SlideShare une entreprise Scribd logo

The day when role based access control disappears

Télécharger en tant que PPTX, PDF
Ulf Mattsson
Ulf Mattsson

We will discuss the Good, the Bad and the Ugly of Role Based Access Control. We will review access control in systems where multiple roles are fulfilled and compare MAC, DAC and RBAC. We will present the "next generation" authorization model that provides dynamic, context-aware and risk-intelligent access control. We will discuss Identity Management, Data Discovery, AI, policy-based access control (PBAC), claims-based access control (CBAC) and key standards, including XACML and ALFA.

Technologie
1  sur  64
freecodecamp.org The day when Role Based Access Control disappears Ulf Mattsson www.TokenEx.com 1
freecodecamp.org Please submit your questions during our session! Ulf Mattsson www.TokenEx.com 2
1. Head of Innovation at TokenEx 2. Chief Technology Officer at • Protegrity • Atlantic BT • Compliance Engineering 3. Developer at IBM Research and Development 4. Inventor of more than 70 issued/awarded US Patents 5. Products and Services • Data Encryption, Tokenization, and Data Discovery, • Robotics and Applications in Manufacturing, • Cloud Application Security Brokers, and Web Application Firewalls, • Managed Security Services, and Security Operation Centers, • Contributed to the development of PCI DSS and ANSI X9 • Security and Privacy Benchmarking/Gap-analysis for Financial Industry Ulf Mattsson 3
4 Source: csrc.nist.gov 1992 Role Based Access Control (RBAC)
5 Source: csrc.nist.gov 1992 Role Based Access Control (RBAC) – Role Relationships
6 Source: csrc.nist.gov 1992 Role Based Access Control (RBAC) Multi-Role Relationships
Examples of Role Based Access Control (RBAC) Access control with separate responsibilities in a system where multiple roles are fulfilled 7
8 Examples of Role Based Access Control (RBAC) Access control with separate responsibilities in a system where multiple roles are fulfilled
Source: wikipedia MAC, DAC, RBAC and ABAC 9
Source: wikipedia DAC is the way to go to let people manage the content they own. • DAC is very good to let users of an online social network choose who accesses their data. • It allows people to revoke or forward privileges easily and immediately RBAC is a form of access control which as you said is suitable to separate responsibilities in a system where multiple roles are fulfilled. • This is obviously true in corporations (often along with compartmentalization e.g. Brewer and Nash or MCS) but can also be used on a single user operating system to implement the principle of least privilege. • RBAC is designed for separation of duties by letting users select the roles they need for a specific task. MAC in itself is vague, there are many ways to implement it for many systems. • In practice, you'll often use a combination of different paradigms. • For instance, a UNIX system mostly uses DAC but the root account bypasses DAC privileges 10 MAC, DAC, and RBAC
Issues with a Role-based access control (RBAC) 1. RBAC employs pre-defined roles that carry a specific set of privileges 2. Lack of policies that express a complex Boolean rule set that can evaluate many different attributes. 3. Lack of "next generation" authorization model with no dynamic, context-aware and risk- intelligent access control to resources allowing access control policies that include specific attributes from many different information systems 4. Implementation may take 2 year and cost $10 million in a large organization 11
Why ABAC? 12
IDMWORKS What is Attribute Based Access Control (ABAC)? ABAC is an effort to shift the paradigm of granting resource access to a specific user to granting access based on the value of a user’s attributes. • While user authentication is still required the access is no longer granted via a specific ACL. • Instead at the point of authentication a decision is made based on the value of specific attributes whether or not access should be granted. This approach significantly decreases the administration required to maintain data security. It also ensures that data is available real time to those who need it and are authorized to view/use it. • No longer are provisioning request required in order to gain access to the data since access is evaluated and granted real time. ABAC provides particular advantages when it is deployed in a Federated environment. • Access is determined by the agreement between the two entities (business, organizations, governments, etc…) and then is enforced by the Policy Enforcement Point (PEP) at the time of access. Each entity maintains autonomous control of their identities. 13
Source: wikipedia Attribute-based access control (ABAC) 1. Defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. 2. The policies can use any type of attributes (user attributes, resource attributes, object, environment attributes etc.). 3. This model supports Boolean logic, in which rules contain "IF, THEN" statements about who is making the request, the resource, and the action. 4. Unlike role-based access control (RBAC), which employs pre-defined roles that carry a specific set of privileges associated with them and to which subjects are assigned, the key difference with ABAC is the concept of policies that express a complex Boolean rule set that can evaluate many different attributes. 5. ABAC is considered a "next generation" authorization model because it provides dynamic, context-aware and risk-intelligent access control to resources allowing access control policies that include specific attributes from many different information systems to be defined to resolve an authorization and achieve an efficient regulatory compliance, allowing enterprises flexibility in their implementations based on their existing infrastructures. 6. Attribute-based access control is sometimes referred to as policy-based access control (PBAC) or claims- based access control (CBAC). 14
Security Flow NIST Guide to ABAC System Definitions and Considerations Source: NIST 15
16 ABAC Trust Chain Source: NIST
Source: NIST 17 ABAC System Definitions
Access Control Functional Points Source: NIST 18
Source: BlueTalon Example of ABAC System Deployment Architecture Example of ABAC System Security Flow 19
Source: BlueTalon Example of ABAC System Deployment Architecture 20
