An overview of new and existing approaches for Digital Identity including enterprise and customer identity. New blockchain-oriented techniques and where they fit into the IAM landscape.
The document discusses digital trust frameworks, which define rules for interactions between organizations handling digital identity, authentication, and authorization. It provides an example of how a trust framework allows a festival organization to easily verify a resident's identity with telco providers to give out free flags. The key benefits of trust frameworks are lowering negotiation burdens between organizations and enabling interoperability by having all parties comply with the framework's protocols, standards, and policies. The document encourages the reader to get involved with the Kantara Initiative, a non-profit focused on developing innovations for trusted online experiences.
The document discusses digital identity trust frameworks. It defines a digital identity as a trusted electronic representation of who someone is. A trust framework establishes rules for how organizations can interact and handle identity, authentication, and authorization. It covers functions like identity proofing, credential management, access control, and more. A framework helps standardize these processes, lessens the burden on organizations by amalgamating standards, and makes negotiating agreements easier. The document provides examples of framework elements and tools that can be included, and discusses how frameworks can evolve over time to address new roles, functions, and needs.
Learn about the Kantara Consent & Information Sharing WG and their major deliverable the digital Consent Receipt - an Alpha project designed to upgrade the way a person provides consent on-line. This is an open standardization project.
Trust in E- and M-Business - Advances Through IT-SecurityOliver Pfaff
The document discusses trust services that are fundamental for digital business transactions, including authentication, authorization, and non-repudiation. It notes that traditional authentication techniques do not meet the requirements of digital business and outlines cryptographic protocols like digital signatures that can provide persistent authentication of electronic documents and identities. However, it states that non-repudiation requires additional legal and policy frameworks beyond authentication alone. The document also examines authorization services and their implementation in web environments.
Kantara Initiative - Connecting a More Trustworthy Internetkantarainitiative
An overview of Kantara Initiative, a non-profit membership organization that connects business, consumers, governments, and citizens through innovations and programs that support a more natively trustworthy on-line experience.
Blockchain-based Solutions for Identity & Access ManagementPrabath Siriwardena
This document discusses self-sovereign identity and decentralized identifiers (DIDs). It provides an overview of identity evolution from centralized to user-centric models. Self-sovereign identity allows individuals to control their digital identities across systems without relying on centralized authorities. DIDs are a new type of identifier that can be registered on a distributed ledger without a centralized registration authority. The document outlines the goals and components of DID specifications and describes how DIDs and verifiable claims work on networks like Sovrin to enable self-sovereign identity.
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Mydex CIC
Video of this presentation is available here http://ow.ly/jf3Bz
Mydex Community Interest Company (CIC) is building the personal data services platform for the semantic web and transforming the opportunity for individuals to manage and control their lives.
Transcription coming up soon!
For more information about Mydex, kindly visit http://mydex.org/about/
Or visit the developers site at http://dev.mydex.org
And to become a member of Mydex Personal Data Store, visit http://pds.mydex.org
Also learn more about Mydex-Midata at http://midata.mydex.org
and Mydex-Third Sector at http://thirdsector.mydex.org
Follow Mydex on: -
Twitter: http://www.twitter.com/mydexcic
Facebook: http://www.facebook.com/Mydex.org
Flickr: http://www.flickr.com/photos/mydexcic/
RSS feed: http://feeds.feedburner.com/Mydex
Google Plus: https://plus.google.com/u/1/104992390676431315997/posts
A presentation on Self Sovereign Identify - jointly presented with D&B. The topic explores the concept of SSI and the evolving W3C Community proposals around DID (Digital Identity), DID Doc, DID Auth and Verifiable Credentials. Please email me if you would like more information about SSI or wish to chat with me: mohan@chainyard.com
The document discusses digital trust frameworks, which define rules for interactions between organizations handling digital identity, authentication, and authorization. It provides an example of how a trust framework allows a festival organization to easily verify a resident's identity with telco providers to give out free flags. The key benefits of trust frameworks are lowering negotiation burdens between organizations and enabling interoperability by having all parties comply with the framework's protocols, standards, and policies. The document encourages the reader to get involved with the Kantara Initiative, a non-profit focused on developing innovations for trusted online experiences.
The document discusses digital identity trust frameworks. It defines a digital identity as a trusted electronic representation of who someone is. A trust framework establishes rules for how organizations can interact and handle identity, authentication, and authorization. It covers functions like identity proofing, credential management, access control, and more. A framework helps standardize these processes, lessens the burden on organizations by amalgamating standards, and makes negotiating agreements easier. The document provides examples of framework elements and tools that can be included, and discusses how frameworks can evolve over time to address new roles, functions, and needs.
Learn about the Kantara Consent & Information Sharing WG and their major deliverable the digital Consent Receipt - an Alpha project designed to upgrade the way a person provides consent on-line. This is an open standardization project.
Trust in E- and M-Business - Advances Through IT-SecurityOliver Pfaff
The document discusses trust services that are fundamental for digital business transactions, including authentication, authorization, and non-repudiation. It notes that traditional authentication techniques do not meet the requirements of digital business and outlines cryptographic protocols like digital signatures that can provide persistent authentication of electronic documents and identities. However, it states that non-repudiation requires additional legal and policy frameworks beyond authentication alone. The document also examines authorization services and their implementation in web environments.
Kantara Initiative - Connecting a More Trustworthy Internetkantarainitiative
An overview of Kantara Initiative, a non-profit membership organization that connects business, consumers, governments, and citizens through innovations and programs that support a more natively trustworthy on-line experience.
