CIS14: Identity at Scale: Bridging Gaps between Physical and Logical, Token and Cloud

•

0 likes•454 views

Chris Corum, AVISIAN, Inc. The place that physical access cards, prox badges, smart cards, and weigand protocols have in cloud identity, taking into consideration the knowledge gained from decades of experience. issuing and lifecycle-managing strongly vetted credentials

Technology

Identity at scale:
Bridging gaps between physical and virtual,
token and cloud
Chris Corum, AVISIAN Publishing
chris@avisian.com
@Avisian

- Some orgs strengthen, most do nothing
- Single credential to access many sites
- Host in house or go to cloud?
- Forces align to kill the weak credential
- Single purpose, weak credentials
were issued by individual entities
to protect access to their own stuff
- Usage and value of ‘what we’re
protecting’ rise, gives rise to hacking
and breach culture
- Users tire of mass single-use credentials
earlyonmidphasecurrent
Mass data
breaches
Cloning/
counterfeiting
Password fatigueCostanza wallet
Acronym soupSmart cards/2FA
SSOFederation/NFC
CISIDaaS
UN/PWCards and badges

HAVE
KNOW
ARE
HAVE
KNOW
ARE
HAVE
KNOW
ARE
Traditional
authentication

Something you connected toSomething you used
Something you tapped onSomething you drove
Some place you went
Some place you ate
Some place you walked past
Some place you tapped in
Some place you parked
Some way you type
Some way you tap
Some way you mouse over
Some way you twist your deviceSomething you did
Something else you did
Something you did a few minutes ago
Something your are about to do
Something you know
Something else you know
Something you couldn’t know
Something you used to know
Some place you wentSome place you ate
Some place you walked pastSome place you tapped inSome place you parked
Some way you typeSome way you tapSome way you mouse over
Some way you twist your device
Somethingyouhave
Somethingelseyouhave
Somethinginhandset
Something you are
Something else you are
Some other thing you are
Something you connected to
Something you used
Something you tapped on
Something you drove
Somethingyoudid
Somethingelseyoudid
Somethingyoudidafewminutesago
Somethingyourareabouttodo
Some
Some
Somet
Someth
Somethingyouhave
Somethingelseyouhave
Somethinginhandset
Next gen
authentication

Scalability
Virtually boundless,
Internet scale
Bound by time and
geography
Issuance
Directory or DB records
with user-initiated
lifecycle management
Cryptographic tokens with
expiry and lifecycle
management
Know the user
Seldom seen, often
self-asserted attributes
Face-to-face vetting with
verified attributes

Physical and digital took similar paths to reach point where a
“net” of adaptive, continuous authentication
can enable us to leapfrog convergence to coalescence if we
bridge gaps to tap the strengths of both groups.
Chris Corum, AVISIAN Publishing
chris@avisian.com
@Avisian

As the Internet of Things grows, along with electronic health care records, the need for machine based discovery will grow substantially. One of the problems with standards based discovery today is that it can expose private information which a user might not want exposed. This talk will look at UMA protecting the webfinger discovery specification to create a discovery mechanism that provides user specified authorization policy for access to the discovery information. Issues and gaps will be identified.

CIS 2015-Putting Control Back in the Users’ Hands- David Pollington

CloudIDSummit

With the growing threat and public concern around the use of legacy username/password mechanisms for authentication and authorisation, many are now turning to the mobile phone as a way of providing solutions that are convenient and provide peace of mind for the user as well as meeting the security requirements and expectations of both Service Providers and Government/Regulatory Bodies keen to protect the interests of citizens. We’ll look at the role the mobile phone (and mobile operator) can play in supporting a wide range of different use cases bringing together industry initiatives such as GSMA Mobile Connect and the FIDO Alliance.

CIS14: NSTIC - Why the Identity Ecosystem Steering Group (IDESG)?

CloudIDSummit

The document discusses the Identity Ecosystem Steering Group (IDESG), which aims to create an identity ecosystem framework that is privacy-enhancing, secure, interoperable, and easy to use. The IDESG is working to complete version 1 of the framework by the end of 2014. It also outlines how individuals and organizations can get involved by joining committees, attending events, or running for leadership positions to help shape the future of digital identity.

