤ The risks of single identity in an IOT and online world
  • 4. What DoWe Mean By Single Identity? • Identity Management • I am an individual but one that is part of this group • I take my individuality into different systems • I take information about me across different systems • This is the difference between federation and single sign on
  • 5. Things have gotten a bit more complicated than that.. Multiple systems and standards including SAML, OpenID, OAuth, Facebook Login Users require logins across personal, consumer, and enterprise systems
  • 6. Individual Identities Across Systems Attributes Within Systems An individual will have separate identities across different systems, where some attributes are shared such as email or name and others might be system specific. As the user moves between systems their individual identity remains the same.
  • 7. Why Is Having A Single Identity Valuable? Preferences Behaviour & History Patterns BeingPresent how i use the system, how i prefer to work with it, what parts of it i prefer to see / engage with what I do, what i have interacted with in the past, what I reuse or repeat spotting ways in which I reuse or repeat in order to present information to me that I might not be aware of or highlight information that the pattern says I should be interested in just because i’m using system A doesn’t mean someone in system B can’t find and interact with me. I have one identity if signed onto multiple systems.
  • 8. Key Components of Single Identity
  • 9. Authentication Authentication is critical to ensure Gab Davis in SystemA is the same as Gab Davis in SystemB and the information that goes with that ‘Gab Davis” is correct
  • 10. ✤ Hello - have you met my friend? ✤ Is trust transferable? Trust Once you create a way in you are establishing a security level as that of the lowest entry point
  • 11. ✤ Access rights ✤ Identity data such as name or email ✤ System specific attributes such as your favourite drink Attributes Sparkling Wine
 Flute White Wine Glass Standard Wine Glass Light Red Wine Glass Blod Red Wine Glass
  • 13. Password Synchronisation This ISN’T Single Identity Synchronising passwords across different systems Sametime LDAP Connections LDAP Traveler Authentication Password Synchronisation Tool You’re not the same person, you’re just using the sam password You’re not the same person, you’re just using the same password
  • 14. Single LDAP Source This Kind-Of Is - At Its Most Basic Authenticating against a single password in a single place Sametime Network Login Connections Mail LDAP Password Technically you are the same person as you authenticate using the same identity but that’s it, there is no other information being held or exchanged.
  • 15. This Is Closer - but not quite IWA/Kerberos/SPNEGO ✤ The single authentication to Windows has granted access to other systems using the same identity 1 2 3 4 5 ACTIVE DIRECTORY GENERATES TOKEN USER TRIES TO ACCESS A WEBSITE BROWSER SENDS IWA TOKEN TO THE WEB SERVER ALONG WITH USER NAME THE WEB SERVER CONTACTS ACTIVE DIRECTORY TO VALIDATE TOKEN AND RETRIEVE THE USER’S NAME STEPS USER LOGS INTO WINDOWS
  • 16. Federated Login Is Single Identity Security Assertion Markup Language 16 1 2 3 4 5 USER ATTEMPTS TO LOG IN TO A WEBSITE USER IS REDIRECTED TO IDENTITY PROVIDER IDENTITY PROVIDER REQUESTS AUTHENTICATION OR (IF USER IS LOGGED IN) RETURNS CREDENTIALS USER IS REDIRECTED BACK TO ORIGINAL SITE WITH SAML ASSERTION ATTACHED ORIGINAL SITE USES ITS SAML SERVICE PROVIDER TO CONFIRM SAML ASSERTION AND GRANT ACCESS STEPS ✤ Simple SAML Steps
  • 17. SAML - Federated Single Identity 17 ✤ IdP - Identity Provider (SSO) ✤ ADFS (Active Directory Federation Services) ✤ can be combined with IWA ✤ TFIM (Tivoli Federated Identity Manager) ✤ SP - Service Provider ✤ IBM Domino (web federated login) ✤ IBM SmartCloud ✤ IBM Notes (requires ID Vault) (notes federated login)
  • 18. SAML Behaviour ✤ IdP (Identity Providers) use HTTP or SOAP to communicate to SP (Service Providers) via XML based assertions ✤ Assertions have three roles ✤ Authentication ✤ Authorisation ✤ Retrieving Attributes ✤ Many kinds of authentication methods are supported depending on your chosen IdP ✤ Once initially federated no subsequent password or credentials are passed
