SlideShare une entreprise Scribd logo

CIS14: Identifying Things (and Things Identifying Us)

CloudIDSummit
CloudIDSummit

Paul Madsen, Ping Identity Discussing a security and identity model for things that do not make the existing password problem orders of magnitude worse (perhaps using identity protocols like OAuth & OpenID Connect), and how our things might facilitate our own interactions with applications.

Technologie
1  sur  32
Télécharger pour lire hors ligne
IDENTITY IN THE IOT – THEIRS AND OURS Paul Madsen, Office of the CTO
2
Agenda 1. Things – their identities 2. Things - our identities 3
Agenda 1. Things – their identities 2. Things - our identities 4
What does it mean for a thing to have an identity? •  Things will have attributes that distinguish it from other things •  Things will have means to prove to other things that they a) belong to a class of things or b) are a particular thing •  Things will have means to verify that other things a) belong to a class of things or b) are a particular thing •  Things will be provisioned with certain attributes at origin but over time may add additional attributes •  Things have a finite lifetime, at the end of which some portions of their identity may need to be cancelled •  In their 50s, things will have an identity crisis – divorce their spouse, join a gym and buy a sports car. 5
6 You  (mostly)  can’t   have  security   without  iden7ty    
7 Security   Authen7ca7on   Iden7ty   Confiden7ality   Audit  
Things will operate on behalf of …. 8
Things will operate on behalf of …. 9 Gym   Track   Beer   keg   Cars   Bridge  
Things will operate on behalf of …. 10 Gym   Track   Beer   keg   Cars   Bridge  
11 How  do  we  give  users  meaningful   control  over  their  things  and  their   ability  to  operate  on  their  behalf?   1.    Ini7al  authoriza7on   2.    Ongoing  visibility   3.    Eventual  revoca7on  
Copyright © 2013 Ping Identity Corp.All rights reserved. 12
13 How  are   passwords  working   out  for  us?  
Password anti-pattern Sites  asks  YOU  for  your  GOOGLE  password  so  it   can  access  your  Google  stuff.  
Tsk tsk! •  Client must store passwords •  Teaches users to be indiscriminate with their passwords •  More difficult to move to multi-factor and federated authentication •  Doesn’t support granular permissions, e.g. X can read but not write •  Doesn’t support knowledge/differentiation of the access granted •  Doesn’t support (easy) revocation – to be sure of turning off access users must change password
Tokens instead of passwords Copyright © 2013 Ping Identity Corp.All rights reserved. 16 •  Rather than clients using passwords on their API messages, token authentication models have the client first exchange the password for a token and then use tokens on subsequent messages •  Token can represent the authorized combination of client & user •  Advantages –  Allows for granular consent –  Revocable –  No need to store passwords on device/thing •  OAuth 2.0 and OpenID Connect 1.0 key standards
1   3   4   2   3   4   5  
1   3   4   2   3   4   5   OAuth/ Connect   OAuth/ Connect   OAuth/ Connect  
1   3   4   2   3   4   5   OAuth/ Connect   OAuth/ Connect   OAuth/ Connect   OAuth/ Connect?   OAuth/ Connect?  
State of the art? Copyright © 2013 Ping Identity Corp.All rights reserved. 20 IoT  protocols   Security   MQTT   CoAP   TLS/DTLS   passwords  
Binding OAuth to MQTT 21 •  Paul  Fremantle  has  been  exploring   using  OAuth  access  tokens  on  MQTT   messages  as  alterna7ve  to  passwords   (as  MQTT  spec  now  supports)   •  An  Arduino  obtains  an  OAuth  token   from  an  authoriza7on  server  and   then  uses  on  Connect  message   •  hXp://www.slideshare.net/pizak/ securing-­‐the-­‐internet-­‐of-­‐things  
Agenda 1. Things – their identities 2. Things - our identities 22
Authentication Taxonomy Copyright © 2014 Ping Identity Corp.All rights reserved. 23 Ini7a7on   Ac7ve/ explicit   Passive/ implicit   Once   Con7nuous   Sampling  
Authentication Taxonomy Copyright © 2014 Ping Identity Corp.All rights reserved. 24 Ini7a7on   Ac7ve/ explicit   Passive/ implicit   Once   Con7nuous   Sampling   Password,  OTP,   mobile,   fingerprint,  voice  
Somethings are changing Copyright © 2014 Ping Identity Corp.All rights reserved. 25 Know   Have   Are   Know   Have   Are   Trend  
Have and have nots Copyright © 2013 Ping Identity Corp.All rights reserved. 26 RSA  SecureID   Wallet  cards  etc   USB  tokens  
Authentication Taxonomy Copyright © 2014 Ping Identity Corp.All rights reserved. 27 Ini7a7on   Ac7ve/ explicit   Passive/ implicit   Once   Con7nuous   Sampling   IP  address,   geo-­‐loca7on   Password,  OTP,   mobile,   fingerprint,  voice  
Explicit giving way to implicit Copyright © 2014 Ping Identity Corp.All rights reserved. 28 Explicit   factors   Implicit   factors                              Trend   Explicit   factors   Implicit   factors  
29 The  things  that  we  more   and  more  surround   ourselves  with  can   enable  ‘con7nuous   authen7ca7on’  
Copyright © 2014 Ping Identity Corp.All rights reserved. 30 Ini7a7on   Ac7ve/ explicit   Passive/ implicit   Once   Con7nuous   Sampling   IP  address,   geo-­‐loca7on   Keystroke,  EKG,   voice,  proximity,   transac7onal   IP  address,   geo-­‐loca7on   Authentication Taxonomy Password,  OTP,   mobile,   fingerprint,  voice  
Continuous authentication modes Copyright © 2014 Ping Identity Corp.All rights reserved. 31 • Identify the gait • Recognize the face • Listen to the voice • Sense how user holds phone • Measure pushup pace …. Demands  local  sensors  
32 My  things  thank   your  things  for   their  aXen7on  

