SlideShare a Scribd company logo

Identity systems

Jim Fenton
Jim Fenton

The document discusses key concepts related to identity systems, including subjects, relying parties, attributes, and the basic functions of an identity provider. It outlines a basic identity system model where the identity provider authenticates the user and authorizes the release of attributes to relying parties. It also covers important topics such as user trust, authentication methods, credential management, directed identity, attribute sources, and security and availability challenges.

TechnologyEducation
1 of 28
Download to read offline
Identity Systems Jim Fenton
“Defining identity is like nailing Jell-O® to the wall.” – Source Uncertain Flickr photo by stevendepolo Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 2
Terminology   Subject The person (usually) whose identity is involved Sometimes called the User   Relying Party The entity the Subject is interacting with Sometimes called the Service Provider   Attribute A piece of information about the Subject Sometimes called a Claim Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 3
A Basic Identity System Government Identity Provider Authentication Request Commerce Social Media Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 4
A Basic Identity System Government Identity User Provider User Credentials Authentication Commerce Social Media Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 5
A Basic Identity System Government Identity Authorize Info Provider Attribute Request/ Release Response Commerce Social Media Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 6
Elements of Identity Management Percent Authentication Credential Management Establish who the Subject is Prove to Relying Parties who the Subject is Attribute Management Provide information about the Subject Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 7
User Trust   User trust in their Identity Provider is fundamental Not all users trust any one entity Most likely to trust entities they do business with and strong, trusted brands Different trusted entities in different cultures   An ecosystem of identity providers is required Users need to choose their own identity provider Need to consider ability to migrate to a different provider if required Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 8
Authentication Flickr photo by shannonpatrick17 Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 9
Authentication Methods   Methods useful for user authentication are situation-specific Type of endpoint being used Required authentication strength (transaction value, etc.)   Problem: Many existing identity systems are bound tightly to specific authentication methods Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 10
Authentication Strength   Authentication strength should depend on transaction value iTunes purchase (99 cents) vs. vehicle purchase   NIST Special Pub 800-63 defines 4 levels: Level 1: Minimal challenge/response Level 2: Single-factor identity proofing Level 3: Multi-factor identity proofing Level 4: Hardened multi-factor   Relying party specifies the required strength to the identity management system Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Authentication Endpoint Diversity   The Web is pervasive, but not everything is a browser   Examples Vending Machines Set-top boxes Doors (physical security)   Modular approaches to authentication needed to consider a wide range of use cases Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 12
Security Opportunities   Users that authenticate frequently at a given service are more likely to detect anomalies More likely to be suspicious about, for example, lack of a certificate Browsers can be configured to specially flag “chosen” identity providers   Identity providers can detect anomalous user behavior Similar to detection of fraudulent credit card transactions Business/policy framework should encourage this Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 13
Credential Management Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Imagery supplied by Photodisc/Getty Images 14
Credential Management: Functions   Act as a “key cabinet” for the user Each relying party has its own credentials   Support Directed Identity Prevent undesired release of correlation handles Identifiers to Relying Parties are opaque by default   Enforce secure use of credentials Require use of secure channel (e.g., SSL) Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Directed Identity   It should not necessarily be possible for different Relying Parties to correlate identifiers Insurance company vs. supermarket account Pseudonymous identifiers for tip hotlines   Users may still choose to link relying parties’ identifiers   Attributes may also provide correlation handles   Credential manager can be subpoenaed if appropriate Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 16
Security and Availability Issues   Security The credential store is a very high-value target Credentials can be distributed to diffuse attack High-level physical security is also required   Availability Failure of an Identity Manager may have severe impact on its Subjects Solvable problem, but needs to be addressed Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 17
Attribute Management Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 18
Distributed Attributes   Self-asserted attributes have limited utility   Authoritative sources for different attributes come from different places FICO scores from a credit bureau Driving record from state Motor Vehicle Department Proof of employment from employer   Identity system has a role in locating trustable sources of attributes   Attributes delivered as signed assertions Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 19
Attribute Distribution: Example Healthcare Provider Identity Provider Authorization “Is subject 21?” Request Request Wine Merchant Motor Vehicle Department Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 20
Attribute Distribution: Example Healthcare Provider Identity Provider Release Trust Negotiation Authorization Wine Merchant Motor Vehicle Department Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 21
Attribute Distribution: Example Healthcare Provider Identity Provider “Is subject 21?” Request Wine Merchant Motor Vehicle Department Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 22
Attribute Distribution: Example Healthcare Provider Identity Provider “Subject is 21 or over” –DMV Wine Merchant Motor Vehicle Department Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 23
Attribute Trust   Federation: Prearranged trust relationships Personnel Security Clearances among Federal agencies Business partners   Accreditation: Indirect federation Financial institutions, schools Scales much better than direct federation Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 24
Identity Provider Trust   Identity Provider has a fiduciary responsibility   To the Subject: Must use credentials only for the proper Subject   To Relying Parties: Must associate attribute requests and responses reliably   Identity Provider may coincidentally function as an Attribute Provider Functions should be considered separate to maintain privacy Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 25
Summary Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 26
Observations   Scaling is critical Technical (protocol) aspects of scaling are a solved problem Scaling of trust relationships is the real limitation   Chosen technologies need to consider a very wide range of use cases   An ecosystem of identity and attribute providers is needed Need business models for these functions Public policy should encourage constructive behavior and help these entities manage liability exposure Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 27
Identity systems

