Protecting “Personal Clouds” with UMA and OpenID #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more.

Slides:



Advertisements
Similar presentations
User-Managed Access UMA Work tinyurl.com/umawg | tinyurl.com/umafaq IIW 16, May
Advertisements

IT Industry & Cloud Computing. Trends ‘2011- The year of high salaries and immense job opportunities for IT job seekers’ (Source – Blog.Timesjobs.com)
Contrail and Federated Identity Management
User-Managed Access UMA Work tinyurl.com/umawg | tinyurl.com/umafaq 28 Aug
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
WSO2 Identity Server Road Map
A View into the Mi$t 1 RL "Bob" Morgan University of Washington Co-chair, InCommon Technical Advisory Committee.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
SOLVE THE PROBLEM OF IDENTITY THEFT An online, real-time solution for KYC, POPI, RICA and FICA compliance May
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Private, Secure, Guaranteed ACH Credits – The Next Generation of Online Payments Samantha Carrier, Director, eCommerce, NACHA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Energy Ecosystem Overview David Miller Chief Security Officer.
Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.
Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Cloud Computing Zach Ciccone Claudia Rodriguez Annia Aleman Xiaoying Tu Nov 14, 2013.
The 2009 HIMSS Security Survey: Insights into the Status of Healthcare Security Implementation sponsored by Symantec Meeting of the HIT Standards Committee,
Digital Catapult Challenges in Sharing proprietary and personal data Dr Robin Daniels, Redpill Group Ltd On behalf of the Digital Catapult. Chirdeep Chhabra.
EIT ICT Labs ICT Innovation & Education & Business Our mission is to foster innovative technology and entrepreneurial talent for economic growth and quality.
The Internet Identity Layer OpenID Connect Update for HIT Standards Committee’s Privacy and Security Workgroup Wednesday, March 12th from 10:00-2:45 PM.
Computer and Internet privacy (2) University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2011 Feb 2011 ITSS 4201 Internet.
Copyright ©2012 Ping Identity Corporation. All rights reserved.1.
Enforcement mechanisms for distributed authorization across domains in UMA – aka “UMA trust” Eve Maler | 22 Aug 2012 draft.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
© 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Security & Identity : From present to future Matt Flaherty, IBM Mary Ruddy, Meristic.
20 Oct 2014.
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.
06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.
Justin Richer The MITRE Corporation October 8, 2014 Overview of OAuth 2.0 and Blue Button + REST.
User-Managed Access Eve Maler, UMA Work Group | tinyurl.com/umawg 9 December
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Attribute Release and Scalable Consent \. Part of the original vision for federated identity and necessary for it to succeed Federated identity is less.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Automate Blue Button Initiative Pull Workgroup Meeting December 13, 2012.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Secure Mobile Development with NetIQ Access Manager
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Analyze This: Translating Business Needs into Technical Solutions
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
© 2015 TM Forum | 1 Service Level Management for Smart City Ecosystems and Trusted IoT Nektarios Georgalas, BT.
Connected Identity & the role of the Identity Bus Prabath Siriwardena Director of Security Architecture WSO2.
Application Authentication using Azure AD
Access Policy - Federation March 23, 2016
Azure Active Directory - Business 2 Consumer
Emerging Payments Market Developments: Trends and Risks James Van Dyke, President and Founder Presented at the Federal Reserve Bank of Atlanta, November.
eduTEAMS platform for collaboration Niels Van Dijk
Identity Federations - Overview
SaaS Application Deep Dive
The API economy will bring data-sharing power to the people
Federated IdM Across Heterogeneous Clouding Environment
NextGen Access Control Platform
X-Road as a Platform to Exchange MyData
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
Reengineering the Audit with Blockchain and Smart Contracts
Shibboleth 2.0 IdP Training: Introduction
Una herramienta para la gestión de identidad, el control de acceso y uso compatible con la regulación de identidad europea eIDAS.
API Security: OAuth, OpenID Connect & ABAC
Presentation transcript:

Protecting “Personal Clouds” with UMA and OpenID #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more 1

The marvelous spiral of controlled personal data sharing 2 Further reading: tinyurl.com/umawg Further reading: tinyurl.com/umawg

Agenda The realities and challenges of personal data sharing “UMA for humans 101” A walk through personal cloud models Use cases How UMA leverages OpenID Connect – with demo Next steps 3 Thanks to Kantara for supporting the UMA work! Thanks to our additional webinar participants! Thanks to MIT-KIT for sponsoring this webinar and taking part!