  • 19. Federation For Social Systems OAuth / OpenID / Facebook Login! OpenID is identify federation OAuth is authorisation OpenID is built on OAuth
  • 20. Simplified OAuth Process 1 2 3 4 5 USER ASKS FACEBOOK (THE CONSUMER) TO POST ON THEIR ACTIVITY STREAM FACEBOOK GOES TO CONNECTIONS (THE SERVICE PROVIDER) AND ASKS FOR PERMISSION TO POST THE SERVICE PROVIDER GIVES THE CONSUMER A SECRET KEY TO GIVE TO THE USER AND A URL FOR THE USER TO CLICK ON THE USER CLICKS ON THE URL AND AUTHENTICATES WITH THE SERVICE PROVIDER THE SERVICE PROVIDER , SATISFIED THE SECRET KEY IS GOOD, WILL NOW ALLOW THE CONSUMER ACCESS TO ITS SERVICES STEPS
  • 21. IBM Products As SAML Service Providers ✤ Verse on premises and cloud ✤ Domino ✤ Notes - both on premises and Smartcloud ✤ Connections ✤ WebSphere
  • 24. Identity ✤ Directories that are well constructed and maintained ✤ names ✤ data ✤ accounts ✤ Tie directories together with a common key
  • 25. Systems ✤ Authorisation ✤ Access Levels ✤ Data Security ✤ Identifying shared attributes ✤ Configuring custom attributes in LDAP and the IdP
  • 26. Location ✤ Different behaviour in different locations ✤ Locations define data ✤ Why are you here? What is your role?
  • 27. History ✤ What have you done before ✤ Patterns of behaviour ✤ Suggestions based on history, location and identity
  • 28. Risks
  • 29. Personas ✤ Do you want to tie everything together? ✤ Do you have the same persona everywhere? ✤ Is the language you use, your opinions, your political views common everywhere ✤ and something you want to share?
  • 30. Federation ✤ Once all systems are integrated all systems are vulnerable ✤ You are only as protected as your least secure password / authentication model ✤ Understand what services or service providers you have authorised, what information they hold , what their privacy policies are and what their security policies are ✤ Make sure users understand they have to logout
  • 31. OAuth/OpenID ✤ Theft of credentials ✤ Excessive access and data rights ✤ Theft of data ✤ Brute force guessing of credentials ✤ URL redirects or interceptions through incomplete URL requests ✤ Token interceptions ✤ Puts the user in control - this is not a bad thing
  • 33. Internet OfThings ✤ A physical device with embedded internet connectivity and “always on” status ✤ The beauty of IOT devices is that they are integrated into your life ✤ there’s no individual authentication ✤ They know everything they need to know simply because of their placement or setup ✤ Their true value is in learning about those things we discussed earlier, preferences, behaviour, patterns
  • 34. RisksWith IOT ✤ Physical devices may now come with built in connectivity as an added feature ✤ Companies who didn’t deploy them for that feature may also not have security policies in place to disable or limit it ✤ Risk assessment happens too late
  • 35. RisksWith IoT ✤ Privacy ✤ Safety ✤ Data Bleed ✤ Additional operational expenses
  • 37. Prepare ✤ Have a good directory and define security policies such as token expiration ✤ Protect At Every Point Of Entry ✤ You don’t put a value on the information but someone else will ✤ Your identity has value ✤ Train users to log out, clean caches and understand what multi system access means ✤ Include risk assessment for IoT in any hardware purchasing and deployment
  • 38. Lots of Good ✤ More passwords and stronger passwords don’t lead to better security ✤ Avoiding passwords entirely but authenticating based on existing information can be more secure ✤ Users are more likely to engage with systems that have fewer barriers to entry ✤ The more systems know about us, how we work and what we need the better they can serve us ✤ There are enormous volumes of data being produced across systems that can be used to save time, cost and effort
  • 40. Notices and disclaimers Copyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law
  • 41. Notices and disclaimers continued Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.