Advances in Digital Identity

Slides:



Advertisements
Similar presentations
Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.
Advertisements

Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).
Help File For User Creation Click the “Course” button for Creating/Add User.
steve plank “planky” microsoft Lest we forget windows azure appfab
InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
Federal Acquisition Service U.S. General Services Administration Submitting Electronic Contract Offers and Modifications. Name: Keonia Cobbins Title: Program.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Public Key Management and X.509 Certificates
11 steve plank (“planky”) identity architect microsoft uk.
Lecture 23 Internet Authentication Applications
Authentication & Kerberos
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
read policy for submitOrder() client application 2. call submitOrder() including [planky, ****] submitOrder() requires [name,password] cred.
Summer School Certificates Diego Romano & Gilda Team.
Online Security Tuesday April 8, 2003 Maxence Crossley.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
The Laws of Identity and Cardspace Charles Young Solidsoft.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
ALT-C2010 7/09/ :50 Giving you back control of your data: An e-Qualification system for e-Portfolios Learning Societies Laboratory, School of Electronic.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Troubleshooting Federation, AD FS 2.0, and More…
An Introduction to Information Card Barry Dorrans Charteris plc
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
X.509 Certificate management in.Net By, Vishnu Kamisetty
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Who are you? From Directories and Identity Silos to Ubiquitous User-Centric Identity Mike Jones, Microsoft and Dale Olds, Novell.
Solution SusQtech (Winchester, VA) SharePoint MVP since 2007 Working with SharePoint since 2001 Work on all types of deployments Dream about.
A Claims Based Identity System Steve Plank Identity Architect Microsoft UK.
Troubleshooting Federation, AD FS 2.0, and More…
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
Federal Acquisition Service U.S. General Services Administration eOffer/eMod Training eOffer/eMod Training Keonia Cobbins Systems Development Office of.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
Windows CardSpace Martin Parry Developer Evangelist Microsoft
Privacy in Cloud Computing Identity Management System for Cloud Microsoft CardSpace Purdue University.
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
Workshop IV Current Developments in Digital Trust.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
Introduction to.NET FX 3.0 (+ sneak preview of.NET FX 3.5) Martin Parry Developer & Platform Group Microsoft Ltd
steve plank “planky” microsoft connecting your private and public clouds with adfs
Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.
Windows CardSpace™ Adlai Maschiach Senior Consultant
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.
CSCE 522 Identification and Authentication
Using the Personal Image Photo Library
Grid Security.
Solving the Identity Crisis
ComputerScience Security and Privacy Concerns of Starbucks.com
PRESENTATION FOR WEB LOGIN
Laws for Secure Credentialing
An Identity on the Internet
The Smarter Balanced Assessment Consortium
Process flow Kindly note: This presentation is automated – please do not click any of your mouse buttons or keyboard keys.
Building "One Size Fits All" Identity Systems Possible or Fantasy
Financial Aid Office.
Martin Parry Developer Evangelist Microsoft
Presentation transcript:

Advances in Digital Identity Steve Plank Identity Architect

Identity no consistency DNS Naming Connectivity IP

taught users type usernames & passwords web page

what is identity?

attributes: givenName sn preferredName planky dateOfBirth 170685! over18 true over21 true over65 false image steve plank

what claims another party makes about me self asserted what claims i make about myself verifiable what claims another party makes about me

elvis presley only 1 of them is real probably

trust claims make these

SECURITY TOKEN steve plank over 18 over 21 under 65 image

security token service give it something SECURITY TOKEN Steve Plank Over 18 Over 21 Under 65 image DIFFERENT SECURITY TOKEN Username Password Biometric Signature Certificate “Secret”

identity metasystem

relying party (website) participants subject identity provider relying party (website)

identity provider identity provider relying party relying party SAML SAML x509 x509 security token service WS-* security token service WS-* WS-* identity selector subject

identity selector

human integration consistent experience across contexts

cards contains claims about my identity that I assert not corroborated self-issued managed Cards contain no actual identity data – only metadata: A list of the claims that a card represents Where to go in order to obtain the claims A signature identifying the card The actual data behind a card is dynamically obtained from the IP: From a local store for “self-issued cards” From the Identity Provider’s Secure Token Service (STS) for “managed cards” contains claims about my identity that I assert not corroborated stored locally signed and encrypted to prevent replay attacks provided by banks, stores, government, clubs, etc locally stored cards contain metadata only! data stored by identity provider and obtained only when card submitted 17

login with self issued card user object tag login relying party (website)

select self issued card Planky user relying party (website)

relying party (website) create token from card Planky FN: Steve LN: Plank Email: splank CO: UK user relying party (website)

sign, encrypt & send token Planky user relying party (website)

login with managed card user object tag login identity provider relying party (website)

relying party (website) select managed card Woodgrove Bank user identity provider relying party (website)

request security token Woodgrove Bank user authN: X509, kerb, SC, U/pwd … identity provider relying party (website)

request security token response Woodgrove Bank user identity provider sign, encrypt send relying party (website)

<body>   <form id="form1" method="post" action="login.aspx">   <div>     <button type="submit"> Click here to sign in with your Information Card </button>     <object type="application/x-informationcard" name="xmlToken">       <param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion" />       <param name="issuer value="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />       <param name="requiredClaims" value="         http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname         http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname         http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/ privatepersonalidentifier /> </object>   </div>   </frm> </body>

relying party (website) xmlToken (signed & encrypted) token decrypter relying party (website) xmlToken (plaintext) claims extractor ppid 456 user database first name last name index into DB email 123 456 789 phone

demo

roadmap Built into Windows Vista Q2 Q3 Q1 2006 Q4 2005 B1 CTP B2 RCx V1 RTM Built into Windows Vista Available for Windows XP & Windows Server 2003 Betas & CTPs available from: http://msdn.microsoft.com/windowsvista/getthebeta RTM 2nd half 2006 More Information & Samples at http:/cardspace.netfx3.com

review Presentation style mercilessly stolen off identity layer phishing, phraud human integration consistent experience across contexts ip rp user identity selector Presentation style mercilessly stolen off Lawrence Lessig, BBC News 24 and Dick Hardt

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.