Recommandé

CIS14: From Card to Mobile—Evolving Identity Credentials
CIS14: From Card to Mobile—Evolving Identity CredentialsCIS14: From Card to Mobile—Evolving Identity Credentials
CIS14: From Card to Mobile—Evolving Identity CredentialsCloudIDSummit
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCloudIDSummit
 
Digital jewellery
Digital jewelleryDigital jewellery
Digital jewelleryChandan Kumar Satapathy
 
Demystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDDemystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDSebastián Guerrero Selma
 
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...Cyber Security Alliance
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
Digital jewellery ppt
Digital jewellery pptDigital jewellery ppt
Digital jewellery pptDC Graphics
 

Recommandé

CIS14: From Card to Mobile—Evolving Identity Credentials
CIS14: From Card to Mobile—Evolving Identity CredentialsCIS14: From Card to Mobile—Evolving Identity Credentials
CIS14: From Card to Mobile—Evolving Identity CredentialsCloudIDSummit
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCloudIDSummit
 
Digital jewellery
Digital jewelleryDigital jewellery
Digital jewelleryChandan Kumar Satapathy
 
Demystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDDemystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDSebastián Guerrero Selma
 
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...Cyber Security Alliance
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
Digital jewellery ppt
Digital jewellery pptDigital jewellery ppt
Digital jewellery pptDC Graphics
 
Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...
Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...
Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...Localz
 
Digital jewelry
Digital jewelryDigital jewelry
Digital jewelryEshu Bujji
 
digital jewelry
digital jewelrydigital jewelry
digital jewelryShruthi K Gowda
 
Digitaljewellery presentation
Digitaljewellery presentationDigitaljewellery presentation
Digitaljewellery presentationaishwarya_320
 
Digital jewellery ppt
Digital jewellery pptDigital jewellery ppt
Digital jewellery pptRithu Pudiyaveedu
 
Digital jewellery
Digital jewelleryDigital jewellery
Digital jewellerysanith123
 
Solekai Digital Living Pitch
Solekai Digital Living PitchSolekai Digital Living Pitch
Solekai Digital Living PitchMarco Thompson
 
Presentation1
Presentation1Presentation1
Presentation1Siri Devarapalli
 
Digital jewellary
Digital jewellaryDigital jewellary
Digital jewellaryAjay kumar
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud CA API Management
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
BeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapBeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapIvan Dwyer
 
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Techsylvania
 
BeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapBeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapIvan Dwyer
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
CIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCloudIDSummit
 
BeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapBeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapIvan Dwyer
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
Smart Cards & Devices Forum 2013 - Security on mobile
Smart Cards & Devices Forum 2013 - Security on mobileSmart Cards & Devices Forum 2013 - Security on mobile
Smart Cards & Devices Forum 2013 - Security on mobileOKsystem
 

Contenu connexe

Tendances

Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...
Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...
Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...Localz
 
Digital jewelry
Digital jewelryDigital jewelry
Digital jewelryEshu Bujji
 
Digitaljewellery presentation
Digitaljewellery presentationDigitaljewellery presentation
Digitaljewellery presentationaishwarya_320
 
Digital jewellery
Digital jewelleryDigital jewellery
Digital jewellerysanith123
 
Solekai Digital Living Pitch
Solekai Digital Living PitchSolekai Digital Living Pitch
Solekai Digital Living PitchMarco Thompson
 
Digital jewellary
Digital jewellaryDigital jewellary
Digital jewellaryAjay kumar
 

Tendances (9)

Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...
Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...
Whats the best micro-location technology? We compare: ibeacon, ble, nfc, qr a...
 