Source: wikipedia XACML 21
Source: wikipedia XACML (eXtensible Access Control Markup Language) 1. The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies. 2. XACML is primarily an attribute-based access control system (ABAC), where attributes (bits of data) associated with a user or action or resource. 3. Role-based access control (RBAC) can also be implemented in XACML as a specialization of ABAC. 4. The XACML model supports and encourages the separation of the access decision from the point of use. When the client is decoupled from the access decision, authorization policies can be updated on the fly and affect all clients immediately. 5. ALFA has three structural elements: Like in XACML, a PolicySet can contain PolicySet and Policy elements. A Policy can contain Rule elements. A Rule contains a decision. 22
Source: EMPOWERID RBAC / ABAC Hybrid 23
24Source: NIST XACML Flow
Source: wikipedia Data Discovery 25
Source: BigID 26
Source: BigID 27
Source: BigID 28
Source: BigID 29
AI & ML 30
Discovery, Mapping, Analysis and Risk Mitigation Source: BigID 31 Article 30 - Records of processing activities - EU General Data Protection Regulation (EU-GDPR)
Automate Consent Tracking And Data Governance 1. Advanced ML PII & PI Discovery & Access Intelligence For Security & Privacy. Petabyte Scale. ML Driven. Structured & Unstructured. Data Subject Rights. 2. Artificial Intelligence (AI) is prevalent in everything from autocorrect to music recommendations, from Frankenstein’s monster to replicants and paranoid robots. 3. Formalized in the 1950s, AI has moved past speculative fiction and is an inescapable part of our everyday lives. 4. The past few years have seen a significant rise in software projects that use Artificial Intelligence and Machine Learning. 5. Although often used interchangeably, Artificial Intelligence (AI) and Machine Learning (ML) are not the same. 6. Think of AI as intelligence, and ML as knowledge. Source: BigID and Groundlabs 32
33
34
Artificial Intelligence • At the core of most, if not all, advanced artificial intelligence or machine learning systems is optimization problems. • Machine learning is an incredibly iterative process, and utilizes huge data sets to learn and evolve to figure out improved approaches to the problem at hand. • Novel quantum algorithms could dramatically accelerate the underlying processing required for machine learning. The strange, nearly metaphysical nature that governs how qubits operate in quantum computing, not only hold the key for better and faster artificial intelligence, but may also be the secret to true artificial intelligence. 35
The Difference Between Artificial Intelligence and Machine Learning • Artificial Intelligence describes the ability of machines to perform tasks that are typically associated with human activity and intelligence: reasoning, learning, natural language processing, perception, etc. Any “smart” activity performed by a machine falls under AI. • Artificial Intelligence is the capability of a machine to imitate intelligent human behavior. • Machine Learning is a subset of AI. • ML is a set of algorithms that are built to achieve AI: those algorithms require the ability to learn from data, modify themselves when exposed to more data, and are able to achieve a goal without being explicitly programmed. Source: BigID and Groundlabs 36
37
38
39
EU GDPR Fines • When French regulators cited Europe's fledgling General Data Protection Act (GDPR) in fining Google $57 million earlier this year for playing fast and loose with consumer data in personalizing ads, experts called what was then the biggest fine issued under the new law the "tip of the iceberg.“ • The U.K.'s Information Commissioner's Office (ICO) on July 8 cited GDPR in announcing it would seek a $230 million fine against British Airways (equal to 1.5 percent of the company's annual revenue) for a September 2018 breach in which attackers accessed the protected data of nearly 500,000 customers through the airline's website and mobile applications. • The ICO alleged that ineffective security practices were to blame. • ICO added Marriott to the list, saying it intends to seek nearly $124 million from Marriott (or 3 percent of its annual revenue) for a breach that saw hackers maintain access to the Starwood guest reservation database between 2014 and 2018, compromising 383 million customer records. Source: rsaconference.com
GDPR and California Consumer Privacy Act (CCPA) 41
GDPR and California Consumer Privacy Act (CCPA) 42
PII Inventory • Locating sensitive PII is essential to protecting it. • However data maps alone can't provide a complete protection or privacy picture. • New privacy protection regulations mandate an individual's right to access their own data, the right-tobe-forgotten, the right to port their data and the right to be notified of a breach. Source: BigID (TokenEx partner) 43
Source: Verizon 2019 DBIR, data-breach-investigations-report Term clusters in criminal forum and marketplace posts 44
Pseudonymisation Under the GDPR Within the text of the GDPR, there are multiple references to pseudonymisation as an appropriate mechanism for protecting personal data. Pseudonymisation—replacing identifying or sensitive data with pseudonyms, is synonymous with tokenization—replacing identifying or sensitive data with tokens. Article 4 – Definitions • (1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); …such as a name, an identification number, location data, an online identifier… • (5) ‘pseudonymisation’ means the processing personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately… What is Personal Data according to EU GDPR? 45
Source: IBM Encryption and TokenizationDiscover Data Assets Security by Design EU GDPR Security Requirements – Discovery, Encryption and Tokenization
Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Tokenization for Cross Border Data-centric Security (EU GDPR) • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting 47
Type of Data Use Case I Structured How Should I Secure Different Types of Data? I Un-structured Simple – Complex – PCI PHI PII Encryption of Files Card Holder Data Tokenization of Fields Protected Health Information Personally Identifiable Information 48
