CIS 2015 Identity Relationship Management in the Internet of Things

•

0 likes•684 views

Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?

Technology

IDENTITY RELATIONSHIP
MANAGEMENT IN THE
INTERNET OF THINGS
TRIANGULATING PEOPLE, DEVICES, AND SERVICES
Eve Maler | @xmlgrrl | eve.maler@forgerock.com
10 June 2015

From the web
to the IoT,
the “fear/greed”
tension around
data sharing is
growing

If privacy isn’t secrecy, what does IRM need
to make selective data sharing viable?
Context The right moment to make the decision to share
Control The ability to share just the right amount
Choice The true ability to say no and to change one’s mind
Respect Regard for one’s wishes and preferences

Existing consent tools, are good, but…
OAuth: standard and scoped…but opt-in,
point-to-point, and single-party
“Share”: proactive and party-to-party…but
proprietary, point-to-point, and often insecure

The new
Venn of
access
control and
consent

Organizations need UMA to deliver selective
sharing in IoT environments

The
mechanism:
federated
authorization
on top of
OAuth
Loosely coupled to enable
centralized authorization-as-
a-service for any number of
an individual’s resource
servers
A new concept, to enable
party-to-party sharing
driven by policy (or access
approval) rather than
requiring the individual to
be present at access time
Authorization data is added to this token
if trust in the requesting party is
successfully elevated, typically through
authentication and/or claims-gathering

Let’s see it in action with a
connected-car scenario

What just
happened?
Resource

owner

Resource

server

Authoriza0on

server

Client

Authoriza0on

API

UI

UI

UI

Reques,ng

party

Protec0on

API

Authoriza*on

client

Protec*on

client

RS-‐speciﬁc

API

RS-‐speciﬁc

client

2

1

5

RPT

6

7

8

3

4

PAT

11

AAT

PAT

PAT

RPT

chooses
resources
to

protect
–
out
of
band

sets
policies
–

out
of
band

AAT

9

10

PAT

RS
needs
OAuth
client
creden,als
at
AS
to
get
PAT

C
needs
OAuth
client
creden,als
at
AS
to
get
AAT

All
protec,on
API
calls
must
carry
PAT

All
authoriza,on
API
calls
must
carry
AAT

1.  RS
registers
resource
sets
and
scopes
(ongoing

–
CRUD
API
calls)

2.  C
requests
resource
(provisioned
out
of
band;

must
be
unique
to
RO)

3.  RS
registers
permission
(resource
set
and

scope)
for
aQempted
access

4.  AS
returns
permission
0cket

5.  RS
returns
error
403
with
as_uri
and

permission
0cket

6.  C
requests
authz
data,
providing
permission

0cket

7.  (AVer
claims-‐gathering
ﬂows
not
shown)
AS

gives
RPT
and
authz
data

8.  C
requests
resource
with
RPT

9.  RS
introspects
RPT
at
AS
(default
proﬁle)

10.  AS
returns
token
status

11.  RS
returns
20x

UProtect
DriveSafe,
then
AllForYourCar
DriveSafe
Hans
Alice

Taking this “webby” approach to IoT sharing
relationships requires careful attention
A deeper “systems design” view of
vulnerabilities is required – e.g….
Authentication and linkages have new
constraints – but also new options
logical physical
Access control must
fail closed
Life and limb is at risk
if access control fails
closed
Usually the “constrained
entity” (if there is one); often
a device paired to a service
and gateway
Is a connection
available at access
attempt time? What
to do if not?

THANKS!
Eve Maler | @xmlgrrl | eve.maler@forgerock.com
10 June 2015

Similar to CIS 2015 Identity Relationship Management in the Internet of Things

Digital consent and privacy is a hot topic among governments and enterprises globally. As digital technology is used more and more to engage customers and citizens, proactively providing digital sharing controls has become essential. For the past few years there has been a strong focus on building a common standard, User-Managed Access (UMA), to manage privacy and consent. Now that the standard is complete, the next phase will be around implementation and adoption. In this session, Eve will preview how ForgeRock is implementing UMA. With: Eve Maler, VP Innovation & Emerging Technology, ForgeRock

Digital Consent: Taking UMA from Concept to Reality

ForgeRock

Find out how today’s authorization experts are getting maximum value from OAuth OAuth has quickly become the key standard for authorization across mobile apps and the Web. But are you getting the most out of OAuth? Join Mehdi Medjaoul, Co-Founder & Executive Director of Webshell – the company behind OAuth.io – and Scott Morrison, former CTO of Layer 7 and now Distinguished Engineer at CA Technologies, as they discuss how authorization experts are really using OAuth today.

