next generation of identity aware applications
play

Next Generation of Identity Aware Applications. Fulup Ar Foll - PowerPoint PPT Presentation

Feb 13, 2024 •413 likes •605 views

Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert Group Master Architect, Global Software Practice Sun Microsystems. Fulup.ArFoll@sun.com p 1 San Diego April 2007 e-Government Trend France :

  1. Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert Group Master Architect, Global Software Practice Sun Microsystems. Fulup.ArFoll@sun.com p 1 San Diego April 2007

  2. e-Government Trend France : Service-public.fr is the French civil service's official gateway. It aims to give citizens access to all administrative information on-line. It has been developed as part of the government’s action plan known as "preparing France for entry into the information society". (Documentation française & Prime Minister's office and the Civil Service and State Reform Ministry. Norway : The Norwegian Government intends to take the necessary steps to achieve the potentials that are inherent in the ICT and the knowledge society. Stronger coordination, identification of clear areas of investment, and concrete, ambitious--while realistic--goals will create results that really make a difference. (Morten Andreas Meyer, Minister of Modernization 2005) Netherlands : Key government agencies and local governments are taking the initiative to develop a single Personal Internet page. Citizens and businesses can use this portal to view their personal data, submit corrections or changes, receive personalized information,and manage their affairs with government in one place. (Letter of the Minister to Parliament, 10th of April 2006) Fulup.ArFoll@sun.com p 2 San Diego April 2007

  3. eGovernment Problematic Nothing Exclusive, just problems accumulation.  Telco-grade scaling  Bank security requirements  Limited funding  Fix cost on five years plan  Little to no capabilities to impose choice  Must be vendor neutral  Any error is a potential political crisis Fulup.ArFoll@sun.com p 3 San Diego April 2007

  4. eGovt Architecture Target A Citizen-centric view across government  Information collected, maintained once by the most appropriate agency.  Information verified to the adequate level.  Information available electronically through a vendor neutral long-term standard.  Information exchange securely to whomever requires it, in a privacy-aware manner.  Significant benefit for people, businesses, agencies, government ... Fulup.ArFoll@sun.com p 4 San Diego April 2007

  5. Country as a foundation Netherlands as “typical” medium size country  16+ million inhabitants  800K businesses (60% less than 10 employees)  High level penetration of technology  Broadband ~50%  Mobile ~100%  High fragmentation of government services  480 municipalities  12 provinces  25 water authorities Fulup.ArFoll@sun.com p 5 San Diego April 2007

  6. Which standard for what • Global Connectivity  Across repository, domain, ... Applications  Seamless to User (complexity advert)  Want to be both consumer and provider • Increasing Demand for ID ID-WSF - SAML2  Everyone wants your identity..but do you Abstraction —the user—want it?  Need adequate privacy mechanisms before exposing it. SAML-1 WS-Security • Heterogeneous world SOAP TCP/IP  Multi vendors, services providers and Transport consumers are heterogeneous. Composability  Multi-channel, cross devices, cross networks, ... • ... Fulup.ArFoll@sun.com p 6 San Diego April 2007

  7. Waves of eGovt Applications  Silo application  anonymous services (document download, ...)  one identity, one application (ex: income tax, ...)  one time token (invoice, payment, ...)  Federated Single Sign On/Out  Citizen portal (France, Norway, Austria, ...)  Attributes exchange / Proxy authentication  Italy (drivers license)  Spain (e-prescription) Fulup.ArFoll@sun.com p 7 San Diego April 2007

  8. Anonymous Vote Scenario  Government Constraints  Must be 18+  Must not have any criminal record  Must be a citizen of “Lichtenstein”  Must only vote once  ...  Citizen Constraints  Government should not know what you vote for  Voting SP should not know who you are Fulup.ArFoll@sun.com p 8 San Diego April 2007

  9. Anonymous Vote Flow IDP Justice SP 3 Municipality 2 SP 1 Citizen SP Voting SP SAML2 ID-WSF Contract Fulup.ArFoll@sun.com p 9 San Diego April 2007