Digital jewelry
Digital jewelryDigital jewelry
Digital jewelry
 
digital jewelry
digital jewelrydigital jewelry
digital jewelry
 
Digitaljewellery presentation
Digitaljewellery presentationDigitaljewellery presentation
Digitaljewellery presentation
 
Digital jewellery ppt
Digital jewellery pptDigital jewellery ppt
Digital jewellery ppt
 
Digital jewellery
Digital jewelleryDigital jewellery
Digital jewellery
 
Solekai Digital Living Pitch
Solekai Digital Living PitchSolekai Digital Living Pitch
Solekai Digital Living Pitch
 
Presentation1
Presentation1Presentation1
Presentation1
 
Digital jewellary
Digital jewellaryDigital jewellary
Digital jewellary
 

Similaire à CIS14: Identifying Things (and Things Identifying Us)

FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud CA API Management
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
BeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapBeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapIvan Dwyer
 
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Techsylvania
 
BeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapBeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapIvan Dwyer
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
CIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCloudIDSummit
 
BeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapBeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapIvan Dwyer
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
Smart Cards & Devices Forum 2013 - Security on mobile
Smart Cards & Devices Forum 2013 - Security on mobileSmart Cards & Devices Forum 2013 - Security on mobile
Smart Cards & Devices Forum 2013 - Security on mobileOKsystem
 
An Expert Panel on Safe Credentials
An Expert Panel on Safe CredentialsAn Expert Panel on Safe Credentials
An Expert Panel on Safe CredentialsEvernym
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CloudIDSummit
 
DO WE HAVE A ROUND WHEEL YET?
DO WE HAVE A ROUND WHEEL YET?DO WE HAVE A ROUND WHEEL YET?
DO WE HAVE A ROUND WHEEL YET?ForgeRock
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of ThingsFIDO Alliance
 
CIS14: Network-Aware IAM
CIS14: Network-Aware IAMCIS14: Network-Aware IAM
CIS14: Network-Aware IAMCloudIDSummit
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCloudIDSummit
 

Similaire à CIS14: Identifying Things (and Things Identifying Us) (20)

FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud Patterns to Bring Enterprise and Social Identity to the Cloud
Patterns to Bring Enterprise and Social Identity to the Cloud
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
BeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapBeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence Gap
 
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
 
BeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapBeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence Gap
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
 
CIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-SectionCIS13: Federation Protocol Cross-Section
CIS13: Federation Protocol Cross-Section
 
BeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapBeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence Gap
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
Smart Cards & Devices Forum 2013 - Security on mobile
Smart Cards & Devices Forum 2013 - Security on mobileSmart Cards & Devices Forum 2013 - Security on mobile
Smart Cards & Devices Forum 2013 - Security on mobile
 
An Expert Panel on Safe Credentials
An Expert Panel on Safe CredentialsAn Expert Panel on Safe Credentials
An Expert Panel on Safe Credentials
 
Iss lecture 5
Iss lecture 5Iss lecture 5
Iss lecture 5
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?
 
DO WE HAVE A ROUND WHEEL YET?
DO WE HAVE A ROUND WHEEL YET?DO WE HAVE A ROUND WHEEL YET?
DO WE HAVE A ROUND WHEEL YET?
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things
 
CIS14: Network-Aware IAM
CIS14: Network-Aware IAMCIS14: Network-Aware IAM
CIS14: Network-Aware IAM
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the Enterprise
 

Plus de CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

Plus de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Dernier

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Dernier (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

CIS14: Identifying Things (and Things Identifying Us)