CIS 2015-Can Hardware MFA Move from Meh to Aha?- Stina Ehrensvard

CloudIDSummit

While hardware MFA is a well-understood concept, what in the past prevented it from winning mainstream consumer and enterprise appeal? Why are next-gen hardware MFA options flirting with that mass appeal? How has the technology changed and how is the current computing environment different? What old-school weaknesses have been minimized or solved already by modern innovation, and what challenges remain for wide-spread adoption? How have recent breaches renewed interest? Going forward, what sort of innovation is on the horizon and how might it prevent another adoption barrier around hardware MFA?

CIS14: Kantara Open Stand Overview

CloudIDSummit

The document outlines the OpenStand principles for standards development. The principles were jointly affirmed by several standards organizations to align their approaches and mobilize global support. The five core principles are: 1) respectful cooperation between standards bodies; 2) adherence to due process, transparency and consensus; 3) empowering technical experts to develop standards based on merit; 4) availability of specifications for global implementation; and 5) voluntary adoption in the market. The principles support open, inclusive and collaborative development of technologies that drive innovation.

CIS14: Lean In: Enterprise Cloud Identity

CloudIDSummit

CIS14: Persistent Trusted Identity

CloudIDSummit

The document discusses improving authentication methods by moving away from frequent authentication interactions. It proposes using wearable devices and persistent sensing to establish trust and maintain that trust seamlessly without requiring ongoing user interaction. This would decouple authentication from transactions by leveraging trusted devices to serve credentials asynchronously. However, it stresses the importance of privacy by design to ensure user control over data and context in this new paradigm.

CIS14: Identity in OpenStack Icehouse

CloudIDSummit

Sachin Agarwal, SOA Software Overview of common API security hacks and threats and best practices to secure your APIs against these threats such as detection and prevention of Denial of Service (DoS) attacks, malformed messages or excessive XML/JSON depth and breadth, message Encryption and rate limiting, and development and governance methodologies that need to be adopted to ensure security compliance.

CIS14: OAuth and OpenID Connect in Action

CloudIDSummit

CIS 2015- Building IAM for OpenStack- Steve Martinelli

CloudIDSummit

The document discusses identity and access management (IAM) in OpenStack, focusing on the Keystone service. It provides an overview of Keystone and describes how it handles authentication, authorization, and identity management. It also discusses the different identity sources that Keystone supports, such as SQL, LDAP, and multiple backends. Authentication methods covered include password, token, and federated identity. Large scale deployments of Keystone are also described.

CIS14: Identity at Scale: Next Gen Federation Architectures

CloudIDSummit

CIS14: Creating a Federated Identity Service for ABAC and WebAccess Managemen...

CloudIDSummit

CIS14: Kantara Briefing on ID.me

CloudIDSummit

ID.me is a digital identity company founded in 2010 by two Army Rangers. It provides trusted identity solutions that allow consumers to verify their identity and receive personalized offers from brands. ID.me received a $2.8 million grant from the Department of Commerce and was named the most veteran-friendly small business in America in 2013. The company allows consumers to use their digital identity to access loyalty programs and serves as a digital identity bank where consumers can leverage their identity data. ID.me partnered with Under Armour to create a military loyalty program that allows veterans to verify their identity online and receive discounts.

CIS14: Enterprise Identity APIs

CloudIDSummit

CIS14: Providing Business with NextGen Identity Solutions in a Legacy World

CloudIDSummit

CIS14: OAuth and OpenID Connect in Action

CloudIDSummit

CIS14: API Security for the Cloud: Tales from the Trenches

CloudIDSummit

CIS14: Human Identity and the IoT “Jungle”

CloudIDSummit

Turismo en Argentina

sjpuigga

El turismo en México ha crecido significativamente en los últimos años, convirtiéndose en una importante fuente de ingresos para el país. Los destinos más populares incluyen Cancún, Riviera Maya y la Ciudad de México, atraídos por las playas, la cultura y la historia. Sin embargo, el turismo masivo también ha planteado desafíos como la contaminación y la presión sobre la infraestructura.

Mel Edwards - Modern Marketing

Microsoft Österreich

1. The document discusses modern marketing approaches and how data and technology enable more personalized and contextual marketing. 2. Key aspects of modern marketing include connecting brands with individual consumers in meaningful ways using technology, ensuring the brand is built around the individual, and placing data and creative at the "top table." 3. Examples are provided of how various companies like Under Armour, Diagenetix, Land Rover, and Adidas leverage data to better understand and engage consumers across channels in personalized ways.

Plaiaundi Razones para implantar TICS e ITS.

