SlideShare a Scribd company logo

Benefits and Risks of a Single Identity - IBM Connect 2017

Gabriella Davis
Gabriella Davis

What is valuable about a single identity, why is that something people want and how achievable is it? As people work across multiple systems they encounter an equal number of barriers where they must authenticate or otherwise prove their identity in order to gain access. Ideally we always want to be showing the same information about ourselves regardless of where someone searches or how we are found. In this session we’ll discuss the issues behind both creating a single identity and simplifying authentication. We’ll also review the risks you need to be aware of, the technologies available to you and the importance of good and current personal information. This is an updated presentation that includes some speaker notes for clarity

Technology
1 of 41
Download to read offline
February 2017 Benefits and Risks of a Single Identity Gabriella Davis Technical Director - IBM Lifetime Champion The Turtle Partnership DEV-1078 IBM Connect 2017 Conference
Who Am I? Admin of all things and especially quite complicated things where the fun is Working with security , healthchecks, single sign on, design and deployment of IBM technologies and things that they talk to Stubborn and relentless problem solver Lives in London about half of the Ame gabriella@turtlepartnership.com twiDer: gabturtle Awarded the first IBM LifeAme Achievement Award for CollaboraAon SoluAons
Roadmap ForThis Session ✤ What is single identity and why would I care? ✤ What technologies are available to me? ✤ What needs to be in place for single identity to work well ✤ The risks of single identity in an IOT and online world
What DoWe Mean By Single Identity? • Identity Management • I am an individual but one that is part of this group • I take my individuality into different systems • I take information about me across different systems • This is the difference between federation and single sign on
Things have gotten a bit more complicated than that.. Multiple systems and standards including SAML, OpenID, OAuth, Facebook Login Users require logins across personal, consumer, and enterprise systems
Individual Identities Across Systems Attributes Within Systems An individual will have separate identities across different systems, where some attributes are shared such as email or name and others might be system specific. As the user moves between systems their individual identity remains the same.
Why Is Having A Single Identity Valuable? Preferences Behaviour & History Patterns BeingPresent how i use the system, how i prefer to work with it, what parts of it i prefer to see / engage with what I do, what i have interacted with in the past, what I reuse or repeat spotting ways in which I reuse or repeat in order to present information to me that I might not be aware of or highlight information that the pattern says I should be interested in just because i’m using system A doesn’t mean someone in system B can’t find and interact with me. I have one identity if signed onto multiple systems.
Key Components of Single Identity
Authentication Authentication is critical to ensure Gab Davis in SystemA is the same as Gab Davis in SystemB and the information that goes with that ‘Gab Davis” is correct
✤ Hello - have you met my friend? ✤ Is trust transferable? Trust Once you create a way in you are establishing a security level as that of the lowest entry point
✤ Access rights ✤ Identity data such as name or email ✤ System specific attributes such as your favourite drink Attributes Sparkling Wine
 Flute White Wine Glass Standard Wine Glass Light Red Wine Glass Blod Red Wine Glass
Common Authentication Technologies FEDERATION OAUTH OPENID IWA
Password Synchronisation This ISN’T Single Identity Synchronising passwords across different systems Sametime LDAP Connections LDAP Traveler Authentication Password Synchronisation Tool You’re not the same person, you’re just using the sam password You’re not the same person, you’re just using the same password
Single LDAP Source This Kind-Of Is - At Its Most Basic Authenticating against a single password in a single place Sametime Network Login Connections Mail LDAP Password Technically you are the same person as you authenticate using the same identity but that’s it, there is no other information being held or exchanged.
This Is Closer - but not quite IWA/Kerberos/SPNEGO ✤ The single authentication to Windows has granted access to other systems using the same identity 1 2 3 4 5 ACTIVE DIRECTORY GENERATES TOKEN USER TRIES TO ACCESS A WEBSITE BROWSER SENDS IWA TOKEN TO THE WEB SERVER ALONG WITH USER NAME THE WEB SERVER CONTACTS ACTIVE DIRECTORY TO VALIDATE TOKEN AND RETRIEVE THE USER’S NAME STEPS USER LOGS INTO WINDOWS
