Attribute Meta Model Rainer Hörbe, Identinetics GmbH Version: 2013-02-18.

Slides:

Advertisements

Similar presentations

DC Architecture WG meeting Monday Sept 12 Slot 1: Slot 2: Location: Seminar Room 4.1.E01.

Advertisements

IBM Software Group ® Design Thoughts for JDSL 2.0 Version 0.2.

From Identity and Authentication ‘point solutions’ to SOA and ESB – ‘NZ Gov’ IdM Architectural Thinking: Five Years On.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Chapter 2.1 V3.1 Napier University Dr Gordon Russell

SECURITY AND VERIFICATION Lecture 4: Cryptography proofs in context Tamara Rezk INDES TEAM, INRIA January 24 th, 2012.

Network Security Essentials Chapter 4

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

Some Thoughts on Data Representation 47th IETF AAAarch Research Group David Spence Merit Network, Inc.

What is UML? A modeling language standardized by the OMG (Object Management Group), and widely used in OO analysis and design A modeling language is a.

Breakout Session 5 Languages (operators and rules) for specifying constraints, mappings, and policies governing financial instruments.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Chapter 12 Entity-Relationship Modeling Pearson Education © 2009.

RFC 3039 bis Qualified Certificates Profile Changes from RFC 3039.

Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.

Entity-relationship Modeling Transparencies 1. ©Pearson Education 2009 Objectives How to use ER modeling in database design. The basic concepts of an.

SWITCHaai Team Introduction to Shibboleth.

Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.

OASIS Provisioning Services Technical Committee An Introduction to version 2 of the Service Provisioning Markup Language.

Working Group: Practical Policy Rainer Stotzka, Reagan Moore.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Privacy of Home Energy Usage Data Jim Williams June 26, 2012 Jim Williams June 26, 2012.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:

Secure Systems Research Group - FAU Using patterns to compare web services standards E. Fernandez and N. Delessy.

FI-CORE Data Context Media Management Chapter Release 4.1 & Sprint Review.

Integration of Clinical Workflows with Privacy Policies on a Common Semantic Domain Jan Werner, Bradley Malin, Yonghwan Lee, Akos Ledeczi, Janos Sztipanovits.

Federal XML Naming and Design Rules and Guidelines Mark Crawford.

Tommie Curtis SAIC January 17, 2000 Open Forum on Metadata Registries Santa Fe, NM SDC JE-2023.

1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,

Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.

Entity-Relationship Modeling Based on Chapter 12.

CS3773 Software Engineering Lecture 04 UML Class Diagram.

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-01.

SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-00.

Technical Break-out group What are the biggest issues form past projects – need for education about standards and technologies to get everyone on the same.

Environment Change Information Request Change Definition has subtype of Business Case based upon ConceptPopulation Gives context for Statistical Program.

Design? !… When it needs? To understand, to communicate with customers Complex problem What is good design? Separate What to do?(Policy) and How to do(mechanism)

1Mr.Mohammed Abu Roqyah. Database System Concepts and Architecture 2Mr.Mohammed Abu Roqyah.

SAML FTF #4 Workitems Bob Blakley. SAML “SenderVouches” SubjectConfirmation Method: A Proposed Alternative to Bindings 0.5 Proposals.

Eurostat 4. SDMX: Main objects for data exchange 1 Raynald Palmieri Eurostat Unit B5: “Central data and metadata services” SDMX Basics course, October.

Class Diagram Chapter 21 Applying UML and Patterns Craig Larman.

Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.

Click to edit Master title style © by Nat Sakimura. Coping with Information Asymmetry SESSION G: Managing Risk & Reducing Online Fraud Using New.

Interfederation RL “Bob” Morgan University of Washington and Internet2 Internet2 Member Meeting Chicago, Illinois December 2006.

XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.

Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore

ADatum Assets ADatum REST Web Svc ADatum REST Web Svc.

OGSA Attributes: Requirements, Definitions, and SAML Profile Abstract This document specifies elements and vocabulary for expressing attribute assertions.

Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.

IHE IT Infrastructure Integration Profiles: Adaptation to Cardiology Harry Solomon.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Security Assertion Markup Language, v2.0 Chad La Joie Georgetown University / Internet2.

Access Policy - Federation March 23, 2016

Design Rules for NBD – Network Based Defence

Object Management Group Information Management Metamodel

Denis Pinkas. Bull SA. Cryptographic Maintenance Policy IETF LTANS meeting in Paris August, 1rst , 2005 Denis Pinkas. Bull SA.

UVOS and VOMS differences

Service Layer Dynamic Authorization [SLDA]

Azure AD Line Of Business Application Integration

Versioning and Variant Authoring Requirements

Social Practice of the language: Describe and share information

The Attribute and the ecosystem

Privacy & Interfederation

Presentation transcript:

Attribute Meta Model Rainer Hörbe, Identinetics GmbH Version:

Attribute Meta Model Purpose Describe the static properties of attributes in the context of federated identity management Shall be synchronized with the use cases and attribute flows of FIM, like attribute life cycle management, service provisioning, assertion and consent

Properties of Attributes (1) Basic set: Name/Value pair Core set: OID/URN, Display Name, Type, Value Type: simple, complex Representation: size, value domain, occurrence, encryption Presentation: Language, display size Integrity Rules: is mandatory, more complex rules Derivation rule: e.g. age from birthdate

Properties of Attributes (2) Uniqueness: global/local, temporal/eternal Scoping: explicit (parameter list), implicit (contained in value) Semantic: attributes with same OID might have different connotations -> needs mapping and alignment Management: date created/changed Member in schema/bundle/set Availability: AP refuses to send requested attribute, e.g. “not available“ in STORK

Properties of Attributes (3) Quality-related attributes: – Time since last verification – Process used for verification – Quality assurance (level, policy reference, liability) – Original issuer

Related policies Policies that operate on attributes, but are no properties of attributes Service provisioning: up-front (e.g. SCIM) or ad-hoc (e.g. SAML attribute assertion as part of WebSSO or attribute query) Attribute release policy Expiration policy (RP must not store/use data longer than) Protection policy (e.g. implied by PII level)