Recommended

Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read Only
JayHicks
 
State-of-the-Art in Web Services Federation
State-of-the-Art in Web Services FederationState-of-the-Art in Web Services Federation
State-of-the-Art in Web Services Federation
Oliver Pfaff
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012
itandlaw
 
Extending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudExtending Enterprise Security into the Cloud
Extending Enterprise Security into the Cloud
CA API Management
 
Enrique Castro Leon Virtual Service Oriented Grids
Enrique Castro Leon Virtual Service Oriented GridsEnrique Castro Leon Virtual Service Oriented Grids
Enrique Castro Leon Virtual Service Oriented Grids
SOA Symposium
 
How to Overcome the 3 Biggest PCI Compliance Challenges
How to Overcome the 3 Biggest PCI Compliance ChallengesHow to Overcome the 3 Biggest PCI Compliance Challenges
How to Overcome the 3 Biggest PCI Compliance Challenges
VISIHOSTING
 
Enterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditEnterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to Audit
Bob Rhubart
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And Key
Yarko Petriw
 

Recommended

Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read Only
JayHicks
 
State-of-the-Art in Web Services Federation
State-of-the-Art in Web Services FederationState-of-the-Art in Web Services Federation
State-of-the-Art in Web Services Federation
Oliver Pfaff
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012
itandlaw
 
Extending Enterprise Security into the Cloud
Extending Enterprise Security into the CloudExtending Enterprise Security into the Cloud
Extending Enterprise Security into the Cloud
CA API Management
 
Enrique Castro Leon Virtual Service Oriented Grids
Enrique Castro Leon Virtual Service Oriented GridsEnrique Castro Leon Virtual Service Oriented Grids
Enrique Castro Leon Virtual Service Oriented Grids
SOA Symposium
 
How to Overcome the 3 Biggest PCI Compliance Challenges
How to Overcome the 3 Biggest PCI Compliance ChallengesHow to Overcome the 3 Biggest PCI Compliance Challenges
How to Overcome the 3 Biggest PCI Compliance Challenges
VISIHOSTING
 
Enterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditEnterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to Audit
Bob Rhubart
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And Key
Yarko Petriw
 
Vormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rules
Vormetric Inc
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
CSAIsrael
 
Password fatigation
Password fatigationPassword fatigation
Password fatigation
VASCO Data Security
 
Sgtn Supply Chain Initiatives V44 S
Sgtn Supply Chain Initiatives V44 SSgtn Supply Chain Initiatives V44 S
Sgtn Supply Chain Initiatives V44 S
James Cofield
 
#EMC #DOCUMENTUM -content-management-in-action
#EMC #DOCUMENTUM -content-management-in-action#EMC #DOCUMENTUM -content-management-in-action
#EMC #DOCUMENTUM -content-management-in-action
Mountaha
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523
Accenture
 
Lotusphere 2011 SHOW104
Lotusphere 2011 SHOW104Lotusphere 2011 SHOW104
Lotusphere 2011 SHOW104
WorkFlowStudios
 
Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Juniper Provision - 13martie2012
Juniper Provision - 13martie2012
Agora Group
 
Enrique Castro Leon Scaling Delivery Of I T Services
Enrique Castro Leon Scaling Delivery Of I T ServicesEnrique Castro Leon Scaling Delivery Of I T Services
Enrique Castro Leon Scaling Delivery Of I T Services
SOA Symposium
 
