Identity Enabled Disruption Chuck Mortimore VP, Product Management Salesforce Identity @cmort

identity management

identity managementrelationship ^

re·la·tion·ship noun \-shən-ˌship\ !: the way in which two or more people, groups, countries, etc., talk to, behave toward, and deal with each other

re·la·tion·ship noun \-shən-ˌship\ !: the way in which two or more people, groups, countries, etc., talk to, behave toward, and deal with each other !: a romantic or sexual friendship between two people

re·la·tion·ship noun \-shən-ˌship\ !: the way in which two or more people, groups, countries, etc., talk to, behave toward, and deal with each other !: a romantic or sexual friendship between two people !: the way in which two or more people or things are connected

: the way in which two or more people or things are connected

connected

the disruptors

the winners in the market will know their customer

and deliver an experience that proves it

and that starts with identity

so how have we historically managed relationships?

An entity-relationship model is a systematic way of describing and defining a business process. The process is modeled as components (entities) that are linked with each other by relationships that express the dependencies and requirements between them

our relationships have been conceived and expressed as a data model

“I reserve the right, not to do business with you.”

!- The Customer

_____________Today’s customer is:

FickleToday’s customer is:

LoyalToday’s customer is:

Connected Today’s customer is:

PowerfulToday’s customer is:

Expecting a relationship

_____________Customers expect:

ImmediacyCustomers expect:

HonestyCustomers expect:

TrustCustomers expect:

ConversationsCustomers expect:

IntimacyCustomers expect:

You to know themCustomers expect:

Our products must listen to the world around us, and respond with meaningful, targeted interactions

we need to manage relationships, not just track them

…and we’re not at all prepared.

where are we today?

the basics

we’ve been telling ourselves only 2 things have changed

1,000,000’s

same stuff…just more of it.

unfortunately, it’s not the same stuff

so what’s different?

dn:cn=Barbara Jensen, ou=People, dc=company, dc=com!objectclass:top!objectclass:person!objectclass:organizationalPerson!cn:Barbara Jensen!streetAddress: 118 Elsie St.!l: San Francisco! !st: CA!postalCode: 94110!country: USA

{! "schemas": ["urn:scim:schemas:core:1.0"],! "id": "2819c223-7f76-453a-919d-413861904646",! "name": {! "familyName": "Jensen",! "givenName": "Barbara",! },! "addresses": [ ! {! "type": "home",! "streetAddress": ”118 Elsie",! "locality": ”San Francisco",! "region": "CA",! "postalCode": ”94110",! "country": "USA”,! “primary”: true! },! {! "type": "work",! "streetAddress": ” 1 Market St”,

37.7427660,-122.4179400

37.7427660,-122.4179400

singular & static

multi-valued & verifiable

high-fidelity & broadcast

…and it’s changing over time

the physics of attributes is being redefined

attribute sources are exploding

these are things we understand pretty well

but what about…?

datapoints from interactions are fuel for our relationships

each of these is an interaction with a customer

…and every one is a first impression

I’ve never told Siri where I live

I’ve never told Siri where I work

I don’t see this on on Sunday

I don’t see this in Phoenix

we must develop identity systems that understand both the individual

datapoint…

and how each datapoint changes our relationships

Ok…that’s just the humans.

what about the minions?

25,000,000,000

50,000,000,000

ALO,TOF,000,000,000’s

first the good news…

authentication actually gets easier

but, our systems aren’t really designed for minions

what’s different…?

device constraints demand new capabilities

!( MQTT, MQTT-SN, CoAP )

spectrum of authentication !

( self asserted guid --> proof of possession )

semiautonomous

contextually constrained

behind every

behind every behind every device is a customer

each producing attributes that inform our relationships

what will these systems enable?

Authenticatedr

iver

passenger

Broadcast location and offer

Authenticatedr

iver

passenger

AuthenticateBroadcast location and offer

Authenticatedr

iver

passenger

AuthenticateBroadcast location and offer

Broadcast location and offer

Authenticatedr

iver

passenger

AuthenticateBroadcast location and offer

Broadcast location and offer

Authenticate

Assess location, reputation, & credit

driv

erpassenger

AuthenticateBroadcast location and offer

Broadcast location and offer

Authenticate

Assess location, reputation, & credit

Relationship Formed

driv

erpassenger

AuthenticateBroadcast location and offer

Broadcast location and offer

Authenticate

Assess location, reputation, & credit

Relationship Formed

Assess Risk and Demand

driv

erpassenger

AuthenticateBroadcast location and offer

Broadcast location and offer

Authenticate

Assess location, reputation, & credit

Relationship Formed

Assess Risk and Demand

Seamless Commerce

driv

erpassenger

AuthenticateBroadcast location and offer

Broadcast location and offer

Authenticate

Assess location, reputation, & credit

Relationship Formed

Assess Risk and Demand

Seamless Commerce

Relationship Ends

driv

erpassenger

AuthenticateBroadcast location and offer

Broadcast location and offer

Authenticate

Assess location, reputation, & credit

Relationship Formed

Assess Risk and Demand

Update Reputation Update Reputation

Seamless Commerce

Relationship Ends

driv

erpassenger

completely disruptive experience

the old model learned nothing about us

or the relationship

it will die !

( and regulation will not protect this )

Identity dictates the terms of the relationship

so what now?

identity, big data, and marketing systems are on a collision course

explore new types of persistence

analytics needs to move beyond reporting

logs_base = ! -- for each weblog string convert the weblong string into a ! -- structure with named fields! FOREACH ! raw_logs ! GENERATE ! FLATTEN ( ! EXTRACT( ! line, ! '^(\\S+) (\\S+) (\\S+) \\[([\\w:/]+\\s[+\\-]\\d{4})\\] "(.+?)" (\\S+) (\\S+) "([^"]*)" "([^"]*)"'! )! ) ! AS (! host: chararray, identity: chararray, user: chararray, time: chararray, ! request: chararray, status: int, size: chararray, referrer: chararray, ! agent: chararray! )! ;!by_agent_count_raw = ! -- group by the referrer URL and count the number of requests! FOREACH ! (GROUP logs_base BY REGEX_EXTRACT(agent,'.*(Windows|Linux).*',1)) ! GENERATE ! FLATTEN($0), ! COUNT($1) AS agent_count! ;!!by_agent_count = FILTER by_agent_count_raw by $0 IS NOT null OR ($0!='');!!dump by_agent_count;

Identity & Security composed together with business process

API enable everything

take a real look at OpenID Connect

Explore how connecting your product transforms your business

transform your organizations

did identity deliver the right access?

did identity deliver the right experience?