Federated Login Is Single Identity Security Assertion Markup Language 16 1 2 3 4 5 USER ATTEMPTS TO LOG IN TO A WEBSITE USER IS REDIRECTED TO IDENTITY PROVIDER IDENTITY PROVIDER REQUESTS AUTHENTICATION OR (IF USER IS LOGGED IN) RETURNS CREDENTIALS USER IS REDIRECTED BACK TO ORIGINAL SITE WITH SAML ASSERTION ATTACHED ORIGINAL SITE USES ITS SAML SERVICE PROVIDER TO CONFIRM SAML ASSERTION AND GRANT ACCESS STEPS ✤ Simple SAML Steps
SAML - Federated Single Identity 17 ✤ IdP - Identity Provider (SSO) ✤ ADFS (Active Directory Federation Services) ✤ can be combined with IWA ✤ TFIM (Tivoli Federated Identity Manager) ✤ SP - Service Provider ✤ IBM Domino (web federated login) ✤ IBM SmartCloud ✤ IBM Notes (requires ID Vault) (notes federated login)
SAML Behaviour ✤ IdP (Identity Providers) use HTTP or SOAP to communicate to SP (Service Providers) via XML based assertions ✤ Assertions have three roles ✤ Authentication ✤ Authorisation ✤ Retrieving Attributes ✤ Many kinds of authentication methods are supported depending on your chosen IdP ✤ Once initially federated no subsequent password or credentials are passed
Federation For Social Systems OAuth / OpenID / Facebook Login! OpenID is identify federation OAuth is authorisation OpenID is built on OAuth
Simplified OAuth Process 1 2 3 4 5 USER ASKS FACEBOOK (THE CONSUMER) TO POST ON THEIR ACTIVITY STREAM FACEBOOK GOES TO CONNECTIONS (THE SERVICE PROVIDER) AND ASKS FOR PERMISSION TO POST THE SERVICE PROVIDER GIVES THE CONSUMER A SECRET KEY TO GIVE TO THE USER AND A URL FOR THE USER TO CLICK ON THE USER CLICKS ON THE URL AND AUTHENTICATES WITH THE SERVICE PROVIDER THE SERVICE PROVIDER , SATISFIED THE SECRET KEY IS GOOD, WILL NOW ALLOW THE CONSUMER ACCESS TO ITS SERVICES STEPS
IBM Products As SAML Service Providers ✤ Verse on premises and cloud ✤ Domino ✤ Notes - both on premises and Smartcloud ✤ Connections ✤ WebSphere
Preparation For Federation
Directories and Data IDENTITY LOCATION HISTORY SYSTEMS
Identity ✤ Directories that are well constructed and maintained ✤ names ✤ data ✤ accounts ✤ Tie directories together with a common key
Systems ✤ Authorisation ✤ Access Levels ✤ Data Security ✤ Identifying shared attributes ✤ Configuring custom attributes in LDAP and the IdP
Location ✤ Different behaviour in different locations ✤ Locations define data ✤ Why are you here? What is your role?
History ✤ What have you done before ✤ Patterns of behaviour ✤ Suggestions based on history, location and identity
Risks
Personas ✤ Do you want to tie everything together? ✤ Do you have the same persona everywhere? ✤ Is the language you use, your opinions, your political views common everywhere ✤ and something you want to share?
Federation ✤ Once all systems are integrated all systems are vulnerable ✤ You are only as protected as your least secure password / authentication model ✤ Understand what services or service providers you have authorised, what information they hold , what their privacy policies are and what their security policies are ✤ Make sure users understand they have to logout
OAuth/OpenID ✤ Theft of credentials ✤ Excessive access and data rights ✤ Theft of data ✤ Brute force guessing of credentials ✤ URL redirects or interceptions through incomplete URL requests ✤ Token interceptions ✤ Puts the user in control - this is not a bad thing
IOT & Identity
Internet OfThings ✤ A physical device with embedded internet connectivity and “always on” status ✤ The beauty of IOT devices is that they are integrated into your life ✤ there’s no individual authentication ✤ They know everything they need to know simply because of their placement or setup ✤ Their true value is in learning about those things we discussed earlier, preferences, behaviour, patterns
RisksWith IOT ✤ Physical devices may now come with built in connectivity as an added feature ✤ Companies who didn’t deploy them for that feature may also not have security policies in place to disable or limit it ✤ Risk assessment happens too late
RisksWith IoT ✤ Privacy ✤ Safety ✤ Data Bleed ✤ Additional operational expenses
Summary
Prepare ✤ Have a good directory and define security policies such as token expiration ✤ Protect At Every Point Of Entry ✤ You don’t put a value on the information but someone else will ✤ Your identity has value ✤ Train users to log out, clean caches and understand what multi system access means ✤ Include risk assessment for IoT in any hardware purchasing and deployment
Lots of Good ✤ More passwords and stronger passwords don’t lead to better security ✤ Avoiding passwords entirely but authenticating based on existing information can be more secure ✤ Users are more likely to engage with systems that have fewer barriers to entry ✤ The more systems know about us, how we work and what we need the better they can serve us ✤ There are enormous volumes of data being produced across systems that can be used to save time, cost and effort
Questions?
Notices and disclaimers Copyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law
Notices and disclaimers continued Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