Iñaki Cejudo

Ruego 2015 05 socavones mitja galta

UPyDNovelda

El grupo municipal UPyD presenta un ruego al pleno del ayuntamiento de Novelda para solucionar los importantes baches y socavones en la calle del Mesón También conocido como Mitja Galta. Vecinos se han quejado del mal estado de la calle con baches profundos que dificultan la circulación y ocasionan charcos cuando llueve, causando problemas. El grupo pide que se conteste a los vecinos y se reparen rápidamente los daños en la estrecha calle.

Rework -réussir_autrement

SOULEYMANE SANGARE

UNA EXPOSICIÓN PERMANENTE RECUERDA DESDE HOY EN EL MUSEO AERONÁUTICO LA MEMOR...

Ayuntamiento de Málaga

Ehab Youssrey Abas curriculum vitae

Ehab Youssrey

Ehab Youssrey Abas is a 38-year-old purchasing auditor from Alexandria, Egypt seeking a position that utilizes his qualifications and skills. He has over 15 years of experience in purchasing and administrative roles, most recently as a purchasing auditor for Nahdet Misr for Modern Environment Services where he coordinates purchasing activities and ensures supplier compliance. Ehab has a bachelor's degree in accounting from Alexandria University and various IT, language, and professional certifications. He is proficient in MS Office, SAP, ERP systems and has strong leadership, communication, and teamwork skills.

Biografia de pedro pablo leon jaramillo

xus lozano

Riu Sec, 7 - Setembre 1981

Arxiu Xane

Protecting Your Privacy: Cyberspace Security, Real World Safety

AEGILITY

Carpe Diem Strategic Services (CDSS), a veteran owned service-disabled business that offers education and training which addresses threats to digital communications and online privacy. Their mission is to assist individuals, families, and small businesses to understand, identify, and reduce threats and vulnerabilities that expose their business, financial, intellectual property, and sensitive personal data to potential exploitation and risk. (Presentation, slides, and content created by AEGILITY)

Biometrics (Distributed computing)

Sri Prasanna

Smart cards can store digital identities, certificates, and biometric data to provide security and convenience. They are used for applications like credit cards, SIM cards, passports, and transit cards. Biometrics like fingerprints, iris scans, and facial recognition are also used for authentication by analyzing unique physical patterns. CAPTCHAs were developed to distinguish humans from computers by using tests that are easy for humans but difficult for machines, like distorted text, images, and audio puzzles.

Viewers also liked

CIS14: Protecting Your APIs from Threats and Hacks

CloudIDSummit

CIS14: OAuth and OpenID Connect in Action

CloudIDSummit

CIS 2015- Building IAM for OpenStack- Steve Martinelli

CloudIDSummit

CIS14: Identity at Scale: Next Gen Federation Architectures

CloudIDSummit

CIS14: Creating a Federated Identity Service for ABAC and WebAccess Managemen...

CloudIDSummit

CIS14: Kantara Briefing on ID.me

CloudIDSummit

CIS14: Enterprise Identity APIs

CloudIDSummit

CIS14: Providing Business with NextGen Identity Solutions in a Legacy World

CloudIDSummit

CIS14: OAuth and OpenID Connect in Action

CloudIDSummit

CIS14: API Security for the Cloud: Tales from the Trenches

CloudIDSummit

CIS14: Human Identity and the IoT “Jungle”

CloudIDSummit

Turismo en Argentina

sjpuigga

Mel Edwards - Modern Marketing

Microsoft Österreich

Plaiaundi Razones para implantar TICS e ITS.

Iñaki Cejudo

Ruego 2015 05 socavones mitja galta

UPyDNovelda

Rework -réussir_autrement

SOULEYMANE SANGARE

UNA EXPOSICIÓN PERMANENTE RECUERDA DESDE HOY EN EL MUSEO AERONÁUTICO LA MEMOR...

Ayuntamiento de Málaga

Ehab Youssrey Abas curriculum vitae

Ehab Youssrey

Biografia de pedro pablo leon jaramillo

xus lozano

Riu Sec, 7 - Setembre 1981

Arxiu Xane

Viewers also liked (20)

CIS14: Protecting Your APIs from Threats and Hacks

CIS14: OAuth and OpenID Connect in Action

CIS 2015- Building IAM for OpenStack- Steve Martinelli

CIS14: Identity at Scale: Next Gen Federation Architectures

CIS14: Creating a Federated Identity Service for ABAC and WebAccess Managemen...

