SlideShare a Scribd company logo

The New Venn of Access Control in the API-Mobile-IOT Era

Download as PPTX, PDF
ForgeRock
ForgeRock

Presentation from the 2014 IRM Summit in Phoenix, Arizona by Eve Maler, Principal Analyst Serving Security & Risk Professionals at Forrester.

SoftwareTechnologyBusiness
1 of 29
The New Venn Of Access Control In The API-Mobile-IoT Era Eve Maler, Principal Analyst, Security & Risk June 4, 2014 @xmlgrrl
The business tech landscape is handing us hard IAM problems. Traditional solutions don’t “work less well”…they don’t work at all.
© 2012 Forrester Research, Inc. Reproduction Prohibited Agenda What are the implications of “BYO”? Emerging technologies help you achieve a Zero Trust posture What remains to be done? 3
© 2012 Forrester Research, Inc. Reproduction Prohibited The extended enterprise forces IT to handle bring-your-own-everything 4 Source: April 7, 2014, “Navigate The Future Of Identity And Access Management” Forrester report
© 2012 Forrester Research, Inc. Reproduction Prohibited You can’t trust everything + everyone inside your crunchy perimeter anyway 5 Source: November 15, 2012, “No More Chewy Centers: Introducing The Zero Trust Model Of Information Security” Forrester report …so stop trying
© 2012 Forrester Research, Inc. Reproduction Prohibited Many APIs have acquired business models, driven by mobile 6
© 2012 Forrester Research, Inc. Reproduction Prohibited IT now confronts webdevification 7 value X friction Y
© 2012 Forrester Research, Inc. Reproduction Prohibited Our worlds are colliding 8 UNIFY YOUR STANCE AND PREPARE FOR ANYTHING B2C B2E B2B the identity singularity B2D
© 2012 Forrester Research, Inc. Reproduction Prohibited Agenda What are the implications of “BYO”? Emerging technologies help you achieve a Zero Trust posture What remains to be done? 9
© 2012 Forrester Research, Inc. Reproduction Prohibited A tour through some previous Venns 10 vintage 2007
© 2012 Forrester Research, Inc. Reproduction Prohibited A tour through some previous Venns 11 vintage 2007
© 2012 Forrester Research, Inc. Reproduction Prohibited 12 vintage 2009 A tour through some previous Venns
© 2012 Forrester Research, Inc. Reproduction Prohibited 13 vintage 2009 A tour through some previous Venns
© 2012 Forrester Research, Inc. Reproduction Prohibited 14Source: October 2012 “TechRadar™ For Security Pros: Zero Trust Identity Standards, Q3 2012” Emerging standards have an edge over traditional ones for Zero Trust Key features: • Governance • Hubris Key features: • “Solving the right problem” • Enterprise-only scope Key features: • Agility • Mobile/cloud friendliness • Robustness
© 2012 Forrester Research, Inc. Reproduction Prohibited A new Venn for “access management 2.0” 15 JUST WHAT THE API-MOBILE-IOT AXIS NEEDS*
© 2012 Forrester Research, Inc. Reproduction Prohibited 16 IT LETS A RESOURCE OWNER DELEGATE CONSTRAINED ACCESS OAuth is about more than the “password anti-pattern”
© 2012 Forrester Research, Inc. Reproduction Prohibited OpenID Connect turns SSO into a standard OAuth-protected identity API SAML 2.0, OpenID 2.0 17 OAuth 2.0 OpenID Connect X Initiating user’s login session Not responsible for collecting user consent High-security identity tokens (SAML only) Distributed and aggregated claims Session timeout X X Dynamic introduction (OpenID only) X Not responsible for session initiation Collecting user’s consent to share attributes No identity tokens per se X Client onboarding is static X No claims per se; protects arbitrary APIs X Initiating user’s login session Collecting user’s consent to share attributes High-security identity tokens (using JSON Web Tokens) Distributed and aggregated claims Session timeout (in the works) Dynamic introduction No sessions per seX
© 2012 Forrester Research, Inc. Reproduction Prohibited UMA enables authorization that’s friendly to OAuth, APIs, PbD, and (it appears) IoT 18 Standardized APIs enable Internet-scale authz-as-a-service Outsources protection to a centralized “digital footprint control console” for Alice or an IT admin The “user” in User-Managed Access (UMA) – can be an organization (“headless”) Some guy not accounted for in OAuth…
© 2012 Forrester Research, Inc. Reproduction Prohibited Mapping UMA to classic authorization architecture 19 ~PDP~PEP Deliberately prepared for n:n relationships Implicitly a PAP and PIP, or a client to them Together, ~requester Claims and context gathered at run time Policymaker (no std policy expression or evaluation)
© 2012 Forrester Research, Inc. Reproduction Prohibited 20 The RS exposes whatever value-add API it wants, protected by an AS App-specific API UMA-enabled client RPT requesting party token (can be profiled to move the PDP/PEP line)
© 2012 Forrester Research, Inc. Reproduction Prohibited 21 The AS exposes an UMA- standardized protection API to the RS ProtectionAPI Protectionclient PAT protection API token includes resource registration API and token introspection API
© 2012 Forrester Research, Inc. Reproduction Prohibited 22 The AS exposes an UMA- standardized authorization API to the client Authorization API Authorization client AAT authorization API token supports OpenID Connect-based claims- gathering for authz
© 2012 Forrester Research, Inc. Reproduction Prohibited You delegate scope- constrained access to other apps OpenID Connect UMA OAuth 2.0 Apps can get access using a variety of token types You grant access to apps operated by you You achieve federated single sign-on and login-time attribute exchange You control access to claims about you You can control access to any type of web resource You can grant access to apps operated by anyone You grant access by consenting to terms at run time You can grant access by setting policies and terms ahead of time Profiles as a claims-gathering option ProfilesforSSOAPIprotection Requesting party is authorized based on claims Profilestosolveaccessmanagement Claims can come from distributed sources Apps can get access after you go offline You control access to web APIs Apps get access using bearer-style tokens The authorization function is effectively local to resources The authorization function is standard and centralizable Calling app is recognized based on authenticated identity Detailed summary
© 2012 Forrester Research, Inc. Reproduction Prohibited Agenda What are the implications of “BYO”? Emerging technologies help you achieve a Zero Trust posture What remains to be done? 24
© 2012 Forrester Research, Inc. Reproduction Prohibited After the REST maturity ladder must come “scope design best practices” 25 actors (“subjects”) resources accessed (“objects”) and operations (“verbs”) roles groups arbitrary other authz context domain URL path HTTP method field Classic fine- grained Emerging scope- grained Classic coarse- grained authn context attributes/ claims
© 2012 Forrester Research, Inc. Reproduction Prohibited Webdevs and IoT demand the right appsec design center and footprint
© 2012 Forrester Research, Inc. Reproduction Prohibited Federations must grow to accommodate outsourced access 27 I promise to Adhere-to- Terms once I get access using a valid RPT with the right authz data! I promise to Adhere-to- Terms once the AS adds authz data to your RPT!
© 2012 Forrester Research, Inc. Reproduction Prohibited IRM for healthcare requires serious security, privacy, and discoverability 28 AS AS AS RS RS RS RS C C C C C C C C • Likely EHR operators in the US • Healthcare providers • Wearables and other quantified-self apps • “Mint for patients and caregivers” Benefits • Proactive, trackable consent directives • Blue Button+-friendly data delivery Challenges • Sclerotic IT practices • Nth-degree security, privacy, and discoverability requirements RS RS
Thank you Eve Maler +1 425.345.6756 emaler@forrester.com @xmlgrrl