Recommended

Data modeling
Data modelingData modeling
Data modelingTala Alnaber
 
Data Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationData Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationAlan McSweeney
 
Achieving a Single View of Business – Critical Data with Master Data Management
Achieving a Single View of Business – Critical Data with Master Data ManagementAchieving a Single View of Business – Critical Data with Master Data Management
Achieving a Single View of Business – Critical Data with Master Data ManagementDATAVERSITY
 
Capability Model_Data Governance
Capability Model_Data GovernanceCapability Model_Data Governance
Capability Model_Data GovernanceSteve Novak
 
Business Value Through Reference and Master Data Strategies
Business Value Through Reference and Master Data StrategiesBusiness Value Through Reference and Master Data Strategies
Business Value Through Reference and Master Data StrategiesDATAVERSITY
 
Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Alan McSweeney
 
Data Modeling Fundamentals
Data Modeling FundamentalsData Modeling Fundamentals
Data Modeling FundamentalsDATAVERSITY
 
LDM Slides: How Data Modeling Fits into an Overall Enterprise Architecture
LDM Slides: How Data Modeling Fits into an Overall Enterprise ArchitectureLDM Slides: How Data Modeling Fits into an Overall Enterprise Architecture
LDM Slides: How Data Modeling Fits into an Overall Enterprise ArchitectureDATAVERSITY
 

Recommended

Data modeling
Data modelingData modeling
Data modelingTala Alnaber
 
Data Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationData Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationAlan McSweeney
 
Achieving a Single View of Business – Critical Data with Master Data Management
Achieving a Single View of Business – Critical Data with Master Data ManagementAchieving a Single View of Business – Critical Data with Master Data Management
Achieving a Single View of Business – Critical Data with Master Data ManagementDATAVERSITY
 
Capability Model_Data Governance
Capability Model_Data GovernanceCapability Model_Data Governance
Capability Model_Data GovernanceSteve Novak
 
Business Value Through Reference and Master Data Strategies
Business Value Through Reference and Master Data StrategiesBusiness Value Through Reference and Master Data Strategies
Business Value Through Reference and Master Data StrategiesDATAVERSITY
 
Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Alan McSweeney
 
Data Modeling Fundamentals
Data Modeling FundamentalsData Modeling Fundamentals
Data Modeling FundamentalsDATAVERSITY
 
LDM Slides: How Data Modeling Fits into an Overall Enterprise Architecture
LDM Slides: How Data Modeling Fits into an Overall Enterprise ArchitectureLDM Slides: How Data Modeling Fits into an Overall Enterprise Architecture
LDM Slides: How Data Modeling Fits into an Overall Enterprise ArchitectureDATAVERSITY
 
Data modeling star schema
Data modeling star schemaData modeling star schema
Data modeling star schemaSayed Ahmed
 
Conceptual vs. Logical vs. Physical Data Modeling
Conceptual vs. Logical vs. Physical Data ModelingConceptual vs. Logical vs. Physical Data Modeling
Conceptual vs. Logical vs. Physical Data ModelingDATAVERSITY
 