Blockchain-based Solutions for Identity & Access ManagementPrabath Siriwardena
This document discusses self-sovereign identity and decentralized identifiers (DIDs). It provides an overview of identity evolution from centralized to user-centric models. Self-sovereign identity allows individuals to control their digital identities across systems without relying on centralized authorities. DIDs are a new type of identifier that can be registered on a distributed ledger without a centralized registration authority. The document outlines the goals and components of DID specifications and describes how DIDs and verifiable claims work on networks like Sovrin to enable self-sovereign identity.
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Mydex CIC
Video of this presentation is available here http://ow.ly/jf3Bz
Mydex Community Interest Company (CIC) is building the personal data services platform for the semantic web and transforming the opportunity for individuals to manage and control their lives.
Transcription coming up soon!
For more information about Mydex, kindly visit http://mydex.org/about/
Or visit the developers site at http://dev.mydex.org
And to become a member of Mydex Personal Data Store, visit http://pds.mydex.org
Also learn more about Mydex-Midata at http://midata.mydex.org
and Mydex-Third Sector at http://thirdsector.mydex.org
Follow Mydex on: -
Twitter: http://www.twitter.com/mydexcic
Facebook: http://www.facebook.com/Mydex.org
Flickr: http://www.flickr.com/photos/mydexcic/
RSS feed: http://feeds.feedburner.com/Mydex
Google Plus: https://plus.google.com/u/1/104992390676431315997/posts
A presentation on Self Sovereign Identify - jointly presented with D&B. The topic explores the concept of SSI and the evolving W3C Community proposals around DID (Digital Identity), DID Doc, DID Auth and Verifiable Credentials. Please email me if you would like more information about SSI or wish to chat with me: mohan@chainyard.com
Extending the Power of Consent with User-Managed Access & OpenUMAkantarainitiative
At HIMSS 2015 Kantara Initiative will focus on the User Managed Access (UMA) initiative with a networking breakfast held on April 15th sponsored by ForgeRock and MedAllies. More information about HIMSS15 and registration.
Existing notice-and-consent paradigms of privacy have begun to fail dramatically — and as recent Pew surveys have demonstrated, people have begun to (ahem) notice. The discipline of privacy engineering aspires to “craft”, but finds it hard to break out the “compliance” rut. The User-Managed Access (UMA) standard and the OpenUMA open-source project are stepping into the breach with two essential elements that change the game: asynchronous consent and centralized consent management.
- Federal policies like HSPD-12 and OMB M-11-11 established a common credentialing standard using Personal Identity Verification (PIV) cards, but implementation challenges remain. Identity, not just credentials, should be the focus.
- A digital identity record pulls together identity attributes from various sources to uniquely identify individuals across different contexts and applications. Examples of digital identity records and attribute sharing were presented.
- Use cases demonstrated challenges with classified environments, credentialing non-federal employees, and integrating physical access control systems at an enterprise level while keeping local facility control. Lessons
The document summarizes a blockchain-based recruitment and background verification platform called CVerification. CVerification aims to solve problems in the current background check market by providing a distributed system where users can store verified professional records and share them with potential employers. This allows employers to make safer hiring decisions based on verified information, eliminating the need for expensive background check services. CVerification also offers tools to help companies and recruiters efficiently search for candidates and analyze employment markets. The platform has the potential to make the $2 billion background check industry obsolete by optimizing HR processes.
Managing identity for the future how everybody can win - david alexander - ...Mydex CIC
The document discusses how the Mydex open platform enables all participants, including individuals, organizations, and application developers, to benefit from secure and consent-based sharing of personal data. The Mydex platform provides personal data stores for individuals, a secure API for data sharing, and identity and attribute services. For organizations, it reduces costs, improves compliance and data quality, and opens opportunities for new services. Application developers benefit from access to richer data sets and an open environment. The platform aims to empower individuals to more effectively manage their personal data and interactions with organizations.
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSSIMeetup
https://ssimeetup.org/self-sovereign-identity-why-we-here-christopher-allen-webinar-51/
Internet cryptography and Self-sovereign identity (SSI) pioneer Christopher Allen talks about essential insights and reflections around historical, technological and ethical aspects of Self-Sovereign Identity at the 51st SSIMeetup.org webinar in collaboration with Rebooting the Web of Trust (RWOT) and Alianza Blockchain Iberoamérica as part of the events that took place at RWOT in Buenos Aires (Argentina).
Christopher is an entrepreneur and technologist who specializes in collaboration, security, and trust. As a pioneer in internet cryptography, he’s initiated cross-industry collaborations and co-created industry standards that influence the entire internet. Christopher’s focus on internet trust began as the founder of Consensus Development where he co-authored the IETF TLS internet-draft that is now at the heart of all secure commerce on the World Wide Web. Christopher is co-chair of the W3C Credentials CG working on standards for decentralized identity. Christopher has also been a digital civil liberties and human-rights privacy advisor, was part of the team that led the first UN summit on Digital Identity & Human Rights, and was the producer of a half-dozen iPhone and iPad games, and of Infinite PDF, a non-linear media app.
Upcoming trends start to show significant impact in the field of HR also. Blockchain has a wide scope in HR management, especially in maintaining a proper record. This is one of the major issues in HR management. Migrating to the best blockchain can solve this hurdle to a greater extent. HR resource holds large data in relation to the employee and the employer.
What does a foundation Target Architecture look like for an Identity, Credentialing, and Access Management project? This presentation addresses fundamental concepts that apply to any industry seeking ICAM, but was originally established with a federal agency in mind.
