Virtualization Technology News and Information
ForgeRock 2017 Predictions: The New Era of Personal Privacy and User-Centric Identity

VMblog Predictions 2017

Virtualization and Cloud executives share their predictions for 2017.  Read them in this 9th annual series exclusive.

Contributed by Eve Maler, VP Innovation & Emerging Technology, ForgeRock

2017: The New Era of Personal Privacy and User-Centric Identity

IoT Security & Personal Privacy

IoT security has needs that go far beyond the current scope of cloud and mobile challenges: use cases where dynamically introducing devices to each other is the highest goal, others where strong chip-backed security is essential, and still others that unavoidably mix the two. With recent security breaches and DDoS attacks, everyone can imagine scenarios that have disastrous consequences for industrial IoT infrastructure: traffic light hacks creating dayslong gridlock and crashes, compromised dams or flood control systems threatening public health and safety, or deliberate power blackouts. For IoT in healthcare, smart homes and more, however, the consequences are different but no less severe, and a killer requirement comes to the fore: privacy. The most mature part of the IoT security and privacy technology stack comes from its web API heritage, with protocols such as OAuth and OpenID Connect playing a key role. With the FCC tightening privacy rules for broadband providers in the U.S. and the GDPR looming in the EU, the adoption of the OAuth-based consent and delegation standard User-Managed Access (UMA) protocol is likely to accelerate.

The New Era of Personal Privacy - the FCC Has Elevated the Privacy Rights of the Individual Over Commercial Interests, and Business Will Need to Change

Requiring broadband providers to secure consent from their customers before sharing their personal data with third parties brings the US into a new era where the ability of the individual to keep their browsing data and other personal information private is now more broadly protected. This move by the FCC brings the US more into line with Europe, where ISPs and telecommunications carriers have long been subject to regulations that elevate the privacy of the individual over commercial interests. The new FCC rules present ISPs and communications firms a great opportunity to use strong privacy protections as a competitive differentiator to cement customer loyalty. Strong, scalable customer identity technology will be a critical element in those efforts.

User-Centric and Self-Sovereign Identity Solutions

The history of customer-facing identity standards and collaboration efforts is full of noble, but failed, attempts to change ecosystem behaviors in order to empower individuals. InfoCard and OpenID, to name two, sought to deliver "user-centric identity" solutions but didn't catch fire. Where did they go wrong? They delivered on a vision that delivered too few hard benefits. Now, several solutions based on blockchain/distributed ledger technology are seeing digital identity experimentation, with the Sovrin Foundation at the forefront of "self-sovereign identity" work. Are we seeing the same pattern all over again? Yes, we're in danger of a repeat because of a built-in assumption that users want "identity sovereignty" versus service value and convenience, and that service providers will accept such credentials. Users and organizations alike must see more direct benefit given the new costs being imposed. To this end, solutions must enhance the "three Ps": protection (security, privacy, control over sharing leading to trust and/or compliance), personalization (custom experiences leading to mutually beneficial engagement), and payment (support for transaction value flow).


About the Author

Eve Maler, VP Innovation & Emerging Technology, ForgeRock

Eve Maler is VP of Innovation & Emerging Technology in ForgeRock's Office of the CTO. She is a renowned strategist, innovator, and communicator on digital identity, authorization, security, privacy, and consent, with particular focus on creating successful interoperable ecosystems and fostering individual empowerment. Eve drives privacy and consent innovation for the ForgeRock Identity Platform, taking into account web, mobile, and IoT impacts. To this end, she guides the ForgeRock implementation of the User-Managed Access (UMA) standard, leads the UMA standards work directs the company's engagement in related standards such as Health Relationship Trust (HEART), and provides expert advice to forums such as the Facebook/Ctrl-Shift research effort A New Paradigm for Personal Data and the US Health and Human Services API Task Force. Eve was formerly with Forrester Research, PayPal, and Sun Microsystems, where she co-founded and made major contributions to the SAML standard. In a previous life she co-invented XML.

Eve ForgeRocker 

Published Thursday, December 08, 2016 7:01 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2016>