Forget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart DataForget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart DataAlan McSweeney
 
Data Modeling Enterprise Architecture
Data Modeling Enterprise ArchitectureData Modeling Enterprise Architecture
Data Modeling Enterprise ArchitectureRichard Freggi
 
DAS Slides: Data Architect vs. Data Engineer vs. Data Modeler
DAS Slides: Data Architect vs. Data Engineer vs. Data ModelerDAS Slides: Data Architect vs. Data Engineer vs. Data Modeler
DAS Slides: Data Architect vs. Data Engineer vs. Data ModelerDATAVERSITY
 
Data Mesh Part 4 Monolith to Mesh
Data Mesh Part 4 Monolith to MeshData Mesh Part 4 Monolith to Mesh
Data Mesh Part 4 Monolith to MeshJeffrey T. Pollock
 
The Business Value of Metadata for Data Governance
The Business Value of Metadata for Data GovernanceThe Business Value of Metadata for Data Governance
The Business Value of Metadata for Data GovernanceRoland Bullivant
 
Chapter 3: Data Governance
Chapter 3: Data Governance Chapter 3: Data Governance
Chapter 3: Data Governance Ahmed Alorage
 
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Alan McSweeney
 
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...DATAVERSITY
 
Data at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and GovernanceData at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and GovernanceDATAVERSITY
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DATAVERSITY
 
Requirements Gathering And Management
Requirements Gathering And ManagementRequirements Gathering And Management
Requirements Gathering And ManagementAlan McSweeney
 
Building a Data Governance Strategy
Building a Data Governance StrategyBuilding a Data Governance Strategy
Building a Data Governance StrategyAnalytics8
 
Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)
Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)
Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)Denodo
 
Migration to Databricks - On-prem HDFS.pptx
Migration to Databricks - On-prem HDFS.pptxMigration to Databricks - On-prem HDFS.pptx
Migration to Databricks - On-prem HDFS.pptxKshitija(KJ) Gupte
 
Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)DATAVERSITY
 
Data Virtualization: An Introduction
Data Virtualization: An IntroductionData Virtualization: An Introduction
Data Virtualization: An IntroductionDenodo
 
Basics of BI and Data Management (Summary).pdf
Basics of BI and Data Management (Summary).pdfBasics of BI and Data Management (Summary).pdf
Basics of BI and Data Management (Summary).pdfamorshed
 
The Importance of DataOps in a Multi-Cloud World
The Importance of DataOps in a Multi-Cloud WorldThe Importance of DataOps in a Multi-Cloud World
The Importance of DataOps in a Multi-Cloud WorldDATAVERSITY
 
Multiple,shared identity
Multiple,shared identityMultiple,shared identity
Multiple,shared identityvshackley
 
AdminCamp 2011 Performance
AdminCamp 2011 PerformanceAdminCamp 2011 Performance
AdminCamp 2011 PerformanceUlrich Krause
 

More Related Content

What's hot

Data modeling star schema
Data modeling star schemaData modeling star schema
Data modeling star schemaSayed Ahmed
 
Conceptual vs. Logical vs. Physical Data Modeling
Conceptual vs. Logical vs. Physical Data ModelingConceptual vs. Logical vs. Physical Data Modeling
Conceptual vs. Logical vs. Physical Data ModelingDATAVERSITY
 
Forget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart DataForget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart DataAlan McSweeney
 
Data Modeling Enterprise Architecture
Data Modeling Enterprise ArchitectureData Modeling Enterprise Architecture
Data Modeling Enterprise ArchitectureRichard Freggi
 
DAS Slides: Data Architect vs. Data Engineer vs. Data Modeler
DAS Slides: Data Architect vs. Data Engineer vs. Data ModelerDAS Slides: Data Architect vs. Data Engineer vs. Data Modeler
DAS Slides: Data Architect vs. Data Engineer vs. Data ModelerDATAVERSITY
 
Data Mesh Part 4 Monolith to Mesh
Data Mesh Part 4 Monolith to MeshData Mesh Part 4 Monolith to Mesh
Data Mesh Part 4 Monolith to MeshJeffrey T. Pollock
 