Oix local government mydex platform overview 2nd july 2013Mydex CIC
This document discusses how the Mydex service can help local governments meet key needs and drivers by improving service areas like social care, transportation, education, and community engagement. It outlines how Mydex is different as a UK social enterprise focused on empowering individuals to manage their personal data and identities. Mydex provides a personal data store and digital identity platform that enables secure data sharing between individuals and organizations with user consent. This platform can help streamline processes, reduce costs, and improve services for both organizations and individuals.
Identity can seem deceptively simple. We know who we are. Sometimes we have to convince others of that fact and confirm other characteristics: our age, our qualifications, or our right to access some services or tools. This happens every day over the Internet, but in ways that are disorganized, redundant, and risky. The lack of reliable, universal standards puts our private information at risk of public dissemination, fraud or worse.
The pioneers developing the internet didn’t define nuanced standards for identity -- most everything was just username and passwords. Over the past 20 years we have seen a range of standards that solve some identity challenges, including SAML, LDAP, OpenID Connect, OAuth, SCIM, Information Cards, and FIDO. None of them have comprehensively addressed the challenge of identity at internet scale.
A new set of standards is emerging that creates an infrastructure for self-sovereign identity that can scale. This talk looks forward to help you think ahead and prepare for this new infrastructure. We will walk through standards that together create a new identity infrastructure that leverages the blockchain. This isn’t about what you can implement tomorrow to solve your employee identity challenges or manage customer accounts. It will instead prepare you for the coming changes and help you play a role in shaping them.
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinCalvin Cheng
How can we leverage on distributed ledger technology and cryptography to provide identity as a global, cross-jurisdiction and accessible utility for the world?
Mature Digital Trust Infrastructure - Are we there yet?sorenpeter
Presented at the European e-Identity Management Conference 2011 in Tallinn, Estonia:
Reflections on current Government approaches to Trust, federation and identity management. What needs to change as we move forward. We have come a long way with PKI, federation standards, trust frameworks, etc. but are we there yet? Where is there still work to be done and mindsets to be changed?
Trust, Blockchains, and Self-Soveriegn IdentityPhil Windley
This talk discusses sovereignty as a foundational model for a new kind of identity system that not only establishes all entities as peers, but also provides the means of using verifiable claims to build trustworthy relationships. A self-soversign identity system with verifiable claims provides increased privacy and control for individuals, more transparent consent, opens new opportunities for relying parties and third party claims providers, and reduces or eliminates integration costs while making systems simpler.
This document provides an overview of a 2-day training course on digital certificate management and public key infrastructure (PKI). The course covers topics such as the introduction to PKI, algorithms, standards and protocols, digital certificates, cryptography service providers, and web certificate management. It also discusses key concepts related to PKI including symmetric and asymmetric encryption algorithms, hashing functions, certificate authorities, and PKI components.
Building trust attributes in e transactions (final) ver 3.0Aladdin Dandis
The document discusses key concepts for e-transactions including trust, security, privacy, and transparency. It addresses factors that enable and establish trust like reputation, laws, and technology. Specific security concepts are covered such as confidentiality, integrity, availability, authentication, and non-repudiation. The document also discusses privacy guidelines from the OECD and ensuring transparency through processes, governance, and auditability. PCI DSS requirements for payment card security are briefly outlined.
BaaSid divides the texts and images of personal information, splits and distributes them on a public network based on a block chain.
BaaSid is a 100% decentralized personal information network that enables all companies to securely and conveniently use all their personal authentication without operating a centralized DB server
We release information about BaaSid.
Tudor Stanciu is a lawyer and founder of Digital2Law and Fintech Camp who gives presentations on legal issues related to blockchain and digital technologies. He discusses how the legal framework typically changes after societal changes, not vice versa. When developing blockchain projects, some key considerations are participation, security, and liability. Blockchain could allow for self-regulation by communities due to the fragmentation of legal systems across countries. Stanciu also provides a questionnaire for legal and business issues related to blockchain projects and tokens. He outlines some problems that could arise from the core traits of blockchain like multiple anonymous nodes, and areas of interest like incentivizing employees and internal token economies.
Verifiable Credentials for Global Supply ChainsKaryl Fowler
Transmute hosted a discussion at the Internet Identity Workshop (IIW30, April 2020) about the use of verifiable credentials in global supply chains, emphasizing customer discovery and education approaches to emerging technology adoption.
Vlad Andrei's presentation from the ICO Advisory Group's Event "Blockchanging the world – the academic, technological and legal challenges of the blockchain revolution" held at Techhub Bucharest on December 20th, 2017.
Blockchain-Anchored Identity -- Daniel Buchner, Microsoftbernardgolden
The document discusses the potential of blockchain-anchored decentralized identity to transform how individuals control and share their personal data and credentials through "identity hubs", allowing a new generation of applications and services to access rich semantic identity data in real-time through standardized interfaces, ultimately creating a "web of everything" with unprecedented opportunities for interoperability and information flow.
The document discusses identity and access management (IAM) and its relationship to cloud computing. IAM is the process of managing digital identities and access privileges for users, systems, and services. When using cloud computing, an organization relinquishes control over infrastructure but gains flexibility, scalability, and reduced costs. IAM becomes especially important in the cloud to ensure security, privacy, and compliance through features like authentication, authorization, and audit tracking across multiple cloud applications and services.
Extending the Power of Consent with User-Managed Access & OpenUMAkantarainitiative
At HIMSS 2015 Kantara Initiative will focus on the User Managed Access (UMA) initiative with a networking breakfast held on April 15th sponsored by ForgeRock and MedAllies. More information about HIMSS15 and registration.
Existing notice-and-consent paradigms of privacy have begun to fail dramatically — and as recent Pew surveys have demonstrated, people have begun to (ahem) notice. The discipline of privacy engineering aspires to “craft”, but finds it hard to break out the “compliance” rut. The User-Managed Access (UMA) standard and the OpenUMA open-source project are stepping into the breach with two essential elements that change the game: asynchronous consent and centralized consent management.