  10. Delegation Scenario You create a company (QuickMoney)   Govt gives you a QuickMoney-ID  As citizen & owner, you act on behalf of QuickMoney  QuickMoney-ID is federateable (ex: with MyBank) You sign a contract with a MyLawyer SP   You allow MyLawyer to act on behalf of QuickMoney  You can control who can act on QuickMoney’s behalf  eGovt service asserts MyLawyer as “authorized lawyer” You sell QuickMoney to BigComp   BigComp can now act on behalf of QuickMoney  BigComp can establish new delegations Fulup.ArFoll@sun.com p 10 San Diego April 2007

  11. People Service Delegation Flow Other Personal Enterprise SP Bank Profile SP Authentication Discovery Personal Profile Enterprise Authentication Storage Revenu/TAX Enterprise SP Registry Citizen IDP Discovery people Service Citizen Lawyer Lawyer Lawer IDP Registry Discovery Authentication Fulup.ArFoll@sun.com p 11 San Diego April 2007

  12. Architecture Requirements  Internet-Centric  Cheap, fast moving (no special network, like it or trash it, ...)  Based on current Internet “day to day” user experience  No difference between citizens, employees, companies  Peer-to-Peer (scalable, efficient, data directly from source, ...)  Distributed (multiple authority, discovery, flexible, ...)  No central system, no “Big Brother”  User-Centric  User in control of his global identity  Multiple personalities  Consent aware (nothing without my consent)  Strong privacy & security  Simple & intuitive Fulup.ArFoll@sun.com p 12 San Diego April 2007

  13. Why not a Unique Authority (The Holy Grail !!!)  Super everything , high level of complexity in one place tends to create super project & super failure.  Significant negative privacy issues , bringing together attributes in one place goes against best practice and ignores lessons learned from the past.  Poor data quality , central system requires complex synchronization from authoritative sources that best case are expensive and worse case present obsolete data as valid.  Never unique , like mushrooms, independent of the amount of time/money spent, smaller authority/repositories will pop up. Fulup.ArFoll@sun.com p 13 San Diego April 2007

  14. Federated Citizen Authority  Should be:  a shield to allow citizen to interact with “untrusted” parties.  a trusted intermediary to find and exchange attributes in a peer to peer mode with a high level of confidence.  a friend that diminishes government process complexity.  a referent that guarantees user to keep control of its own identity.  Should not be : a governmental version of “Google Yahoo”, a Big Brother, a new problem for citizen, something expensive, .... Fulup.ArFoll@sun.com p 14 San Diego April 2007

  15. Which Authority's Components  Basic Authority Services  Authentication Framework  Common definition of risk  Common authentication confidence for a given risk  Federation framework  Multi-authority (proxy IDP model)  Multi-personality  Discovery Mechanism  Where to find services (in a user contextual mode)  Security Mechanism (Attributes shared 1 st policy decision point)  Identity mapping (peer to peer in privacy aware mode)  Social networking  Should support delegation  Capability to create informal group of people  Interaction Service  Should allow user to be in control at any time  Advanced Services: Personal Profile, Document Exchange, ... Fulup.ArFoll@sun.com p 15 San Diego April 2007

  16. General Federated Architecture SP SP IDP SP SP SP 3 A B SP IDP C 2 1 IDP D IDP SP SP SAML2 SP ID-WSF Contract Fulup.ArFoll@sun.com p 16 San Diego April 2007

  17. Mature and Evolving Fulup.ArFoll@sun.com p 17 San Diego April 2007

  18. Pa zo Echu, Echu eo (1) ! Disclaimer: I won't claim the ideas presented in this presentation to be exclusively personal or even original. Here are a few names of people I somehow trust (2) and from whom I stole one or more ideas that appear directly or indirectly in this presentation: Andreas.Hamnes(Norway) Britta.Glade(USA) Colin.Wallis(New-Zealand) Conor.P.Cahil(USA) Efjestad.Dag(Norway) Eve.L.Maler(USA) George.Fletcher(USA) Hubert.Le-Van-Gong(France) Ignacio Alamillo(Spain) Ingrid.Melve(Norway) Jean-Severin.Lair(France) Lasse.Andresen(Norway) Lauren.Wood(Canada) Louise.Thiboutot (Canada) Mira.Nivala(Finland) Myriam.Cyr(Canada) Orhan.Alkan(Turquie) Ovidiu.Constantin(Italy) Paul.Madsen(Canada) Paul.Zeef(Netherland) Sampo.Kellomaki(Portugal) Søren.Peter- Nielsen(Danemark)Tanguy.Mercier(France) Tisserant.Alexandre(France) Victor.Ake(Finland) Fulup@sun.com (1) “When it is finish, Finish it is” in Breton Language (2) Which does not mean they would agree with me Fulup.ArFoll@sun.com p 18 San Diego April 2007

