On the other side of the rising digital business transformation, there are the individuals in many different roles, like consumers, patients, citizens, clients etc., and their also rising need for privacy and security. Putting humans into full control of their resources and personally identifiable data, which today are scattered across the whole internet, is a fundamental request for privacy in a connected world and already is or sooner or later will be a vital element of most privacy legislations around the world . User empowerment is counterbalancing the digital business and therefore requiring businesses to implement privacy into the fundamental design of their services.
In this track, we will evaluate all available privacy standards and practices, look at early adopters and put together the building blocks of a user managed digital business world where privacy is integrated by design.
After attending this block of sessions you will be able to
- Evaluate all available privacy standards and practices
- Describe early adopters when it comes to privacy and security
- Put together building blocks of a user managed digital business world where privacy is integrated by design
This block qualifies for up to 2 Group Learning based CPEs depending on the number of sessions you attended.
Protocol meets Architecture: Patterns for Construction of an OAuth Identity Platform
For the most part, OAuth 2.0 and other REST-based protocols for identity transactions are ratified and ready to use. But how can they be combined to solve the actual business problem of operating in an identity infrastructure? This session will cover the top 20 patterns of interaction for SSO, mobile, API, and provisioning use cases, showing how a practical combination of clients and scopes can result in a tightly secured identity architecture that leverages combinations of OAuth 2, SCIM, OpenID Connect, JWT assertion flow, JOSE and other protocols, including SAML. Pamela will discuss the pros and cons of solving different problems with different patterns, with the goal of naming and documenting the patterns so that they can be adopted in the industry at large.
OpenID Connect Certification
The OpenID Connect protocol has quickly gained widespread adoption, enabling easy-to-use login and API access for both Web and native applications. During its development, extensive interoperability testing was performed on a voluntary basis to ensure that different implementations would actually work together. Now that the OpenID Connect protocol is final, the OpenID Foundation is working to ensure even better interoperation between implementations by creating a self-certification program for OpenID Connect implementations, with early participants including Google, Microsoft, NRI, Salesforce, and Ping Identity. This session will describe the certification test suite software developed by Roland Hedberg of Umeå University and how OpenID Connect implementers use it to certify their implementations to the OpenID Foundation.
The Security Stack for Modern Applications: OpenID Connect and OAuth 2.0
We need a modern, mobile first and API friendly security stack for building the current and next generation of applications and services. This includes authentication, authorization and delegated API access. OpenID Connect and OAuth2 provide an unprecedented alignment in providing one unified solution for the above problems and have reached excellent true cross-platform and –vendor adoption in very short time. This talk walks you through the mechanics of the protocols and how they solve common application scenarios – especially when combined.
Securing Sensitive Data While Enhancing Privacy
This session will begin with an outline of the common technical elements of privacy regulations. The speakers will provide a high level overview of the OASIS SAML and XACML standards to elucidate how they’re used to secure sensitive data, such as government data and intellectual property. The group will describe how standards-based technologies are solving privacy issues through current use cases. The audience will hear about the U.S. Department of Homeland Security’s objectives to improve consumer privacy. And finally, the speakers will outline potential future versions and/or profiles of SAML and XACML that may enable them to better serve new privacy concerns. Audience participation will be encouraged.
Identity Strategy for Innovation
Facing The Future: Identity Opportunities for Telco Operators
With the advent of 4G/LTE, mobile operators are facing challenges and opportunities that will shape the future direction of communications for at least the next five to ten years. Faced with the erosion of revenues from the rapid encroachment of the so-called OTT (over the top) players, such as Apple, Google and many others, into their traditional market strongholds, operators are coming to the increasing realisation that data – ‘big data’ – represents their most significant asset in terms of being able to provide added value to their customers in the future. A key aspect of this transformation will be how operators are seen to astutely manage the wealth of user data at their disposal to good effect and position themselves as secure identity brokers and/or identity providers in what is already becoming a highly competitive market.
This panel session will highlight the challenges facing operators in this brave new world and give examples of how some operators are already addressing the opportunities. Whilst focused on telco, other industry sectors, such as postal and general utilities, are facing similar challenges and opportunities and the session will also get an insight from these perspectives.