Title: XNS: Unifying Identity, Security,
1XNS Unifying Identity, Security, Privacy
- CMU Workshop on the Relationship between Privacy
Security - May 29-30, 2002
Drummond Reed, Director, XNSORGdrummond.reed_at_xns.
org, www.xns.orgCTO, OneName Corporationdrummond
.reed_at_onename.com, www.onename.com
2Topics
- Background
- The Relationship of Identity, Security, and
Privacy - Modeling these Relationships in XML
- Overview of the XNS Technical Specifications
- QA
3Background
- eXtensible Name Service (XNS) originated in 1999
as a DNS for identity - OneName originally licensed the XNS protocol to
the XNS Public Trust Organization (XNSORG) in
Sept. 2000 - A number of companies were attracted by its
potential to solve Web-wide identity problems - After restructuring the license and charter,
XNSORG is preparing to release the first public
specifications for XNS by mid-year
4Identity, security, and privacy
Data controllers
Identity
Control of data accessand modification (create,
read, update, delete, etc.)
Security
Control of data usage(retention, disclosure,
marketing, aggregation, etc.)
Privacy
5The control relationships
Identity
Identity
Privacy
Data Controller
Data Controller
Security
Security
Data
Data
6Security controls authentication, authorization,
access
Identity
Identity
Privacy
Data Controller
Data Controller
Security
Security
Controls
Data
Data
7Privacy controls preferences, policies, and
permissions
Preferences
Policies
Identity
Identity
Privacy
Data Controller
Data Controller
Permis-sions
Security
Security
Data
Data
8Modeling these relationships in XML
- The fundamental design of XNS is to model all
these relationships using XML in a distributed,
federated architecture like DNS - Key concepts
- Identity documents
- Identity addresses
- Identity links
- Identity transactions
- The identity Web
9Identity trees
Identity
Root
Contact info
Travel preferences
Attributes
Work
Home
Car Rentals
Airlines
Address
Email
Phone
Carriers
Seating
10Identity documents
Identity Document (XML)
Identity tree
Complex Attribute
Complex Attribute
Simple Attribute
Simple Attribute
Simple Attribute
Complex Attribute
An identity document is an identity tree
serialized as an XML document. An identity agent
is the software process managing this document.
Simple Attribute
Simple Attribute
11Identity addresses
Identity tree
Identity tree
An identity address is a reference from one
identity tree to another.
12Address persistence URNs
Name
Name
In an identity service, names reference IDs
(URNs) which never change. So refer-ences based
on URNs persist even if a name changes.
Attribute
ID(URN)
In a name service, names reference attributes
directly, so if a name changes, references break.
Attribute
13Address privacy many to one
Name
Name
Name
ID(URN)
ID(URN)
ID(URN)
To prevent triangulation (unauthorized
cross-correlation), many names can map to one ID,
and many IDs to one identity attribute.
Attribute
14Identity links
Identity tree
Identity tree
An identity link replicates a portion of one
identity tree to another identity tree.
15Links model control relationships
Preferences
Policies
Identity
Identity
Privacy
Data Controller
Data Controller
Permis-sions
Security
Security
Data
Data
16Link contracts control data exchange
Identity Document
Identity Document
Attribute
Attribute
Attribute
Attribute
Attribute
Attribute
Attribute
Link
Link
Contract
Contract
Controls
Contract
Contract
17Contract structure
A link object can contain any number of contract
objects covering different data purposes.
Identity Document
Link (one per relationship)
Each contract states the terms, purpose, and
applicable policies (policy references use URNs).
Contract (one per agreement)
General Terms
Contracts reference the attributes they cover
using URNs.
Purpose
Policy references
Permission objects are extensible to model any
type of privacy policy (opt-out, opt-in,
opt-over) in any legal jurisdiction. They also
cover synchronization.
Attribute references
Permissions
Signature
Contracts are signed and stored for auditing and
non-repudiation.
18Permission objectsprivacy and security controls
Permission
SynchronizationPermission
PrivacyPermission
- Controls
- Permission type (disclosure, contact, retention)
- Purpose (human-readable)
- Parties (for disclosure)
- Controls
- Sync type (push-with-data, push-notification-only
, pull-on-demand, scheduled pull) - Full or incremental
- Channel security parameters
19Identity transactions
Data Requestor
Data Provider
1) The DR sends an XNS form def-inition to the DP.
Identity Document
Identity Document
Attributes
Attributes
2) The DP processes the form based on the
principals attributes and preferences and
negotiates the contract.