The Business Value of Metadata for Data Governance
The Business Value of Metadata for Data GovernanceThe Business Value of Metadata for Data Governance
The Business Value of Metadata for Data GovernanceRoland Bullivant
 
Chapter 3: Data Governance
Chapter 3: Data Governance Chapter 3: Data Governance
Chapter 3: Data Governance Ahmed Alorage
 
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Alan McSweeney
 
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...DATAVERSITY
 
Data at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and GovernanceData at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and GovernanceDATAVERSITY
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DATAVERSITY
 
Requirements Gathering And Management
Requirements Gathering And ManagementRequirements Gathering And Management
Requirements Gathering And ManagementAlan McSweeney
 
Building a Data Governance Strategy
Building a Data Governance StrategyBuilding a Data Governance Strategy
Building a Data Governance StrategyAnalytics8
 
Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)
Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)
Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)Denodo
 
Migration to Databricks - On-prem HDFS.pptx
Migration to Databricks - On-prem HDFS.pptxMigration to Databricks - On-prem HDFS.pptx
Migration to Databricks - On-prem HDFS.pptxKshitija(KJ) Gupte
 
Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)DATAVERSITY
 
Data Virtualization: An Introduction
Data Virtualization: An IntroductionData Virtualization: An Introduction
Data Virtualization: An IntroductionDenodo
 
Basics of BI and Data Management (Summary).pdf
Basics of BI and Data Management (Summary).pdfBasics of BI and Data Management (Summary).pdf
Basics of BI and Data Management (Summary).pdfamorshed
 
The Importance of DataOps in a Multi-Cloud World
The Importance of DataOps in a Multi-Cloud WorldThe Importance of DataOps in a Multi-Cloud World
The Importance of DataOps in a Multi-Cloud WorldDATAVERSITY
 

What's hot (20)

Data modeling star schema
Data modeling star schemaData modeling star schema
Data modeling star schema
 
Conceptual vs. Logical vs. Physical Data Modeling
Conceptual vs. Logical vs. Physical Data ModelingConceptual vs. Logical vs. Physical Data Modeling
Conceptual vs. Logical vs. Physical Data Modeling
 
Forget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart DataForget Big Data. It's All About Smart Data
Forget Big Data. It's All About Smart Data
 
Data Modeling Enterprise Architecture
Data Modeling Enterprise ArchitectureData Modeling Enterprise Architecture
Data Modeling Enterprise Architecture
 
DAS Slides: Data Architect vs. Data Engineer vs. Data Modeler
DAS Slides: Data Architect vs. Data Engineer vs. Data ModelerDAS Slides: Data Architect vs. Data Engineer vs. Data Modeler
DAS Slides: Data Architect vs. Data Engineer vs. Data Modeler
 
Data Mesh Part 4 Monolith to Mesh
Data Mesh Part 4 Monolith to MeshData Mesh Part 4 Monolith to Mesh
Data Mesh Part 4 Monolith to Mesh
 
The Business Value of Metadata for Data Governance
The Business Value of Metadata for Data GovernanceThe Business Value of Metadata for Data Governance
The Business Value of Metadata for Data Governance
 
Chapter 3: Data Governance
Chapter 3: Data Governance Chapter 3: Data Governance
Chapter 3: Data Governance
 
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
 
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...
 
Data at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and GovernanceData at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and Governance
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...
 
Requirements Gathering And Management
Requirements Gathering And ManagementRequirements Gathering And Management
Requirements Gathering And Management
 
Building a Data Governance Strategy
Building a Data Governance StrategyBuilding a Data Governance Strategy
Building a Data Governance Strategy
 
Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)
Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)
Introduction to Data Virtualization (session 1 from Packed Lunch Webinar Series)
 
Migration to Databricks - On-prem HDFS.pptx
Migration to Databricks - On-prem HDFS.pptxMigration to Databricks - On-prem HDFS.pptx
Migration to Databricks - On-prem HDFS.pptx
 
Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)
 
Data Virtualization: An Introduction
Data Virtualization: An IntroductionData Virtualization: An Introduction
Data Virtualization: An Introduction
 