Application of Data Security and Privacy techniques On-premises, in Public, and Private Clouds Vault-based tokenization (VBT) Suitable for cloud deployment and centralized token generation. CPU impact and latency is typically similar to a database lookup query transaction. Vault-less tokenization (VLT) Suitable for on-premises deployment and distributed token generation. Suitable for high performance requirements, including transaction switches and Datawarehouse databases. CPU impact is typically similar to AES encryption. Format Preserving Encryption (FPE) Suitable for any deployment model. CPU impact is typically 10 times more than AES encryption Homomorphic Encryption (HE) Suitable for public cloud based computation with operations on encrypted data values is required. CPU impact for asymmetric crypto operational can be significant compared to AES and other symmetric crypto algorithms. Masking Since masking is a one-way process, not reversable, it may be less suitable in operational transaction systems. Server Model Suitable for cloud deployment models. CPU impact for cleaning the database similar to a database scan with change transactions. Local Model Suitable for client side of any deployment model. CPU impact for cleaning the database is similar to a database scan with change transactions. L-diversity Suitable for privacy for any deployment model. CPU impact for cleaning the database similar to a database scan with change transactions. T-closeness Suitable for privacy in any deployment model. CPU impact for cleaning the database similar to a database scan with change transactions. Tokenization (T) Privacy enhancing data de-identification terminology and classification of techniques Cryptographic tools (CT) Formal privacy measurement models (PMM) Differential Privacy (DP) K-anonymity model De-identification techniques (DT) Data Security and Privacy techniques 49
Data Security and Privacy Standard Source: INTERNATIONAL STANDARD ISO/IEC 20889 Encrypted data has the same format Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM) De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator**” The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple and Google 50
Minimization Devaluation/Pseudonymisation/ Tokenization Data Hashing/Masking Encryption DataUtility Data Protection Max Utility Min Utility Min Protection Max Protection Source:TokenEx Data Security Approaches 51
Gartner Hype Cycle for DataOps DataOps 52
Definition: DataOps is a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and consumers across an organization. The goal of DataOps is to create predictable delivery and change management of data, data models and related artifacts. DataOps uses technology to automate data delivery with the appropriate levels of security, quality and metadata to improve the use and value of data in a dynamic environment. Position and Adoption Speed Justification: Currently, there are no standards or known frameworks for DataOps. Today's loose interpretation makes it difficult to know where to begin, what success looks like, or if organizations are even "doing DataOps" at all. This lack of a documented discipline will likely inhibit adoption of the practice over the next 12 to 18 months, feeding the confusion and driving hype further. A growing number of technology providers are adopting the DataOps terminology and even claiming to offer DataOps solutions. At the same time, Gartner sees early-stage interest from data and analytics teams asking about the concepts. Given the tremendous pressure to achieve faster delivery of new and enhanced data analytics capabilities, DataOps will quickly traverse the first half of the Hype Cycle. User Advice: As a new practice, DataOps will be most successful on projects targeting a small scope with some level of executive sponsorship, primarily from the CDO or other top data and analytics leader. Executive sponsorship will be key as DataOps represents a new way of delivering data to consumers. Practitioners will have to overcome the resistance to change existing practices as they introduce this concept. 53 Gartner - DataOps
DataOps is NOT Just DevOps for Data • One common misconception about DataOps is that it is just DevOps applied to data analytics. • It communicates that data analytics can achieve what software development attained with DevOps. • DataOps can yield an order of magnitude improvement in quality and cycle time when data teams utilize new tools and methodologies. • The specific ways that DataOps achieves these gains reflect the unique people, processes and tools characteristic of data teams (versus software development teams using DevOps). Source: datakitchen 54
55 DataOps
On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization Example: 50% Lower Total Cost 56
Source: wikipedia Identity Management 57
#1 Siloed (Centralized) Identity1 S YOU ACCOUNT ORG STANDARDS: Source: Sovrin.org
#2 Third-Party IDP (Federated) Identity YOU ACCOUNT ORG STANDARDS: IDP Source: Sovrin.org
#3 Self-Sovereign Identity (SSI) YOU CONNECTION PEER DISTRIBUTED LEDGER (BLOCKCHAIN) Source: Sovrin.org The Sovrin Network is the first public-permissioned blockchain designed as a global public utility exclusively to support self-sovereign identity and verifiable claims. Recent advancements in blockchain technology now allow every public key to have its own address, which is called a decentralized identifier (DID).
#3 Self-Sovereign Identity (SSI) PEER DISTRIBUTED LEDGER (BLOCKCHAIN) DIGITAL WALLET CONNECTION GET CREDENTIAL SHOW CREDENTIAL 1 DIDs 2 DKMS 3 DID AUTH 4 Verifiable Credentials Source: Sovrin.org
OpenID Source: https://openid.net/ What is OpenID Connect? OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible”. It’s uniquely easy for developers to integrate, compared to any preceding Identity protocol. OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files. For the app builder, it provides a secure verifiable, answer to the question: “What is the identity of the person currently using the browser or native app that is connected to me?” The OpenID Foundation (OIDF) promotes, protects and nurtures the OpenID community and technologies. The OpenID Foundation is a non-profit international standardization organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users.
Self-Sovereign Identity (SSI)
Thank You! Ulf Mattsson, TokenEx www.TokenEx.com 64

