Internet Identity and Access Control Dr Ken Klingenstein, Director, - - PowerPoint PPT Presentation

internet identity and access control
SMART_READER_LITE
LIVE PREVIEW

Internet Identity and Access Control Dr Ken Klingenstein, Director, - - PowerPoint PPT Presentation

Mar 18, 2023 388 likes •499 views

Internet Identity and Access Control Dr Ken Klingenstein, Director, Middleware and Security, Internet2 Topics Whats happening/ impacts See lunch talk The Research Angle Researchers as users Security Researchers New

slide-1
SLIDE 1

Internet Identity and Access Control

Dr Ken Klingenstein, Director, Middleware and Security, Internet2

slide-2
SLIDE 2

kjk@internet2.edu

Topics

  • What’s happening/ impacts
  • See lunch talk
  • The Research Angle
  • Researchers as users
  • Security Researchers
  • New areas for Research
slide-3
SLIDE 3

kjk@internet2.edu

Researchers as Users

  • Use your local login to access
  • NIH, NSF grant submission and

management

  • CIlogon for CyberInfrastructure
  • GENI
  • Scholarly Identity
  • No local federation? Push for it…
slide-4
SLIDE 4

kjk@internet2.edu

Security Research

  • Leveraging the trust fabric
  • SES as a model
  • Analytics beyond the border
  • http://www.ren-isac.net/ses/
  • Federated security tools
slide-5
SLIDE 5

kjk@internet2.edu

New Areas of Research

  • Anonymous Credentials
  • Scalable privacy management
  • UI, Correlation attacks, Contexts
  • Attribute Ecosystem
  • LOA, Revocation, Terms of use, Metadata
slide-6
SLIDE 6

kjk@internet2.edu

Anonymous Credentials

  • Special credentials issued by attribute authorities
  • When queried by RP, will do minimal disclosure of

encoded attributes

  • E.g. Over 18, True/False on specific sets of

attributes, such as citizen, medical, etc.

  • Can be done so that IdP does not know either the values

being released or the RP’s requesting information

  • Deep crypto techniques underlie – e.g. Idemix.
  • Ten year old research -> proprietary technology

development ->open source capability

  • No use of SAML but heavy need for SAML metadata
slide-7
SLIDE 7

kjk@internet2.edu

Anonymous Credentials Use Cases

  • Medical records
  • HMO can put attributes about patient medications into an IdP

and have authorized RP query

  • Student health can store information restricted to RP with a

need to know, protected from general IdP.

  • Citizen record
  • Answer general official queries such as over legal age

queries, citizenship, etc.

  • Enable specific services such as parking by zones, privacy-

preserving neighborhood discussions

  • Private access controls
  • By good and evil
slide-8
SLIDE 8

kjk@internet2.edu

Key Directions in Anonymous Credentials

  • Radical new capabilities, but lacking any infrastructure at all to

support deployment at scale

  • Delivering credentials to user and storing
  • Scalable query controls
  • Audit and policy issues
  • Metadata for informed consent
  • Others
  • Enter federated identity
  • Provides secure credential transport and storage
  • Provides framework for discussion on policy
  • Fills other deployment gaps
slide-9
SLIDE 9

kjk@internet2.edu

Scalable privacy management

  • UI
  • Attack vectors
  • E.g. Correlation
  • Contexts
slide-10
SLIDE 10

kjk@internet2.edu

Attributes

  • LOA
  • Revocation
  • Digital rights management
  • Use of metadata