Basics of BI and Data Management (Summary).pdf
Basics of BI and Data Management (Summary).pdfBasics of BI and Data Management (Summary).pdf
Basics of BI and Data Management (Summary).pdf
 
The Importance of DataOps in a Multi-Cloud World
The Importance of DataOps in a Multi-Cloud WorldThe Importance of DataOps in a Multi-Cloud World
The Importance of DataOps in a Multi-Cloud World
 

Viewers also liked

Multiple,shared identity
Multiple,shared identityMultiple,shared identity
Multiple,shared identityvshackley
 
AdminCamp 2011 Performance
AdminCamp 2011 PerformanceAdminCamp 2011 Performance
AdminCamp 2011 PerformanceUlrich Krause
 
MAS202 - Customizing IBM Connections
MAS202 - Customizing IBM ConnectionsMAS202 - Customizing IBM Connections
MAS202 - Customizing IBM Connectionspaulbastide
 
Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1Gabriella Davis
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...LetsConnect
 
IBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIIIBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIILetsConnect
 

Viewers also liked (6)

Multiple,shared identity
Multiple,shared identityMultiple,shared identity
Multiple,shared identity
 
AdminCamp 2011 Performance
AdminCamp 2011 PerformanceAdminCamp 2011 Performance
AdminCamp 2011 Performance
 
MAS202 - Customizing IBM Connections
MAS202 - Customizing IBM ConnectionsMAS202 - Customizing IBM Connections
MAS202 - Customizing IBM Connections
 
Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1Upgrading to Sametime 9.0.1
Upgrading to Sametime 9.0.1
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...
 
IBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIIIBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode III
 

Similar to Benefits and Risks of a Single Identity - IBM Connect 2017

A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsGabriella Davis
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldForte Advisory, Inc.
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02amiinaaa
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Security Innovation
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric IdentityEduserv Foundation
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service ProviderTyrone Systems
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businessesB2BPlanner Ltd.
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slidesJim Kaplan CIA CFE
 
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Amazon Web Services
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureIIMBNSRCEL
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Web Services
 

Similar to Benefits and Risks of a Single Identity - IBM Connect 2017 (20)

A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration Solutions
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
 
A A A
A A AA A A
A A A
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric Identity
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider5 Security Questions To Ask A Cloud Service Provider
5 Security Questions To Ask A Cloud Service Provider
 
Data security and compliancy in Office 365
Data security and compliancy in Office 365Data security and compliancy in Office 365
Data security and compliancy in Office 365
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businesses
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slides
 
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secure
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
Amazon Macie: Data Visibility Powered by Machine Learning for Security and Co...
 

More from Gabriella Davis

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsGabriella Davis
 
. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience ProjectGabriella Davis
 
Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and ManagingGabriella Davis
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesGabriella Davis
 
Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Gabriella Davis
 
An Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerAn Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerGabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...Gabriella Davis
 
An introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerAn introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerGabriella Davis
 
How To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryHow To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryGabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesGabriella Davis
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To DockerGabriella Davis
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To DockerGabriella Davis
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudSetting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudGabriella Davis
 

More from Gabriella Davis (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin Tips
 
. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project
 
Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
 
Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10
 
An Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerAn Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for Docker
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
 
An introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerAn introduction to configuring Domino for Docker
An introduction to configuring Domino for Docker
 
How To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryHow To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & Discovery
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
Brand Yourself
Brand YourselfBrand Yourself
Brand Yourself
 
Home Working
Home WorkingHome Working
Home Working
 
The Imposter Syndrome
The Imposter SyndromeThe Imposter Syndrome
The Imposter Syndrome
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudSetting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Benefits and Risks of a Single Identity - IBM Connect 2017