Recommandé

Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Shreeraj Shah
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityRyan Dawson
 
Cinema booking system | Movie Booking System
Cinema booking system | Movie Booking SystemCinema booking system | Movie Booking System
Cinema booking system | Movie Booking Systemsekarsadasivam
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
OAuth2 + API Security
OAuth2 + API SecurityOAuth2 + API Security
OAuth2 + API SecurityAmila Paranawithana
 

Recommandé

Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Shreeraj Shah
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityRyan Dawson
 
Cinema booking system | Movie Booking System
Cinema booking system | Movie Booking SystemCinema booking system | Movie Booking System
Cinema booking system | Movie Booking Systemsekarsadasivam
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTProf. Jacques Folon (Ph.D)
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
OAuth2 + API Security
OAuth2 + API SecurityOAuth2 + API Security
OAuth2 + API SecurityAmila Paranawithana
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager BasicsChekka Venkateshwar Rao
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
Software Architecture Document Final
Software Architecture Document FinalSoftware Architecture Document Final
Software Architecture Document FinalAli Ahmed
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
API Sandbox: Empowering Developer Experience (DX)
API Sandbox: Empowering Developer Experience (DX)API Sandbox: Empowering Developer Experience (DX)
API Sandbox: Empowering Developer Experience (DX)Faisal Banaeamah
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access controlElimity
 
Blockchain and BPM - Reflections on Four Years of Research and Applications
Blockchain and BPM - Reflections on Four Years of Research and ApplicationsBlockchain and BPM - Reflections on Four Years of Research and Applications
Blockchain and BPM - Reflections on Four Years of Research and ApplicationsIngo Weber
 
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?David Brossard
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access ControlEmpowerID
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API GatewayAlbert Lombarte
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
Caching Strategies
Caching StrategiesCaching Strategies
Caching StrategiesMichal Špaček
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBACAjit Dadresa
 
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)Highlights of AWS ReInvent 2023 (Announcements and Best Practices)
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)Emprovise
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
Apache Kafka: Past, Present and Future
Apache Kafka: Past, Present and FutureApache Kafka: Past, Present and Future
Apache Kafka: Past, Present and Futureconfluent
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Opa in the api management world
Opa in the api management worldOpa in the api management world
Opa in the api management worldLuca Mattia Ferrari
 
State of the Art in Cloud Security
State of the Art in Cloud SecurityState of the Art in Cloud Security
State of the Art in Cloud Securityijsrd.com
 

Contenu connexe

Tendances

Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
Software Architecture Document Final
Software Architecture Document FinalSoftware Architecture Document Final
Software Architecture Document FinalAli Ahmed
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
API Sandbox: Empowering Developer Experience (DX)
API Sandbox: Empowering Developer Experience (DX)API Sandbox: Empowering Developer Experience (DX)
API Sandbox: Empowering Developer Experience (DX)Faisal Banaeamah
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access controlElimity
 
Blockchain and BPM - Reflections on Four Years of Research and Applications
Blockchain and BPM - Reflections on Four Years of Research and ApplicationsBlockchain and BPM - Reflections on Four Years of Research and Applications
Blockchain and BPM - Reflections on Four Years of Research and ApplicationsIngo Weber
 
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?David Brossard
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access ControlEmpowerID
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBACAjit Dadresa
 
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)Highlights of AWS ReInvent 2023 (Announcements and Best Practices)
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)Emprovise
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
Apache Kafka: Past, Present and Future
Apache Kafka: Past, Present and FutureApache Kafka: Past, Present and Future
Apache Kafka: Past, Present and Futureconfluent
 

Tendances (20)

Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuth
 
Software Architecture Document Final
Software Architecture Document FinalSoftware Architecture Document Final
Software Architecture Document Final
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
API Sandbox: Empowering Developer Experience (DX)
API Sandbox: Empowering Developer Experience (DX)API Sandbox: Empowering Developer Experience (DX)
API Sandbox: Empowering Developer Experience (DX)
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access control
 
Blockchain and BPM - Reflections on Four Years of Research and Applications
Blockchain and BPM - Reflections on Four Years of Research and ApplicationsBlockchain and BPM - Reflections on Four Years of Research and Applications
Blockchain and BPM - Reflections on Four Years of Research and Applications
 
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access Control
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API Gateway
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
 
Caching Strategies
Caching StrategiesCaching Strategies
Caching Strategies
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
 
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)Highlights of AWS ReInvent 2023 (Announcements and Best Practices)
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
Apache Kafka: Past, Present and Future
Apache Kafka: Past, Present and FutureApache Kafka: Past, Present and Future
Apache Kafka: Past, Present and Future
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 

Similaire à The day when role based access control disappears

State of the Art in Cloud Security
State of the Art in Cloud SecurityState of the Art in Cloud Security
State of the Art in Cloud Securityijsrd.com
 