CIS14: Kantara Briefing on ID.me

CIS14: Enterprise Identity APIs

CIS14: Providing Business with NextGen Identity Solutions in a Legacy World

CIS14: OAuth and OpenID Connect in Action

CIS14: API Security for the Cloud: Tales from the Trenches

CIS14: Human Identity and the IoT “Jungle”

Turismo en Argentina

Mel Edwards - Modern Marketing

Plaiaundi Razones para implantar TICS e ITS.

Ruego 2015 05 socavones mitja galta

Rework -réussir_autrement

UNA EXPOSICIÓN PERMANENTE RECUERDA DESDE HOY EN EL MUSEO AERONÁUTICO LA MEMOR...

Ehab Youssrey Abas curriculum vitae

Biografia de pedro pablo leon jaramillo

Riu Sec, 7 - Setembre 1981

Similar to CIS14: Identity at Scale: Bridging Gaps between Physical and Logical, Token and Cloud

Protecting Your Privacy: Cyberspace Security, Real World Safety

AEGILITY

Biometrics (Distributed computing)

Sri Prasanna

What Is "Secure"?

Peter Coffee

Raising the dead to save the living

JaredPeck

This document summarizes a presentation by Jared Peck on active cyber defense techniques. It discusses the difference between active defense and hacking back, types of decoys that can be used like honeypots and honeytokens, and how and when to deploy them. It also covers detection and alerting methods, adversary infrastructure tracking, legal issues surrounding active defense, and examples of decoys and personas that could be used like fake credentials and social media profiles.

Authentication and session v4

skimil

Authentication and session management are important aspects of network security. Authentication verifies a user's identity, while session management maintains user access after authentication. Common authentication methods include passwords, multifactor authentication, and digital signatures. Session management uses session IDs and cookies to track authenticated users and can be vulnerable to hijacking attacks. Developers should implement standard security practices like encryption, complex passwords, and short session timeouts to strengthen authentication and prevent session threats.

CIS14: Identifying Things (and Things Identifying Us)

CloudIDSummit

The Evolution Of The Social Web

Dan Donald

Benefits and Risks of a Single Identity - IBM Connect 2017

Gabriella Davis

What is valuable about a single identity, why is that something people want and how achievable is it? As people work across multiple systems they encounter an equal number of barriers where they must authenticate or otherwise prove their identity in order to gain access. Ideally we always want to be showing the same information about ourselves regardless of where someone searches or how we are found. In this session we’ll discuss the issues behind both creating a single identity and simplifying authentication. We’ll also review the risks you need to be aware of, the technologies available to you and the importance of good and current personal information. This is an updated presentation that includes some speaker notes for clarity

Security and Privacy

Jenny Nixon

This document discusses security and privacy best practices for businesses conducting e-commerce. It recommends defining security and privacy policies, knowing what customer data is collected and how it is stored and used, implementing security measures like encryption and authentication, choosing reliable payment processors, being aware of compliance issues, and educating customers about security measures to build trust. The goal is to help businesses create confident customers and a positive online reputation through data protection.

Authentication Technologies

Nicholas Davis

This document provides an overview of authentication topics, including: - Defining authentication and the three main electronic authentication factors: something you know, something you have, something you are. - Discussing common authentication methods like usernames/passwords and their benefits and drawbacks. - Covering other authentication methods such as one-time passwords, biometrics, digital certificates, and knowledge-based authentication. - Identifying issues with initial credentialing and key concepts regarding the state of digital authentication.

Authentication technologies

Nicholas Davis

This document provides an overview of authentication topics, including: - Defining authentication and the three main electronic authentication factors: something you know, something you have, something you are. - Discussing common authentication methods like usernames/passwords and their benefits and drawbacks. - Explaining one-time password devices, biometric authentication, and digital certificates. - Identifying issues with current authentication techniques and outlining key concepts regarding authentication.

Authentication Concepts

Charles Southerland

Getting authentication right

Andre N. Klingsheim

The document discusses authentication and identity. It covers common authentication factors like passwords, two-factor authentication using a mobile phone, and biometrics. It provides details on securely storing passwords using techniques like salts and hash functions to prevent cracking. It also discusses risks of password reuse across sites and how two-factor authentication helps address this. The document emphasizes the importance of secure authentication and not allowing the security level to be degraded without re-authentication.

