Identity - PowerPoint PPT Presentation

1 / 38
About This Presentation
Title:

Identity

Description:

Identity Management: a Key e-Business Enabler Marco Casassa Mont Pete Bramhall Mickey Gittler Joe Pato Owen Rees Trust, Security and Privacy – PowerPoint PPT presentation

Number of Views:421
Avg rating:3.0/5.0
Slides: 39
Provided by: MarcoCas6
Category:
Tags: identity | mobiles

less

Transcript and Presenter's Notes

Title: Identity


1
Identity Management a Key e-Business Enabler
Marco Casassa Mont Pete Bramhall Mickey
Gittler Joe Pato Owen Rees

Trust, Security and Privacy Hewlett-Packard
Laboratories Bristol, UK
SSGRR 2002s
2
Outline
  • Background Identity Identity Management
  • Current and Future Trends
  • Important Issues
  • Our Research on Identity Management
  • Conclusions

3
Identity
Personal Name, Address Driver License Passport Credit Card Financial Asset Deeds
Enterprise Employee Number Roles Work Profiles Rights Responsibilities
Government Citizenship Social Security Health Service Taxation
Identity Identifier Information Profiles
Digital Identity effort to Recreate, Organise,
Automate and Integrate
these Aspects in the Electronic World
4
Identity Management
  • Goals
  • Assess, Certify an Manage Digital Identities
    Profiles
  • Provide Mechanisms for Authentication
  • Provide Mechanisms for Authorization
  • Underpin Accountability in Transactions
  • Provide Customised Services to People

5
Identity Management
  • Relevance in Multiple Contexts
  • Personal
  • Social
  • E-Commerce
  • Enterprise, B2B
  • Government

6
Heterogeneous Environment
B2C
E-Commerce 1
E-Commerce 2
Home
P2P
C2G
B2B
Home Office
Driving Licence
Service
Tax
Health
B2G
Enterprise 2
Enterprise 1
Government Services
7
Identity Management Current Trends
  • Consumer and E-Commerce Space
  • Enterprise and B2B Space
  • Government Space

8

Current Trends Consumer and E-Commerce Space
Federated Identity Management Simplification of Authentication and Profile Management Processes for Consumers
Authentication and Single-Sign-On across multiple e-Commerce Sites
Mediations by Identity Providers (Trusted Third Parties)
Major Players - Microsoft (Passport, .MyServices), - Liberty Alliance Project (Consortium) HP is a Core Member of Liberty Alliance
9
Liberty Alliance Project
SSO
User
Internet
SSO Modules
Browser
E-Commerce Sites
Authentication
Identity Providers
SSO Modules
SSO Modules
Exchange of Identity and Profile Information
Trust Domain 1
Trust Domain 2
Trusted Third Parties, Trust Services, ...
10
Current Trends Enterprise and B2B Space
Integrated User Account Management Solutions Creating, Updating, Removing Large Number of User Accounts and ACLs (IBM/Tivoli, Netegrity, CA, )
Meta-Directories Aggregate and Synchronise Identity and Profile data across various sources, applications and storages distributed within an Enterprise
Public Key Infrastructure (PKI) Provide Stronger Authentication - Digital Identity and Attribute Certificates - CAs, RAs Infrastructures - Directories, LDAP Services
VPNs Secure Communication and Access to (Extended) Enterprise Resources Smartcards, Authentication tokens
11
Current Trends Government Space
Public Key Infrastructure (PKI) Provide Stronger Authentication - Digital Identity and Attribute Certificates - CAs, RAs Infrastructures - Directories, LDAP Services
Secure Tokens and Smartcards Digital Identity Cards National Insurance Cards Driving License Cards
Digital Signature Laws Data Protection Laws Laws recognising the legal value of Digital Signatures both on electronic documents and e-Transactions Laws on Privacy and Data Protection
- Privacy Concerns - Possible Threats to
Freedom
12
Identity Management Future Trends
Next-Generation of Personal Mobile Devices Ubiquitous Computing New mobile phones and PDAs and high bandwidth connections Usage in multiple context home, work, social interactions Contain Personal and Business Data Contain and make use of identity and profile information
Proliferation of Digital Identities and Profiles Multiple accounts ISP providers, e-commerce sites, on-line banking, remote access to workplace,
Increase of Thefts of Digital Identities (and related Profiles) Thefts of Personal and Business Data Frauds Misuse violating Data Protection and Privacy Laws
More Control could be given back to Identity and Profiles Owners Secure Authentication and Access to Enterprise Resources Smartcards, Authentication Tokens, Id Cards
13
Peoples Perspective Views of Identity
The Aggregated me
Credit Rating
Government view
Me me
Foo.com view of me
Enterprise view of me
14
Identity Management Issues
Data Authenticity Importance of Assessing Provenance and Credibility of Identity and Profile Data before any Certification. Verification vs. Risk Management
Trust and Trust Management Need for Trusted Third Parties Management of Trust whilst assessing, certifying, verifying and validating data Moving towards e-Trust Services Certification Authorities, Notarisation Services, Recommendation Services, Credit Rating, Trusted Auditing, etc.
Dynamic and Volatile Digital Information Importance of keeping Identity and Profile Information up-to-date Problem of dealing with dynamic certified data overhead in life-cycle management Problem in refreshing validity and trust of identity and profile attributes
15
Identity Management Issues
Longevity Dealing with Longevity Issues related to Private keys when Electronic Digital Signatures are in place Tracking the evolution of Identity Certificates overtime, for Accountability Purposes
Privacy Protection from Unauthorised Access to Personal or Confidential Data How to Track (multi-hops) Disclosures Many National Legislations and Laws Problem of Trans-National Enforcement
Accountability Transparent Policies and Practices Trusted, Non-Repudiable and Survivable Audit Trails
Simplicity and Integration Complexity of Technologies and Solutions is a Major Barrier to their Adoption Easiness in understanding liabilities and guarantees
16
Identity Management Our Reference Model
17
Identity Management Model
Identity Tracing
Identity Mapping
Added-Value Tools and Solutions