BlockChain AI project.docx
BlockChain AI project.docxBlockChain AI project.docx
BlockChain AI project.docxAnmolChahuan
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challengessidraasif9090
 
Iaetsd enhancement of performance and security in bigdata processing
Iaetsd enhancement of performance and security in bigdata processingIaetsd enhancement of performance and security in bigdata processing
Iaetsd enhancement of performance and security in bigdata processingIaetsd Iaetsd
 
Dynamic Semantics for Semantics for Dynamic IoT Environments
Dynamic Semantics for Semantics for Dynamic IoT EnvironmentsDynamic Semantics for Semantics for Dynamic IoT Environments
Dynamic Semantics for Semantics for Dynamic IoT EnvironmentsPayamBarnaghi
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
IRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage
IRJET- Efficient Traceable Authorization Search System for Secure Cloud StorageIRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage
IRJET- Efficient Traceable Authorization Search System for Secure Cloud StorageIRJET Journal
 
CPaaS.io Y1 Review Meeting - Citizen Empowerment
CPaaS.io Y1 Review Meeting - Citizen EmpowermentCPaaS.io Y1 Review Meeting - Citizen Empowerment
CPaaS.io Y1 Review Meeting - Citizen EmpowermentStephan Haller
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
IRJET- Estimation of a Good Fit with Blockchain and Identity and Access Manag...
IRJET- Estimation of a Good Fit with Blockchain and Identity and Access Manag...IRJET- Estimation of a Good Fit with Blockchain and Identity and Access Manag...
IRJET- Estimation of a Good Fit with Blockchain and Identity and Access Manag...IRJET Journal
 
Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...
Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...
Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...JobandeepKaur2
 
Enhanced Hybrid Blowfish and ECC Encryption to Secure Cloud Data Access and S...
Enhanced Hybrid Blowfish and ECC Encryption to Secure Cloud Data Access and S...Enhanced Hybrid Blowfish and ECC Encryption to Secure Cloud Data Access and S...
Enhanced Hybrid Blowfish and ECC Encryption to Secure Cloud Data Access and S...IJCSIS Research Publications
 
Enforcing secure and privacy preserving information brokering in distributed ...
Enforcing secure and privacy preserving information brokering in distributed ...Enforcing secure and privacy preserving information brokering in distributed ...
Enforcing secure and privacy preserving information brokering in distributed ...IEEEFINALYEARPROJECTS
 
Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...
Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...
Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...IJCERT JOURNAL
 
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Dilum Bandara
 

Similaire à The day when role based access control disappears (20)

Opa in the api management world
Opa in the api management worldOpa in the api management world
Opa in the api management world
 
State of the Art in Cloud Security
State of the Art in Cloud SecurityState of the Art in Cloud Security
State of the Art in Cloud Security
 
BlockChain AI project.docx
BlockChain AI project.docxBlockChain AI project.docx
BlockChain AI project.docx
 
Alliance Compant Presentation
Alliance Compant PresentationAlliance Compant Presentation
Alliance Compant Presentation
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challenges
 
Iaetsd enhancement of performance and security in bigdata processing
Iaetsd enhancement of performance and security in bigdata processingIaetsd enhancement of performance and security in bigdata processing
Iaetsd enhancement of performance and security in bigdata processing
 
Dynamic Semantics for Semantics for Dynamic IoT Environments
Dynamic Semantics for Semantics for Dynamic IoT EnvironmentsDynamic Semantics for Semantics for Dynamic IoT Environments
Dynamic Semantics for Semantics for Dynamic IoT Environments
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
IRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage
IRJET- Efficient Traceable Authorization Search System for Secure Cloud StorageIRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage
IRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage
 
CPaaS.io Y1 Review Meeting - Citizen Empowerment
CPaaS.io Y1 Review Meeting - Citizen EmpowermentCPaaS.io Y1 Review Meeting - Citizen Empowerment
CPaaS.io Y1 Review Meeting - Citizen Empowerment
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
IRJET- Estimation of a Good Fit with Blockchain and Identity and Access Manag...
IRJET- Estimation of a Good Fit with Blockchain and Identity and Access Manag...IRJET- Estimation of a Good Fit with Blockchain and Identity and Access Manag...
IRJET- Estimation of a Good Fit with Blockchain and Identity and Access Manag...
 
Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...
Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...
Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...
 
Enhanced Hybrid Blowfish and ECC Encryption to Secure Cloud Data Access and S...
Enhanced Hybrid Blowfish and ECC Encryption to Secure Cloud Data Access and S...Enhanced Hybrid Blowfish and ECC Encryption to Secure Cloud Data Access and S...
Enhanced Hybrid Blowfish and ECC Encryption to Secure Cloud Data Access and S...
 
Enforcing secure and privacy preserving information brokering in distributed ...
Enforcing secure and privacy preserving information brokering in distributed ...Enforcing secure and privacy preserving information brokering in distributed ...
Enforcing secure and privacy preserving information brokering in distributed ...
 
Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...
Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...
Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...
 
