Joni Brennan, Executive Director of the Kantara Initiative, discusses IRM from a community-based perspective in a Breakout Session at the 2014 IRM Summit in Phoenix, Arizona.
4. Pillars of Identity Relationship
Management …
CONSUMERS & THINGS over employees
ADAPTABLE over predictable
REVENUE over operating expense
VELOCITY over process and tools
INTERNET SCALE over enterprise scale
DYNAMIC over static intelligence
BORDERLESS over perimeter
MODULAR over monolithic
BUSINESS PILLARS TECHNICAL PILLARS
=
=
=
=
15. Tell us how you ‘do’ IRM!
Join the forth coming Industry
Group
[email] support@kantarainitiative.org
[subject] “join IRM”
The Community Home
of IRM…
18. 60+ Leaders
100’s of Participants
Trustees At-Large:
•Government of Canada
•Trans-European Research
Education Networking Association
19. What We Do
Business Acceleration Initiative Innovating Identity. Connecting
Business, Partners, Customers, and Citizens via Trust and Privacy
Tools. Connect. Innovate. Trust.
The building blocks of
Trusted Identity to grow
markets, economies, and
services …
23. Trust Grows Economies
SROUCE: http://johngreathouse.com/wp-content/uploads/2012/05/image004.jpg
Skilled entrepreneurs bring ideas and money together by building a bridge of trust.
24.
25. FCCX: A better way
CitizensCitizensGovernmentGovernment
FCCX
31. Accredited and Approved
Verizon Universal Identity Service (VUIS)
IDPV Component Recognition
Norton Credential Service Provider
Registered Applicant
MITREid (LoA 1)
organizations in
pipeline
Kantara Accredited to LoA 1-4 Kantara Approved to LoA 1-3 non-crpyto
32. Component Services
Responding to industry
experts Kantara
members developed
the modular component
service approach.
Component Services:
•Identity Proofing /
Verification
•Credential Issuance
and Management
Responding to industry
experts Kantara
members developed
the modular component
service approach.
Component Services:
•Identity Proofing /
Verification
•Credential Issuance
and Management
Identity
Proofing &
Verification
Organizational
Trust
Credential &
Token
Management
Credential
Service
Provider
36. Shaping the Future of Digital Identity
@kantaranews
kantarainitiative.org
kantarainitiative.org/listinfo/community
bit.ly/Kantara_Assurance
kantarainitiative.org/membership/
Editor's Notes
This shift in business emphasis has a direct technical impact on how we think about identity and access management. As a result, CIOs need to take into account the following business-focused pillars when choosing an IRM solution:
Identity and Access Management (IAM) services were traditionally built for a company’s internal use, to assist with manual on and off boarding, and establishing access privileges to company data and systems behind the firewall. Today though, a company must implement a dynamic IAM solution that serves employees, customers, partners and devices, regardless of location. This is the evolution of IAM to IRM: Identity Relationship Management.
As more and more people, devices, and “things” are assigned identities across networks, IRM services that are simple, flexible, scalable and designed to quickly verify identities and access privileges, become imperative for any business to safely and efficiently engage with their customers. Today’s solutions must link devices–laptops, phones, touchpads, cars–and new mobile and social apps to a single security platform that works all the time, everywhere, on premises or off in the cloud. This is the standard that customers, citizens, and students expect, and CIOs and their businesses, (as well as governments and universities), must identify vendors that can provide it because these methods of consumer engagement directly drive revenue. Customers might deposit checks from their phone, order a service through a cloud app, or make a purchase from a laptop that recognizes their identity, and shares the right information with the vendor.
As consumers look for and expect more ways to engage with businesses, companies are making the shift from the closed, protective world of IAM to the open, evolving, and confidently secure IRM universe. This is because identity and access management tools are a necessity for managing trust relationships with parties inside and outside of a company – relationships that are now tied directly to the business’ top line.
As more and more people, devices, and “things” are assigned identities across networks, IRM services that are simple, flexible, scalable and designed to quickly verify identities and access privileges, become imperative for any business to safely and efficiently engage with their customers. Today’s solutions must link devices–laptops, phones, touchpads, cars–and new mobile and social apps to a single security platform that works all the time, everywhere, on premises or off in the cloud. This is the standard that customers, citizens, and students expect, and CIOs and their businesses, (as well as governments and universities), must identify vendors that can provide it because these methods of consumer engagement directly drive revenue. Customers might deposit checks from their phone, order a service through a cloud app, or make a purchase from a laptop that recognizes their identity, and shares the right information with the vendor.