- Federal policies like HSPD-12 and OMB M-11-11 established a common credentialing standard using Personal Identity Verification (PIV) cards, but implementation challenges remain. Identity, not just credentials, should be the focus.
- A digital identity record pulls together identity attributes from various sources to uniquely identify individuals across different contexts and applications. Examples of digital identity records and attribute sharing were presented.
- Use cases demonstrated challenges with classified environments, credentialing non-federal employees, and integrating physical access control systems at an enterprise level while keeping local facility control. Lessons
The document summarizes a blockchain-based recruitment and background verification platform called CVerification. CVerification aims to solve problems in the current background check market by providing a distributed system where users can store verified professional records and share them with potential employers. This allows employers to make safer hiring decisions based on verified information, eliminating the need for expensive background check services. CVerification also offers tools to help companies and recruiters efficiently search for candidates and analyze employment markets. The platform has the potential to make the $2 billion background check industry obsolete by optimizing HR processes.
Managing identity for the future how everybody can win - david alexander - ...Mydex CIC
The document discusses how the Mydex open platform enables all participants, including individuals, organizations, and application developers, to benefit from secure and consent-based sharing of personal data. The Mydex platform provides personal data stores for individuals, a secure API for data sharing, and identity and attribute services. For organizations, it reduces costs, improves compliance and data quality, and opens opportunities for new services. Application developers benefit from access to richer data sets and an open environment. The platform aims to empower individuals to more effectively manage their personal data and interactions with organizations.
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSSIMeetup
https://ssimeetup.org/self-sovereign-identity-why-we-here-christopher-allen-webinar-51/
Internet cryptography and Self-sovereign identity (SSI) pioneer Christopher Allen talks about essential insights and reflections around historical, technological and ethical aspects of Self-Sovereign Identity at the 51st SSIMeetup.org webinar in collaboration with Rebooting the Web of Trust (RWOT) and Alianza Blockchain Iberoamérica as part of the events that took place at RWOT in Buenos Aires (Argentina).
Christopher is an entrepreneur and technologist who specializes in collaboration, security, and trust. As a pioneer in internet cryptography, he’s initiated cross-industry collaborations and co-created industry standards that influence the entire internet. Christopher’s focus on internet trust began as the founder of Consensus Development where he co-authored the IETF TLS internet-draft that is now at the heart of all secure commerce on the World Wide Web. Christopher is co-chair of the W3C Credentials CG working on standards for decentralized identity. Christopher has also been a digital civil liberties and human-rights privacy advisor, was part of the team that led the first UN summit on Digital Identity & Human Rights, and was the producer of a half-dozen iPhone and iPad games, and of Infinite PDF, a non-linear media app.
Upcoming trends start to show significant impact in the field of HR also. Blockchain has a wide scope in HR management, especially in maintaining a proper record. This is one of the major issues in HR management. Migrating to the best blockchain can solve this hurdle to a greater extent. HR resource holds large data in relation to the employee and the employer.
What does a foundation Target Architecture look like for an Identity, Credentialing, and Access Management project? This presentation addresses fundamental concepts that apply to any industry seeking ICAM, but was originally established with a federal agency in mind.
Oix local government mydex platform overview 2nd july 2013Mydex CIC
This document discusses how the Mydex service can help local governments meet key needs and drivers by improving service areas like social care, transportation, education, and community engagement. It outlines how Mydex is different as a UK social enterprise focused on empowering individuals to manage their personal data and identities. Mydex provides a personal data store and digital identity platform that enables secure data sharing between individuals and organizations with user consent. This platform can help streamline processes, reduce costs, and improve services for both organizations and individuals.
Identity can seem deceptively simple. We know who we are. Sometimes we have to convince others of that fact and confirm other characteristics: our age, our qualifications, or our right to access some services or tools. This happens every day over the Internet, but in ways that are disorganized, redundant, and risky. The lack of reliable, universal standards puts our private information at risk of public dissemination, fraud or worse.
The pioneers developing the internet didn’t define nuanced standards for identity -- most everything was just username and passwords. Over the past 20 years we have seen a range of standards that solve some identity challenges, including SAML, LDAP, OpenID Connect, OAuth, SCIM, Information Cards, and FIDO. None of them have comprehensively addressed the challenge of identity at internet scale.
A new set of standards is emerging that creates an infrastructure for self-sovereign identity that can scale. This talk looks forward to help you think ahead and prepare for this new infrastructure. We will walk through standards that together create a new identity infrastructure that leverages the blockchain. This isn’t about what you can implement tomorrow to solve your employee identity challenges or manage customer accounts. It will instead prepare you for the coming changes and help you play a role in shaping them.
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinCalvin Cheng
How can we leverage on distributed ledger technology and cryptography to provide identity as a global, cross-jurisdiction and accessible utility for the world?
Mature Digital Trust Infrastructure - Are we there yet?sorenpeter
Presented at the European e-Identity Management Conference 2011 in Tallinn, Estonia:
Reflections on current Government approaches to Trust, federation and identity management. What needs to change as we move forward. We have come a long way with PKI, federation standards, trust frameworks, etc. but are we there yet? Where is there still work to be done and mindsets to be changed?
Trust, Blockchains, and Self-Soveriegn IdentityPhil Windley
This talk discusses sovereignty as a foundational model for a new kind of identity system that not only establishes all entities as peers, but also provides the means of using verifiable claims to build trustworthy relationships. A self-soversign identity system with verifiable claims provides increased privacy and control for individuals, more transparent consent, opens new opportunities for relying parties and third party claims providers, and reduces or eliminates integration costs while making systems simpler.