Federated and Secure Identity Management in Operation
Federated and Secure Identity Management in OperationFederated and Secure Identity Management in Operation
Federated and Secure Identity Management in Operation
Federation for Identity and Cross-Credentialing Systems (FiXs)
 
Webinar: Move Your Business Forward with Cisco VOIP for SMB
Webinar: Move Your Business Forward with Cisco VOIP for SMBWebinar: Move Your Business Forward with Cisco VOIP for SMB
Webinar: Move Your Business Forward with Cisco VOIP for SMB
Advanced Logic Industries
 
Presentatie mc afee emm 2011
Presentatie mc afee emm 2011Presentatie mc afee emm 2011
Presentatie mc afee emm 2011
SecutecGroup Baudewijns
 
Security for heterogeneous enviroments
Security for heterogeneous enviromentsSecurity for heterogeneous enviroments
Security for heterogeneous enviroments
Federman Hoyos
 
Oracle a TBIZ2011
Oracle a TBIZ2011Oracle a TBIZ2011
Oracle a TBIZ2011
TechnologyBIZ
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Ramesh Nagappan
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
Raleigh ISSA
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategy
fEngel
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
ClubHack
 
Legal nuances to the cloud
Legal nuances to the cloudLegal nuances to the cloud
Legal nuances to the cloud
Ritambhara Agrawal
 
Ubisecure presentation short
Ubisecure presentation shortUbisecure presentation short
Ubisecure presentation short
Charles Sederholm
 
BPMN Usage Survey: Results
BPMN Usage Survey: ResultsBPMN Usage Survey: Results
BPMN Usage Survey: Results
Michele Chinosi
 
Varilla de soldadura oxiacetilenica
Varilla de soldadura oxiacetilenicaVarilla de soldadura oxiacetilenica
Varilla de soldadura oxiacetilenica
Emmanuel351
 

More Related Content

What's hot

Vormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rules
Vormetric Inc
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
CSAIsrael
 
Password fatigation
Password fatigationPassword fatigation
Password fatigation
VASCO Data Security
 
Sgtn Supply Chain Initiatives V44 S
Sgtn Supply Chain Initiatives V44 SSgtn Supply Chain Initiatives V44 S
Sgtn Supply Chain Initiatives V44 S
James Cofield
 
#EMC #DOCUMENTUM -content-management-in-action
#EMC #DOCUMENTUM -content-management-in-action#EMC #DOCUMENTUM -content-management-in-action
#EMC #DOCUMENTUM -content-management-in-action
Mountaha
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523
Accenture
 
Lotusphere 2011 SHOW104
Lotusphere 2011 SHOW104Lotusphere 2011 SHOW104
Lotusphere 2011 SHOW104
WorkFlowStudios
 
Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Juniper Provision - 13martie2012
Juniper Provision - 13martie2012
Agora Group
 
Enrique Castro Leon Scaling Delivery Of I T Services
Enrique Castro Leon Scaling Delivery Of I T ServicesEnrique Castro Leon Scaling Delivery Of I T Services
Enrique Castro Leon Scaling Delivery Of I T Services
SOA Symposium
 
Federated and Secure Identity Management in Operation
Federated and Secure Identity Management in OperationFederated and Secure Identity Management in Operation
Federated and Secure Identity Management in Operation
Federation for Identity and Cross-Credentialing Systems (FiXs)
 
Webinar: Move Your Business Forward with Cisco VOIP for SMB
Webinar: Move Your Business Forward with Cisco VOIP for SMBWebinar: Move Your Business Forward with Cisco VOIP for SMB
Webinar: Move Your Business Forward with Cisco VOIP for SMB
Advanced Logic Industries
 
Presentatie mc afee emm 2011
Presentatie mc afee emm 2011Presentatie mc afee emm 2011
Presentatie mc afee emm 2011
SecutecGroup Baudewijns
 
Security for heterogeneous enviroments
Security for heterogeneous enviromentsSecurity for heterogeneous enviroments
Security for heterogeneous enviroments
Federman Hoyos
 
Oracle a TBIZ2011
Oracle a TBIZ2011Oracle a TBIZ2011
Oracle a TBIZ2011
TechnologyBIZ
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Ramesh Nagappan
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
Raleigh ISSA
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategy
fEngel
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
ClubHack
 