As consumers look for and expect more ways to engage with businesses, companies are making the shift from the closed, protective world of IAM to the open, evolving, and confidently secure IRM universe. This is because identity and access management tools are a necessity for managing trust relationships with parties inside and outside of a company – relationships that are now tied directly to the business’ top line.
As more and more people, devices, and “things” are assigned identities across networks, IRM services that are simple, flexible, scalable and designed to quickly verify identities and access privileges, become imperative for any business to safely and efficiently engage with their customers. Today’s solutions must link devices–laptops, phones, touchpads, cars–and new mobile and social apps to a single security platform that works all the time, everywhere, on premises or off in the cloud. This is the standard that customers, citizens, and students expect, and CIOs and their businesses, (as well as governments and universities), must identify vendors that can provide it because these methods of consumer engagement directly drive revenue. Customers might deposit checks from their phone, order a service through a cloud app, or make a purchase from a laptop that recognizes their identity, and shares the right information with the vendor.
As consumers look for and expect more ways to engage with businesses, companies are making the shift from the closed, protective world of IAM to the open, evolving, and confidently secure IRM universe. This is because identity and access management tools are a necessity for managing trust relationships with parties inside and outside of a company – relationships that are now tied directly to the business’ top line.
As more and more people, devices, and “things” are assigned identities across networks, IRM services that are simple, flexible, scalable and designed to quickly verify identities and access privileges, become imperative for any business to safely and efficiently engage with their customers. Today’s solutions must link devices–laptops, phones, touchpads, cars–and new mobile and social apps to a single security platform that works all the time, everywhere, on premises or off in the cloud. This is the standard that customers, citizens, and students expect, and CIOs and their businesses, (as well as governments and universities), must identify vendors that can provide it because these methods of consumer engagement directly drive revenue. Customers might deposit checks from their phone, order a service through a cloud app, or make a purchase from a laptop that recognizes their identity, and shares the right information with the vendor.
As consumers look for and expect more ways to engage with businesses, companies are making the shift from the closed, protective world of IAM to the open, evolving, and confidently secure IRM universe. This is because identity and access management tools are a necessity for managing trust relationships with parties inside and outside of a company – relationships that are now tied directly to the business’ top line.
As more and more people, devices, and “things” are assigned identities across networks, IRM services that are simple, flexible, scalable and designed to quickly verify identities and access privileges, become imperative for any business to safely and efficiently engage with their customers. Today’s solutions must link devices–laptops, phones, touchpads, cars–and new mobile and social apps to a single security platform that works all the time, everywhere, on premises or off in the cloud. This is the standard that customers, citizens, and students expect, and CIOs and their businesses, (as well as governments and universities), must identify vendors that can provide it because these methods of consumer engagement directly drive revenue. Customers might deposit checks from their phone, order a service through a cloud app, or make a purchase from a laptop that recognizes their identity, and shares the right information with the vendor.
As consumers look for and expect more ways to engage with businesses, companies are making the shift from the closed, protective world of IAM to the open, evolving, and confidently secure IRM universe. This is because identity and access management tools are a necessity for managing trust relationships with parties inside and outside of a company – relationships that are now tied directly to the business’ top line.
Founded in 2009 as a 501c6. 60+ Organizations, 100’s of Participants, Industry and Governments join Kantara because we value:
TrustOperating Accreditation, Approval and Certification programs
PrivacyDeveloping privacy respecting solutions.
SecurityDeveloping high security solutions and practices
CommunityBridging technology and policy requirements
Enabling communities to verify high-value ID credentials for Trust.Kantara Members have a wealth of experience: Identity Assurance, Privacy, Policy and Information Systems Assessment. We’re here to help your community ensure Federated Identity Systems are verified for trust.
Enabling communities to verify high-value ID credentials for Trust.Kantara Members have a wealth of experience: Identity Assurance, Privacy, Policy and Information Systems Assessment. We’re here to help your community ensure Federated Identity Systems are verified for trust.