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
 
Pp1t
Pp1tPp1t
Pp1t
 
pp1t
pp1tpp1t
pp1t
 

Plus de Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesUlf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeUlf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 

Plus de Ulf Mattsson (20)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 

Dernier

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Dernier (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

The day when role based access control disappears

  • 1. freecodecamp.org The day when Role Based Access Control disappears Ulf Mattsson www.TokenEx.com 1
  • 2. freecodecamp.org Please submit your questions during our session! Ulf Mattsson www.TokenEx.com 2
  • 3. 1. Head of Innovation at TokenEx 2. Chief Technology Officer at • Protegrity • Atlantic BT • Compliance Engineering 3. Developer at IBM Research and Development 4. Inventor of more than 70 issued/awarded US Patents 5. Products and Services • Data Encryption, Tokenization, and Data Discovery, • Robotics and Applications in Manufacturing, • Cloud Application Security Brokers, and Web Application Firewalls, • Managed Security Services, and Security Operation Centers, • Contributed to the development of PCI DSS and ANSI X9 • Security and Privacy Benchmarking/Gap-analysis for Financial Industry Ulf Mattsson 3
  • 5. 5 Source: csrc.nist.gov 1992 Role Based Access Control (RBAC) – Role Relationships
  • 6. 6 Source: csrc.nist.gov 1992 Role Based Access Control (RBAC) Multi-Role Relationships
  • 7. Examples of Role Based Access Control (RBAC) Access control with separate responsibilities in a system where multiple roles are fulfilled 7
  • 8. 8 Examples of Role Based Access Control (RBAC) Access control with separate responsibilities in a system where multiple roles are fulfilled
  • 10. Source: wikipedia DAC is the way to go to let people manage the content they own. • DAC is very good to let users of an online social network choose who accesses their data. • It allows people to revoke or forward privileges easily and immediately RBAC is a form of access control which as you said is suitable to separate responsibilities in a system where multiple roles are fulfilled. • This is obviously true in corporations (often along with compartmentalization e.g. Brewer and Nash or MCS) but can also be used on a single user operating system to implement the principle of least privilege. • RBAC is designed for separation of duties by letting users select the roles they need for a specific task. MAC in itself is vague, there are many ways to implement it for many systems. • In practice, you'll often use a combination of different paradigms. • For instance, a UNIX system mostly uses DAC but the root account bypasses DAC privileges 10 MAC, DAC, and RBAC
  • 11. Issues with a Role-based access control (RBAC) 1. RBAC employs pre-defined roles that carry a specific set of privileges 2. Lack of policies that express a complex Boolean rule set that can evaluate many different attributes. 3. Lack of "next generation" authorization model with no dynamic, context-aware and risk- intelligent access control to resources allowing access control policies that include specific attributes from many different information systems 4. Implementation may take 2 year and cost $10 million in a large organization 11
  • 13. IDMWORKS What is Attribute Based Access Control (ABAC)? ABAC is an effort to shift the paradigm of granting resource access to a specific user to granting access based on the value of a user’s attributes. • While user authentication is still required the access is no longer granted via a specific ACL. • Instead at the point of authentication a decision is made based on the value of specific attributes whether or not access should be granted. This approach significantly decreases the administration required to maintain data security. It also ensures that data is available real time to those who need it and are authorized to view/use it. • No longer are provisioning request required in order to gain access to the data since access is evaluated and granted real time. ABAC provides particular advantages when it is deployed in a Federated environment. • Access is determined by the agreement between the two entities (business, organizations, governments, etc…) and then is enforced by the Policy Enforcement Point (PEP) at the time of access. Each entity maintains autonomous control of their identities. 13
  • 14. Source: wikipedia Attribute-based access control (ABAC) 1. Defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. 2. The policies can use any type of attributes (user attributes, resource attributes, object, environment attributes etc.). 3. This model supports Boolean logic, in which rules contain "IF, THEN" statements about who is making the request, the resource, and the action. 4. Unlike role-based access control (RBAC), which employs pre-defined roles that carry a specific set of privileges associated with them and to which subjects are assigned, the key difference with ABAC is the concept of policies that express a complex Boolean rule set that can evaluate many different attributes. 5. ABAC is considered a "next generation" authorization model because it provides dynamic, context-aware and risk-intelligent access control to resources allowing access control policies that include specific attributes from many different information systems to be defined to resolve an authorization and achieve an efficient regulatory compliance, allowing enterprises flexibility in their implementations based on their existing infrastructures. 6. Attribute-based access control is sometimes referred to as policy-based access control (PBAC) or claims- based access control (CBAC). 14
  • 15. Security Flow NIST Guide to ABAC System Definitions and Considerations Source: NIST 15
  • 17. Source: NIST 17 ABAC System Definitions
  • 19. Source: BlueTalon Example of ABAC System Deployment Architecture Example of ABAC System Security Flow 19
  • 20. Source: BlueTalon Example of ABAC System Deployment Architecture 20