  • 1. February 2017 Benefits and Risks of a Single Identity Gabriella Davis Technical Director - IBM Lifetime Champion The Turtle Partnership DEV-1078 IBM Connect 2017 Conference
  • 3. Roadmap ForThis Session ✤ What is single identity and why would I care? ✤ What technologies are available to me? ✤ What needs to be in place for single identity to work well ✤ The risks of single identity in an IOT and online world
  • 4. What DoWe Mean By Single Identity? • Identity Management • I am an individual but one that is part of this group • I take my individuality into different systems • I take information about me across different systems • This is the difference between federation and single sign on
  • 5. Things have gotten a bit more complicated than that.. Multiple systems and standards including SAML, OpenID, OAuth, Facebook Login Users require logins across personal, consumer, and enterprise systems
  • 6. Individual Identities Across Systems Attributes Within Systems An individual will have separate identities across different systems, where some attributes are shared such as email or name and others might be system specific. As the user moves between systems their individual identity remains the same.
  • 7. Why Is Having A Single Identity Valuable? Preferences Behaviour & History Patterns BeingPresent how i use the system, how i prefer to work with it, what parts of it i prefer to see / engage with what I do, what i have interacted with in the past, what I reuse or repeat spotting ways in which I reuse or repeat in order to present information to me that I might not be aware of or highlight information that the pattern says I should be interested in just because i’m using system A doesn’t mean someone in system B can’t find and interact with me. I have one identity if signed onto multiple systems.
  • 8. Key Components of Single Identity
  • 9. Authentication Authentication is critical to ensure Gab Davis in SystemA is the same as Gab Davis in SystemB and the information that goes with that ‘Gab Davis” is correct
  • 10. ✤ Hello - have you met my friend? ✤ Is trust transferable? Trust Once you create a way in you are establishing a security level as that of the lowest entry point
  • 11. ✤ Access rights ✤ Identity data such as name or email ✤ System specific attributes such as your favourite drink Attributes Sparkling Wine
 Flute White Wine Glass Standard Wine Glass Light Red Wine Glass Blod Red Wine Glass
  • 13. Password Synchronisation This ISN’T Single Identity Synchronising passwords across different systems Sametime LDAP Connections LDAP Traveler Authentication Password Synchronisation Tool You’re not the same person, you’re just using the sam password You’re not the same person, you’re just using the same password
  • 14. Single LDAP Source This Kind-Of Is - At Its Most Basic Authenticating against a single password in a single place Sametime Network Login Connections Mail LDAP Password Technically you are the same person as you authenticate using the same identity but that’s it, there is no other information being held or exchanged.
  • 15. This Is Closer - but not quite IWA/Kerberos/SPNEGO ✤ The single authentication to Windows has granted access to other systems using the same identity 1 2 3 4 5 ACTIVE DIRECTORY GENERATES TOKEN USER TRIES TO ACCESS A WEBSITE BROWSER SENDS IWA TOKEN TO THE WEB SERVER ALONG WITH USER NAME THE WEB SERVER CONTACTS ACTIVE DIRECTORY TO VALIDATE TOKEN AND RETRIEVE THE USER’S NAME STEPS USER LOGS INTO WINDOWS
  • 16. Federated Login Is Single Identity Security Assertion Markup Language 16 1 2 3 4 5 USER ATTEMPTS TO LOG IN TO A WEBSITE USER IS REDIRECTED TO IDENTITY PROVIDER IDENTITY PROVIDER REQUESTS AUTHENTICATION OR (IF USER IS LOGGED IN) RETURNS CREDENTIALS USER IS REDIRECTED BACK TO ORIGINAL SITE WITH SAML ASSERTION ATTACHED ORIGINAL SITE USES ITS SAML SERVICE PROVIDER TO CONFIRM SAML ASSERTION AND GRANT ACCESS STEPS ✤ Simple SAML Steps
  • 17. SAML - Federated Single Identity 17 ✤ IdP - Identity Provider (SSO) ✤ ADFS (Active Directory Federation Services) ✤ can be combined with IWA ✤ TFIM (Tivoli Federated Identity Manager) ✤ SP - Service Provider ✤ IBM Domino (web federated login) ✤ IBM SmartCloud ✤ IBM Notes (requires ID Vault) (notes federated login)