This document provides an overview of a 2-day training course on digital certificate management and public key infrastructure (PKI). The course covers topics such as the introduction to PKI, algorithms, standards and protocols, digital certificates, cryptography service providers, and web certificate management. It also discusses key concepts related to PKI including symmetric and asymmetric encryption algorithms, hashing functions, certificate authorities, and PKI components.
Building trust attributes in e transactions (final) ver 3.0Aladdin Dandis
The document discusses key concepts for e-transactions including trust, security, privacy, and transparency. It addresses factors that enable and establish trust like reputation, laws, and technology. Specific security concepts are covered such as confidentiality, integrity, availability, authentication, and non-repudiation. The document also discusses privacy guidelines from the OECD and ensuring transparency through processes, governance, and auditability. PCI DSS requirements for payment card security are briefly outlined.
BaaSid divides the texts and images of personal information, splits and distributes them on a public network based on a block chain.
BaaSid is a 100% decentralized personal information network that enables all companies to securely and conveniently use all their personal authentication without operating a centralized DB server
We release information about BaaSid.
Tudor Stanciu is a lawyer and founder of Digital2Law and Fintech Camp who gives presentations on legal issues related to blockchain and digital technologies. He discusses how the legal framework typically changes after societal changes, not vice versa. When developing blockchain projects, some key considerations are participation, security, and liability. Blockchain could allow for self-regulation by communities due to the fragmentation of legal systems across countries. Stanciu also provides a questionnaire for legal and business issues related to blockchain projects and tokens. He outlines some problems that could arise from the core traits of blockchain like multiple anonymous nodes, and areas of interest like incentivizing employees and internal token economies.
Verifiable Credentials for Global Supply ChainsKaryl Fowler
Transmute hosted a discussion at the Internet Identity Workshop (IIW30, April 2020) about the use of verifiable credentials in global supply chains, emphasizing customer discovery and education approaches to emerging technology adoption.
Vlad Andrei's presentation from the ICO Advisory Group's Event "Blockchanging the world – the academic, technological and legal challenges of the blockchain revolution" held at Techhub Bucharest on December 20th, 2017.
Blockchain-Anchored Identity -- Daniel Buchner, Microsoftbernardgolden
The document discusses the potential of blockchain-anchored decentralized identity to transform how individuals control and share their personal data and credentials through "identity hubs", allowing a new generation of applications and services to access rich semantic identity data in real-time through standardized interfaces, ultimately creating a "web of everything" with unprecedented opportunities for interoperability and information flow.
The document discusses identity and access management (IAM) and its relationship to cloud computing. IAM is the process of managing digital identities and access privileges for users, systems, and services. When using cloud computing, an organization relinquishes control over infrastructure but gains flexibility, scalability, and reduced costs. IAM becomes especially important in the cloud to ensure security, privacy, and compliance through features like authentication, authorization, and audit tracking across multiple cloud applications and services.
Jan Keil - Identity and access management Facts. Challenges. SolutionTimetogrowup
This document discusses identity and access management. It begins by introducing the author and providing background on blockchain technology. It then discusses challenges with existing identity management systems like centralized servers and human errors. Blockchain is presented as a solution to issues like weak credentialing and data manipulation. The document outlines how blockchain could provide online passports for identification and give users control over their identity data. It also discusses using biometrics and knowing customer processes for identity verification. The role of access management in regulating user access is explained. Case studies on OAuth and Remme.io and how they utilize blockchain and tokens for decentralized identity and access management are presented.
While identity has not been considered a foundation of most security architectures, it is emerging as the key to reducing the risk of a breach. The Identity Defined Security Alliance is working to help organizations succeed in the battle to stay secure through providing community developed and practitioner approved best practices and identity-centric security controls and use cases. IDSA Executive Advisory Board member, Richard Bird, discusses why identity should be shaping the future of security and what the IDSA is doing to help practitioners succeed.
Introduction to Self-Sovereign IdentityKaryl Fowler
Juan Caballero from Spherity and Karyl Fowler from Transmute co-presented the Introduction to Self-Sovereign Identity (SSI) session at the 30th Internet Identity Workshop (IIW) in April 2020, demonstrating to newcomers the difference between the values associated with the "SSI movement" and "collection of technologies" that power applications that embody some of said values.
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
What does a world without passwords and usernames look like? What would a truly secure single sign-on system mean for your customer and employee experiences? What if multi-factor authentication was consistent and interoperable across the Internet?
On our July 9th webinar, we were joined by our partners at Condatis to dive into these very questions around the future of authentication, covering:
◙ The four types of authentication supported by Evernym today
◙ The flaws in today’s password-based, security question, and social login models
◙ The benefits of using verifiable portable credentials for authentication
◙ Using self-sovereign identity for multi-factor authentication
◙ A showcase of live SSI-enabled authentication projects
Presenters:
◙ Andy Tobin, EMEA Managing Director, Evernym
◙ Chris Eckl, Chief Technology Officer, Condatis
◙ James Monaghan, VP Product, Evernym
Trusting External Identity Providers for Global Research Collaborationsjbasney
Presented at:
https://www.eugridpma.org/meetings/2016-09/
Abstract:
Who do we trust to provide identity and access management services for our research collaborations? When do we decide to implement it ourselves versus relying on others? How do we create incentives for establishing trust? How do we bridge the gaps in trust, functionality, and reliability? In this presentation, Jim will review lessons learned from his experiences working with IGTF certificates, eduGAIN SAML assertions, and OpenID Connect claims for access to scientific research applications. What new challenges appear when moving from 1 to 10 to 100 to 1000 identity providers? Why does identity information flow more easily in some federations and not others? How do we determine what levels of assurance we need and find providers who can meet those needs? How do we mitigate the risks? How do we effectively federate services operated by the research community, higher education institutions, NRENs, and commercial providers?