  • 22. Source: wikipedia XACML (eXtensible Access Control Markup Language) 1. The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies. 2. XACML is primarily an attribute-based access control system (ABAC), where attributes (bits of data) associated with a user or action or resource. 3. Role-based access control (RBAC) can also be implemented in XACML as a specialization of ABAC. 4. The XACML model supports and encourages the separation of the access decision from the point of use. When the client is decoupled from the access decision, authorization policies can be updated on the fly and affect all clients immediately. 5. ALFA has three structural elements: Like in XACML, a PolicySet can contain PolicySet and Policy elements. A Policy can contain Rule elements. A Rule contains a decision. 22
  • 23. Source: EMPOWERID RBAC / ABAC Hybrid 23
  • 31. Discovery, Mapping, Analysis and Risk Mitigation Source: BigID 31 Article 30 - Records of processing activities - EU General Data Protection Regulation (EU-GDPR)
  • 32. Automate Consent Tracking And Data Governance 1. Advanced ML PII & PI Discovery & Access Intelligence For Security & Privacy. Petabyte Scale. ML Driven. Structured & Unstructured. Data Subject Rights. 2. Artificial Intelligence (AI) is prevalent in everything from autocorrect to music recommendations, from Frankenstein’s monster to replicants and paranoid robots. 3. Formalized in the 1950s, AI has moved past speculative fiction and is an inescapable part of our everyday lives. 4. The past few years have seen a significant rise in software projects that use Artificial Intelligence and Machine Learning. 5. Although often used interchangeably, Artificial Intelligence (AI) and Machine Learning (ML) are not the same. 6. Think of AI as intelligence, and ML as knowledge. Source: BigID and Groundlabs 32
  • 33. 33
  • 34. 34
  • 35. Artificial Intelligence • At the core of most, if not all, advanced artificial intelligence or machine learning systems is optimization problems. • Machine learning is an incredibly iterative process, and utilizes huge data sets to learn and evolve to figure out improved approaches to the problem at hand. • Novel quantum algorithms could dramatically accelerate the underlying processing required for machine learning. The strange, nearly metaphysical nature that governs how qubits operate in quantum computing, not only hold the key for better and faster artificial intelligence, but may also be the secret to true artificial intelligence. 35
  • 36. The Difference Between Artificial Intelligence and Machine Learning • Artificial Intelligence describes the ability of machines to perform tasks that are typically associated with human activity and intelligence: reasoning, learning, natural language processing, perception, etc. Any “smart” activity performed by a machine falls under AI. • Artificial Intelligence is the capability of a machine to imitate intelligent human behavior. • Machine Learning is a subset of AI. • ML is a set of algorithms that are built to achieve AI: those algorithms require the ability to learn from data, modify themselves when exposed to more data, and are able to achieve a goal without being explicitly programmed. Source: BigID and Groundlabs 36
  • 37. 37
  • 38. 38
  • 39. 39
  • 40. EU GDPR Fines • When French regulators cited Europe's fledgling General Data Protection Act (GDPR) in fining Google $57 million earlier this year for playing fast and loose with consumer data in personalizing ads, experts called what was then the biggest fine issued under the new law the "tip of the iceberg.“ • The U.K.'s Information Commissioner's Office (ICO) on July 8 cited GDPR in announcing it would seek a $230 million fine against British Airways (equal to 1.5 percent of the company's annual revenue) for a September 2018 breach in which attackers accessed the protected data of nearly 500,000 customers through the airline's website and mobile applications. • The ICO alleged that ineffective security practices were to blame. • ICO added Marriott to the list, saying it intends to seek nearly $124 million from Marriott (or 3 percent of its annual revenue) for a breach that saw hackers maintain access to the Starwood guest reservation database between 2014 and 2018, compromising 383 million customer records. Source: rsaconference.com
  • 41. GDPR and California Consumer Privacy Act (CCPA) 41
  • 42. GDPR and California Consumer Privacy Act (CCPA) 42
  • 43. PII Inventory • Locating sensitive PII is essential to protecting it. • However data maps alone can't provide a complete protection or privacy picture. • New privacy protection regulations mandate an individual's right to access their own data, the right-tobe-forgotten, the right to port their data and the right to be notified of a breach. Source: BigID (TokenEx partner) 43
  • 44. Source: Verizon 2019 DBIR, data-breach-investigations-report Term clusters in criminal forum and marketplace posts 44
  • 45. Pseudonymisation Under the GDPR Within the text of the GDPR, there are multiple references to pseudonymisation as an appropriate mechanism for protecting personal data. Pseudonymisation—replacing identifying or sensitive data with pseudonyms, is synonymous with tokenization—replacing identifying or sensitive data with tokens. Article 4 – Definitions • (1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); …such as a name, an identification number, location data, an online identifier… • (5) ‘pseudonymisation’ means the processing personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately… What is Personal Data according to EU GDPR? 45
  • 46. Source: IBM Encryption and TokenizationDiscover Data Assets Security by Design EU GDPR Security Requirements – Discovery, Encryption and Tokenization
  • 47. Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Tokenization for Cross Border Data-centric Security (EU GDPR) • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting 47
  • 48. Type of Data Use Case I Structured How Should I Secure Different Types of Data? I Un-structured Simple – Complex – PCI PHI PII Encryption of Files Card Holder Data Tokenization of Fields Protected Health Information Personally Identifiable Information 48