Recommended

Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Eve Maler
 
Modern IAM Trends and Themes by Eve Maler, Forrester
Modern IAM Trends and Themes by Eve Maler, ForresterModern IAM Trends and Themes by Eve Maler, Forrester
Modern IAM Trends and Themes by Eve Maler, Forrester
ForgeRock
 
CIS14: User-Managed Access
CIS14: User-Managed AccessCIS14: User-Managed Access
CIS14: User-Managed Access
CloudIDSummit
 
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsUser-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
ForgeRock
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
 
CIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George FletcherCIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George Fletcher
CloudIDSummit
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?
CloudIDSummit
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Ping Identity
 

Recommended

Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Eve Maler
 
Modern IAM Trends and Themes by Eve Maler, Forrester
Modern IAM Trends and Themes by Eve Maler, ForresterModern IAM Trends and Themes by Eve Maler, Forrester
Modern IAM Trends and Themes by Eve Maler, Forrester
ForgeRock
 
CIS14: User-Managed Access
CIS14: User-Managed AccessCIS14: User-Managed Access
CIS14: User-Managed Access
CloudIDSummit
 
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsUser-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
ForgeRock
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
 
CIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George FletcherCIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George Fletcher
CloudIDSummit
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?
CloudIDSummit
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Ping Identity
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
Ping Identity
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
Ping Identity
 
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
Mike Schwartz
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
Ping Identity
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Ping Identity
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
Ping Identity
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingDr. Wilfred Lin (Ph.D.)
 
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
ForgeRock
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Ping Identity
 
Protecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond OauthProtecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond Oauth
Apigee | Google Cloud
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
Sylvain Maret
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael Dowling
ForgeRock
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
Ping Identity
 
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
ForgeRock
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
Ping Identity
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Ping Identity
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
Apigee | Google Cloud
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Katherine Cola
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
OracleIDM
 

More Related Content

What's hot

Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
Ping Identity
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
Ping Identity
 
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
Mike Schwartz
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
Ping Identity
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Ping Identity
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
Ping Identity
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingDr. Wilfred Lin (Ph.D.)
 
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
ForgeRock
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Ping Identity
 
Protecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond OauthProtecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond Oauth
Apigee | Google Cloud
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
Sylvain Maret
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael Dowling
ForgeRock
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
Ping Identity
 
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
ForgeRock
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
Ping Identity
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Ping Identity
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
Apigee | Google Cloud
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 

What's hot (20)

Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
 
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everything
 
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
Sydney Identity Summit: Doing Authorisation, Consent and Delegation Right wit...
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
 
Protecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond OauthProtecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond Oauth
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael Dowling
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
 
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
The Business Ecosystem is a Neighborhood - ForgeRock Identity Live Austin 2017
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 

Similar to The New Venn of Access Control in the API-Mobile-IOT Era

Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Katherine Cola
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
OracleIDM
 
GHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail QuestGHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail Quest
PaulaPaulSlides
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity services
Sumana Mehta
 
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CloudIDSummit
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
OracleIDM
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Accenture
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
OracleIDM
 
Identity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptIdentity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.ppt
mamathajagarlamudi2
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
John Lewis
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
Christian Glahn
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
CA API Management
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will fail
IBM Security
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
CA API Management
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
Prof. Jacques Folon (Ph.D)
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
Nordic APIs
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CloudIDSummit
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOWSO2
 

Similar to The New Venn of Access Control in the API-Mobile-IOT Era (20)

Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
GHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail QuestGHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail Quest
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity services
 
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
 
Identity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptIdentity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.ppt
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will fail
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSO
 

More from ForgeRock

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
ForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
ForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
ForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
ForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
ForgeRock
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
ForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
ForgeRock
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
ForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
ForgeRock
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
ForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
ForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
ForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
ForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
ForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
ForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
ForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
ForgeRock
 

More from ForgeRock (20)

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 

Recently uploaded

LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
Alina Yurenko
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
ShamsuddeenMuhammadA
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 

Recently uploaded (20)

LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 

The New Venn of Access Control in the API-Mobile-IOT Era

  • 1. The New Venn Of Access Control In The API-Mobile-IoT Era Eve Maler, Principal Analyst, Security & Risk June 4, 2014 @xmlgrrl
  • 2. The business tech landscape is handing us hard IAM problems. Traditional solutions don’t “work less well”…they don’t work at all.
  • 3. © 2012 Forrester Research, Inc. Reproduction Prohibited Agenda What are the implications of “BYO”? Emerging technologies help you achieve a Zero Trust posture What remains to be done? 3
  • 4. © 2012 Forrester Research, Inc. Reproduction Prohibited The extended enterprise forces IT to handle bring-your-own-everything 4 Source: April 7, 2014, “Navigate The Future Of Identity And Access Management” Forrester report
  • 5. © 2012 Forrester Research, Inc. Reproduction Prohibited You can’t trust everything + everyone inside your crunchy perimeter anyway 5 Source: November 15, 2012, “No More Chewy Centers: Introducing The Zero Trust Model Of Information Security” Forrester report …so stop trying
  • 6. © 2012 Forrester Research, Inc. Reproduction Prohibited Many APIs have acquired business models, driven by mobile 6
  • 7. © 2012 Forrester Research, Inc. Reproduction Prohibited IT now confronts webdevification 7 value X friction Y
  • 8. © 2012 Forrester Research, Inc. Reproduction Prohibited Our worlds are colliding 8 UNIFY YOUR STANCE AND PREPARE FOR ANYTHING B2C B2E B2B the identity singularity B2D
  • 9. © 2012 Forrester Research, Inc. Reproduction Prohibited Agenda What are the implications of “BYO”? Emerging technologies help you achieve a Zero Trust posture What remains to be done? 9
  • 10. © 2012 Forrester Research, Inc. Reproduction Prohibited A tour through some previous Venns 10 vintage 2007
  • 11. © 2012 Forrester Research, Inc. Reproduction Prohibited A tour through some previous Venns 11 vintage 2007
  • 12. © 2012 Forrester Research, Inc. Reproduction Prohibited 12 vintage 2009 A tour through some previous Venns
  • 13. © 2012 Forrester Research, Inc. Reproduction Prohibited 13 vintage 2009 A tour through some previous Venns
  • 14. © 2012 Forrester Research, Inc. Reproduction Prohibited 14Source: October 2012 “TechRadar™ For Security Pros: Zero Trust Identity Standards, Q3 2012” Emerging standards have an edge over traditional ones for Zero Trust Key features: • Governance • Hubris Key features: • “Solving the right problem” • Enterprise-only scope Key features: • Agility • Mobile/cloud friendliness • Robustness
  • 15. © 2012 Forrester Research, Inc. Reproduction Prohibited A new Venn for “access management 2.0” 15 JUST WHAT THE API-MOBILE-IOT AXIS NEEDS*
  • 16. © 2012 Forrester Research, Inc. Reproduction Prohibited 16 IT LETS A RESOURCE OWNER DELEGATE CONSTRAINED ACCESS OAuth is about more than the “password anti-pattern”
  • 17. © 2012 Forrester Research, Inc. Reproduction Prohibited OpenID Connect turns SSO into a standard OAuth-protected identity API SAML 2.0, OpenID 2.0 17 OAuth 2.0 OpenID Connect X Initiating user’s login session Not responsible for collecting user consent High-security identity tokens (SAML only) Distributed and aggregated claims Session timeout X X Dynamic introduction (OpenID only) X Not responsible for session initiation Collecting user’s consent to share attributes No identity tokens per se X Client onboarding is static X No claims per se; protects arbitrary APIs X Initiating user’s login session Collecting user’s consent to share attributes High-security identity tokens (using JSON Web Tokens) Distributed and aggregated claims Session timeout (in the works) Dynamic introduction No sessions per seX
  • 18. © 2012 Forrester Research, Inc. Reproduction Prohibited UMA enables authorization that’s friendly to OAuth, APIs, PbD, and (it appears) IoT 18 Standardized APIs enable Internet-scale authz-as-a-service Outsources protection to a centralized “digital footprint control console” for Alice or an IT admin The “user” in User-Managed Access (UMA) – can be an organization (“headless”) Some guy not accounted for in OAuth…