Who is the digital you

Tony Fish

The document discusses the concept of a digital footprint and how personal data is collected from various online activities and used by companies. It notes that an individual's digital footprint contains information about them that they share themselves as well as data about them from other sources, and this footprint can be analyzed to learn about the person. Control over personal data and digital footprints is important, as this information has value and privacy settings need to be managed to prevent unwanted access or use of people's data.

Electronic Authentication, More Than Just a Password

Nicholas Davis

A Presentation which discusses the three different types of electronic authentication: username/password (something you know), One Time Password (something you have) and Biometrics (Something you are). The benefits and drawbacks of each type of authentication are also addressed. A helpful presentation for those people looking to strengthen their authentication system, but who are unsure which technology fits their situation appropriately.

Smedinghoff Identity Management: Who's Signing?

Electronic Signature & Records Association

The document discusses identity management and electronic signatures. It explains that an electronic signature is only valid and enforceable if the signing process can prove who signed. There are many options for identifying the signer, from using a digital signature to using a typed name or login credentials. The key elements of identity management are identification, which associates identifying attributes with a person, and authentication, which verifies that a person is who they claim to be for a specific transaction. The US government is working on a national strategy to address online identity and allow individuals to use identity credentials across different systems and entities.

Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...

Siena Perry

Presentation2 certificate farce

Sandra (Sandy) Dunn

This document summarizes Sandy Dunn's presentation titled "The Certificate Farce" given at Boise BSides on November 21, 2015. The presentation used an analogy where driver's licenses are used to verify identity and food signatures are used to determine if food is safe. However, the processes for issuing IDs and protecting signatures are flawed, making it easy for criminals to impersonate others or poison food. The presentation highlighted issues with trusting certificates and how certificate authorities don't always properly revoke compromised certificates. It also provided an overview of TLS certificate validation tools and resources for monitoring certificates.

Trusted Data Ecosystems（信頼できるデータエコシステム）：アイデンティティに価値を見出す

Hyperleger Tokyo Meetup

3d password - Report

Sunanda Bansal

The document discusses weaknesses in current authentication systems like textual passwords being vulnerable to dictionary attacks. It then introduces 3D passwords as a proposed multifactor authentication scheme. 3D passwords combine existing authentication methods like passwords, biometrics, etc. into a 3D virtual environment. Users authenticate by navigating and interacting with objects in the environment in a sequence that makes up their unique 3D password. The design of the virtual environment and selected objects determine the large password space, making 3D passwords more secure against guessing attacks.

Similar to CIS14: Identity at Scale: Bridging Gaps between Physical and Logical, Token and Cloud (20)

Protecting Your Privacy: Cyberspace Security, Real World Safety

Biometrics (Distributed computing)

What Is "Secure"?

Raising the dead to save the living

Authentication and session v4

CIS14: Identifying Things (and Things Identifying Us)

The Evolution Of The Social Web

Benefits and Risks of a Single Identity - IBM Connect 2017

Security and Privacy

Authentication Technologies

Authentication technologies

Authentication Concepts

Getting authentication right

Who is the digital you

Electronic Authentication, More Than Just a Password

Smedinghoff Identity Management: Who's Signing?

Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...

Presentation2 certificate farce

Trusted Data Ecosystems（信頼できるデータエコシステム）：アイデンティティに価値を見出す

3d password - Report

More from CloudIDSummit

CIS 2016 Content Highlights

CloudIDSummit

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CloudIDSummit

The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com. Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

CloudIDSummit

This document introduces a new identity security system called Sierra Border Security V1.0. It discusses how the assumptions around internet and enterprise security have changed over time as the perimeter has expanded with new technologies. The key challenges mentioned are that identity is now too weak and disconnected to protect organizations at scale. The proposed new system aims to evolve authentication beyond single-factor to continuous multi-factor authentication using standards-based interactions. It will leverage big data and intelligence for dynamic access control and move to identity-based security definitions.

Mobile security, identity & authentication reasons for optimism 20150607 v2

CloudIDSummit

This document discusses authentication and security across devices, operating systems, applications, and networks. It covers a variety of authentication mechanisms like fingerprints, facial recognition, PINs, and security hardware. It also discusses the FIDO protocol for passwordless authentication and its ability to securely authenticate users across different devices and applications. The growing number of connected devices makes scalable authentication a challenge, but solutions like FIDO aim to simplify authentication without compromising security.

