Internet Identity Initiatives Internet Identity Initiatives RL - - PowerPoint PPT Presentation

internet identity initiatives internet identity
SMART_READER_LITE
LIVE PREVIEW

Internet Identity Initiatives Internet Identity Initiatives RL - - PowerPoint PPT Presentation

Sep 16, 2023 210 likes •398 views

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of Washington and Internet2 EMC2 Mlaga, S pain October 2006 Topics Topics Internet identity buzzwords/ proj ects: user-centric, sxip, dix,

slide-1
SLIDE 1

Internet Identity Initiatives Internet Identity Initiatives

RL “ Bob” Morgan University of Washington and Internet2 EMC2 Málaga, S pain October 2006

slide-2
SLIDE 2

2

Topics Topics

  • Internet identity buzzwords/

proj ects:

user-centric, sxip, dix, openid, lid, yadis, xri/ xdi, i-names, infocard, cardspace, identity metasystem, saml, ws- federation, ws-trust, liberty, id-wsf, shibboleth, adfs,

  • sis, heraldry, bandit, higgins, isso, saml-lite, identity

schemas, idcommons

  • Internet identity and institutional identity
slide-3
SLIDE 3

3

slide-4
SLIDE 4

4

Internet identity Internet identity

vast convergence of identity interests

the “ read/ write web” implies authentication everywhere

  • rdinary people as resource owners: blogs, wikis,

photos/ music, RS S , social networks, blogspam, IM so ordinary people face many many logins as users, and have to do user management on their blogs “ identity gang” discussion since early 2005

“ identity” is not j ust authentication

not even “ attributes” , but everything “ associated with me” across myriad services, media, modalities, ...

slide-5
SLIDE 5

5

Whose identity? Whose identity?

personal privacy, personal control: institutions of all kinds are the bad guys (including us!), since institutions claim ownership of users' “ identities” doing something about phishing ... hence reducing password exposure many technical/ social solutions being promoted as “ user- centric” , meaning what exactly?

slide-6
SLIDE 6

6

What is “ user-centric” ? What is “ user-centric” ?

many not necessarily related characteristics

identity rendered visible/ manipulable to user IdP/ S P as easy to install as blog package (or comes with) can use your “ personal” URL as identifier decentralized, i.e. no institutional power player all data passes through browser

no backdoor data exchanges between servers user sees/ approves exchanges

identity data asserted by user, controlled by user

  • n client machine, or via online “

identity agent”

slide-7
SLIDE 7

7

OpenID OpenID

see http:/ /

  • penid.net/
  • ne example of “

user-centric” system developed in fight against blogspam

so blog commentors can be authenticated

user identifier is your URL (you have one, right? )

provide link to authn site via your URL mechanism/ assurance similar to email signup loop

can be installed without root/ webserver access

  • perations crypto-protected, trust management is up to the

participating parties (aka “ reputation” )

anti-S AML? anti-XML ...

slide-8
SLIDE 8

8

OpenID status OpenID status

version 1.x

spreading through blogosphere, VeriS ign labs promoting

version 2.0

almost finalized includes XRI resolution, YADIS moving into attribute exchange ...

“ bounties” for app integration ... has subsumed other S S O approaches ?

LID, S XiP, Passel, etc

slide-9
SLIDE 9

9

Information cards Information cards

Microsoft-promoted, much industry uptake

formerly InfoCard, aka “ identity metasystem” MS “ identity selector” is CardS pace, in Vista

  • ther selectors for other platforms, eg Higgins proj

ect

identities visible to users as “ cards”

user-generated or third-party provided typical signon, credit card purchase cases protocol interactions are all WS -Trust to IdP and to S P solves “ where are you from” problem ...

slide-10
SLIDE 10

10

id-metasystem progress id-metasystem progress

Cardspace in Vista betas

MS promises support for XP, also available? will need AD IdP, IIS support, MS not saying much yet

Other platforms

Higgins proj ect focus of Java implementors though others are out there MacOS X implementation demonstrated though no official comment from Apple Mozilla/ Firefox? plugins happening Linux? RedHat participating ...

slide-11
SLIDE 11

11

Related projects Related projects

OS IS

collaboration among open-source identity-system implementors, principally re Cardspace-compatibility Microsoft “

  • pen specification promise”

Higgins

general framework for identity management both client and server big support from IBM, Novell, other vendors

Apache Heraldry

OpenID support, maybe CardS pace?

slide-12
SLIDE 12

12

XRI/ XDI XRI/ XDI

brand-new universal namespace

resolvable, privacy-supporting, individual-centric, comprehensive, multi-registrar, etc specified via OAS IS “ link contracts” for DRM-style annotation on attributes

service infrastructure being deployed

Neustar acting as global root, many other registrars you can buy an “ i-name” now three initial services: contact, web forwarding, IS S O (i-name-enabled S S O, referenced in OpenID)

slide-13
SLIDE 13

13

Other related stuff Other related stuff

WS -*

WS -Trust being standardized in OAS IS

  • nly use case turns out to be CardS pace ...

WS -Federation still not submitted ...

S AML

responding to “ user-centric” challenge new profile with no XML signature (for PHP ...) some lighter-weight implementations happening eg zxid.org

slide-14
SLIDE 14

14

identity schemas identity schemas

http:/ / identityschemas.org/ every identity system redefines ...

name, address, email, phone, homepage, ...

Higgins

common info-mgt requires schema mapping developing OWL framework for representation

ad-hoc group assembled to help ...

schema repository, tools not LDAP, but LDAP-clueful are participating

  • rganizing via idcommons process
slide-15
SLIDE 15

15

GYM GYM

Microsoft

“ live ID” is new Passport “ will be federated” , via WS -Fed

Yahoo, Google

both setting up to be IdPs to the world, using proprietary methods will they federate? unclear

AOL

longtime Liberty/ S AML participant ...

slide-16
SLIDE 16

16

Whither institutional identities? Whither institutional identities?

the compliance driver

for high-value/ formal relationships we need high-security, high-trust, high-value, high-cost, institutionally- controlled and -licensed, audited IdM

the community driver

to be a valuable and popular player in Internet identity communities we need easily obtained, portable, low- barrier, adaptable, multi-protocol IdM

can we do both?

institutional IdM will need to support many faces, interactions, partners, can't be protocol-evangelical

slide-17
SLIDE 17

17

HE as Identity Agent/ Consumer HE as Identity Agent/ Consumer

what can institutional ID be used for?

users might already be hooking in to OpenID using institutional authentication, URLs random sites of interest to users might be S AML S Ps?

institutional ID linkage?

all people coming to our institutions for any purpose already (will) have online identities can we make use of them?

reputation? e-portfolio?

slide-18
SLIDE 18

18

Links Links

http:/ /

  • penid.net/

http:/ / cardspace.netfx3.com/ http:/ /

  • sis.netmesh.org/

http:/ / identityschemas.org/ http:/ / wiki.idcommons.net/ http:/ / www.identitygang.org/