An Introduction to Information Card Barry Dorrans Charteris plc

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.
Lecture 23 Internet Authentication Applications
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Core Web Service Security Patterns
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation ARC204.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
The Laws of Identity and Cardspace Charles Young Solidsoft.
Information Card Interoperability Michael B. Jones – Microsoft October 2008.
Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Troubleshooting Federation, AD FS 2.0, and More…
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
SIM402. Kerberos, NTLM, Basic, Digest, Forms?
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Who are you? From Directories and Identity Silos to Ubiquitous User-Centric Identity Mike Jones, Microsoft and Dale Olds, Novell.
Masud Hasan Secue VS Hushmail Project 2.
A Claims Based Identity System Steve Plank Identity Architect Microsoft UK.
Troubleshooting Federation, AD FS 2.0, and More…
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Module 9: Fundamentals of Securing Network Communication.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
Windows CardSpace Martin Parry Developer Evangelist Microsoft
Privacy in Cloud Computing Identity Management System for Cloud Microsoft CardSpace Purdue University.
CONTROLLING USER ACCESS: AUTHENTICATION AND AUTHORIZATION DEFIANA ARNALDY, M.SI
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Web Services Security Patterns Alex Mackman CM Group Ltd
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
Introduction to.NET FX 3.0 (+ sneak preview of.NET FX 3.5) Martin Parry Developer & Platform Group Microsoft Ltd
Windows CardSpace™ Adlai Maschiach Senior Consultant
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar.
e-Health Platform End 2 End encryption
BY: SHIVI AGRAWAL ( ) CSE-(6)C
An Identity on the Internet
Martin Parry Developer Evangelist Microsoft
Presentation transcript:

An Introduction to Information Card Barry Dorrans Charteris plc

Internet Authentication Patchwork of identity systems Criminalisation of the Internet Identity systems can be hard

Information Card is not Passport Published standard User controls what gets sent Anyone can issue information cards

The Laws of Identity User control and consent Minimal disclosure Justifiable parties Directed Identity

The Laws of Identity Pluralism of operators and technologies Human Integration Consistent Experience

What is “Information Card” Identity Provider Relying Party WSTrust, WSSecure, SAML

Types of Information Card Self Issued Managed

Self Issued Information Card Created by user “Phone book” information

Managed Information Card Issued by 3 rd Party Information held at source Can be protected further

Why “card”?

What is “CardSpace” Windows CardSpace is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way.

What is “CardSpace” Identity Selector Client Software Vista, XP, Win2003 with.NET 3.0

CardSpace Security All communications are secured Information encrypted in memory Dual ACL protection

The typical login process Login to identity provider Token issued to client Token sent to service provider Token validated with identity provider Output sent to client

The Information Card process Service Provider Requests Identity CardSpace Identity Selector pops up Token is built by Identity Selector (with Identity Provider) Token sent to client Output sent to client

What about OpenID?

Identity Cards versus OpenID Identity CardOpenID Clientside promptHTML Form Common ExperienceExperience varies Simpler LoginRedirection / Site Bounce Requires SSLDoesn’t require SSL

What do I need to accept cards? SSL Certificate Object tag in HTML Processing Code server side (ASP.NET must have access to cert)

Why SSL? Used to identify relying party Tokens encrypted against it Revocation lists checked, hard to use self issued certs

Hello Information Card

SAML Assertion based. CardSpace is a SAML 2.0 “Enhanced Client Proxy”.

The WS-Trust Conversation Query MEX EndPoint Build Asymmetric Keys Talk

WS-Secure Token is encrypted using WS-Security.NET 3.0 provides classes to Un-encrypt Convert to SAML claims

Understanding a token Shows the token has been encrypted with AES256 CBC Symmetric Algorithm Both originator and recipient share the key

WS-Secure Key Protection Shows the symmetric key is being conveyed via RSA- OAEP-MGF1P The sender has made up a transient key (AES) Encrypted that key with the recipient SSL public key.

Where’s the token 77Ybo3C32JckPMD+lxm9t7KKxfQjMT8ojczrDs0i HsxJ3Q6i3B04RAGrOivLfqMYzYP4lZXsM2lF8cUs aVOTY9KqsJjpOBwyk37n9tw7pV6E3SXkHtXx92xl 5AqmjPeBdDI/syrIjgE1bpbn5sX5PpNoOmAbYSV2... Wvl2o5ABIqvToMV1bp16Ns1ImSgxuB074kmAvAUx b/LXPXq1Gwcz2YtyaHMYSUvzzzYRuDH9qu0R6748 B/C1if4MeXHUqMPYaEQ+dhuzoVUMuy7/kQVP5ckb B0asMSqIiJp5B4vecBe/aGQo9AYNEwPv4xAB5cvr PBEG4TCFtSVyJkn2LcdwNzqmNqIewGMxawwUPgxe D2w== That’s the SAML token

Token Headers

And finally … the claims Barry wL6Xi5Z5uXQnSu40mRbkpljc5uKvf02HyA SCo8uceNk=

Supported Claims Anonymous, Authentication, AuthorizationDecision, Country, DateOfBirth, Dns, , Gender, GivenName, Hash, HomePhone, Locality, MobilePhone, Name, NameIdentifier, OtherPhone, PostalCode, PPID, RSA, SID, SPN, StateOrProvince, StreetAddress, Surname, System, Thumbprint, Upn, URI, WebPage, X500DistinguishedName

Uniquely Identifying a card PPID for self issued cards Identity Provider Public Key & Unique claim for managed cards

Want to be an Identity Provider? EV SSL Security Token Service CRD delivery mechanism

Things to ponder Validate self issued cards How much do you trust an IP?

Tools Microsoft provide Client Side Kit ASP.NET Kit

Blogs Kim Cameron Vittorio Bertocci Garrett Serack

RP Code for ASP.NET ASP.NET Kit User Control

RP Code for other languages Ruby Java

Identity Providers OpenID & Information Cards Live Labs Beta STS

Questions? “Now, with the debut of the Info­Card identity management system, Microsoft is leading a network-wide effort to address the issue. To those of us long skeptical of the technology giant's intentions, the plan seems too good to be true. Yet the solution is not only right, it could be the most important contribution to Internet security since cryptography.” Lawrence Lessig, Wired Magazine, March 2006.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.