OAuth in the Real World featuring Webshell

CA API Management

UMA is a profile and application of OAuth that defines how resource owners can control resource access by clients operated by arbitrary requesting parties, where the resources reside on any number of resource servers, and where a centralized authorization server governs access based on resource owner policy. Recent investigations have shown promise for applying UMA to Internet of Things authorization use cases. This is a presentation by Eve Maler for the IETF ACE working group.

UMA for ACE

Hannes Tschofenig

User-Managed Access: Why and How? - Access Control in Digital Contract Contexts

ForgeRock

Single-Page-Application & REST security

Igor Bossenko

Facebook data breach and OAuth2

Leonard Moustacchis

Identity Enabling Web Services

Ashish Jain

Webapp security (with notes)

Igor Bossenko

UserCentric Identity based Service Invocation

guestd5dde6

Securing RESTful API

Muhammad Zbeedat

OAuth Tokens

n|u - The Open Security Community

Talk delivered by Eve Maler (@xmlgrrl), ForgeRock VP of Innovation and Emerging Technology, at the IOTA Conference on 20 October 2014: The first couple of chapters of authorization and access control are still being written even when it comes to old-fashioned web services and newfangled APIs, never mind the Internet of Things. IoT security has needs that go way beyond the current scope of cloud and mobile challenges: super-loosely coupled, super-strong, and more. Everyone can imagine security-gone-wrong scenarios that have disastrous consequences for industrial IoT use cases. For consumer-facing IoT in healthcare, household appliances, and more, the consequences are different but no less severe, and it adds a killer requirement: privacy. How can we solve the problems of access control and privacy in a unified way, without compromise? And how can we solve the problem NOW? The OAuth-based User-Managed Access (UMA) protocol provides answers.

Consumerizing Industrial Access Control: Using UMA to Add Privacy and Usabili...

ForgeRock

On 20 October 2014, I spoke at #IOTAconf at Moscone Center in SF (with awesome display help from Param Singh!) on "Consumerizing IndustrialIoT Access Control: Using UMA to Add Privacy and Usability to Strong Security". Abstract: "The first couple of chapters of authorization and access control are still being written even when it comes to old-fashioned web services and newfangled APIs, never mind the Internet of Things. IoT security has needs that go way beyond the current scope of cloud and mobile challenges: super-loosely coupled, super-strong, and more. Everyone can imagine security-gone-wrong scenarios that have disastrous consequences for industrial IoT use cases. For consumer-facing IoT in healthcare, household appliances, and more, the consequences are different but no less severe, and it adds a killer requirement: privacy. How can we solve the problems of access control and privacy in a unified way, without compromise? And how can we solve the problem NOW? The OAuth-based User-Managed Access (UMA) protocol provides answers."

Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...

Eve Maler

O auth2.0 guide

Dilip Mohapatra

Secure Webservices

Matthias Käppler

Rest API Security - A quick understanding of Rest API Security

Mohammed Fazuluddin

DIWD Concordia

Paul Madsen

FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)

cdanger

attacks-oauth-secure-oauth-implementation-33644.pdf

MohitRampal5

Restful api

Anurag Srivastava

Similar to CIS 2015 Identity Relationship Management in the Internet of Things (20)

Digital Consent: Taking UMA from Concept to Reality

OAuth in the Real World featuring Webshell

UMA for ACE

User-Managed Access: Why and How? - Access Control in Digital Contract Contexts

Single-Page-Application & REST security

Facebook data breach and OAuth2

Identity Enabling Web Services

Webapp security (with notes)

UserCentric Identity based Service Invocation

Securing RESTful API

OAuth Tokens

Consumerizing Industrial Access Control: Using UMA to Add Privacy and Usabili...

Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...