Bio:
Dr. Jim Basney is a senior research scientist in the cybersecurity group at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign. He is Principal Investigator of the CILogon project and co-PI of the Center for Trustworthy Scientific Cyberinfrastructure and Software Assurance Marketplace projects. Jim also contributes to LIGO, LSST, and XSEDE. He has operated IGTF-accredited certificate authorities since 2007 and was a member of the InCommon federation's technical advisory committee for 6 years. Jim received his PhD in computer sciences from the University of Wisconsin-Madison in 2001.
Decentralized identity uses standards to create an interoperable language for new identity products and services to be build. Using Verifiable Credentials and Decentralized Identifiers.
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
1) Traditional identity and access management programs are facing pressures from increasing complexity, focus on the user experience, and new regulations.
2) Smart identity is needed to securely connect every user, API, and device to every application in and outside the enterprise in today's hybrid multicloud world.
3) IBM's identity and access management solutions include adaptive access to balance security and user experience, identity and privileged access management analytics to identify risks, and decentralized identity to enable user-owned digital identities.
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...PECB
The document provides biographies for Scott Perry and Drummond Reed, who are experts on blockchain and digital trust. Scott Perry has extensive experience auditing public key infrastructure and blockchain networks. Drummond Reed has 20 years of experience in internet identity and has held leadership roles in standards bodies and blockchain foundations. The document then covers topics related to defining trust, attributes of trust, risks to digital trust, and the components and governance of blockchain trust frameworks.
Digital Law document discusses identity and access management (IAM). IAM is defined as managing digital identities and access for people, systems, and services through processes like user management, access management, provisioning and de-provisioning, and audit and reporting. The document then discusses the context of IAM in 2016, noting the variety of digital identities that now exist and the need to manage them. It also discusses how IAM relates to cloud computing, with cloud services providing infrastructure and resources on demand that users can access through web services and APIs without understanding the underlying implementation.
Self-sovereign identity (SSI) is a new identity model that gives the user control and ownership over her data.
To dive into what this means and the benefits it offers, Evernym's Andy Tobin gave a webinar on October 17, 2019 introducing the topic of self-sovereign identity and its role in transforming customer experiences and unlocking competitive advantage.
Nowadays most components of a full identity infrastructure are available as Open Source components - and some even within The ASF: identity repositories, provisioning engines, access management systems.
Picking these bricks to realize a solution that will suit the wide-range ever-changing organizations' needs is a real challenge for all system integrators in the Identity & Access Management area.
Some real-word use cases and scenarios will be reviewed in this presentation to highlight strengths, flexibility and benefits - but also wicked problems and possible improvements - that Open Source Identity infrastructures can provide to organizations and final users.
IAM refers to identity and access management. It involves managing user identities and access across various systems and applications. In cloud computing, IAM takes on additional considerations like managing access to cloud-based applications and services. Key aspects of IAM include provisioning and de-provisioning user accounts, authentication, authorization, role-based access controls, and auditing. IAM aims to bring order to complex identity and access environments while also improving security, compliance and user experience.
Can Blockchain Enable Identity Management?Priyanka Aash
Blockchain continues to gain traction in the market place as a compelling solution for making identity and access management (IAM) more cost effective by harnessing the power of distributed members in order to “crowdsource” identity services. This session will review an attempt to prove this hypothesis through a proof-of-concept (POC) built for a not-for-profit healthcare consortium.
Learning Objectives:
1: Learn what blockchain is and how it can help solve problems within IAM.
2: Understand the intended end-state and key players in the blockchain identity ecosystem.
3: Learn about the key elements and lessons learned from this POC.
(Source: RSA Conference USA 2018)
Benefits of Blockchain for Identity and Access Management - By Azgari Lipshy Azgari Lipshy
Azgari Lipshy writes about technology, yoga and her solo travels around the world. She is a degreed quota-carrying technology industry sales and account management professional with progressive territory growth for enterprise and channel sales.
Kerberos is an authentication protocol that allows nodes communicating over an untrusted network to verify each other's identity. It uses symmetric encryption and a trusted third party called the Key Distribution Center (KDC) to authenticate users and services. The KDC issues credentials called tickets that grant access to trusted services across the network. Kerberos provides single sign-on by generating session keys that allow access to multiple services without re-authenticating. It is built into major operating systems and enables secure authentication over an insecure network like the internet.
Lessons in privacy engineering from a nation scale identity system - connect idDavid Kelts, CIPT
Everybody wants to achieve privacy by design? But how do you do that? This slideshare will show you how. What is privacy? What thought processes will bring about understanding of the security measures to take in order to ensure your users privacy?
An Introduction to Authentication for ApplicationsUbisecure
This document provides an introduction to various authentication methods for applications, including passwords, one-time passwords, social identities, corporate identities, and public key infrastructure (PKI). It discusses the driving forces towards passwordless authentication, including improving customer experience, regulatory pressures, data breaches, and authentication strength. The document evaluates each authentication method based on factors like usability, security, and their ability to meet a given level of assurance. It aims to help readers understand the tradeoffs of different authentication solutions.
Similar to Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19 (20)
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfTechgropse Pvt.Ltd.
