Building "One Size Fits All" Identity Systems Possible or Fantasy

Slides:



Advertisements
Similar presentations
Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.
Advertisements

Identity Network Ideals – Heterogeneity & Co-existence
Advances in Digital Identity
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
 Jan Alexander Program Manager Microsoft Corporation BB43.
A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.
InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
Xavier Verhaeghe Vice President Oracle Security Solutions
2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?
Implementing and Administering AD FS
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
The Laws of Identity and Cardspace Charles Young Solidsoft.
Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.
A claims-based Identity Metasystem
Christian Paquin May 1 st, 2007 Identity Management Techniques – CFP 2007 Tutorial – Copyright © 2007 Credentica Inc. All Rights Reserved.
RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.
All Contents © 2008 Burton Group. All rights reserved. Current State of Federated Identity OASIS Open Standards Forum 2008 Friday, 3 October 2008 Gerry.
Who are you? From Directories and Identity Silos to Ubiquitous User-Centric Identity Mike Jones, Microsoft and Dale Olds, Novell.
A Claims Based Identity System Steve Plank Identity Architect Microsoft UK.
Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:
Safeguarding Your Privacy Section 1.3. Safeguarding Your Privacy 1. What is Identity Theft? 2. Research a story on identity theft and be prepared to report.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.
Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.
© 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Security & Identity : From present to future Matt Flaherty, IBM Mary Ruddy, Meristic.
Windows CardSpace Martin Parry Developer Evangelist Microsoft
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Session: MIX09-T27F. Web Developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations.
Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.
Web Services Security Patterns Alex Mackman CM Group Ltd
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Introduction to.NET FX 3.0 (+ sneak preview of.NET FX 3.5) Martin Parry Developer & Platform Group Microsoft Ltd
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
Improving the Usability and Security of OpenID Mike Jones Microsoft Federated Identity Team
Brian Puhl Technology Architect Microsoft IT Session Code: ITS212.
Windows CardSpace™ Adlai Maschiach Senior Consultant
Copyright © 2007 Microsoft Corporation. All Rights Reserved. Claims-based Identity Beyond Identity Silos 1st European Identity Conference 2007 Don Schmidt.
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
Identity and Access Management
Cyber Security Means Locking the Front Door Too: Use High-Assurance Identity Management to Control Access to the Federal Bridge.
Secure Connected Infrastructure
Stop Those Prying Eyes Getting to Your Data
Azure Active Directory - Business 2 Consumer
Data and Applications Security Developments and Directions
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Who Uses Encryption? Module 7 Section 3.
An Identity on the Internet
Relationship Cards: Security + Society
Office 365 Identity Management
Matthew Levy Azure AD B2B vs B2C Matthew Levy
Caleb Baker Sr. Program Manager
07 | Introduction to Authentication
RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant
Martin Parry Developer Evangelist Microsoft
Presentation transcript:

www.oasis-open.org Building "One Size Fits All" Identity Systems Possible or Fantasy? Ronny Bjones Security Architect Microsoft Corporate

Is it realistic? Different requirements between businesses, consumers, governments, corporate users, etc Different risk profiles implying different measures to prove (mutual) identities Different cultural sensitivities when it comes to identities (e.g. eID) Yet another IDA system to which we have to adapt our applications! And what about all these different platforms?

Haven't we heard this before? Passwords Ease of use(?) Silos, Security, Management Microsoft Passport SSO experience Non Federated, Still passwords, Silo, Privacy PKI Federated (but with hierarchy issues) Privacy, Complex + - + - + -

A new approach should… be based on a federated model providing an SSO experience have privacy protection build into the heart of the system increase the overall security on the Internet, scalable according to risk model be very easy to use by businesses and consumers easily be integrated into services and applications

Identity Providers Relying Parties Identity Metasystem User D.O.L. Bank Gov. Employer Relying Parties Members Only Pet Site Store Sites Other Sites Club Site User Medical Card Store Card Insurance Card Employee Bank Card DOL Card Personal E-mail Card JunkCard Identity Selector Token Name Account Status WS* WEB*

Strong Identity and Access is Complicated For developers For users

What is Windows CardSpace? Identity Selector for Windows Digital identities represented by cards When user selects a card Get security token from Identity Provider Give it to the Relying Party after user consent User is in control Security Token Service User Experience

Wallet Metaphor A set of claims someone makes about me Claims are packaged as security tokens Many identities for many uses

Framework for Interoperability TCP/IP of Identities Defined on open standards – WS* Extended by CardSpace’s definition of CLAIMS http://download.microsoft.com/download/2/7/c/27c16ebb-bf83-4abd-8002-21fa111ba7ac/infocard-profile-v1-techref.pdf CardSpace is security token agnostic SAML, Kerberos, X.509, custom Identity Providers can bridge different identity technologies Multiprotocol Federation Interoperability Demonstration Burton Group – Gerry Gebel - November 1th 2005

Resources http://www.identityblog.com/ Laws of Identity Identity Metasytem Zermatt https://connect.microsoft.com/Downloads/DownloadDetails.aspx?SiteID=642&DownloadID=12937 Netfx3 http://cardspace.netfx3.com

Conclusions Identity layer on the Internet should: Incorporate privacy, security, usability by design Interoperability, interoperability, interoperability, … Make live easy for developers and not raise the bar

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.