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CloudIDSummit

In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism. With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments. How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CloudIDSummit

This document discusses building an enterprise identity provider (IdP) to address security, scalability, and governance of federated identity and access management. It describes what an enterprise IdP is and its benefits, including being a federated identity service, security token service, providing a 360 degree view of identity, and more. It outlines considerations for building an enterprise IdP such as for scalability, ROI, durability, and longevity. Potential pitfalls are also discussed like responsibility issues, skills gaps, lack of time and sponsorship. Planning recommendations include committing to a strategic IAM view, formalizing an IAM program, selling the idea of an enterprise IdP, and leveraging strategic partners.

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CloudIDSummit

Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them? In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CloudIDSummit

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CloudIDSummit

You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CloudIDSummit

Brian Katz discusses how IoT and identity management are important for mobile enterprises. He notes that IoT strategies must include connectivity APIs, sensors to collect data, and tools to manage identity across endpoints. Effective IoT implementation generates large amounts of data from connected devices that companies need to properly manage and secure. There are also challenges around data ownership, privacy, lack of standards, and security that businesses must address when incorporating IoT technologies.

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CloudIDSummit

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CloudIDSummit

The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CloudIDSummit

The document discusses securing the Internet of Things. It begins by describing common constraints of IoT devices like limited RAM, flash, and CPU capabilities. It then summarizes lessons learned from real-world attacks on IoT systems, including limited software update mechanisms, missing key management, inappropriate access control, lack of communication security, and vulnerability to physical attacks. The document advocates following security best practices like integrating software updates, using modern OS concepts, automated key management, and considering physical attacks in threat analyses. It also describes ARM's contributions to improving IoT security through its mbed platform, libraries, and involvement in standards organizations.

CIS 2015 The IDaaS Dating Game - Sean Deuby

CloudIDSummit

The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CloudIDSummit

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CloudIDSummit

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CloudIDSummit

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CloudIDSummit

Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CloudIDSummit

Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.

CIS 2015 Identity Relationship Management in the Internet of Things

CloudIDSummit

Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?

More from CloudIDSummit (20)

CIS 2016 Content Highlights

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

Mobile security, identity & authentication reasons for optimism 20150607 v2

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CIS 2015 The IDaaS Dating Game - Sean Deuby

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CIS 2015 Identity Relationship Management in the Internet of Things

Recently uploaded

Energy Efficient Video Encoding for Cloud and Edge Computing Instances

Alpen-Adria-Universität

Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians

Neo4j

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

saastr

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf

Chart Kalyan

Essentials of Automations: Exploring Attributes & Automation Parameters

Safe Software

Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they? Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality. You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.

Skybuffer SAM4U tool for SAP license adoption

Tatiana Kojar

Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool. SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.

Programming Foundation Models with DSPy - Meetup Slides

Zilliz

9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...

saastr

Taking AI to the Next Level in Manufacturing.pdf

ssuserfac0301

Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as: 1. How quickly AI is being implemented in manufacturing. 2. Which barriers stand in the way of AI adoption. 3. How data quality and governance form the backbone of AI. 4. Organizational processes and structures that may inhibit effective AI adoption. 6. Ideas and approaches to help build your organization's AI strategy.

Dandelion Hashtable: beyond billion requests per second on a commodity server

Antonios Katsarakis

This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).

Choosing The Best AWS Service For Your Website + API.pptx

Brandon Minnick, MBA

Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API? Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose? Which one is cheapest? Which one is fastest? Which one will scale to meet our needs? Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!

Nordic Marketo Engage User Group_June 13_ 2024.pptx

MichaelKnudsen27

Northern Engraving | Nameplate Manufacturing Process - 2024

Northern Engraving

Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!

Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors

DianaGray10

Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more. The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications. We’ll discuss and demo the benefits of UiPath Apps and connectors including: Creating a compelling user experience for any software, without the limitations of APIs. Accelerating the app creation process, saving time and effort Enjoying high-performance CRUD (create, read, update, delete) operations, for seamless data management. Speakers: Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP Charlie Greenberg, host

Harnessing the Power of NLP and Knowledge Graphs for Opioid Research

Neo4j

Principle of conventional tomography-Bibash Shahi ppt..pptx

BibashShahi

5th LF Energy Power Grid Model Meet-up Slides

DanBrown980551

5th Power Grid Model Meet-up It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology. Power Grid Model The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services. Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability. Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization. What to expect For the upcoming meetup we are organizing, we have an exciting lineup of activities planned: -Insightful presentations covering two practical applications of the Power Grid Model. -An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024. -An interactive brainstorming session to discuss and propose new feature requests. -An opportunity to connect with fellow Power Grid Model enthusiasts and users.

