The Laws of Identity and Cardspace Charles Young Solidsoft.

Slides:

Advertisements

Similar presentations

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.

Advertisements

Identity Network Ideals – Heterogeneity & Co-existence

Advances in Digital Identity

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

 Jan Alexander Program Manager Microsoft Corporation BB43.

 Rich Randall Development Lead Microsoft Corporation BB44.

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

EID Summer Summit 28 June 2005 EAP’s Sponsored and in Partnership with 7 Laws of Identity Kim Cameron Chief Architect of Identity and Access MS Corp, Redmond.

Functional component terminology - thoughts C. Tilton.

11 steve plank (“planky”) identity architect microsoft uk.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Next Steps toward More Trustworthy Interfaces Burt Kaliski, RSA Laboratories 1 st Workshop on Trustworthy Interfaces for Passwords and Personal Information.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft

.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd

Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here William Barnhill Booz Allen Hamilton.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Using Digital Credentials On The World-Wide Web M. Winslett.

The Identity Metasystem Caspar Bowden, Chief Privacy Advisor EMEA EMEA Technology Office on behalf of: Kim Cameron, Architect of Identity and Access Microsoft.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

Signing and Encrypting With the Thawte Web of Trust CSU Professional Development Institute January 8, 2009 Steve Lovaas.

Design Choices Underlying the Identity Metasystem Proposal Kim Cameron and Mike Jones Microsoft.

Christian Paquin May 1 st, 2007 Identity Management Techniques – CFP 2007 Tutorial – Copyright © 2007 Credentica Inc. All Rights Reserved.

An Introduction to Information Card Barry Dorrans Charteris plc

Social impacts of the use of it By: Mohamed Abdalla.

.NET 3.0, 3.5, 4.0 WCF, WPF, WF, CardSpace, LINQ, Task Parallel.

NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.

Who are you? From Directories and Identity Silos to Ubiquitous User-Centric Identity Mike Jones, Microsoft and Dale Olds, Novell.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

A Claims Based Identity System Steve Plank Identity Architect Microsoft UK.

Chad La Joie Shibboleth’s Future.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

Types of Electronic Infection

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Windows CardSpace Martin Parry Developer Evangelist Microsoft

The spoofed . The spoofing The link appears as (i.e NOODLEBANK.com) But actually it links to

Privacy in Cloud Computing Identity Management System for Cloud Microsoft CardSpace Purdue University.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Student Experience It’s your education Type the web site address into the browser given to you by your junior high or high school Select “I am a student”

Adxstudio Portals Training

Introduction to.NET FX 3.0 (+ sneak preview of.NET FX 3.5) Martin Parry Developer & Platform Group Microsoft Ltd

Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?

Windows CardSpace™ Adlai Maschiach Senior Consultant

AAI needs of the Distributed Computing Infrastructures - CLARIN Dieter Van Uytvanck Max Planck Institute for Psycholinguistics

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.

Identity and Access Management

Azure Active Directory - Business 2 Consumer

Achtergrond en implementatie van een identity metasystem

Data and Applications Security Developments and Directions

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

PRESENTATION FOR WEB LOGIN

.NET 3.0, 3.5, 4.0 WCF, WPF, WF, CardSpace, LINQ, Task Parallel

is not secure is not secure..

Laws for Secure Credentialing

An Identity on the Internet

Office 365 Identity Management

Student Experience It’s your education.

Who’s Managing That Identity?

Building "One Size Fits All" Identity Systems Possible or Fantasy

Martin Parry Developer Evangelist Microsoft

Presentation transcript:

The Laws of Identity and Cardspace Charles Young Solidsoft

Embodies Kim Cameron’s ‘Laws of Identity’ – Universal identity systems Supports the Identity Metasystem CardSpace

The Identity Meta-what??? The Identity Meta-system – A single identity ‘fabric’ supported by many different technologies – A system of systems – …so standards are important here!!

Yes, but what is an identity? It’s a list of claims about an entity – Entities….that’s me and you! – My name is Charles – I work for Solidsoft – My address is…. …well, that would break laws 2 and 3

Law 1: User Control and Consent Only reveal information with the user’s consent – It’s their identity, after all

Law 2: Minimal disclosure for a defined use Disclose as little identifying information as possible Limit the use of identifying information as much as possible Helps build stable long-term solutions.

Law 3: Justifiable Parties Don’t disclose identifying information to a party that cannot ‘justify’ itself. – All parties must identify themselves – Establish trust relationships

Law 4: Directional Identity Omni-directional – Publicly broadcast your identity – ‘Look at me everyone! Here I am. It’s me.’ Uni-directional – Privately assert your identity – ‘Psst…It’s me. The password is ‘Cardspace’. Let me in.’ Identity systems must support both.

Law 5: Pluralism of operators and technologies If it’s Microsoft-only, its useless! …but seriously… – The Identity meta-system MUST NOT be bound to proprietary solutions and technologies – Different cultures – Different contexts

Law 6: Human Integration Humans are first-class components if the identity meta-system (duh) Unambiguous human-machine communication Machines don’t attack you – humans do.

Law 7: Consistent experience across contexts ‘Thingify’ your identities Consistency shines the spotlight on attackers

Cardspace Actors: Subjects

Cardspace Actors: Relying Parties

Cardspace Actors: Identity Providers

Reason over your identities Smart selection The Cardspace Identity Selector

The Cardspace Logon process

Contains self-asserted claims about me Stored locally Use instead of username/password SELF - ISSUED Information Card Types

Provided by banks, stores, government, clubs, etc. Claims stored at Identity Provider and sent only when card submitted MANAGED Information Card Types

Cards contain metadata only! Cardspace can handle any claims tokens – SAML tokens are most common Cardspace uses WS-* standards Cards and standards

Call to action Cardspace-enable your web sites – Relying parties Invest in Secure Token Server technology – Identity providers Spread the word.