NEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESS

Post on 20-Jun-2015

453 views 0 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

EVE MALER, VP Innovation & Emerging Technology, ForgeRock, at the European IRM Summit 2014.

Transcript of NEW INNOVATIONS IN CONSENT, PRIVACY, AND USER-MANAGED ACCESS

IAM for the Digital Customer

Identity Relationship Management

New Innovations in Consent, Privacy, and User-Managed

Access

FORGEROCK.COM

Eve Maler VP Innovation & Emerging Technology @xmlgrrl #IRMSummit

November 5, 2014

3

The Web 1.0 and Web 2.0 dark ages

4

Apps using OAuth and OpenID Connect hint at a better, if not perfect, way

5

What about selective person-to-person sharing?

6

Our choices have been ugly…or expensive and proprietary

7

Killing – or even wounding – the password kills impersonation

8

IoT 2.0 is here – and it too needs authorization

9

OpenIDConnect UMA

OAuth 2.0

The new Venn of access control

10

UMA in a nutshell ■  Draft standard for “authorization V.next” ■  Profile and application of OAuth V2.0 ■  Set of authorization, privacy, and consent APIs

■  Work Group of the Kantara Initiative ■  Not an “XACML killer”

■  Founder, chair, and “chief UMAnitarian”: ■  Heading to V1.0 in early 2015

11

Introducing the OpenUMA community project

www.forgerock.org/openuma

12

UMA is about interoperable, RESTful authorization-as-a-service

Has standardized APIs for privacy and “selective sharing”

Outsources protection to a centralizable authorization server

“authz provider”

(AzP)

“authz relying party”

(AzRP)

identity provider

(IdP)

SSO relying party (RP)

13

Use-case scenario domains Health

Financial

Education

Personal

Government

Media

Behavioral

Web

Mobile

API

IoT

14

UMA-enabled systems can respect user policies such as…

Only let my tax preparer with email TP1234@gmail.com and using client app TaxThis access my bank account data if they have authenticated strongly, and not after tax season is over.

Let my health aggregation app and my doctor’s office client app access my wifi-enabled scale API and my fitness wearable API to view and download the results they generate.

When a person driving a vehicle with an unknown ID comes into contact with my Solar Freakin’ Driveway, alert me and require my access approval.

16

We invite you to join us in the OpenUMA project!

Thank you!

FORGEROCK.COM

Eve Maler VP Innovation & Emerging Technology eve.maler@forgerock.com @xmlgrrl #IRMSummit

Top related

Safeguarding Privacy in eHRSS - eHealth...2019/09/13  · List of privacy safeguards in eHRSS Patient controlled consent management Role-based access control for healthcare professionals
 Documents
Social Distortion: Privacy, Consent, and Social Networks
 Technology
Consent and privacy - A discussion paper exploring potential
 Documents
Privacy and Consent
 Education
A Framework of Purpose and Consent for Data Security and Consumer Privacy
 Data & Analytics
Ethics, privacy and access; consent procedures...Ethics, privacy and access; consent procedures Louise Bolger UK Data Archive Looking after and managing your research data: An advanced
 Documents
PRIVACY PRINCIPLES FOR - Future of Privacy Forum...3 PRIVACY PRINCIPLES:6 1. Consent Obtain express, affirmative consent when: 1) enrolling an individual in a program that uses facial
 Documents
Contract and Consent; General Data Protection … and Consent; General Data Protection Regulation BCLT Privacy Forum Palo Alto, CA March 11, 2016 Moderated by: Paul M. Schwartz. Berkeley
 Documents
CPF - Consent Management Implementation Guide - … Sample Consent Form ... The CPF and its toolkits are based on PHIPA and represent good privacy ... The Consent Management Implementation
 Documents
Informational Privacy, Privacy Law, Consent, and Norms
 Documents
Genomic Privacy - Institute for Mathematics and its …...DTC and genomic privacy From the 23andMe website: 23andMe may collaborate with external parties. Under this informed consent,
 Documents
Waivers: Common Rule, Privacy Rule, and FDA Regulations · 2 Presentation Outline • Full Disclosure: Informed Consent & HIPAA • Informed Consent: Required Elements • Documentation
 Documents
WEB BROWSER PRIVACY & SECURITY Nan Li Informed Consent in the Mozilla Browser: Implementing Value-Sensitive Design 10/13/2009 08-534 Usability Privacy.
 Documents
Review and Synthesis Privacy Property Informed Consent.
 Documents
Consent and privacy · 2016-05-26 · contravention of a law where seeking consent might compromise an ongoing investigation. Such exceptions recognize that individual consent, and
 Documents
Ubidy Privacy Policy · Freely Given Consent: As a general principle, granting your consent and providing business information and Personal Data about you is entirely voluntarily
 Documents
Informed Consent by Design · 2011-06-30 · INFORMED CONSENT BY DESIGN 497 Paralleling this evolution in conceptions of privacy, protections for privacy have eroded, in large part
 Documents
Contents...Contents 1. Background 1 2. The ISACA Privacy Principles 2 3. Privacy Principle 1: Choice and Consent 3 4. Privacy Principle 2: Legitimate Purpose Specification and ...
 Documents
Webinar: Consent 2.0: Applying User-Managed Access to the Privacy Challenge
 Software
Intermediate Moral Concepts: Privacy, Property, and Informed Consent
 Documents

Copyright © 2022 FDOCUMENTS