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Toolkit to Support Intelligibility in Context Aware Applications Context-Aware Applications P

Toolkit to Support Intelligibility in Context Aware Applications Context-Aware Applications P

Toolkit to Support Intelligibility in Context Aware Applications Context-Aware Applications P Presented by Mary Salinas t d b M S li What problem are they trying to solve? l ? Context-aware applications are great for Context aware

164 views • 13 slides
Intelligent Networks with a Owner-Centric design. ENABLING NEXT THE GENERATION INTERNET IoT is

Intelligent Networks with a Owner-Centric design. ENABLING NEXT THE GENERATION INTERNET IoT is

Intelligent Networks with a Owner-Centric design. ENABLING NEXT THE GENERATION INTERNET IoT is not a Cloud game It is a Network game What is IoT? Non-Legal Identity Legal Identity Legal Identity Non-Legal Identity IAM Legal Identity

248 views • 22 slides
Location-Aware Computing Definition: Location-aware applications generate outputs/behaviors

Location-Aware Computing Definition: Location-aware applications generate outputs/behaviors

CS 528 Mobile and Ubiquitous Computing Lecture 5b : Mobile and Location-Aware Computing Emmanuel Agu Location-Aware Computing Definition: Location-aware applications generate outputs/behaviors that depend on a users location Examples:

879 views • 53 slides
Interconnect Delay Aware RTL Verilog Bus Architecture Generation for an SoC Kyeong Ryu,

Interconnect Delay Aware RTL Verilog Bus Architecture Generation for an SoC Kyeong Ryu,

Interconnect Delay Aware RTL Verilog Bus Architecture Generation for an SoC Kyeong Ryu, Alexandru Talpasanu, Vincent Mooney and Jeffrey Davis School of Electrical and Computer Engineering Georgia Institute of Technology August 2004 Outline

472 views • 21 slides
Websites. Applications. Identity. Culture of trend creation Since 2011, Belarusian art studio

Websites. Applications. Identity. Culture of trend creation Since 2011, Belarusian art studio

Websites. Applications. Identity. Culture of trend creation Since 2011, Belarusian art studio PRAS has been focusing on the development of all types of websites, mobile applications for iOS, Android and Windows, as well as on graphic design: from

782 views • 20 slides
Next Next Generation Sequencing: an overview of Generation Sequencing: an overview of

Next Next Generation Sequencing: an overview of Generation Sequencing: an overview of

Next Next Generation Sequencing: an overview of Generation Sequencing: an overview of technologies and applications technologies and applications Matthew Tinning Australian Genome Research Facility July 2012 History of Sequencing

698 views • 53 slides
An Architecture for Distributed Spatial Configuration of Context Aware Applications 2nd

An Architecture for Distributed Spatial Configuration of Context Aware Applications 2nd

An Architecture for Distributed Spatial Configuration of Context Aware Applications 2nd International Conference on Mobile and Ubiquitous Multimedia Martin Wagner and Gudrun Klinker Augmented Reality Group Institut fr Informatik Technische

511 views • 28 slides
Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment Functional encryption Shared coin flips Fully-homomorphic encryption APPLICATIONS AND PROTOCOLS Threshold cryptography Searchable

399 views • 11 slides
Towards system-scale optimisation of HPC applications TADaaM : Topology-Aware System-Scale Data

Towards system-scale optimisation of HPC applications TADaaM : Topology-Aware System-Scale Data

Towards system-scale optimisation of HPC applications TADaaM : Topology-Aware System-Scale Data Management for High-Performance Computing Applications Emmanuel Jeannot October 2016 INTRODUCTION Optimize application execution at system-scale

336 views • 21 slides
Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM

Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM

Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM ELKARABLIEH, YAI O. LALEYE, SARFRAZ KHURSHID ASE08 PRESENTED BY: YUSHAN ZHANG 1 http://ieeexplore.ieee.org/document/4639327/ 2020/10/8 Blackbox

434 views • 18 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications Dominic Tarr (SSB, New Zealand) Erick Lavoie (McGill University, Montreal) Aljoscha Meyer (TU Berlin, Germany) Christian Tschudin (U of