Policies
Preferences
Schema Def
1
Form Def
2
3
Link
Link
Agent Link
Contract
Contract
3) Both parties sign the contract and store a
copy in their link.
Permissions
Permissions
20Identity synchronization
1) When the principal updates an attribute, the
DP checks to see which contracts reference that
attribute.
Data Provider
Data Requestor
Identity Document
Identity Document
Attributes
Attributes
Attribute 1
Attribute 2
Attribute 2
2) If the contract specifies a push, the DP
composes an XNS Set message and attaches a SAML
assertion.
1
3
Link
Link
Contract
Contract
Permissions
Permissions
3) The DR authenti-cates the message and updates
the attribute.
2
21The identity Web
This represents how one user may choose to link
their identities. Identity Web architecture
supports any linking model just like the Web.
OnlineRetailer
Employer
IdentityServer
IdentityServer
XNS
IdentityDocument
IdentityDocument
IdentityDocument
IdentityDocument
XNS
XNS
Identity Links
IdentityServer
IdentityClient
Laptop
Bank
XNS
IdentityDocument
IdentityDocument
IdentityDocument
22The Web identity services layer
Browser
Browser
Identity
Application
WebIdentityRoot
Logical
Web (HTML over HTTP)
Web Services (XML over SOAP)
Web Identity Services (XNS over SOAP)
Enterprise Security
Enterprise Security
Enterprise Security
Enterprise Directory
Enterprise Directory
Enterprise Directory
Enterprise Integration
Enterprise Integration
Enterprise Integration
Application
Physical
Application
Application
Persistence
Persistence
Persistence
EnterpriseIdentityRoot
Domain
Domain
Domain
23The XNS Technical Specifications
- A set of of 12 WSDL Web service definitions plus
an XML-based URN syntax specification - Living service definitions because they are
published by the XNSORG agent using XNS Discovery
service - This allows XNS service definition formats to
evolve as Web services standards evolve (e.g.,
SOAP, WSDL, XML Schemas, etc.)
24The XNS base services
AttributeManagementServices
CredentialManagementServices
Exchange LinkingServices
Reputation
Introduction
Directory
Higher-level services
Folder
Certification
Data
Negotiation
Session
Hosting
Discovery
Authentication
Core
Name
URNServices
ID
Foundation services
Location
Not in XNS 1.0 specifications
25XNS serves a function parallel to DNS
XNS is an iden-tity service for the endpoints of
web services (SOAP actors)
WSDL-based Web Services
Higher-level protocols
XNS
Baseprotocol
SOAP
Application-to-Application Layer (XML Messages)
DNS is a name service for the endpoints of TCP/IP
protocols (domains hosts)
Telnet, FTP, SMTP, HTTP, etc.
Higher-level protocols
DNS
Baseprotocol
TCP/IP
Machine-to-Machine Layer (Packets)
26The SOAP stack with XNS
WSCL
ebXML
XLANG
WSFL
BTP
Service Interaction Orchestration
ebXML RR
UDDI
Business Registry
XKMS
XRML
XML Encryption
XML Signature
SAML
Security
WS-Security
?
Security Protocols
WS-Inspection
WSDL
Service Description
WS-Routing
Intermediary and Endpoint Services
XNS
DIME
WS-Reliability
HTTPR
BXXP
ebXML TRP
Transport Services Encapsulation Reliability
SOAP v1.1
SOAP v1.2
DIME SOAP
SOAP w/Attachs
Messaging Protocols
HTTP
HTTPS
IIOP/S
FTP
SMTP
UDP
MQ
JMS
Transport Protocol
Source IONA SOAP Interop website
(http//www.xmlbus.com/interop/img/SoapBuildersInt
eropRoadmap.gif)
27Summary XNS provides a common model for
identity, security, and privacy
Principal
UnifiedIdentity
Unified, lifetime Web identity
Authentication, SSO, authorization, PKI
interoperability, reputation
Strong Security
Digitally signed contracts, privacy permissions
Strong Privacy
Intelligent forms, automatic negotiation, digital
receipts
Smart Transactions
Lifetime relationships auto-updates
Persistent Links
28XNS the ISTPA Privacy Framework
- XNS directly implements two of the Capabilities
(Agent and Access) - XNS provides a strong foundation for the third
Capability (Usage) - XNS directly implements three of the seven
Services (Interaction, Negotiation, Control) - XNS provides an infrastructure supporting all
four Assurance Services (Validation,
Certification, Audit, and Enforcement)