Trust Domains
Identity Profile Certification
Dynamic Information Update
Longevity Management

Identity Management Lifecycle
Privacy and Data Protection Policies
Context
Trust Services
Federated Single-Sign-On
Selective Disclosure
Policy-driven Authorization

Identity Management Infrastructure
Reliable Storage
18
Identity Management Our Past Research
PASTELS project - Trust Management for
Identities and Profiles in Dynamic B2B
Environments - Flexible and Dynamic
Authorization at the Service Level
19
Dynamic B2B Environment
Enterprise 1
Service Provider K
Enterprise
Web Service1
Enterprise 2
Web Service2
B-2-B
Portal
User x
Web Service3
Internet
Enterprise 3
Not Trusted
Enterprise Z
Trusted
20
PASTELS Objectives
  • Understand PKI, Extendibility and its Usability
    at the
  • Business Level
  • Explore a Framework that makes use of Digital
    Credentials
  • as Mechanism to represent Identities and
    Profiles
  • - End to End Credential Exchange
  • - Solutions for Client and Server Side
  • Trust Management and Monitoring
  • Integration of Digital Credentials with
    Authorization
  • at the Application and Service level

21
PASTELS Focus Areas
Enterprise 2 Service Provider
Enterprise 1 User
Client Identity Certificate
Server Identity Certificate
Credential Management
Credential Validation
Portal
Server Attribute Credentials
Credential Usage Monitoring
Services
Browser Plug-in
Client Attribute Credentials
Authorization
B2B
Publishing Mechanism for Semantic of Credential
Common Trusted Third Parties
22
PASTELS Digital Credentials
  • Identity Credentials X.509 Identity Certificate
    (PKI)
  • Attribute Credentials are associated to an
    Identity Certificate by using its
  • Issuer DN and Serial Number