O auth2.0 guide

Secure Webservices

Rest API Security - A quick understanding of Rest API Security

DIWD Concordia

FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)

attacks-oauth-secure-oauth-implementation-33644.pdf

Restful api

More from CloudIDSummit

CIS 2016 Content Highlights

CloudIDSummit

The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com. Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CloudIDSummit

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

CloudIDSummit

Mobile security, identity & authentication reasons for optimism 20150607 v2

CloudIDSummit

In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism. With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments. How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CloudIDSummit

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CloudIDSummit

Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them? In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CloudIDSummit

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CloudIDSummit

You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CloudIDSummit

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CloudIDSummit

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CloudIDSummit

The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CloudIDSummit

Companies and researchers are exploring ways to make software and hardware development easier for the masses. Soon you will be able to build your own autonomous drone, create a sensor that assess the watering needs of your plants, and develop a cat tracking device with minimal coding and hardware skills. What is the place of security and privacy in this exciting development? Are we building the next generation of Internet security vulnerabilities right now? In his talk Hannes Tschofenig will highlight challenges with Internet of Things, what role standardization plays, and what contributions ARM, a provider of microprocessor IP, is making to improve IoT security.

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CloudIDSummit

The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.

CIS 2015 The IDaaS Dating Game - Sean Deuby

CloudIDSummit

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CloudIDSummit

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CloudIDSummit

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CloudIDSummit

Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CloudIDSummit

Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CloudIDSummit

We're all more conscious than we were 2 years ago, about how much data is collected about us, and how revealing it can be. The commercial and government direction of travel is clear: more data, more mining, more monetization. And if personal data fuels the information economy, who'd want to stop that? But can we get the economic benefits, without selling our digital souls in the process? - Is there a data equivalent to the ""polluter pays"" principle? And if not, is there an alternative? - Ethical data handling sounds great in principle, but can it be practical? - How can organizations put ethical data handling into practice?

CIS 2015 The Ethics of Personal Data - Robin Wilton

CloudIDSummit

More from CloudIDSummit (20)

CIS 2016 Content Highlights

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

Mobile security, identity & authentication reasons for optimism 20150607 v2

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CIS 2015 The IDaaS Dating Game - Sean Deuby

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CIS 2015 The Ethics of Personal Data - Robin Wilton

Recently uploaded

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Join us as we dive into the latest updates to the UiPath Orchestrator API, including new limits and features for 2024. Discover how these changes can enhance your automation projects and streamline your workflows. 📚 Overview of UiPath Orchestrator API 🔧 Recent changes to API limits 🛠️ How to adapt to new limits 📋 Best practices for using the Orchestrator API efficiently ❓ Q&A session

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀

DianaGray10

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

You’ve heard good data matters in Machine Learning, but does it matter for Generative AI applications? Corporate data often differs significantly from the general Internet data used to train most foundation models. Join me for a demo on building an open source RAG (Retrieval Augmented Generation) stack using Milvus vector database for Retrieval, LangChain, Llama 3 with Ollama, Ragas RAG Eval, and optional Zilliz cloud, OpenAI.

Introduction to Open Source RAG and RAG Evaluation

Zilliz

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

IESVE for Early Stage Design and Planning

IES VE

IoT Analytics Company Presentation May 2024

IoTAnalytics

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

CzechDreamin

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

JMeter webinar - integration with InfluxDB and Grafana

RTTS

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

Speed Wins: From Kafka to APIs in Minutes

confluent

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

Discover the essentials of performance testing in the IT sector with our concise guide. Learn about various testing types such as load, stress, endurance, spike, scalability, and volume testing. Understand key performance metrics like response time, throughput, CPU and memory utilization, and error rate. Explore top tools like Apache JMeter, LoadRunner, Gatling, Neoload, and BlazeMeter. Gain insights into best practices for defining objectives, creating realistic scenarios, automating tests, and optimizing performance to ensure user satisfaction, reliability, scalability, and cost efficiency. Ideal for developers, QA engineers, and IT professionals. Visit Expeed Software for more information. https://expeed.com/

In-Depth Performance Testing Guide for IT Professionals

Expeed Software

The standard Salesforce Approval process can be limiting in many ways, especially in complex scenarios. What if there was a way to implement very flexible approvals where one can use Apex code to make data updates in unrelated records, dynamically generate next steps details, and compute assignees on the fly? And still use UI-based configurations to implement concrete approval processes. In this session, we will share ideas behind such a solution and show a few lines of code to get you started.

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

CzechDreamin

How to differentiate Sales Cloud and CPQ on first glance might be tricky if you do not know where to look and what to look at. You will know :-) Managing the sales process within Salesforce is a common use case that can be managed with standart Sales Cloud. If you want to do entire quoting process you will find out Salesforce CPQ solution exists. What is then the difference if both can handle selling products? You will see comparison of 10 different features, which Sales Cloud and Salesforce CPQ handle differently. Simple question you will always remember if you should consider using Salesforce CPQ will be a cherry on top.