501 views • 18 slides
A Context-aware Natural Language Generation Dataset for Dialogue Systems Ondej Duek and Filip

A Context-aware Natural Language Generation Dataset for Dialogue Systems Ondej Duek and Filip

. . . . . . . . . . . . . . A Context-aware Natural Language Generation Dataset for Dialogue Systems Ondej Duek and Filip Jurek Institute of Formal and Applied Linguistics Charles University in Prague May 28, 2016 LREC

911 views • 49 slides
Sparsity-aware sampling theorems and applications Rachel Ward University of Texas at Austin

Sparsity-aware sampling theorems and applications Rachel Ward University of Texas at Austin

Sparsity-aware sampling theorems and applications Rachel Ward University of Texas at Austin November, 2014 Sparsity-aware sampling: motivating example N = 100 , 000 soldiers should be screened for syphilis. Problem: Syphilis is rare (only

516 views • 29 slides
Energy Aware Scheduling and Queue Management for Next Generation Wi-Fi Routers Husnu S aner

Energy Aware Scheduling and Queue Management for Next Generation Wi-Fi Routers Husnu S aner

Energy Aware Scheduling and Queue Management for Next Generation Wi-Fi Routers Husnu S aner Narman Mohammed Atiquzzaman School of Computer Science University of Oklahoma, USA. husnu@ou.edu http://students.ou.edu/N/Husnu.S.Narman-1 March

513 views • 22 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
Information Retrieval What is IR? Matching Models Overview Evaluation of Results

Information Retrieval What is IR? Matching Models Overview Evaluation of Results

Roadmap Information Retrieval What is IR? Matching Models Overview Evaluation of Results Digital Libraries vs. IR Bridging IR + Databases Vagelis Hristidis School of Computer Science Proximity Search in Databases [Goldman

344 views • 12 slides
Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina,

Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina,

Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina, Greece Diffusion: the process by which a piece of information spreads and reaches individuals through interactions in a netowork. Why do we

1.58k views • 135 slides
Scalability of web applications CSCI 470: Web Science Keith Vertanen Overview Scalability

Scalability of web applications CSCI 470: Web Science Keith Vertanen Overview Scalability

Scalability of web applications CSCI 470: Web Science Keith Vertanen Overview Scalability questions What's important in order to build scalable web sites? High availability vs. load balancing Approaches to scaling

600 views • 26 slides
Seminar 2: Intro to Cryptography Helger Lipmaa Helsinki University of Technology

Seminar 2: Intro to Cryptography Helger Lipmaa Helsinki University of Technology

T-79.514 Special Course on Cryptology Seminar 2: Intro to Cryptography Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger

273 views • 25 slides
Outline Key Management Properties of keys CS 239 Key management Computer Security

Outline Key Management Properties of keys CS 239 Key management Computer Security

Outline Key Management Properties of keys CS 239 Key management Computer Security Key servers February 7, 2005 Kerberos Certificates Lecture 8 Lecture 8 Page 1 Page 2 CS 239, Winter 2005 CS 239, Winter 2005

357 views • 12 slides
How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of

How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of

How we implemented an LDAP directory for Laboratories Nick Urbanik How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of Vocational Education (Tsing Yi), Department of ICT Nick Urbanik

1.17k views • 106 slides
Inclusion: or the Reverse? Michael Spence ISEO June 23, 2017 WEAK RECOVERIES IN DEVELOPED

Inclusion: or the Reverse? Michael Spence ISEO June 23, 2017 WEAK RECOVERIES IN DEVELOPED

CENTRIFIGAL FORCES IN THE GLOBAL ECONOMY: Is More Growth the Answer to Economic and Social Inclusion: or the Reverse? Michael Spence ISEO June 23, 2017 WEAK RECOVERIES IN DEVELOPED COUNTRIES Advanced Economies Output Gap China Grew with

902 views • 45 slides
Internet VotingSeriously?? Ronald L. Rivest Institute Professor MIT, Cambridge, MA EVN

Internet VotingSeriously?? Ronald L. Rivest Institute Professor MIT, Cambridge, MA EVN

Internet VotingSeriously?? Ronald L. Rivest Institute Professor MIT, Cambridge, MA EVN Conference 2016-03-11 Outline Introduction Technology evolution and voting Internet voting Security Risk assessment New tech for old applications

912 views • 90 slides

More recommend