Lessons Learned from Integrating with Blockchain Identity Providers (European Identity & Cloud Conference 2018)

•Download as PPTX, PDF•

1 like•366 views

Slides from EIC 2018. Read more at https://www.scottbrady91.com/Blockchain-Identity/Lessons-Learned-from-Integrating-with-Blockchain-Identity-Providers

Lessons Learned from
Integrating with Blockchain
Identity Providers
Scott Brady – Rock Solid Knowledge
@scottbrady91 – Rock Solid Knowledge

Introductions – Scott Brady
• Background in OAuth, OpenID Connect, SAML, & WS-Federation
• Identity & Access Control Lead at Rock Solid Knowledge
@scottbrady91 – Rock Solid Knowledge

Introductions – The what & why
• Why: Woo, Blockchain!
• What: A blockchain project that I could use as an external Identity
Provider
• Start: First Google search
• Finish: Why I am still searching
@scottbrady91 – Rock Solid Knowledge

I will not be naming names
Unless you buy me a beer first...

First Google Search
icoalert.com?q=identity

Blockchain Identity
projects
91
(taken from github.com/peacekeeper/blockchain-identity)
@scottbrady91 – Rock Solid Knowledge

Blockchain Identity
projects with product pages
17
@scottbrady91 – Rock Solid Knowledge

Blockchain Identity
projects with products available to the public
3
@scottbrady91 – Rock Solid Knowledge

Initial Impressions
• One page developer documentation
• One integration library
• A developer portal for registering apps
• Token was the community focus
@scottbrady91 – Rock Solid Knowledge

The Typical Authentication Flow
BlockchainBlockchain Identity ProductUser
Identity Requestor
Mobile Device

The Typical Authentication Flow
BlockchainBlockchain Identity ProductUser
Identity Requestor
Mobile Device
Resource Owner Identity Provider
Client/Relying Party

Dig a Little Deeper…
• Trademarked reinventions
• Call for integration libraries
• No evidence of blockchain usage
• Single points of failure
@scottbrady91 – Rock Solid Knowledge

The Code
• Custom JWTs
• Non-standard signing
• Non-standard encryption
• Usage all over the place
• Hidden public keys
• Private keys that aren’t private
• Integration issues that are already solved
@scottbrady91 – Rock Solid Knowledge

Relationships
Identities
Attributes
Attribute Metadata
Authentication Data
Deeper Network Layers
Stephen Wilson’s “Proposed Digitial Identity Stack”

There’s Still Hope
• Open standards are on the way
• Distributed Identity Foundation
• Sovrin
• Authentication/Integration Working Groups still last…
@scottbrady91 – Rock Solid Knowledge

We Cannot Work in Silos
@scottbrady91 – Rock Solid Knowledge

Thanks!
@scottbrady91
www.identityserver.com

Andy Clemenko, StackRox - One underutilized, and amazing, thing about the docker image scheme is labels. Labels are a built in way to document all aspects about the image itself. Think about all the information that the tags inside your clothing carry. If you care to look you can find out everything about the garment. All that information can be very valuable. Now think about how we can leverage labels to carry similar information. We can even use the labels to contain Docker Compose or even Kubernetes Yaml. We can even include labels into the CI/CD process making things more secure and smoother. Come find out some fun techniques on how to leverage labels to do some fun and amazing things.

Introduction to Self Sovereign Identity

Heather Vescent

Binding Objective-C Libraries in Xamarin.iOS

Pierce Boggan

Ever wondered how to use Objective-C libraries in your Xamarin.iOS project? Now you can learn, with Binding Objective-C Libraries in Xamarin.iOS. Video: Coming Objective Sharpie: http://docs.xamarin.com/guides/ios/advanced_topics/binding_objective-c_libraries/objective_sharpie QBFlatButton: https://github.com/questbeat/QBFlatButton FlatButton: https://github.com/pierceboggan/FlatButton Producing Better Bindings: http://blog.xamarin.com/producing-better-bindings-for-xamarin.ios-and-xamarin.mac/

02_07_2018_«El valor de blockchain en el registro de la actividad académica: ...

eMadrid network

Bitcoin Forensics

Apurv Singh Gautam

Product: Open Source, Ecosystems, and Intellectual Property issues

Alex Brown

OpenId Connect in Shibboleth Identity Provider

Misagh Moayyed

Meetup symbotic sept21_en_v1.0_hc

Henk van Cann

Product Owners Meetup - Pivots for real

Mark Smith

First steps with Bitcoin

Horea Porutiu

8base Hyperledger Miami Meetup Presentation

8base

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Similar to Lessons Learned from Integrating with Blockchain Identity Providers (European Identity & Cloud Conference 2018)

Blockchain, AI and Machine Learning

Tao Wang

Blockchain For Science - 5 years later - what is going on?

Soenke Bartling

[db tech showcase Tokyo 2018]　#dbts2018 #B23 『Python, Oracle Cloud, Blockchai...

Insight Technology, Inc.

ScotChain18 - C21st Alchemy - Blockchain & Open Source

Duncan Johnston-Watt

Blockchain Opportunities Introduction

Ikhlaq Sidhu

Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop

Andrew Morris

Blockchain fundamentals based on bas w_v1.1.pptx

Henk van Cann

Bloq: Bringing Enterprise to Blockchain

Jeff Garzik

How can you tell the difference between bitcoin and blockchain

OliviaJune1

Labels, Labels, Labels

Docker, Inc.