In this blog post, we'll delve into the intersection of AI and app development in Saudi Arabia, focusing on the food delivery sector. We'll explore how AI is revolutionizing the way Saudi consumers order food, how restaurants manage their operations, and how delivery partners navigate the bustling streets of cities like Riyadh, Jeddah, and Dammam. Through real-world case studies, we'll showcase how leading Saudi food delivery apps are leveraging AI to redefine convenience, personalization, and efficiency.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Things to Consider When Choosing a Website Developer for your Website | FODUUFODUU
Choosing the right website developer is crucial for your business. This article covers essential factors to consider, including experience, portfolio, technical skills, communication, pricing, reputation & reviews, cost and budget considerations and post-launch support. Make an informed decision to ensure your website meets your business goals.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
1. Digital Identity
DISCUSSION AT THE VANCOUVER IAM MEETUP 2017-12-19
ANDREWHUGHES3000@GMAIL.COM @IDIMANDREW
Digital Identity Landscape for Vancouver IAM Meetup by Andrew Hughes is licensed under
a Creative Commons Attribution 4.0 International License.
2. Today’s Topic
(not blockchain – sorry!)
What does the IAM/IDM landscape look like?
Where do new approaches and technologies fit?
What’s exciting (to me, at least) and evolving to attack long-standing
problems?
2
3. What Organizational Contexts?
Context is everything
Identification, authentication, authorization are all relative to a population, a
relationship set, a resource set, authorities, etc.
A) Internal operations
Employees, contractors, students, business units, …
B) External partners
Vendors, commercial partners, back-office services, supply chain, …
C) External clients
Customers, shoppers, social networks, offline-ish, devices/things, …
3
4. What other (non-org) contexts?
Peer-to-peer (P2P)
‘Circle of Trust’ / ‘Web of Trust’
User Centric
Anonymous
Profiling / cookie tracking / marketing segmentation
Segregated domain (walled gardens, in-game communities)
Self-Sovereign
Non-Person Entity, Autonomous agents
4
5. What’s the primary goal of IDM?
Convert an ‘unknown’ entity into a ‘known’ entity,
then do interesting stuff
Login / Authenticate to a system
Physical/logical credentials, authorization/access control, …
Manage a customer (service) account & deliver services
Personalize, add info, keep records, …
Increase the ‘known-ness’ of the entity – increase ‘proof’ of identity
Get attributes, assertions, evidence from sources to substantiate
Register, enroll, step-up/’trust elevate’
5
6. What’s the primary goal of IDM?
Convert an ‘unknown’ entity into a ‘known’ entity,
then do interesting stuff
Login / Authenticate to a system
Physical/logical credentials, authorization/access control, …
Manage a customer (service) account & deliver services
Could be: hire person, pay them, do productive work, manage, …
Increase the ‘known-ness’ of the entity – increase ‘proof’ of identity
Get attributes, assertions, evidence from sources to substantiate
Register, enroll, step-up/’trust elevate’
6
7. A Simplistic Digital Identity Matrix
Internal External - Partner External - Client
‘Login’
1 4 7
Service Account
2 5 8
ID Verification &
’Entity Binding’ 3 6 9
7
8. A Simplistic Digital Identity Matrix
Internal Notes Tech Standards
1: ‘Login’
• Managed
environment
• Known actors
• Employment
contracts
• Policy is
enforceable
• Active Directory
• LDAP
• Virtual directory
• Privileged account
management
• Multi-factor
authentication
• Federated
authentication
• IDaaS &
Directories
• Lots of them
2: Service Account
3: ID Verification &
‘Entity Binding’
• Hiring process,
background
checks, payroll
• Onboarding
processes
• Long relationship
8
9. A Simplistic Digital Identity Matrix
External - Partner Notes Tech Standards
4: ‘Login’
• Known actors
• Commercial
contracts
• T&C enforceable
• Active Directory
• LDAP
• Virtual directory
• Privileged account
management
• Multi-factor
authentication
• Federated
authentication
• IDaaS &
Directories
• Lots of them5: Service Account
6: ID Verification &
‘Entity Binding’
• Contract specified
• Onboarding
processes
• Prior relationships
9
11. Old approaches
Increase the ‘known-ness’ of the entity – increase ‘proof’ of identity
Get attributes, assertions, evidence from sources to substantiate
Old approaches
Gather ID Evidence at registration only
Use ‘paper’ credentials as a primary source of evidence
Weak connection (binding process) between person and issued authentication credential
Use public, hacked, or guessable data to feed KBA/KBV and (in)security questions
Rely on service counter staff to be better than machines and fake ID
11
12. A Simplistic Digital Identity Matrix
External - Client Notes Tech Standards
7: ‘Login’
• Outside the
security domain
• Previously-
unknown actors
• T&C iffy
• Uncontrolled user
behaviour & tech
• Username-
password
• One-time
password (SW|HW)
• SW|HW ‘crypto’
tokens
• PKIs
• Biometric-enabled
devices
• Device
fingerprinting
• Decentralized
Identifiers
• NIST SP 800-63 v3
• ISO 24760
• ISO 29003
• ISO 29115
• OASIS SAML
• IETF OAUTH, JWT,
JOSE, SCIM
• OIDF OpenID
Connect
• FIDO U2F & UAF &
CTAP
• W3C Verifiable
Claims, WebAuthn
• OpenBadges
8: Service Account
9: ID Verification &
‘Entity Binding’
• Self-asserted
evidence
• KBA/KBV (ugh)
• ID Resolution
companies
• Remote attribute
assertions
12
Old ways: How to connect/bind
the ‘entity’ to the ‘electronic
record’
13. New techniques
Increase the ‘known-ness’ of the entity – increase ‘proof’ of identity
Get attributes, assertions, evidence from sources to substantiate
New techniques
Attribute collection and verification over time
Accept assertions from a large number of authorities and sources
Risk-based and relationship-based confidence
Use ‘non-memory’ human indicators to confirm presence and the specific individual
(device fingerprints, behavioural analysis, human gestures)
Optimize for user experience (passwordless systems, hardware/mobile authenticators,
intrude thoughtfully, better account recovery)
Don’t trust the humans to spot the fake credentials
13
14. A Simplistic Digital Identity Matrix
External - Client Notes Tech Standards
7: ‘Login’
• Outside the
security domain
• Previously-
unknown actors
• T&C iffy
• Uncontrolled user
behaviour & tech
• Username-
password
• One-time
password (SW|HW)
• SW|HW ‘crypto’
tokens
• PKIs
• Biometric-enabled
devices
• Device
fingerprinting
• Decentralized
Identifiers
• NIST SP 800-63 v3
• ISO 24760
• ISO 29003
• ISO 29115
• OASIS SAML
• IETF OAUTH, JWT,
JOSE, SCIM
• OIDF OpenID
Connect
• FIDO U2F & UAF &
CTAP
• W3C Verifiable
Claims, WebAuthn
• OpenBadges
8: Service Account
9: ID Verification &
‘Entity Binding’
• Self-asserted
evidence
• KBA/KBV (ugh)