  • 49. Application of Data Security and Privacy techniques On-premises, in Public, and Private Clouds Vault-based tokenization (VBT) Suitable for cloud deployment and centralized token generation. CPU impact and latency is typically similar to a database lookup query transaction. Vault-less tokenization (VLT) Suitable for on-premises deployment and distributed token generation. Suitable for high performance requirements, including transaction switches and Datawarehouse databases. CPU impact is typically similar to AES encryption. Format Preserving Encryption (FPE) Suitable for any deployment model. CPU impact is typically 10 times more than AES encryption Homomorphic Encryption (HE) Suitable for public cloud based computation with operations on encrypted data values is required. CPU impact for asymmetric crypto operational can be significant compared to AES and other symmetric crypto algorithms. Masking Since masking is a one-way process, not reversable, it may be less suitable in operational transaction systems. Server Model Suitable for cloud deployment models. CPU impact for cleaning the database similar to a database scan with change transactions. Local Model Suitable for client side of any deployment model. CPU impact for cleaning the database is similar to a database scan with change transactions. L-diversity Suitable for privacy for any deployment model. CPU impact for cleaning the database similar to a database scan with change transactions. T-closeness Suitable for privacy in any deployment model. CPU impact for cleaning the database similar to a database scan with change transactions. Tokenization (T) Privacy enhancing data de-identification terminology and classification of techniques Cryptographic tools (CT) Formal privacy measurement models (PMM) Differential Privacy (DP) K-anonymity model De-identification techniques (DT) Data Security and Privacy techniques 49
  • 50. Data Security and Privacy Standard Source: INTERNATIONAL STANDARD ISO/IEC 20889 Encrypted data has the same format Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM) De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator**” The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple and Google 50
  • 51. Minimization Devaluation/Pseudonymisation/ Tokenization Data Hashing/Masking Encryption DataUtility Data Protection Max Utility Min Utility Min Protection Max Protection Source:TokenEx Data Security Approaches 51
  • 52. Gartner Hype Cycle for DataOps DataOps 52
  • 53. Definition: DataOps is a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and consumers across an organization. The goal of DataOps is to create predictable delivery and change management of data, data models and related artifacts. DataOps uses technology to automate data delivery with the appropriate levels of security, quality and metadata to improve the use and value of data in a dynamic environment. Position and Adoption Speed Justification: Currently, there are no standards or known frameworks for DataOps. Today's loose interpretation makes it difficult to know where to begin, what success looks like, or if organizations are even "doing DataOps" at all. This lack of a documented discipline will likely inhibit adoption of the practice over the next 12 to 18 months, feeding the confusion and driving hype further. A growing number of technology providers are adopting the DataOps terminology and even claiming to offer DataOps solutions. At the same time, Gartner sees early-stage interest from data and analytics teams asking about the concepts. Given the tremendous pressure to achieve faster delivery of new and enhanced data analytics capabilities, DataOps will quickly traverse the first half of the Hype Cycle. User Advice: As a new practice, DataOps will be most successful on projects targeting a small scope with some level of executive sponsorship, primarily from the CDO or other top data and analytics leader. Executive sponsorship will be key as DataOps represents a new way of delivering data to consumers. Practitioners will have to overcome the resistance to change existing practices as they introduce this concept. 53 Gartner - DataOps
  • 54. DataOps is NOT Just DevOps for Data • One common misconception about DataOps is that it is just DevOps applied to data analytics. • It communicates that data analytics can achieve what software development attained with DevOps. • DataOps can yield an order of magnitude improvement in quality and cycle time when data teams utilize new tools and methodologies. • The specific ways that DataOps achieves these gains reflect the unique people, processes and tools characteristic of data teams (versus software development teams using DevOps). Source: datakitchen 54
  • 56. On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization Example: 50% Lower Total Cost 56
  • 58. #1 Siloed (Centralized) Identity1 S YOU ACCOUNT ORG STANDARDS: Source: Sovrin.org
  • 59. #2 Third-Party IDP (Federated) Identity YOU ACCOUNT ORG STANDARDS: IDP Source: Sovrin.org
  • 60. #3 Self-Sovereign Identity (SSI) YOU CONNECTION PEER DISTRIBUTED LEDGER (BLOCKCHAIN) Source: Sovrin.org The Sovrin Network is the first public-permissioned blockchain designed as a global public utility exclusively to support self-sovereign identity and verifiable claims. Recent advancements in blockchain technology now allow every public key to have its own address, which is called a decentralized identifier (DID).
  • 61. #3 Self-Sovereign Identity (SSI) PEER DISTRIBUTED LEDGER (BLOCKCHAIN) DIGITAL WALLET CONNECTION GET CREDENTIAL SHOW CREDENTIAL 1 DIDs 2 DKMS 3 DID AUTH 4 Verifiable Credentials Source: Sovrin.org
  • 62. OpenID Source: https://openid.net/ What is OpenID Connect? OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible”. It’s uniquely easy for developers to integrate, compared to any preceding Identity protocol. OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files. For the app builder, it provides a secure verifiable, answer to the question: “What is the identity of the person currently using the browser or native app that is connected to me?” The OpenID Foundation (OIDF) promotes, protects and nurtures the OpenID community and technologies. The OpenID Foundation is a non-profit international standardization organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users.
  • 64. Thank You! Ulf Mattsson, TokenEx www.TokenEx.com 64