1 / 30

Welcome to the Identity Ecosystem

ID oT: Why We Need an Identity Layer IoT Slam 2016 – April 28, 2016 Marc-Anthony Signorino, IDESG Executive Director. Welcome to the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices, and tools for trusted digital identities.

jsimon
Download Presentation

Welcome to the Identity Ecosystem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IDoT: Why We Need an Identity LayerIoT Slam 2016 – April 28, 2016Marc-Anthony Signorino, IDESG Executive Director

  2. Welcome to the Identity Ecosystem The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices, and tools for trusted digital identities.

  3. Today’s Goal: Getting Identity Right EMPOWER RISK SAFE FUTURE Customers will understand policies, control their identities Manage risk through common sense identity credentials, data minimization Create an ecosystem that encourages consumer trust, enables safer transactions Ensuring civil liberties are protected by using strong authentication for IoT users

  4. Who We Are The Path to More Trustworthy Digital Identity Credentials

  5. “By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation.” • — President Barack Obama, April 2011 • National Strategy for Trusted Identities in Cyberspace

  6. Identity by the Numbers 85,611,528 17.6 85 39 62

  7. 85,611,528 records were exposed in 783 U.S. data breaches in 2014 U.S. residents age 16 or older experienced identity theft in 2014 of people took some action to prevent identity theft used mobile banking in 2014 (based on mobile phone owners with a bank account) did not use mobile banking and cited concern about security as a reason 17.6 mil 85% 39% 62%

  8. Identity Ecosystem Framework Building a Better Ecosystem

  9. What Is the IDEF? 1 2 3 First rules of the road for navigating the evolving landscape of online identity Asserts capabilities and responsibilities for individuals, companies, government agencies and organizations in the identity ecosystem Creates policy foundation for strengthening privacy and security protections for organizations and consumers alike

  10. IDEF by stakeholder group Trust Frameworks Relying Parties Consumers Offers foundational set of principles to which all frameworks can align to demonstrate interoperability Drives business value and consumer trust for those issuing or consuming credentials Enables truly trustworthy digital credentials to protect identities

  11. IDentity of Things (IDoT) The Intersection of Identity Management & The Internet of Things

  12. IoT is Booming • Juniper: $100B to be spent on Smart home tech by 2020 ($43B now) • Gartner: 25B networked devices by 2020 • IDC: IoT Market to reach $3.04T by 2020

  13. A Paradigm in Dynamic Relationships • IDoT covers ALL entity identities and relationships: • Device/Human • Device/Device • Device/Application~Service • Human/Application~Service • Must draw on IAM, IT Asset Mgt, S/W Asset Mgt

  14. Governance of Object Data • Objects in the "Internet of Things" produce data. These data might lead to personally identifiable information (PII). A car for example is able to track GPS positions and to provide a complete movement profile of a certain person. • How do you handle the users and their data?

  15. Beware of the Regulatory Cacodemons • The path forward for IoT is promising, but if we’re not careful, will create policy problems that will summon the worst Washington, DC has to offer:

  16. Beware of the Regulatory Cacodemons • The path forward for IoT is promising, but if we’re not careful, will create policy problems that will summon the worst Washington, DC has to offer: • A well-intentioned Congress.

  17. Hypothetical #1 My Connected Vehicle and the Meat-Head Kid Next Door

  18. Issues Raised in Connected Vehicles • Data ownership/control – who owns it? • Truck manufacturer? Dealer? • Service Provider (repair shop) • Truck owner, Bank who holds the note, Insurance Company? • Truck users (employees, clients, prospective buyers, family members, etc) • Passengers whose GPS locations become known? • 3rd Parties providing sensors for service (data for subscription svc, driver behavior data to determine insurance rates, government?) • What about multiple devices controlled by multiple parties? What if sold?

  19. Issues Raised in Connected Vehicles • Consent for interactions w/ numerous sensors, controllers, and reporting devices • If an auto mfr owns data collected by a vehicle, will it require consent from the vehicle owner and svc provider? • Will each user be required to provide consent for data generated while driving? • 5th Amendment, State Privacy Laws, etc.

  20. Hypothetical #3 Wearables: How Could I Run 10 Miles Today If I Weighed 350 lbs.?

  21. Issues Raised by IDoT in Healthcare • Identity Impersonation • How will devices preclude impersonation of the other devices with which they exchange data? • Will each device the might generate, process, or report private, sensitive, or confidential data be required to provide its own IAM capabilities to prevent fraudulent use? • Will devices be required to develop UN/PW to interact with other devices? • If so, who sets UN/PW criteria? How will data be stored securely? How will it be modified and updated? • Hello HIPAA/HI-TECH

  22. Hypothetical #3 Education: Keeping McGuffey’s Reader From Becoming WKRP in Cincinnati

  23. Top 10 Current Smart Techs in Ed • Smart HVAC Systems • Lighting/Maintenance • Temperature Sensors • Attendance Tracking • Wireless Door Locks • Interactive Whiteboards • Cameras & Video • Tablets & eBooks • Student ID Cards • 3D Printers

  24. Issues Raised in Connected Education • Identity discovery • Will owners/users have the ability to prevent their devices from being discovered? • Will they have selectivity about who can discover their devices? • Will they have some control over who can interrogate their devices? • Which Regulatory Schemes are Implicated? • COPPA (Children’s Online Privacy Protection Act) • FERPA (Family Educational Rights Privacy Act)

  25. The Path Forward Creating an Identity Layer in IoT

  26. IDEF Shows the Way • Transparency • User Authentication & Authorization • Data Minimization / Data Collection (in advance) • Consent • Collection for specific use, not just get all the data

  27. Solutions • IDEF allows innovators to build privacy, security, UX in before hand • Use the Identity Ecosystem Framework’s Baseline Requirements as a guide for identifying issues and resolving them

  28. Solutions • Federated Identity • Reduce the number of PWs required to authenticate diff applications, devices and trust domains through federation. • Allows users to authenticate only once with an existing credential to a trusted domain and be issued a token that allows it to authenticate to other actors and domains • Federated Single Sign On allows PWs to be replaced with standardized security tokens for everyday tools and services such as email, Social media

  29. Solutions • Federated Single Sign On • Allows PWs to be replaced with standardized security tokens for everyday tools and services such as email, Social media. • Tokens issued by a site the user logged into directly, but simultaneously gives access to a range of other applications – mitigating PW explosion • Allows specific devices to be tied to a particular user by issuing tokens specific to a relationship • Smart car to send a ‘close’ msg to a garage door controller from a diff MFR if sensed a growing distance between the car and the garage.

  30. Join the Revolution: Marc-Anthony Signorino, Executive Director MarcAnthony@IDESG.org (202) 656-2296

More Related