  • 18. SAML Behaviour ✤ IdP (Identity Providers) use HTTP or SOAP to communicate to SP (Service Providers) via XML based assertions ✤ Assertions have three roles ✤ Authentication ✤ Authorisation ✤ Retrieving Attributes ✤ Many kinds of authentication methods are supported depending on your chosen IdP ✤ Once initially federated no subsequent password or credentials are passed
  • 19. Federation For Social Systems OAuth / OpenID / Facebook Login! OpenID is identify federation OAuth is authorisation OpenID is built on OAuth
  • 20. Simplified OAuth Process 1 2 3 4 5 USER ASKS FACEBOOK (THE CONSUMER) TO POST ON THEIR ACTIVITY STREAM FACEBOOK GOES TO CONNECTIONS (THE SERVICE PROVIDER) AND ASKS FOR PERMISSION TO POST THE SERVICE PROVIDER GIVES THE CONSUMER A SECRET KEY TO GIVE TO THE USER AND A URL FOR THE USER TO CLICK ON THE USER CLICKS ON THE URL AND AUTHENTICATES WITH THE SERVICE PROVIDER THE SERVICE PROVIDER , SATISFIED THE SECRET KEY IS GOOD, WILL NOW ALLOW THE CONSUMER ACCESS TO ITS SERVICES STEPS
  • 21. IBM Products As SAML Service Providers ✤ Verse on premises and cloud ✤ Domino ✤ Notes - both on premises and Smartcloud ✤ Connections ✤ WebSphere
  • 24. Identity ✤ Directories that are well constructed and maintained ✤ names ✤ data ✤ accounts ✤ Tie directories together with a common key
  • 25. Systems ✤ Authorisation ✤ Access Levels ✤ Data Security ✤ Identifying shared attributes ✤ Configuring custom attributes in LDAP and the IdP
  • 26. Location ✤ Different behaviour in different locations ✤ Locations define data ✤ Why are you here? What is your role?
  • 27. History ✤ What have you done before ✤ Patterns of behaviour ✤ Suggestions based on history, location and identity
  • 28. Risks
  • 29. Personas ✤ Do you want to tie everything together? ✤ Do you have the same persona everywhere? ✤ Is the language you use, your opinions, your political views common everywhere ✤ and something you want to share?
  • 30. Federation ✤ Once all systems are integrated all systems are vulnerable ✤ You are only as protected as your least secure password / authentication model ✤ Understand what services or service providers you have authorised, what information they hold , what their privacy policies are and what their security policies are ✤ Make sure users understand they have to logout
  • 31. OAuth/OpenID ✤ Theft of credentials ✤ Excessive access and data rights ✤ Theft of data ✤ Brute force guessing of credentials ✤ URL redirects or interceptions through incomplete URL requests ✤ Token interceptions ✤ Puts the user in control - this is not a bad thing
  • 33. Internet OfThings ✤ A physical device with embedded internet connectivity and “always on” status ✤ The beauty of IOT devices is that they are integrated into your life ✤ there’s no individual authentication ✤ They know everything they need to know simply because of their placement or setup ✤ Their true value is in learning about those things we discussed earlier, preferences, behaviour, patterns
  • 34. RisksWith IOT ✤ Physical devices may now come with built in connectivity as an added feature ✤ Companies who didn’t deploy them for that feature may also not have security policies in place to disable or limit it ✤ Risk assessment happens too late
  • 35. RisksWith IoT ✤ Privacy ✤ Safety ✤ Data Bleed ✤ Additional operational expenses
  • 37. Prepare ✤ Have a good directory and define security policies such as token expiration ✤ Protect At Every Point Of Entry ✤ You don’t put a value on the information but someone else will ✤ Your identity has value ✤ Train users to log out, clean caches and understand what multi system access means ✤ Include risk assessment for IoT in any hardware purchasing and deployment
  • 38. Lots of Good ✤ More passwords and stronger passwords don’t lead to better security ✤ Avoiding passwords entirely but authenticating based on existing information can be more secure ✤ Users are more likely to engage with systems that have fewer barriers to entry ✤ The more systems know about us, how we work and what we need the better they can serve us ✤ There are enormous volumes of data being produced across systems that can be used to save time, cost and effort
  • 40. Notices and disclaimers Copyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law
  • 41. Notices and disclaimers continued Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.