  • 19. © 2012 Forrester Research, Inc. Reproduction Prohibited Mapping UMA to classic authorization architecture 19 ~PDP~PEP Deliberately prepared for n:n relationships Implicitly a PAP and PIP, or a client to them Together, ~requester Claims and context gathered at run time Policymaker (no std policy expression or evaluation)
  • 20. © 2012 Forrester Research, Inc. Reproduction Prohibited 20 The RS exposes whatever value-add API it wants, protected by an AS App-specific API UMA-enabled client RPT requesting party token (can be profiled to move the PDP/PEP line)
  • 21. © 2012 Forrester Research, Inc. Reproduction Prohibited 21 The AS exposes an UMA- standardized protection API to the RS ProtectionAPI Protectionclient PAT protection API token includes resource registration API and token introspection API
  • 22. © 2012 Forrester Research, Inc. Reproduction Prohibited 22 The AS exposes an UMA- standardized authorization API to the client Authorization API Authorization client AAT authorization API token supports OpenID Connect-based claims- gathering for authz
  • 23. © 2012 Forrester Research, Inc. Reproduction Prohibited You delegate scope- constrained access to other apps OpenID Connect UMA OAuth 2.0 Apps can get access using a variety of token types You grant access to apps operated by you You achieve federated single sign-on and login-time attribute exchange You control access to claims about you You can control access to any type of web resource You can grant access to apps operated by anyone You grant access by consenting to terms at run time You can grant access by setting policies and terms ahead of time Profiles as a claims-gathering option ProfilesforSSOAPIprotection Requesting party is authorized based on claims Profilestosolveaccessmanagement Claims can come from distributed sources Apps can get access after you go offline You control access to web APIs Apps get access using bearer-style tokens The authorization function is effectively local to resources The authorization function is standard and centralizable Calling app is recognized based on authenticated identity Detailed summary
  • 24. © 2012 Forrester Research, Inc. Reproduction Prohibited Agenda What are the implications of “BYO”? Emerging technologies help you achieve a Zero Trust posture What remains to be done? 24
  • 25. © 2012 Forrester Research, Inc. Reproduction Prohibited After the REST maturity ladder must come “scope design best practices” 25 actors (“subjects”) resources accessed (“objects”) and operations (“verbs”) roles groups arbitrary other authz context domain URL path HTTP method field Classic fine- grained Emerging scope- grained Classic coarse- grained authn context attributes/ claims
  • 26. © 2012 Forrester Research, Inc. Reproduction Prohibited Webdevs and IoT demand the right appsec design center and footprint
  • 27. © 2012 Forrester Research, Inc. Reproduction Prohibited Federations must grow to accommodate outsourced access 27 I promise to Adhere-to- Terms once I get access using a valid RPT with the right authz data! I promise to Adhere-to- Terms once the AS adds authz data to your RPT!
  • 28. © 2012 Forrester Research, Inc. Reproduction Prohibited IRM for healthcare requires serious security, privacy, and discoverability 28 AS AS AS RS RS RS RS C C C C C C C C • Likely EHR operators in the US • Healthcare providers • Wearables and other quantified-self apps • “Mint for patients and caregivers” Benefits • Proactive, trackable consent directives • Blue Button+-friendly data delivery Challenges • Sclerotic IT practices • Nth-degree security, privacy, and discoverability requirements RS RS
  • 29. Thank you Eve Maler +1 425.345.6756 emaler@forrester.com @xmlgrrl