The realities and challenges of personal data sharing 4

What is personal data? 5 Personal Data is the Life Blood of the Information Age Personal Data is the New “Oil of the Internet” Personal Data is the new currency

Ways to measure the value of personal data 6 Market capitalization Revenue per record/user Market Price Cost of data breach Pay to protect $112 per user record USD 1.7 per record Data breach cost $171M Source: OECD (2013), “Exploring the Economics of Personal Data: A Survey of Methodologies for Measuring Monetary Value” USD

Personal data risks 7 IndividualOrganization Personal Data …t e n s i o n… “72% of European citizens are concerned that their personal data may be misused…” Individuals have little visibility into the practices of the organizations they are putting their trust in – until their data is breached or misused. Risks: Loss of Trust EU commission survey 2012

The “personal data price” for online service is too high: typing… Provisioning by hand Provisioning by value Oversharing Lying! 8

The “personal data price” for online service is too high: connecting… Meaningless consent to unfavorable terms Painful, inconsistent, and messy access management Oblivious oversharing 9

The “personal data price” for online service is too high: private URLs… Handy but insecure Unsuitable for really sensitive data 10

“UMA for humans 101” 11

UMA turns online sharing into a privacy-by-design solution 12 The “user” in User-Managed Access (UMA) Alice hears Bob knocking – can he come in? Further reading: tinyurl.com/umapbd Further reading: tinyurl.com/umapbd

UMA turns online sharing into a privacy-by-design solution Historical Municipal Financial Vocational Artistic Social Geolocation Computational Genealogical Biological Legal... Historical Municipal Financial Vocational Artistic Social Geolocation Computational Genealogical Biological Legal... 13

UMA turns online sharing into a privacy-by-design solution I want to share this stuff selectively Among my own apps With family and friends With organizations I want to share this stuff selectively Among my own apps With family and friends With organizations I want to protect this stuff from being seen by everyone in the world 14 I want to control access proactively, not just feel forced to consent over and over

UMA turns online sharing into a privacy-by-design solution 15 Standardized APIs for privacy and “selective sharing” Outsources protection to a centralized “digital footprint control console”

A walk through personal cloud models 16

Personal data ecosystem emerging trends 17

Mapping UMA to personal clouds and life management platforms 18 Access Requesting Party LMP Bank Healthcare Home Car Data Stores Data Control Informed Pull Controlled Push

Mapping UMA to personal clouds and life management platforms 19 Data Stores Bank Healthcare Home Car Requesting Party LMP UMA AS

Mapping UMA to personal clouds and life management platforms 20 Data Stores Bank Healthcare Home Car Requesting Party LMP Resource Owner Client UMA AS manage negotiate protect manage consent authorize access

Use cases 21

Case studies for… Management and sharing of personal accessibility needs and preferences Secure sharing of university e-transcripts Healthcare relationship locator service and patient-centric consent directives Access management 2.0 for the enterprise (previous webinar) … Protecting the personal data stores of everyone at MIT 22 Further reading: tinyurl.com/umacase Further reading: tinyurl.com/umacase

23 Protected personal data stores: MIT’s view

How UMA leverages OpenID Connect 24

Use case: Transcript of Records sharing Student interacts with an online job application system Student fills in a job application form and provides: –Personal information –Transcript of Records document Data is transferred from the student’s personal data service –With explicit consent Employer requests access to additional data –…and this has to be confirmed by the student “Sharing Trustworthy Personal Data with Future Employers” 25

UMA model 26

Scenario (Peter sharing data) 27 (Student, Job Seeker) Personal Information Transcript of Records

Scenario (Tom accessing data) 28 (Employer) Phone Number (Student, Job Seeker)

Live demo 29

NuveAM – Authorisation Manager UMA-compliant Authorisation Server (AS) from Cloud Identity Limited: –Access control to data in the Cloud –API security management –Real-time monitoring and audit Use cases: Securing Cloud-based Personal Data Services (PDS); Managing access to Cloud-based APIs Uses open standards, including: UMA, OAuth 2.0, OpenID Connect, SAML 2.0 Open source frameworks: Java and Python 30

Nuve User-Managed Access 31

UMA claims-based authorisation 32 UMA allows for the use of claims to support Claim-Based Access Control (CBAC): –Trusted claims from Trusted Third Parties –Self-asserted claims In CBAC, the decision to grant access to a protected resource is made based on Subject’s information/attributes, such as name, age, address, role, location, credit score, etc. …or a Subject’s statement (e.g. promise to adhere to licensing terms)

OpenID Connect role in UMA 33 OpenID Connect (OIDC) provides authentication, consented attribute sharing, and attribute transmission capability OIDC allows third-party asserted claims from distributed sources to be collected UMA leverages OIDC in claims-gathering flow in one of two ways: –AS interacts directly with requesting parties, or –indirectly via clients

UMA AS Collecting Claims from Requesting Party 34 Client acting as claims conveyor Client redirects the Requesting Party to AS

Generic UMA Model 35

Client application conveying claims to UMA AS 36

UMA AS acting as Claims Client 37

UMA AS acting as Claims Client 38 UMA AS can collect additional claims from internal user store This can be a SAML- compliant IDP judt as well

Next steps 39

Next steps for the WG…and you Get involved! –Become an “UMAnitarian” (it’s free) –Participate in the interop and our implementation discussions –Follow and engage on Twitter Current work: –Technical: claim profiling and core spec variations –Business: access federation trust frameworks Stay tuned for a webinar on UMA and Healthcare in Q3 40 Join at: tinyurl.com/umawg Join at: tinyurl.com/umawg

Questions? Thank #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more 41

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.