Legal nuances to the cloud
Legal nuances to the cloudLegal nuances to the cloud
Legal nuances to the cloud
Ritambhara Agrawal
 
Ubisecure presentation short
Ubisecure presentation shortUbisecure presentation short
Ubisecure presentation short
Charles Sederholm
 

What's hot (20)

Vormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rules
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
 
Password fatigation
Password fatigationPassword fatigation
Password fatigation
 
Sgtn Supply Chain Initiatives V44 S
Sgtn Supply Chain Initiatives V44 SSgtn Supply Chain Initiatives V44 S
Sgtn Supply Chain Initiatives V44 S
 
#EMC #DOCUMENTUM -content-management-in-action
#EMC #DOCUMENTUM -content-management-in-action#EMC #DOCUMENTUM -content-management-in-action
#EMC #DOCUMENTUM -content-management-in-action
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523
 
Lotusphere 2011 SHOW104
Lotusphere 2011 SHOW104Lotusphere 2011 SHOW104
Lotusphere 2011 SHOW104
 
Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Juniper Provision - 13martie2012
Juniper Provision - 13martie2012
 
Enrique Castro Leon Scaling Delivery Of I T Services
Enrique Castro Leon Scaling Delivery Of I T ServicesEnrique Castro Leon Scaling Delivery Of I T Services
Enrique Castro Leon Scaling Delivery Of I T Services
 
Federated and Secure Identity Management in Operation
Federated and Secure Identity Management in OperationFederated and Secure Identity Management in Operation
Federated and Secure Identity Management in Operation
 
Webinar: Move Your Business Forward with Cisco VOIP for SMB
Webinar: Move Your Business Forward with Cisco VOIP for SMBWebinar: Move Your Business Forward with Cisco VOIP for SMB
Webinar: Move Your Business Forward with Cisco VOIP for SMB
 
Presentatie mc afee emm 2011
Presentatie mc afee emm 2011Presentatie mc afee emm 2011
Presentatie mc afee emm 2011
 
Security for heterogeneous enviroments
Security for heterogeneous enviromentsSecurity for heterogeneous enviroments
Security for heterogeneous enviroments
 
Oracle a TBIZ2011
Oracle a TBIZ2011Oracle a TBIZ2011
Oracle a TBIZ2011
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategy
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Legal nuances to the cloud
Legal nuances to the cloudLegal nuances to the cloud
Legal nuances to the cloud
 
Ubisecure presentation short
Ubisecure presentation shortUbisecure presentation short
Ubisecure presentation short
 

Viewers also liked

BPMN Usage Survey: Results
BPMN Usage Survey: ResultsBPMN Usage Survey: Results
BPMN Usage Survey: Results
Michele Chinosi
 
Varilla de soldadura oxiacetilenica
Varilla de soldadura oxiacetilenicaVarilla de soldadura oxiacetilenica
Varilla de soldadura oxiacetilenica
Emmanuel351
 
Motiverende samtale - en tilnærming til samtale om endring
Motiverende samtale - en tilnærming til samtale om endringMotiverende samtale - en tilnærming til samtale om endring
Motiverende samtale - en tilnærming til samtale om endring
Nina Sletteland
 
MP fortsætter fremgangen.
MP fortsætter fremgangen.MP fortsætter fremgangen.
MP fortsætter fremgangen.
husetnybo
 
Rotary.23.august2016
Rotary.23.august2016Rotary.23.august2016
Rotary.23.august2016
Ida Borch
 
moser
mosermoser
moser
Tran Ly
 
K ommunikation i arbetslivet del 5
K ommunikation i arbetslivet del 5K ommunikation i arbetslivet del 5
K ommunikation i arbetslivet del 5
jonathansikh
 
Czym rozni sie paszport biometryczny od tradycyjnego
Czym rozni sie paszport biometryczny od tradycyjnegoCzym rozni sie paszport biometryczny od tradycyjnego
Czym rozni sie paszport biometryczny od tradycyjnego
rafaljurkowlaniec
 
Hvordan Blir Du Et Personligt Brand?
Hvordan Blir Du Et Personligt Brand?Hvordan Blir Du Et Personligt Brand?
Hvordan Blir Du Et Personligt Brand?
Ida Borch
 
EUs personvernforordning: Krav til leverandører og kan vi designe oss rundt
EUs personvernforordning: Krav til leverandører og kan vi designe oss rundtEUs personvernforordning: Krav til leverandører og kan vi designe oss rundt
EUs personvernforordning: Krav til leverandører og kan vi designe oss rundt
Simen Sommerfeldt
 
