Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting “Personal Clouds” with UMA and OpenID #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more.

Published byThomasine Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "Protecting “Personal Clouds” with UMA and OpenID #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more."— Presentation transcript:

1 Protecting “Personal Clouds” with UMA and OpenID Connect @UMAWG #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more 1

2 The marvelous spiral of controlled personal data sharing 2 Further reading: tinyurl.com/umawg Further reading: tinyurl.com/umawg

3 Agenda The realities and challenges of personal data sharing “UMA for humans 101” A walk through personal cloud models Use cases How UMA leverages OpenID Connect – with demo Next steps 3 Thanks to Kantara for supporting the UMA work! Thanks to our additional webinar participants! Thanks to MIT-KIT for sponsoring this webinar and taking part!

4 The realities and challenges of personal data sharing 4

5 What is personal data? 5 Personal Data is the Life Blood of the Information Age Personal Data is the New “Oil of the Internet” Personal Data is the new currency

6 Ways to measure the value of personal data 6 Market capitalization Revenue per record/user Market Price Cost of data breach Pay to protect $112 per user record USD 1.7 per record Data breach cost $171M Source: OECD (2013), “Exploring the Economics of Personal Data: A Survey of Methodologies for Measuring Monetary Value” USD

7 Personal data risks 7 IndividualOrganization Personal Data …t e n s i o n… “72% of European citizens are concerned that their personal data may be misused…” Individuals have little visibility into the practices of the organizations they are putting their trust in – until their data is breached or misused. Risks: Loss of Trust EU commission survey 2012

8 The “personal data price” for online service is too high: typing… Provisioning by hand Provisioning by value Oversharing Lying! 8

9 The “personal data price” for online service is too high: connecting… Meaningless consent to unfavorable terms Painful, inconsistent, and messy access management Oblivious oversharing 9

10 The “personal data price” for online service is too high: private URLs… Handy but insecure Unsuitable for really sensitive data 10

11 “UMA for humans 101” 11

12 UMA turns online sharing into a privacy-by-design solution 12 The “user” in User-Managed Access (UMA) Alice hears Bob knocking – can he come in? Further reading: tinyurl.com/umapbd Further reading: tinyurl.com/umapbd

13 UMA turns online sharing into a privacy-by-design solution Historical Municipal Financial Vocational Artistic Social Geolocation Computational Genealogical Biological Legal... Historical Municipal Financial Vocational Artistic Social Geolocation Computational Genealogical Biological Legal... 13

14 UMA turns online sharing into a privacy-by-design solution I want to share this stuff selectively Among my own apps With family and friends With organizations I want to share this stuff selectively Among my own apps With family and friends With organizations I want to protect this stuff from being seen by everyone in the world 14 I want to control access proactively, not just feel forced to consent over and over

15 UMA turns online sharing into a privacy-by-design solution 15 Standardized APIs for privacy and “selective sharing” Outsources protection to a centralized “digital footprint control console”

16 A walk through personal cloud models 16

17 Personal data ecosystem emerging trends 17

18 Mapping UMA to personal clouds and life management platforms 18 Access Requesting Party LMP Bank Healthcare Home Car Data Stores Data Control Informed Pull Controlled Push

19 Mapping UMA to personal clouds and life management platforms 19 Data Stores Bank Healthcare Home Car Requesting Party LMP UMA AS

20 Mapping UMA to personal clouds and life management platforms 20 Data Stores Bank Healthcare Home Car Requesting Party LMP Resource Owner Client UMA AS manage negotiate protect manage consent authorize access

21 Use cases 21

22 Case studies for… Management and sharing of personal accessibility needs and preferences Secure sharing of university e-transcripts Healthcare relationship locator service and patient-centric consent directives Access management 2.0 for the enterprise (previous webinar) … Protecting the personal data stores of everyone at MIT 22 Further reading: tinyurl.com/umacase Further reading: tinyurl.com/umacase

23 23 Protected personal data stores: MIT’s view

24 How UMA leverages OpenID Connect 24

25 Use case: Transcript of Records sharing Student interacts with an online job application system Student fills in a job application form and provides: –Personal information –Transcript of Records document Data is transferred from the student’s personal data service –With explicit consent Employer requests access to additional data –…and this has to be confirmed by the student “Sharing Trustworthy Personal Data with Future Employers” http://kantarainitiative.org/confluence/display/uma/cv_sharing_scenario 25