IssuerDN
Serial Number Credit card Expiration
Signature
Attribute Credential (Digital Signed XML File)
Identity Credential
23
PASTELS Architecture
Remote Enterprise
Services
Web Server
Function
P O R T A L
Function
Remote Users Browser
SSL
Credential Issuer/Pusher
Credentials Push and Pull
Plug In
Credential Content Mgmt
Login Service
Credential Validation
Abstractor
Session Manager
Credentials
Internet
Policy Evaluation Request
Policy Evaluation Request
Authorization Request
User Context Manager
User Context
Enterprise
Credential Validation and Management Policies
Authorization Server
Object Pool Manager (Cache)
Credentials Usage Monitoring Service
Users profiles Users Roles Users Identity
Credentials Users Attribute Credential Users
Anonymous Credential
- Service Model - Authorization Policies
Repository
24
PASTELS Lessons Learnt
  • Systems driven by Polices (at the Business,
    Trust and
  • Security levels) introduce Flexibility in
    coping with
  • Dynamic Enterprise Requirement.
  • Complexity of PKI in term of Trust Management
  • CAs Hierarchies do not Scale and Introduce
  • Complexity during Credential Verification
  • Need to Simplify PKI at the User site
  • Dealing with multiple Digital Credentials is
    Not Trivial
  • Dynamic Data is a Problem for Digital
    Credentials.
  • Overhead in Lifecycle Management and
    Communication.

25
Identity Management Our Current Research Areas
  • Work In Progress
  • Active Digital Credentials
  • Accountable Management of Identities
  • Identity Management in Dynamic Mobile
  • Environment

26
1. Active Digital Credentials
  • Problems
  • Cope with Dynamic Identity and Profile
    Information
  • (financial, trust, rating, etc.)
  • Provision of Up-to-Date Certified Information
  • Complexity of Current Lifecycle Management
  • when dealing with Dynamic Information

27
Active Digital Credentials
Local Processing
Attributes
Attribute Name Attribute Value Validity/ Trust
Credit Limit
Credit Rating
Location

Bank
Enterprise
Government
28
Active Digital Credentials
29
Active Digital Credentials
30
Active Digital Credentials Scenario 1
31
Active Digital Credentials Scenario 2
32
2. Accountable Management of Identities
  • Problems
  • Who Knows What about Me?
  • How to Trace Disclosures of my
    Identities/Profiles?
  • How to Enforce Privacy when Disclosing
  • Personal/Business Identities and Profiles?
  • How to Prevent Abuses?
  • Context
  • Federated Identity Management (Liberty Alliance)
  • Dynamic B2B environment
  • Personal or Group Interactions with PDAs

33
Accountable Management of Identities
Transaction / Interaction
User
Identity Provider/Enterprise
Negotiation of Privacy Policy
2
Identity/ Profile Disclosure
1
Policies
Tracing
Plug-in
Identity Providers/ Enterprises
Provision of Identity Profile Data
Notification/ Authorization
Logging Audit
3
Notifications/ Requests of Authorization
Tracing, Fraud Detection, Forensic Analysis
34
3. Identity Management in Dynamic Mobile
Environment
  • Problems
  • People are Sociable but also Paranoid
  • Protection of Identity and Profile Information
  • contained in Mobile Devices and PDAs
  • Selective Disclosure of Information
  • Trust Measurement and Management
  • Context
  • Ad-hoc Group Interactions
  • Usage of Personal Appliances (PDAs, Mobiles, )

35
Personal Identity Assistant
Work
Home
Pub
36
Virtual Private Identity Networks
  • Personal Identity Assistant
  • Discover/Hide from other People
  • Selective Disclosure of Identity Information
  • Secure PDA
  • Tracing and Auditing Mechanisms

Mall School Work Environment
Dynamic Groups of Interest
37
Important Aspects
  • Importance of Security for Identity Management
    at the
  • System, Application, Service and Communication
    levels
  • Need for Survivable Data Storages to Store
    Sensitive Identity
  • and Profile Data and related Logging/Auditing
    Information
  • Enforcement of Accountability non-Repudiable
    Event Logging
  • and Auditing Mechanisms
  • Research Challenges in Open and Dynamic
    Contexts, involving
  • Dynamic Relationships and Interactions between
    People and
  • Organisations.

38
Conclusions
  • Identity Management is about the Electronic
    Management
  • of Digital Identities and Profiles.
  • Added Value Underpins Accountability. It
    enables Interactions
  • and Transactions in the Personal, Social,
    E-Commerce Business and
  • Government Context.
  • Simplification of Identity Management is
    Important
  • for Ubiquitous Computing.
  • Dilemmas on one hand Identity Management helps
    to
  • Bridge Digital and Physical Worlds. On the
    Other
  • Hand it could be a Threat to Privacy and
    Freedom
  • It is not only a Technological Play. Legislation
    is Needed
  • to Mitigate Risks

39
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com