Identity S Identity S tandards & tandards & U S D U.S - - PowerPoint PPT Presentation

identity s identity s tandards tandards u s d u s
SMART_READER_LITE
LIVE PREVIEW

Identity S Identity S tandards & tandards & U S D U.S - - PowerPoint PPT Presentation

Dec 02, 2022 189 likes •369 views

Identity S Identity S tandards & tandards & U S D U.S . Deployment l t Nate Klingenstein Nate Klingenstein ndk@ internet2.edu Internet2 / S Internet2 / S hibboleth Consortium hibboleth Consortium 24 February 2011, APAN

slide-1
SLIDE 1

Identity S tandards & Identity S tandards & U S D l t U.S . Deployment

Nate Klingenstein Nate Klingenstein ndk@ internet2.edu Internet2 / S hibboleth Consortium Internet2 / S hibboleth Consortium 24 February 2011, APAN 31, Hong Kong y , , g g

slide-2
SLIDE 2

Why is Asia so Important?

  • Network effects(ネットワーク外部性,

网络外部性, Eksternalitas j aringan, नेटवक रॎ प्ऱभाव, 네트워크 효과) नटवक प्ऱभाव, 네트워크 효과)

  • If more people use S

AML and p p S hibboleth, it becomes more powerful for everyone for everyone

  • Asia arrived at a lucky time, because a

y , lot of hard work has been done already

2

slide-3
SLIDE 3

Identity S tandards

  • The world is converging around OAuth

2.0(IETF I-D) and S AML 2.0(OAS IS S td.) OA th 2 0 i l t ti l F b k

  • OAuth 2.0 is almost entirely Facebook

and Twitter

  • S

AML 2.0 is largely organizational use

  • Here are some numbers from Drupal

3

slide-4
SLIDE 4

4

slide-5
SLIDE 5

5

slide-6
SLIDE 6

Identity S tandards

  • New standards work is continuing,

centered around S AML and OAuth

U i t f k (K t )

  • User interface work (Kantara)
  • Extension to non-web protocols (Abfab)

Extension to non web protocols (Abfab)

  • Better integration with HTTP (KITN)
  • Tons of additional features (IETF, S

S TC)

  • Cardspace is dead, and OpenID is

unlikely to ever be revved unlikely to ever be revved

6

slide-7
SLIDE 7

S

  • cial and Organizational

S

  • cial and Organizational

Identity Identity

  • S

till unclear whether these worlds will ever meet

Th i d di ti t t t

  • The services used are distinct; trust

requirements, discovery requirements very diff t different

  • Ongoing attempts to leverage social
  • Ongoing attempts to leverage social

applications and identities in i iti universities

  • Lots of vague interest but no real needs
  • Lots of vague interest, but no real needs

7

slide-8
SLIDE 8

S

  • cial and Organizational

S

  • cial and Organizational

Identity Identity

  • No attempts to integrate trusted data

with social applications or identities NIH iT t i th b t l i

  • NIH iTrust is the best example serving

both successfully

  • Lots of logins from both sources

8

slide-9
SLIDE 9

Attribute Consent

  • Ad-hoc collaboration is very difficult

with current federated identity

Ad i i t t f d ti d th

  • Administrators, federations, and others

have to be involved

  • Consent might help this, but it might

not be enough not be enough

  • https:/ / aai-demo switch ch/ secure-

https:/ / aai demo.switch.ch/ secure uApprove/

9

slide-10
SLIDE 10

Zero-Knowledge Proof

  • Microsoft is pushing U-Prove

aggressively now IBM Z i h L b ki tt ib t

  • IBM Zurich Labs working on attribute

predicates and zero-knowledge proof p g p for S AML 2.0

  • Zero-knowledge proof is cool, but

maybe too cool y

  • We have trouble with cookies…

10

slide-11
SLIDE 11

Inter-federation

  • PEER, funded by IS

OC, is intended to generalize metadata distribution

A t d i t

  • Aggregators and registrars
  • Transport information about the registrar

Transport information about the registrar and the entity

  • Technical issues should be largely solved
  • Legal discovery and trust barriers
  • Legal, discovery, and trust barriers

remain

11

slide-12
SLIDE 12

Academic Federation Academic Federation Update Update

  • You’ ve already heard some updates

from Asia E h f d ti i i t ll

  • Europe has federations in virtually

every country y y

  • S

hibboleth proj ect moving to a consortium phase

  • Broaden funding and management base for
  • Broaden funding and management base for

sustainability; JIS C(UK), S WITCH (S witzerland) Internet2 (US A) (S witzerland), Internet2 (US A)

12

slide-13
SLIDE 13

13

slide-14
SLIDE 14

Federation Update

  • Deployment outside of academia is

large and growing

B k d i t t fi

  • Banks and investment firms
  • Health care

Health care

  • Real Estate
  • Conglomerates
  • Telecoms
  • And of course consumer sites
  • And, of course, consumer sites

14

slide-15
SLIDE 15

S hibboleth Futures

  • The Consortium will look for a

permanent home, or create one P ti i ti b ll t k h ld i th

  • Participation by all stakeholders in the

permanent home will be encouraged p g

  • That means you!
  • Proj ect development continues

uninterrupted uninterrupted

  • New S

hibboleth Community Calls, New S hibboleth Community Calls, sometimes scheduled for Asian time

15

slide-16
SLIDE 16

U S Government & U.S . Government & Identity Identity

  • HS

PD-12, Federal PKI, PIV Cards, soon more ICAM f t l id tit

  • ICAM for external identity
  • S

AML OpenID Liberty Alliance

  • S

AML, OpenID, Liberty Alliance, Cardspace(now dead), WS

  • Federation
  • OIX, Kantara, InCommon

htt / / id g t g /

  • https:/ / www.idmanagement.gov/

16

slide-17
SLIDE 17

My Thanks to NII My Thanks to NII & the Middleware WG & the Middleware WG

ndk@ internet2.edu http:/ / www.internet 2.edu/ http:/ / www.internet 2.edu/ http:/ / www.incommon.org/ http:/ / shibboleth.net/

17