• ID Resolution
companies
• Remote attribute
assertions
14
New ways to triangulate on the
‘entity’ and build confidence
over time
15. Problems?
How does a service provider figure out all the authorities, data sources and
verifiers that pertain to an entity?
How does a service provider know if data about an entity is ‘good’ or reliable?
How does an entity keep track of where it’s authorities, data sources and
verifiers are?
How does an entity shield themselves from correlation and usage profiling?
Who keeps the private keys private?
Does anyone actually care who the real person really and truly is? Or is taking
their word for it good enough most of the time?
In other words: should IDM systems be very concerned with identification? Or
mostly authentication and verification?
15
16. Attribute Data
Fast evolution of approaches and technologies
Data is a toxic compound!
How to decentralize or distribute data to lower risk and overhead?
Move to a claims-based approach
Be an originator and authority for the smallest possible data set
See Open Badges, Blockcerts, Verifiable Claims
16
18. Blockcerts, Open Badges
“Learning Machine collaborated with the MIT Media Lab to develop
Blockcerts, an open standard for issuing and verifying credentials on a
blockchain.”
“The aim behind Blockcerts is to give recipients ownership of their official
records so that they are freed from ongoing dependency on issuing
institutions—or any centralized authority—to verify their own credentials
and achievements.”
“Blockcerts, a blockchain-based credentialing standard, is architected from
many of the same values that drove the development of Open Badges:
interoperability, portability, and verifiability.”
https://medium.com/learning-machine-blog/the-time-for-self-sovereign-
identity-is-now-222aab97041b
18
19. Identifiers
Fast evolution of approaches and technologies
Turns out that identifiers are (still) the keys to the systems
Universal identifiers are not great for online connected systems (e.g. email
address or SIN)
Per-domain identifiers do not readily cross namespace boundaries
People do not deal with kazillions of identifiers very well
Public registries and DLT approaches are evolving to enable namespace
discovery and traversal
See Decentralized Identifiers, Blockstack/Onename
19
20. Decentralized Identifiers
“Decentralized Identifiers (DIDs) are a new type of identifier intended for
verifiable digital identity that is "self-sovereign", i.e., fully under the control
of an entity and not dependent on a centralized registry, identity provider,
or certificate authority. DIDs resolve to DID Documents. Which typically
contains at least three things. 1) a set of mechanisms that may be used to
authenticate as as a particular DID (e.g. public keys, pseudonymous
biometric templates, etc.). 2) a set of authorization information that
outlines which entities may modify the DID Document. 3) a set of service
endpoints, which may be used to initiate trusted interactions with the
entity.”
Decentralized ID Foundation:
https://medium.com/decentralized-identity/the-rising-tide-of-
decentralized-identity-2e163e4ec663
20
21. Decentralized Public Key Systems
This is still the big unsolved issue – how to generate, distribute, manage
and secure key pairs
Will ‘blockchain wallets’ save the day?
Will someone develop self-healing key management systems?
Will a new type of entity arise to do the ‘binding’ of entity to keys better than
Certificate Authorities have done?
Who will invent ‘keyless’ security systems that take responsibility for
private keys away from the humans?
21
22. Entity Binding & Assurance
Precise determination of the actual, authentic, ‘real person’ entity is
overrated in most cases
In particular when it is front-loaded into registration
This approach tends to grow big data sets that need to be maintained
Long-lasting services or infrequent accesses defeat the utility of front-loaded
resolution
Risk-based authentication, delayed identification, real-time techniques, trust
elevation are being used to increase assurance over time that the entity is
correctly identified when needed and to the degree needed
22
23. About me
Andrew Hughes, CISSP, CISM
Founder, ITIM Consulting Corp.
~ 25 years in IM/IT consulting
~ 14 years @ Sierra Systems Victoria; ~ 5 years Independent Analyst
Working on: digital identity & personal data consortia, international standards,
trust frameworks, peering into the future of digital people and evolving
systems of systems
KantaraInitiative.org Leadership Council Chair; Chair of Consent & Information
Sharing WG; Secretary/Instigator of the new Consent Management Solutions WG
Past Plenary Vice-Chair, US NSTIC ID Ecosystem Steering Committee
Current delegate to ISO as a Canadian Expert for SC 27 WG 5 (Identity and Privacy);
co-rapporteur for 2 Study Periods, tracking 3-4 standards
I learn about, research and explore new and interesting Digital Identity stuff
that will emerge in 3 to 5 years’ time.
23