Types of Evidence
Types of EvidenceTypes of Evidence
Types of Evidence
tet2
 
Interview skills
Interview skillsInterview skills
Interview skills
Avinash Varanasi
 
Types of Evidence
Types of Evidence Types of Evidence
Types of Evidence
Ramanand Karwa
 
Police oral board interview questions
Police oral board interview questionsPolice oral board interview questions
Police oral board interview questions
selinasimpson880
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTFUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
ForgeRock
 
Confession an overview
Confession an overviewConfession an overview
Confession an overview
Sandeep K Bohra
 
IAM for the Masses: Managing Consumer Identities
IAM for the Masses: Managing Consumer Identities IAM for the Masses: Managing Consumer Identities
IAM for the Masses: Managing Consumer Identities
ForgeRock
 
Machine Readable Travel Documents (MRTD) - Biometric Passport
Machine Readable Travel Documents (MRTD) - Biometric PassportMachine Readable Travel Documents (MRTD) - Biometric Passport
Machine Readable Travel Documents (MRTD) - Biometric Passport
Tariq Tauheed
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
charlesgarrett
 
Face detection By Abdul Hanan
Face detection By Abdul HananFace detection By Abdul Hanan
Face detection By Abdul Hanan
Abdul Hanan
 

Viewers also liked (20)

BPMN Usage Survey: Results
BPMN Usage Survey: ResultsBPMN Usage Survey: Results
BPMN Usage Survey: Results
 
Varilla de soldadura oxiacetilenica
Varilla de soldadura oxiacetilenicaVarilla de soldadura oxiacetilenica
Varilla de soldadura oxiacetilenica
 
Motiverende samtale - en tilnærming til samtale om endring
Motiverende samtale - en tilnærming til samtale om endringMotiverende samtale - en tilnærming til samtale om endring
Motiverende samtale - en tilnærming til samtale om endring
 
MP fortsætter fremgangen.
MP fortsætter fremgangen.MP fortsætter fremgangen.
MP fortsætter fremgangen.
 
Rotary.23.august2016
Rotary.23.august2016Rotary.23.august2016
Rotary.23.august2016
 
moser
mosermoser
moser
 
K ommunikation i arbetslivet del 5
K ommunikation i arbetslivet del 5K ommunikation i arbetslivet del 5
K ommunikation i arbetslivet del 5
 
Czym rozni sie paszport biometryczny od tradycyjnego
Czym rozni sie paszport biometryczny od tradycyjnegoCzym rozni sie paszport biometryczny od tradycyjnego
Czym rozni sie paszport biometryczny od tradycyjnego
 
Hvordan Blir Du Et Personligt Brand?
Hvordan Blir Du Et Personligt Brand?Hvordan Blir Du Et Personligt Brand?
Hvordan Blir Du Et Personligt Brand?
 
EUs personvernforordning: Krav til leverandører og kan vi designe oss rundt
EUs personvernforordning: Krav til leverandører og kan vi designe oss rundtEUs personvernforordning: Krav til leverandører og kan vi designe oss rundt
EUs personvernforordning: Krav til leverandører og kan vi designe oss rundt
 
Types of Evidence
Types of EvidenceTypes of Evidence
Types of Evidence
 
Interview skills
Interview skillsInterview skills
Interview skills
 
Types of Evidence
Types of Evidence Types of Evidence
Types of Evidence
 
Police oral board interview questions
Police oral board interview questionsPolice oral board interview questions
Police oral board interview questions
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTFUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
 
Confession an overview
Confession an overviewConfession an overview
Confession an overview
 
IAM for the Masses: Managing Consumer Identities
IAM for the Masses: Managing Consumer Identities IAM for the Masses: Managing Consumer Identities
IAM for the Masses: Managing Consumer Identities
 
Machine Readable Travel Documents (MRTD) - Biometric Passport
Machine Readable Travel Documents (MRTD) - Biometric PassportMachine Readable Travel Documents (MRTD) - Biometric Passport
Machine Readable Travel Documents (MRTD) - Biometric Passport
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 
Face detection By Abdul Hanan
Face detection By Abdul HananFace detection By Abdul Hanan
Face detection By Abdul Hanan
 