26 UMA model 26

27 Scenario (Peter sharing data) 27 (Student, Job Seeker) Personal Information Transcript of Records

28 Scenario (Tom accessing data) 28 (Employer) Phone Number (Student, Job Seeker)

29 Live demo 29

30 NuveAM – Authorisation Manager UMA-compliant Authorisation Server (AS) from Cloud Identity Limited: –Access control to data in the Cloud –API security management –Real-time monitoring and audit Use cases: Securing Cloud-based Personal Data Services (PDS); Managing access to Cloud-based APIs Uses open standards, including: UMA, OAuth 2.0, OpenID Connect, SAML 2.0 Open source frameworks: Java and Python http://www.cloudidentity.co.uk/products/nuveam 30

31 Nuve User-Managed Access 31

32 UMA claims-based authorisation 32 UMA allows for the use of claims to support Claim-Based Access Control (CBAC): –Trusted claims from Trusted Third Parties –Self-asserted claims In CBAC, the decision to grant access to a protected resource is made based on Subject’s information/attributes, such as name, age, email address, role, location, credit score, etc. …or a Subject’s statement (e.g. promise to adhere to licensing terms)

33 OpenID Connect role in UMA 33 OpenID Connect (OIDC) provides authentication, consented attribute sharing, and attribute transmission capability OIDC allows third-party asserted claims from distributed sources to be collected UMA leverages OIDC in claims-gathering flow in one of two ways: –AS interacts directly with requesting parties, or –indirectly via clients

34 UMA AS Collecting Claims from Requesting Party 34 Client acting as claims conveyor Client redirects the Requesting Party to AS

35 Generic UMA Model 35

36 Client application conveying claims to UMA AS 36

37 UMA AS acting as Claims Client 37

38 UMA AS acting as Claims Client 38 UMA AS can collect additional claims from internal user store This can be a SAML- compliant IDP judt as well

39 Next steps 39

40 Next steps for the WG…and you Get involved! –Become an “UMAnitarian” (it’s free) –Participate in the interop and our implementation discussions –Follow and engage with @UMAWG on Twitter Current work: –Technical: claim profiling and core spec variations –Business: access federation trust frameworks Stay tuned for a webinar on UMA and Healthcare in Q3 40 Join at: tinyurl.com/umawg Join at: tinyurl.com/umawg

41 Questions? Thank you! @UMAWG #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more 41

Download ppt "Protecting “Personal Clouds” with UMA and OpenID #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more."

Similar presentations

User-Managed Access UMA Work tinyurl.com/umawg | tinyurl.com/umafaq IIW 16, May 2013 1.

User-Managed Access UMA Work tinyurl.com/umawg | tinyurl.com/umafaq IIW 16, May
IT Industry & Cloud Computing. Trends ‘2011- The year of high salaries and immense job opportunities for IT job seekers’ (Source – Blog.Timesjobs.com)

IT Industry & Cloud Computing. Trends ‘2011- The year of high salaries and immense job opportunities for IT job seekers’ (Source – Blog.Timesjobs.com)
Contrail and Federated Identity Management

Contrail and Federated Identity Management
User-Managed Access UMA Work tinyurl.com/umawg | tinyurl.com/umafaq 28 Aug 2013 1.

User-Managed Access UMA Work tinyurl.com/umawg | tinyurl.com/umafaq 28 Aug
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Www.incommon.org A View into the Mi$t 1 RL Bob Morgan University of Washington Co-chair, InCommon Technical Advisory Committee.

A View into the Mi$t 1 RL "Bob" Morgan University of Washington Co-chair, InCommon Technical Advisory Committee.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
SOLVE THE PROBLEM OF IDENTITY THEFT An online, real-time solution for KYC, POPI, RICA and FICA compliance May 2015 www.fidescloud.co.za.

SOLVE THE PROBLEM OF IDENTITY THEFT An online, real-time solution for KYC, POPI, RICA and FICA compliance May
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Private, Secure, Guaranteed ACH Credits – The Next Generation of Online Payments Samantha Carrier, Director, eCommerce, NACHA.

Private, Secure, Guaranteed ACH Credits – The Next Generation of Online Payments Samantha Carrier, Director, eCommerce, NACHA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.

UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Energy Ecosystem Overview David Miller Chief Security Officer.

Energy Ecosystem Overview David Miller Chief Security Officer.

Similar presentations

Ads by Google