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

CzechDreamin

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Recently uploaded (20)

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

How world-class product teams are winning in the AI era by CEO and Founder, P...

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Introduction to Open Source RAG and RAG Evaluation

Connector Corner: Automate dynamic content and events by pushing a button

IESVE for Early Stage Design and Planning

IoT Analytics Company Presentation May 2024

UiPath Test Automation using UiPath Test Suite series, part 3

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

JMeter webinar - integration with InfluxDB and Grafana

Optimizing NoSQL Performance Through Observability

Speed Wins: From Kafka to APIs in Minutes

Designing Great Products: The Power of Design and Leadership by Chief Designe...

In-Depth Performance Testing Guide for IT Professionals

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

Assuring Contact Center Experiences for Your Customers With ThousandEyes

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

CIS 2015 Identity Relationship Management in the Internet of Things

1. IDENTITY RELATIONSHIP MANAGEMENT IN THE INTERNET OF THINGS TRIANGULATING PEOPLE, DEVICES, AND SERVICES Eve Maler | @xmlgrrl | eve.maler@forgerock.com 10 June 2015

2. From the web to the IoT, the “fear/greed” tension around data sharing is growing

3. If privacy isn’t secrecy, what does IRM need to make selective data sharing viable? Context The right moment to make the decision to share Control The ability to share just the right amount Choice The true ability to say no and to change one’s mind Respect Regard for one’s wishes and preferences

4. Existing consent tools, are good, but… OAuth: standard and scoped…but opt-in, point-to-point, and single-party “Share”: proactive and party-to-party…but proprietary, point-to-point, and often insecure

5. The new Venn of access control and consent

6. Organizations need UMA to deliver selective sharing in IoT environments

7. The mechanism: federated authorization on top of OAuth Loosely coupled to enable centralized authorization-as- a-service for any number of an individual’s resource servers A new concept, to enable party-to-party sharing driven by policy (or access approval) rather than requiring the individual to be present at access time Authorization data is added to this token if trust in the requesting party is successfully elevated, typically through authentication and/or claims-gathering

8. Let’s see it in action with a connected-car scenario

9. What just happened? Resource owner Resource server Authoriza0on server Client Authoriza0on API UI UI UI Reques,ng party Protec0on API Authoriza*on client Protec*on client RS-‐specific API RS-‐specific client 2 1 5 RPT 6 7 8 3 4 PAT 11 AAT PAT PAT RPT chooses resources to protect – out of band sets policies – out of band AAT 9 10 PAT RS needs OAuth client creden,als at AS to get PAT C needs OAuth client creden,als at AS to get AAT All protec,on API calls must carry PAT All authoriza,on API calls must carry AAT 1.  RS registers resource sets and scopes (ongoing – CRUD API calls) 2.  C requests resource (provisioned out of band; must be unique to RO) 3.  RS registers permission (resource set and scope) for aQempted access 4.  AS returns permission 0cket 5.  RS returns error 403 with as_uri and permission 0cket 6.  C requests authz data, providing permission 0cket 7.  (AVer claims-‐gathering flows not shown) AS gives RPT and authz data 8.  C requests resource with RPT 9.  RS introspects RPT at AS (default profile) 10.  AS returns token status 11.  RS returns 20x UProtect DriveSafe, then AllForYourCar DriveSafe Hans Alice

10. Taking this “webby” approach to IoT sharing relationships requires careful attention A deeper “systems design” view of vulnerabilities is required – e.g…. Authentication and linkages have new constraints – but also new options logical physical Access control must fail closed Life and limb is at risk if access control fails closed Usually the “constrained entity” (if there is one); often a device paired to a service and gateway Is a connection available at access attempt time? What to do if not?

11. THANKS! Eve Maler (@xmlgrrl)

12. THANKS! Eve Maler | @xmlgrrl | eve.maler@forgerock.com 10 June 2015

CIS 2015 Identity Relationship Management in the Internet of Things

Recommended

Recommended

More Related Content

Similar to CIS 2015 Identity Relationship Management in the Internet of Things

Similar to CIS 2015 Identity Relationship Management in the Internet of Things (20)

More from CloudIDSummit

More from CloudIDSummit (20)

Recently uploaded

Recently uploaded (20)

CIS 2015 Identity Relationship Management in the Internet of Things