Similar to Identity systems

SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
OKsystem
 
Actiance enabling social_networks
Actiance enabling social_networksActiance enabling social_networks
Actiance enabling social_networks
David ChoActiance
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
OOW 2009 EBS Security R12
OOW 2009 EBS Security R12OOW 2009 EBS Security R12
OOW 2009 EBS Security R12
jucaab
 
Actiance Presentation - BDI 2/9/11 Financial Services Social Communications L...
Actiance Presentation - BDI 2/9/11 Financial Services Social Communications L...Actiance Presentation - BDI 2/9/11 Financial Services Social Communications L...
Actiance Presentation - BDI 2/9/11 Financial Services Social Communications L...
Business Development Institute
 
Symantec Enterprise Mobility - Mobile World Congress February 2012
Symantec Enterprise Mobility - Mobile World Congress February 2012Symantec Enterprise Mobility - Mobile World Congress February 2012
Symantec Enterprise Mobility - Mobile World Congress February 2012
Symantec
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
IBM Danmark
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
HyTrust
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Novell
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Novell
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
Carahsoft
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10
Avirot Mitamura
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holt
Roopa Nadkarni
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
CA API Management
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authentication
OKsystem
 
Symantec Enterprise Mobility Vision May 2012
Symantec Enterprise Mobility Vision May 2012Symantec Enterprise Mobility Vision May 2012
Symantec Enterprise Mobility Vision May 2012
Symantec
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
HyTrust
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
Novell
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec
 

Similar to Identity systems (20)

SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
Actiance enabling social_networks
Actiance enabling social_networksActiance enabling social_networks
Actiance enabling social_networks
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
OOW 2009 EBS Security R12
OOW 2009 EBS Security R12OOW 2009 EBS Security R12
OOW 2009 EBS Security R12
 
Actiance Presentation - BDI 2/9/11 Financial Services Social Communications L...
Actiance Presentation - BDI 2/9/11 Financial Services Social Communications L...Actiance Presentation - BDI 2/9/11 Financial Services Social Communications L...
Actiance Presentation - BDI 2/9/11 Financial Services Social Communications L...
 
Symantec Enterprise Mobility - Mobile World Congress February 2012
Symantec Enterprise Mobility - Mobile World Congress February 2012Symantec Enterprise Mobility - Mobile World Congress February 2012
Symantec Enterprise Mobility - Mobile World Congress February 2012
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holt
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authentication
 
Symantec Enterprise Mobility Vision May 2012
Symantec Enterprise Mobility Vision May 2012Symantec Enterprise Mobility Vision May 2012
Symantec Enterprise Mobility Vision May 2012
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
 

More from Jim Fenton

Notifs 2018
Notifs 2018Notifs 2018
Notifs 2018
Jim Fenton
 
REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS Requirements
Jim Fenton
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
Jim Fenton
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
Jim Fenton
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
Jim Fenton
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password Requirements
Jim Fenton
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered Harmful
Jim Fenton
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest Proposal
Jim Fenton
 
Notifs update
Notifs updateNotifs update
Notifs update
Jim Fenton
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 Nōtifs
Jim Fenton
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?
Jim Fenton
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage Door
Jim Fenton
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTIC
Jim Fenton
 

More from Jim Fenton (13)

Notifs 2018
Notifs 2018Notifs 2018
Notifs 2018
 
REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS Requirements
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password Requirements
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered Harmful
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest Proposal
 
Notifs update
Notifs updateNotifs update
Notifs update
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 Nōtifs
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage Door
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTIC
 

Recently uploaded

Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 

Recently uploaded (20)

Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 

Identity systems

  • 2. “Defining identity is like nailing Jell-O® to the wall.” – Source Uncertain Flickr photo by stevendepolo Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 2
  • 3. Terminology   Subject The person (usually) whose identity is involved Sometimes called the User   Relying Party The entity the Subject is interacting with Sometimes called the Service Provider   Attribute A piece of information about the Subject Sometimes called a Claim Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 3
  • 4. A Basic Identity System Government Identity Provider Authentication Request Commerce Social Media Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 4
  • 5. A Basic Identity System Government Identity User Provider User Credentials Authentication Commerce Social Media Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 5
  • 6. A Basic Identity System Government Identity Authorize Info Provider Attribute Request/ Release Response Commerce Social Media Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 6
  • 7. Elements of Identity Management Percent Authentication Credential Management Establish who the Subject is Prove to Relying Parties who the Subject is Attribute Management Provide information about the Subject Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 7
  • 8. User Trust   User trust in their Identity Provider is fundamental Not all users trust any one entity Most likely to trust entities they do business with and strong, trusted brands Different trusted entities in different cultures   An ecosystem of identity providers is required Users need to choose their own identity provider Need to consider ability to migrate to a different provider if required Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 8
  • 9. Authentication Flickr photo by shannonpatrick17 Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 9
  • 10. Authentication Methods   Methods useful for user authentication are situation-specific Type of endpoint being used Required authentication strength (transaction value, etc.)   Problem: Many existing identity systems are bound tightly to specific authentication methods Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 10
  • 11. Authentication Strength   Authentication strength should depend on transaction value iTunes purchase (99 cents) vs. vehicle purchase   NIST Special Pub 800-63 defines 4 levels: Level 1: Minimal challenge/response Level 2: Single-factor identity proofing Level 3: Multi-factor identity proofing Level 4: Hardened multi-factor   Relying party specifies the required strength to the identity management system Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 11
  • 12. Authentication Endpoint Diversity   The Web is pervasive, but not everything is a browser   Examples Vending Machines Set-top boxes Doors (physical security)   Modular approaches to authentication needed to consider a wide range of use cases Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 12
  • 13. Security Opportunities   Users that authenticate frequently at a given service are more likely to detect anomalies More likely to be suspicious about, for example, lack of a certificate Browsers can be configured to specially flag “chosen” identity providers   Identity providers can detect anomalous user behavior Similar to detection of fraudulent credit card transactions Business/policy framework should encourage this Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 13
  • 14. Credential Management Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Imagery supplied by Photodisc/Getty Images 14
  • 15. Credential Management: Functions   Act as a “key cabinet” for the user Each relying party has its own credentials   Support Directed Identity Prevent undesired release of correlation handles Identifiers to Relying Parties are opaque by default   Enforce secure use of credentials Require use of secure channel (e.g., SSL) Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 15
  • 16. Directed Identity   It should not necessarily be possible for different Relying Parties to correlate identifiers Insurance company vs. supermarket account Pseudonymous identifiers for tip hotlines   Users may still choose to link relying parties’ identifiers   Attributes may also provide correlation handles   Credential manager can be subpoenaed if appropriate Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 16
  • 17. Security and Availability Issues   Security The credential store is a very high-value target Credentials can be distributed to diffuse attack High-level physical security is also required   Availability Failure of an Identity Manager may have severe impact on its Subjects Solvable problem, but needs to be addressed Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 17
  • 18. Attribute Management Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 18
  • 19. Distributed Attributes   Self-asserted attributes have limited utility   Authoritative sources for different attributes come from different places FICO scores from a credit bureau Driving record from state Motor Vehicle Department Proof of employment from employer   Identity system has a role in locating trustable sources of attributes   Attributes delivered as signed assertions Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 19
  • 20. Attribute Distribution: Example Healthcare Provider Identity Provider Authorization “Is subject 21?” Request Request Wine Merchant Motor Vehicle Department Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 20
  • 21. Attribute Distribution: Example Healthcare Provider Identity Provider Release Trust Negotiation Authorization Wine Merchant Motor Vehicle Department Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 21
  • 22. Attribute Distribution: Example Healthcare Provider Identity Provider “Is subject 21?” Request Wine Merchant Motor Vehicle Department Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 22
  • 23. Attribute Distribution: Example Healthcare Provider Identity Provider “Subject is 21 or over” –DMV Wine Merchant Motor Vehicle Department Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 23
  • 24. Attribute Trust   Federation: Prearranged trust relationships Personnel Security Clearances among Federal agencies Business partners   Accreditation: Indirect federation Financial institutions, schools Scales much better than direct federation Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 24
  • 25. Identity Provider Trust   Identity Provider has a fiduciary responsibility   To the Subject: Must use credentials only for the proper Subject   To Relying Parties: Must associate attribute requests and responses reliably   Identity Provider may coincidentally function as an Attribute Provider Functions should be considered separate to maintain privacy Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 25
  • 26. Summary Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 26
  • 27. Observations   Scaling is critical Technical (protocol) aspects of scaling are a solved problem Scaling of trust relationships is the real limitation   Chosen technologies need to consider a very wide range of use cases   An ecosystem of identity and attribute providers is needed Need business models for these functions Public policy should encourage constructive behavior and help these entities manage liability exposure Fenton 091120 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 27