Leveraging the Graph for Clinical Trials and Standards

Neo4j

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...

Jason Yip

The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.

AppSec PNW: Android and iOS Application Security with MobSF

Ajin Abraham

Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application. This talk covers: Using MobSF for static analysis of mobile applications. Interactive dynamic security assessment of Android and iOS applications. Solving Mobile app CTF challenges. Reverse engineering and runtime analysis of Mobile malware. How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.

Recently uploaded (20)

Energy Efficient Video Encoding for Cloud and Edge Computing Instances

Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf

Essentials of Automations: Exploring Attributes & Automation Parameters

Skybuffer SAM4U tool for SAP license adoption

Programming Foundation Models with DSPy - Meetup Slides

9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...

Taking AI to the Next Level in Manufacturing.pdf

Dandelion Hashtable: beyond billion requests per second on a commodity server

Choosing The Best AWS Service For Your Website + API.pptx

Nordic Marketo Engage User Group_June 13_ 2024.pptx

Northern Engraving | Nameplate Manufacturing Process - 2024

Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors

Harnessing the Power of NLP and Knowledge Graphs for Opioid Research

Principle of conventional tomography-Bibash Shahi ppt..pptx

5th LF Energy Power Grid Model Meet-up Slides

Leveraging the Graph for Clinical Trials and Standards

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...

AppSec PNW: Android and iOS Application Security with MobSF

CIS14: Identity at Scale: Bridging Gaps between Physical and Logical, Token and Cloud

1. Identity at scale: Bridging gaps between physical and virtual, token and cloud Chris Corum, AVISIAN Publishing chris@avisian.com @Avisian

2. - Some orgs strengthen, most do nothing - Single credential to access many sites - Host in house or go to cloud? - Forces align to kill the weak credential - Single purpose, weak credentials were issued by individual entities to protect access to their own stuff - Usage and value of ‘what we’re protecting’ rise, gives rise to hacking and breach culture - Users tire of mass single-use credentials earlyonmidphasecurrent Mass data breaches Cloning/ counterfeiting Password fatigueCostanza wallet Acronym soupSmart cards/2FA SSOFederation/NFC CISIDaaS UN/PWCards and badges

3. HAVE KNOW ARE HAVE KNOW ARE HAVE KNOW ARE Traditional authentication

4. Something you connected toSomething you used Something you tapped onSomething you drove Some place you went Some place you ate Some place you walked past Some place you tapped in Some place you parked Some way you type Some way you tap Some way you mouse over Some way you twist your deviceSomething you did Something else you did Something you did a few minutes ago Something your are about to do Something you know Something else you know Something you couldn’t know Something you used to know Some place you wentSome place you ate Some place you walked pastSome place you tapped inSome place you parked Some way you typeSome way you tapSome way you mouse over Some way you twist your device Somethingyouhave Somethingelseyouhave Somethinginhandset Something you are Something else you are Some other thing you are Something you connected to Something you used Something you tapped on Something you drove Somethingyoudid Somethingelseyoudid Somethingyoudidafewminutesago Somethingyourareabouttodo Some Some Somet Someth Somethingyouhave Somethingelseyouhave Somethinginhandset Next gen authentication

6. Coalescence not Convergence

7. Scalability Virtually boundless, Internet scale Bound by time and geography Issuance Directory or DB records with user-initiated lifecycle management Cryptographic tokens with expiry and lifecycle management Know the user Seldom seen, often self-asserted attributes Face-to-face vetting with verified attributes

8. Physical and digital took similar paths to reach point where a “net” of adaptive, continuous authentication can enable us to leapfrog convergence to coalescence if we bridge gaps to tap the strengths of both groups. Chris Corum, AVISIAN Publishing chris@avisian.com @Avisian

CIS14: Identity at Scale: Bridging Gaps between Physical and Logical, Token and Cloud

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Similar to CIS14: Identity at Scale: Bridging Gaps between Physical and Logical, Token and Cloud

Similar to CIS14: Identity at Scale: Bridging Gaps between Physical and Logical, Token and Cloud (20)

More from CloudIDSummit

More from CloudIDSummit (20)

Recently uploaded

Recently uploaded (20)

CIS14: Identity at Scale: Bridging Gaps between Physical and Logical, Token and Cloud