Introduction to Self Sovereign Identity

Heather Vescent

Binding Objective-C Libraries in Xamarin.iOS

Pierce Boggan

02_07_2018_«El valor de blockchain en el registro de la actividad académica: ...

eMadrid network

Bitcoin Forensics

Apurv Singh Gautam

Product: Open Source, Ecosystems, and Intellectual Property issues

Alex Brown

OpenId Connect in Shibboleth Identity Provider

Misagh Moayyed

Meetup symbotic sept21_en_v1.0_hc

Henk van Cann

Product Owners Meetup - Pivots for real

Mark Smith

First steps with Bitcoin

Horea Porutiu

8base Hyperledger Miami Meetup Presentation

8base

Similar to Lessons Learned from Integrating with Blockchain Identity Providers (European Identity & Cloud Conference 2018) (20)

Blockchain, AI and Machine Learning

Blockchain For Science - 5 years later - what is going on?

[db tech showcase Tokyo 2018]　#dbts2018 #B23 『Python, Oracle Cloud, Blockchai...

ScotChain18 - C21st Alchemy - Blockchain & Open Source

Blockchain Opportunities Introduction

Flaying the Blockchain Ledger for Fun, Profit, and Hip Hop

Blockchain fundamentals based on bas w_v1.1.pptx

Bloq: Bringing Enterprise to Blockchain

How can you tell the difference between bitcoin and blockchain

Labels, Labels, Labels

Introduction to Self Sovereign Identity

Binding Objective-C Libraries in Xamarin.iOS

02_07_2018_«El valor de blockchain en el registro de la actividad académica: ...

Bitcoin Forensics

Product: Open Source, Ecosystems, and Intellectual Property issues

OpenId Connect in Shibboleth Identity Provider

Meetup symbotic sept21_en_v1.0_hc

Product Owners Meetup - Pivots for real

First steps with Bitcoin

8base Hyperledger Miami Meetup Presentation

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

Bits & Pixels using AI for Good.........

Alison B. Lowndes

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 4

Securing your Kubernetes cluster_ a step-by-step guide to success !

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

GraphRAG is All You need? LLM & Knowledge Graph

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Elevating Tactical DDD Patterns Through Object Calisthenics

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

FIDO Alliance Osaka Seminar: Overview.pdf

The Art of the Pitch: WordPress Relationships and Sales

When stars align: studies in data quality, knowledge graphs, and machine lear...

Key Trends Shaping the Future of Infrastructure.pdf

Bits & Pixels using AI for Good.........

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Lessons Learned from Integrating with Blockchain Identity Providers (European Identity & Cloud Conference 2018)

1. Lessons Learned from Integrating with Blockchain Identity Providers Scott Brady – Rock Solid Knowledge @scottbrady91 – Rock Solid Knowledge

2. Introductions – Scott Brady • Background in OAuth, OpenID Connect, SAML, & WS-Federation • Identity & Access Control Lead at Rock Solid Knowledge @scottbrady91 – Rock Solid Knowledge

3. Introductions – The what & why • Why: Woo, Blockchain! • What: A blockchain project that I could use as an external Identity Provider • Start: First Google search • Finish: Why I am still searching @scottbrady91 – Rock Solid Knowledge

4. I will not be naming names Unless you buy me a beer first...

5. First Google Search icoalert.com?q=identity

6. Blockchain Identity projects 91 (taken from github.com/peacekeeper/blockchain-identity) @scottbrady91 – Rock Solid Knowledge

7. Blockchain Identity projects with product pages 17 @scottbrady91 – Rock Solid Knowledge

8. Blockchain Identity projects with products available to the public 3 @scottbrady91 – Rock Solid Knowledge

9. Initial Impressions • One page developer documentation • One integration library • A developer portal for registering apps • Token was the community focus @scottbrady91 – Rock Solid Knowledge

10. The Typical Authentication Flow BlockchainBlockchain Identity ProductUser Identity Requestor Mobile Device

11. The Typical Authentication Flow BlockchainBlockchain Identity ProductUser Identity Requestor Mobile Device Resource Owner Identity Provider Client/Relying Party

12. Dig a Little Deeper… • Trademarked reinventions • Call for integration libraries • No evidence of blockchain usage • Single points of failure @scottbrady91 – Rock Solid Knowledge

13. The Code • Custom JWTs • Non-standard signing • Non-standard encryption • Usage all over the place • Hidden public keys • Private keys that aren’t private • Integration issues that are already solved @scottbrady91 – Rock Solid Knowledge

14. Relationships Identities Attributes Attribute Metadata Authentication Data Deeper Network Layers Stephen Wilson’s “Proposed Digitial Identity Stack”

15. Relationships Identities Attributes Attribute Metadata Authentication Data Deeper Network Layers Stephen Wilson’s “Proposed Digitial Identity Stack”

16. There’s Still Hope • Open standards are on the way • Distributed Identity Foundation • Sovrin • Authentication/Integration Working Groups still last… @scottbrady91 – Rock Solid Knowledge

17. We Cannot Work in Silos @scottbrady91 – Rock Solid Knowledge

18. Thanks! @scottbrady91 www.identityserver.com

Lessons Learned from Integrating with Blockchain Identity Providers (European Identity & Cloud Conference 2018)

Recommended

Recommended

More Related Content

Similar to Lessons Learned from Integrating with Blockchain Identity Providers (European Identity & Cloud Conference 2018)

Similar to Lessons Learned from Integrating with Blockchain Identity Providers (European Identity & Cloud Conference 2018) (20)

Recently uploaded

Recently uploaded (20)

Lessons Learned from Integrating with Blockchain Identity Providers (European Identity & Cloud Conference 2018)