As more and more people, devices, and “things” are assigned identities across networks, IRM services that are simple, flexible, scalable and designed to quickly verify identities and access privileges, become imperative for any business to safely and efficiently engage with their customers. Today’s solutions must link devices–laptops, phones, touchpads, cars–and new mobile and social apps to a single security platform that works all the time, everywhere, on premises or off in the cloud. This is the standard that customers, citizens, and students expect, and CIOs and their businesses, (as well as governments and universities), must identify vendors that can provide it because these methods of consumer engagement directly drive revenue. Customers might deposit checks from their phone, order a service through a cloud app, or make a purchase from a laptop that recognizes their identity, and shares the right information with the vendor.
As consumers look for and expect more ways to engage with businesses, companies are making the shift from the closed, protective world of IAM to the open, evolving, and confidently secure IRM universe. This is because identity and access management tools are a necessity for managing trust relationships with parties inside and outside of a company – relationships that are now tied directly to the business’ top line.
As more and more people, devices, and “things” are assigned identities across networks, IRM services that are simple, flexible, scalable and designed to quickly verify identities and access privileges, become imperative for any business to safely and efficiently engage with their customers. Today’s solutions must link devices–laptops, phones, touchpads, cars–and new mobile and social apps to a single security platform that works all the time, everywhere, on premises or off in the cloud. This is the standard that customers, citizens, and students expect, and CIOs and their businesses, (as well as governments and universities), must identify vendors that can provide it because these methods of consumer engagement directly drive revenue. Customers might deposit checks from their phone, order a service through a cloud app, or make a purchase from a laptop that recognizes their identity, and shares the right information with the vendor.
As consumers look for and expect more ways to engage with businesses, companies are making the shift from the closed, protective world of IAM to the open, evolving, and confidently secure IRM universe. This is because identity and access management tools are a necessity for managing trust relationships with parties inside and outside of a company – relationships that are now tied directly to the business’ top line.
With Point-to-Point, each connection:
…takes weeks/months to establish
…consumes agency resources and incurs significant costs
…must be maintained perpetually
Software maintenance
Updates
Security patches
Version control
…does not ensure interoperability of tokens accepted by different agencies – citizens have to get multiple credentials
At LOA2+, agencies paying same entities to identity proof and credential the same citizens
With Point-to-Point, each connection:
…takes weeks/months to establish
…consumes agency resources and incurs significant costs
…must be maintained perpetually
Software maintenance
Updates
Security patches
Version control
…does not ensure interoperability of tokens accepted by different agencies – citizens have to get multiple credentials
At LOA2+, agencies paying same entities to identity proof and credential the same citizens
With Point-to-Point, each connection:
…takes weeks/months to establish
…consumes agency resources and incurs significant costs
…must be maintained perpetually
Software maintenance
Updates
Security patches
Version control
…does not ensure interoperability of tokens accepted by different agencies – citizens have to get multiple credentials
At LOA2+, agencies paying same entities to identity proof and credential the same citizens
With Point-to-Point, each connection:
…takes weeks/months to establish
…consumes agency resources and incurs significant costs
…must be maintained perpetually
Software maintenance
Updates
Security patches
Version control
…does not ensure interoperability of tokens accepted by different agencies – citizens have to get multiple credentials
At LOA2+, agencies paying same entities to identity proof and credential the same citizens
With Point-to-Point, each connection:
…takes weeks/months to establish
…consumes agency resources and incurs significant costs
…must be maintained perpetually
Software maintenance
Updates
Security patches
Version control
…does not ensure interoperability of tokens accepted by different agencies – citizens have to get multiple credentials
At LOA2+, agencies paying same entities to identity proof and credential the same citizens
Enabling communities to verify high-value identity credentials for Trust.Kantara Members have a wealth of experience: Identity Assurance, Privacy, Policy and Information Systems Assessment. We’re here to help your community ensure Federated Identity Systems are verified for trust.
Application and value to:
Governments
Healthcare
Enterprise
Commerce
Research and Academia
Modular Approvals to make up full CSP service where appropriate. Distinct assessments and full service assessments wrt integration. Innovating from monolithic compliance programs to assurance verified modular component services
Credential Service Provider
Token Manager
Attribute Provider
Federation Operator
Shifting from a strictly compliance driven approach toward an “outcome based” approach. Enabling enterprise to innovate new solutions and prove their comparability.
Alternative Means of Compatibility
Outcome Based
Peer Reviewed
Public Log
Transparency