  • 1. IDENTITY IN THE IOT – THEIRS AND OURS Paul Madsen, Office of the CTO
  • 2. 2
  • 3. Agenda 1. Things – their identities 2. Things - our identities 3
  • 4. Agenda 1. Things – their identities 2. Things - our identities 4
  • 5. What does it mean for a thing to have an identity? •  Things will have attributes that distinguish it from other things •  Things will have means to prove to other things that they a) belong to a class of things or b) are a particular thing •  Things will have means to verify that other things a) belong to a class of things or b) are a particular thing •  Things will be provisioned with certain attributes at origin but over time may add additional attributes •  Things have a finite lifetime, at the end of which some portions of their identity may need to be cancelled •  In their 50s, things will have an identity crisis – divorce their spouse, join a gym and buy a sports car. 5
  • 6. 6 You  (mostly)  can’t   have  security   without  iden7ty    
  • 7. 7 Security   Authen7ca7on   Iden7ty   Confiden7ality   Audit  
  • 8. Things will operate on behalf of …. 8
  • 9. Things will operate on behalf of …. 9 Gym   Track   Beer   keg   Cars   Bridge  
  • 10. Things will operate on behalf of …. 10 Gym   Track   Beer   keg   Cars   Bridge  
  • 11. 11 How  do  we  give  users  meaningful   control  over  their  things  and  their   ability  to  operate  on  their  behalf?   1.    Ini7al  authoriza7on   2.    Ongoing  visibility   3.    Eventual  revoca7on  
  • 12. Copyright © 2013 Ping Identity Corp.All rights reserved. 12
  • 13. 13 How  are   passwords  working   out  for  us?  
  • 14. Password anti-pattern Sites  asks  YOU  for  your  GOOGLE  password  so  it   can  access  your  Google  stuff.  
  • 15. Tsk tsk! •  Client must store passwords •  Teaches users to be indiscriminate with their passwords •  More difficult to move to multi-factor and federated authentication •  Doesn’t support granular permissions, e.g. X can read but not write •  Doesn’t support knowledge/differentiation of the access granted •  Doesn’t support (easy) revocation – to be sure of turning off access users must change password
  • 16. Tokens instead of passwords Copyright © 2013 Ping Identity Corp.All rights reserved. 16 •  Rather than clients using passwords on their API messages, token authentication models have the client first exchange the password for a token and then use tokens on subsequent messages •  Token can represent the authorized combination of client & user •  Advantages –  Allows for granular consent –  Revocable –  No need to store passwords on device/thing •  OAuth 2.0 and OpenID Connect 1.0 key standards
  • 17. 1   3   4   2   3   4   5  
  • 18. 1   3   4   2   3   4   5   OAuth/ Connect   OAuth/ Connect   OAuth/ Connect  
  • 19. 1   3   4   2   3   4   5   OAuth/ Connect   OAuth/ Connect   OAuth/ Connect   OAuth/ Connect?   OAuth/ Connect?  
  • 20. State of the art? Copyright © 2013 Ping Identity Corp.All rights reserved. 20 IoT  protocols   Security   MQTT   CoAP   TLS/DTLS   passwords  
  • 21. Binding OAuth to MQTT 21 •  Paul  Fremantle  has  been  exploring   using  OAuth  access  tokens  on  MQTT   messages  as  alterna7ve  to  passwords   (as  MQTT  spec  now  supports)   •  An  Arduino  obtains  an  OAuth  token   from  an  authoriza7on  server  and   then  uses  on  Connect  message   •  hXp://www.slideshare.net/pizak/ securing-­‐the-­‐internet-­‐of-­‐things  
  • 22. Agenda 1. Things – their identities 2. Things - our identities 22
  • 23. Authentication Taxonomy Copyright © 2014 Ping Identity Corp.All rights reserved. 23 Ini7a7on   Ac7ve/ explicit   Passive/ implicit   Once   Con7nuous   Sampling  
  • 24. Authentication Taxonomy Copyright © 2014 Ping Identity Corp.All rights reserved. 24 Ini7a7on   Ac7ve/ explicit   Passive/ implicit   Once   Con7nuous   Sampling   Password,  OTP,   mobile,   fingerprint,  voice  
  • 25. Somethings are changing Copyright © 2014 Ping Identity Corp.All rights reserved. 25 Know   Have   Are   Know   Have   Are   Trend  
  • 26. Have and have nots Copyright © 2013 Ping Identity Corp.All rights reserved. 26 RSA  SecureID   Wallet  cards  etc   USB  tokens  
  • 27. Authentication Taxonomy Copyright © 2014 Ping Identity Corp.All rights reserved. 27 Ini7a7on   Ac7ve/ explicit   Passive/ implicit   Once   Con7nuous   Sampling   IP  address,   geo-­‐loca7on   Password,  OTP,   mobile,   fingerprint,  voice  
  • 28. Explicit giving way to implicit Copyright © 2014 Ping Identity Corp.All rights reserved. 28 Explicit   factors   Implicit   factors                              Trend   Explicit   factors   Implicit   factors  
  • 29. 29 The  things  that  we  more   and  more  surround   ourselves  with  can   enable  ‘con7nuous   authen7ca7on’  
  • 30. Copyright © 2014 Ping Identity Corp.All rights reserved. 30 Ini7a7on   Ac7ve/ explicit   Passive/ implicit   Once   Con7nuous   Sampling   IP  address,   geo-­‐loca7on   Keystroke,  EKG,   voice,  proximity,   transac7onal   IP  address,   geo-­‐loca7on   Authentication Taxonomy Password,  OTP,   mobile,   fingerprint,  voice  
  • 31. Continuous authentication modes Copyright © 2014 Ping Identity Corp.All rights reserved. 31 • Identify the gait • Recognize the face • Listen to the voice • Sense how user holds phone • Measure pushup pace …. Demands  local  sensors  
  • 32. 32 My  things  thank   your  things  for   their  aXen7on