idot why we need an identity layer
play

IDoT: Why We Need an Identity Layer IoT Slam 2016 April 28, 2016 - PowerPoint PPT Presentation

IDoT: Why We Need an Identity Layer IoT Slam 2016 April 28, 2016 Marc-Anthony Signorino, IDESG Executive Director Welcome to the Identity Ecosystem The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best


  1. IDoT: Why We Need an Identity Layer IoT Slam 2016 – April 28, 2016 Marc-Anthony Signorino, IDESG Executive Director

  2. Welcome to the Identity Ecosystem The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices, and tools for trusted digital identities. www.IDESG.org 2

  3. Today’s Goal: Getting Identity Right E M P O W E R R I S K S A F E F U T U R E Customers will Manage risk Create an ecosystem Ensuring civil liberties understand through common that encourages are protected by policies, control sense identity consumer trust, using strong their identities credentials, data enables safer authentication for IoT minimization transactions users www.IDESG.org 3

  4. Who We Are The Path to More Trustworthy Digital Identity Credentials

  5. “By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation.” — President Barack Obama, April 2011 National Strategy for Trusted Identities in Cyberspace www.IDESG.org 5

  6. Identity by the 85,611,528 Numbers 17.6 85 39 62 www.IDESG.org 6

  7. records were exposed in 783 U.S. data 85,611,528 breaches in 2014 U.S. residents age 16 or older experienced 17.6 mil identity theft in 2014 85% of people took some action to prevent identity theft used mobile banking in 2014 (based on mobile phone owners 39% with a bank account) did not use mobile banking and cited concern about security 62% as a reason www.IDESG.org 7

  8. Identity Ecosystem Framework Building a Better Ecosystem www.IDESG.org 8

  9. What Is the IDEF? 1 2 3 First rules of the road for Asserts capabilities and Creates policy navigating the evolving responsibilities for foundation for landscape of online individuals, companies, strengthening privacy identity government agencies and security protections and organizations in the for organizations and identity ecosystem consumers alike www.IDESG.org 9

  10. IDEF by stakeholder group Trust Frameworks Relying Parties Consumers Offers foundational set of Drives business value Enables truly principles to which all and consumer trust for trustworthy digital frameworks can align those issuing or credentials to protect to demonstrate consuming credentials identities interoperability www.IDESG.org 10

  11. IDentity of Things (IDoT) The Intersection of Identity Management & The Internet of Things www.IDESG.org

  12. IoT is Booming Juniper: $100B to be spent on Smart home tech by 2020 ($43B now) Gartner: 25B networked devices by 2020 IDC: IoT Market to reach $3.04T by 2020 www.IDESG.org

  13. A Paradigm in Dynamic Relationships IDoT covers ALL entity identities and relationships: • Device/Human • Device/Device • Device/Application~Service • Human/Application~Service Must draw on IAM, IT Asset Mgt, S/W Asset Mgt www.IDESG.org

  14. Governance of Object Data Objects in the "Internet of Things" produce data. These data might lead to personally identifiable information (PII). A car for example is able to track GPS positions and to provide a complete movement profile of a certain person. How do you handle the users and their data? www.IDESG.org

  15. Beware of the Regulatory Cacodemons The path forward for IoT is promising, but if we’re not careful, will create policy problems that will summon the worst Washington, DC has to offer: www.IDESG.org

  16. Beware of the Regulatory Cacodemons The path forward for IoT is promising, but if we’re not careful, will create policy problems that will summon the worst Washington, DC has to offer: A well-intentioned Congress. www.IDESG.org

  17. Hypothetical #1 My Connected Vehicle and the Meat-Head Kid Next Door

  18. Issues Raised in Connected Vehicles • Data ownership/control – who owns it? • Truck manufacturer? Dealer? • Service Provider (repair shop) • Truck owner, Bank who holds the note, Insurance Company? • Truck users (employees, clients, prospective buyers, family members, etc) • Passengers whose GPS locations become known? 3 rd Parties providing sensors for service (data for subscription svc, driver • behavior data to determine insurance rates, government?) What about multiple devices controlled by multiple parties? What if sold? www.IDESG.org

  19. Issues Raised in Connected Vehicles • Consent for interactions w/ numerous sensors, controllers, and reporting devices • If an auto mfr owns data collected by a vehicle, will it require consent from the vehicle owner and svc provider? • Will each user be required to provide consent for data generated while driving? 5 th Amendment, State Privacy Laws, etc. • www.IDESG.org

  20. Hypothetical #3 Wearables: How Could I Run 10 Miles Today If I Weighed 350 lbs.?

  21. Issues Raised by IDoT in Healthcare • Identity Impersonation • How will devices preclude impersonation of the other devices with which they exchange data? • Will each device the might generate, process, or report private, sensitive, or confidential data be required to provide its own IAM capabilities to prevent fraudulent use? • Will devices be required to develop UN/PW to interact with other devices? • If so, who sets UN/PW criteria? How will data be stored securely? How will it be modified and updated? • Hello HIPAA/HI-TECH www.IDESG.org

  22. Hypothetical #3 Education: Keeping McGuffey’s Reader From Becoming WKRP in Cincinnati

  23. Top 10 Current Smart Techs in Ed • • Interactive Whiteboards Smart HVAC Systems • • Cameras & Video Lighting/Maintenance • • Tablets & eBooks Temperature Sensors • • Student ID Cards Attendance Tracking • • 3D Printers Wireless Door Locks www.IDESG.org

  24. Issues Raised in Connected Education • Identity discovery • Will owners/users have the ability to prevent their devices from being discovered? • Will they have selectivity about who can discover their devices? • Will they have some control over who can interrogate their devices? • Which Regulatory Schemes are Implicated? • COPPA (Children’s Online Privacy Protection Act) • FERPA (Family Educational Rights Privacy Act) www.IDESG.org

  25. The Path Forward Creating an Identity Layer in IoT

  26. IDEF Shows the Way • Transparency • User Authentication & Authorization • Data Minimization / Data Collection (in advance) • Consent • Collection for specific use, not just get all the data www.IDESG.org

  27. Solutions • IDEF allows innovators to build privacy, security, UX in before hand • Use the Identity Ecosystem Framework’s Baseline Requirements as a guide for identifying issues and resolving them www.IDESG.org

  28. Solutions • Federated Identity • Reduce the number of PWs required to authenticate diff applications, devices and trust domains through federation. • Allows users to authenticate only once with an existing credential to a trusted domain and be issued a token that allows it to authenticate to other actors and domains • Federated Single Sign On allows PWs to be replaced with standardized security tokens for everyday tools and services such as email, Social media www.IDESG.org

  29. Solutions • Federated Single Sign On • Allows PWs to be replaced with standardized security tokens for everyday tools and services such as email, Social media. • Tokens issued by a site the user logged into directly, but simultaneously gives access to a range of other applications – mitigating PW explosion • Allows specific devices to be tied to a particular user by issuing tokens specific to a relationship • Smart car to send a ‘close’ msg to a garage door controller from a diff MFR if sensed a growing distance between the car and the garage. www.IDESG.org

  30. Join the Revolution: Marc-Anthony Signorino, Executive Director MarcAnthony@IDESG.org (202) 656-2296

Recommend


More recommend