Editor's Notes

  1. Source: http://www.flickr.com/photos/sludgeulper/4545744255/ Government agency: “SaaS makes traditional access management useless.” Construction firm: “We can’t just Kerberize apps anymore.”
  2. Image sources: https://www.blinkdata.com/skills/, http://www.informationbuilders.com/blog/hans-heerooms/14979
  3. Image source: http://blog.programmableweb.com/2013/10/03/api-world-day-one-developer-focused-services-rise-up-while-api-business-models-remain-unsolved/
  4. Image source: http://www.xmlgrrl.com/blog/wp-content/uploads/2007/03/venn.jpg
  5. Image source: http://www.xmlgrrl.com/blog/wp-content/uploads/2007/03/venn-ws.jpg
  6. Image source: http://www.xmlgrrl.com/blog/wp-content/uploads/2009/09/VennOfIdentity-Sep2009.png
  7. Image source: http://www.xmlgrrl.com/blog/wp-content/uploads/2009/10/VennOfBCID-Oct2009.png
  8. Image sources: http://blogs.forrester.com/eve_maler/12-03-12-a_new_venn_of_access_control_for_the_api_economy, http://www.json.org
  9. The magic of OAuth: Gets client apps out of the business of storing passwords Friendly to a variety of user authentication methods and user devices, including smartphones and tablets Allows app access to be tracked and revoked on a per-client basis Allows for least-privilege access to API features Can capture explicit user authorization for access Lowers the cost of secure app development Bonus: provides plumbing for a much larger class of needs around security, identity, access, and privacy
  10. Image source: http://xacmlinfo.org/2011/10/30/xacml-reference-architecture/