internet identity and access control
play

Internet Identity and Access Control Dr Ken Klingenstein, Director, - PowerPoint PPT Presentation

Mar 18, 2023 •388 likes •499 views

Internet Identity and Access Control Dr Ken Klingenstein, Director, Middleware and Security, Internet2 Topics Whats happening/ impacts See lunch talk The Research Angle Researchers as users Security Researchers New

  1. Internet Identity and Access Control Dr Ken Klingenstein, Director, Middleware and Security, Internet2

  2. Topics • What’s happening/ impacts • See lunch talk • The Research Angle • Researchers as users • Security Researchers • New areas for Research kjk@internet2.edu

  3. Researchers as Users • Use your local login to access • NIH, NSF grant submission and management • CIlogon for CyberInfrastructure • GENI • Scholarly Identity • No local federation? Push for it… kjk@internet2.edu

  4. Security Research • Leveraging the trust fabric • SES as a model • Analytics beyond the border • http://www.ren-isac.net/ses/ • Federated security tools kjk@internet2.edu

  5. New Areas of Research • Anonymous Credentials • Scalable privacy management • UI, Correlation attacks, Contexts • Attribute Ecosystem • LOA, Revocation, Terms of use, Metadata kjk@internet2.edu

  6. Anonymous Credentials • Special credentials issued by attribute authorities • When queried by RP, will do minimal disclosure of encoded attributes • E.g. Over 18, True/False on specific sets of attributes, such as citizen, medical, etc. • Can be done so that IdP does not know either the values being released or the RP’s requesting information • Deep crypto techniques underlie – e.g. Idemix. • Ten year old research -> proprietary technology development ->open source capability • No use of SAML but heavy need for SAML metadata kjk@internet2.edu

  7. Anonymous Credentials Use Cases • Medical records • HMO can put attributes about patient medications into an IdP and have authorized RP query • Student health can store information restricted to RP with a need to know, protected from general IdP. • Citizen record • Answer general official queries such as over legal age queries, citizenship, etc. • Enable specific services such as parking by zones, privacy- preserving neighborhood discussions • Private access controls • By good and evil kjk@internet2.edu

  8. Key Directions in Anonymous Credentials • Radical new capabilities, but lacking any infrastructure at all to support deployment at scale • Delivering credentials to user and storing • Scalable query controls • Audit and policy issues • Metadata for informed consent • Others • Enter federated identity • Provides secure credential transport and storage • Provides framework for discussion on policy • Fills other deployment gaps kjk@internet2.edu

  9. Scalable privacy management • UI • Attack vectors • E.g. Correlation • Contexts kjk@internet2.edu

  10. Attributes • LOA • Revocation • Digital rights management • Use of metadata kjk@internet2.edu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of Washington and Internet2 EMC2 Mlaga, S pain October 2006 Topics Topics Internet identity buzzwords/ proj ects: user-centric, sxip, dix,

395 views • 18 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Access Control for Smart Objects Access Control for Smart Objects Jan Janak, Hyunwoo Nam, Henning

Access Control for Smart Objects Access Control for Smart Objects Jan Janak, Hyunwoo Nam, Henning

IAB Workshop on Smart Object Security Paris, March 2012 Access Control for Smart Objects Access Control for Smart Objects Jan Janak, Hyunwoo Nam, Henning Schulzrinne I R T Columbia University Internet Real-Time Laboratory This work is

57 views • 5 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Medium Access Control and WPAN Technologies 01204525 Wireless Sensor Networks and Internet of

Medium Access Control and WPAN Technologies 01204525 Wireless Sensor Networks and Internet of

Medium Access Control and WPAN Technologies 01204525 Wireless Sensor Networks and Internet of Things Chaiporn Ja Jaikaeo (c (chaiporn.j@ku.ac.th) Department of f Computer Engineering Kasetsart University Materials taken from lecture slides

597 views • 42 slides
Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc.

Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc.

Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc. http://netmesh.info/jernst Johannes Ernst Modern Identity History Facebook Proprietary et al. Yadis URL-based Age of identity Card-based interop

1.01k views • 24 slides
Internet congestion control: TCP Internet congestion control: TCP 1988: "Congestion

Internet congestion control: TCP Internet congestion control: TCP 1988: "Congestion

Internet congestion control: TCP Internet congestion control: TCP 1988: "Congestion Avoidance and Control" (Jacobson/Karels) Combined congestion/flow control for TCP Goal: stability - in equilibrum, no packet is sent into the

482 views • 24 slides
To the moon and back Customer Identity and Access Management in a global Drupal setup Ground

To the moon and back Customer Identity and Access Management in a global Drupal setup Ground

Drupal Business Days, Frankfurt, 19.05.17 To the moon and back Customer Identity and Access Management in a global Drupal setup Ground Control ETECTURE in a Nutshell We support and advise customers with consultancy, customized software

642 views • 30 slides
Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it EOSC-Hub AAI Tech Talk Europe, Earth, June 15th 2018 INDIGO Identity and Access Management service Flexible authentication support (SAML,

430 views • 24 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET Identity & Access Management Community of Practice Panelists: Corey Scholefield Vera Merkusheva Isabel Wong Sabrina da Silva 2 Conference

622 views • 19 slides
Identity & Access Management in an Academic Environment Webinar May 17, 2018 Johan Lidros

Identity & Access Management in an Academic Environment Webinar May 17, 2018 Johan Lidros

Identity & Access Management in an Academic Environment Webinar May 17, 2018 Johan Lidros CISA, CISM, CGEIT, CRISC, HITRUST CCSFP, ITIL-F President Eminere Group 2 3 4 5 Presenter Johan Lidros, Founder and President of Eminere

901 views • 58 slides
CS 4803 Before we begin, some design principles Computer and Network Security Alexandra

CS 4803 Before we begin, some design principles Computer and Network Security Alexandra

Access to general objects Memory protection is only one example Need a way to protect more general objects CS 4803 Before we begin, some design principles Computer and Network Security Alexandra (Sasha) Boldyreva More on access

837 views • 7 slides
computation may someday be organized as a public utility John McCarthy, 1960 2

computation may someday be organized as a public utility John McCarthy, 1960 2

Security and Cloud Computing computation may someday be organized as a public utility John McCarthy, 1960 2 How did we get here? Security and Cloud Computing 3 What Is Cloud Computing? On-demand self-service Add or

603 views • 27 slides
HI MSS Cyb e rse c urity Co mmunity Spo nso r 1 Se c urity F unda me nta ls b a se d o n the

HI MSS Cyb e rse c urity Co mmunity Spo nso r 1 Se c urity F unda me nta ls b a se d o n the

HI MSS Cyb e rse c urity Co mmunity Spo nso r 1 Se c urity F unda me nta ls b a se d o n the NI ST Cyb e rse c urity F ra me wo rk 01.23.2020 Speaker I ntr oduction Ric k Spatafor e CPHI MS, GI SP, GCI H, HCI SPP Ma na g e r,

542 views • 18 slides
Access Control MAC Summary ITS335: IT Security Sirindhorn International Institute of Technology

Access Control MAC Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Access Control Concepts DAC RBAC Access Control MAC Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 10 October 2013 its335y13s2l04,

400 views • 26 slides
CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec

CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec

CHIPSEC IPSEC Platform Security Assessment Framework https://github.com/chipsec/chipsec @CHIPSEC Wha What is is Pl Platform rm Se Secu curi rity? ty? Hardware Implementation and Configuration Available Security Features

695 views • 20 slides
A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and V. Sassone MyThS Meeting, Venice, June, 14th, 2004 A Distributed Calculus for Role-Based Access Control p.1/18 RBAC Why: Role-Based Access

613 views • 36 slides
Fine-grained Data Access Control Systems with User Accountability in Cloud Computing Jin Li 1 ,

Fine-grained Data Access Control Systems with User Accountability in Cloud Computing Jin Li 1 ,

Fine-grained Data Access Control Systems with User Accountability in Cloud Computing Jin Li 1 , Gansen Zhao 2 , and Xiaofeng Chen 3 Chunming Rong 4 , Yong Tang 2 1 Guangzhou University, China South China Normal University 2 3 Xidian University

784 views • 21 slides

More recommend