© 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Security & Identity : From present to future Matt Flaherty, IBM Mary Ruddy, Meristic
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Agenda Securing the platform... security features in 3.4 Platform security... what's coming next Beyond the platform.. Higgins identity framework 1.0 Higgins identity framework... what's coming next
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Platform security... what's available and where The platform security goal: Protect the operating system, application code and user’s data from each other and from malicious code packaged as bundles Security features to attain this span the software stack Java Runtime Environment OSGi Service Platform Eclipse Platform
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Platform security... what's available in the JRE Java Runtime Environment JCAJCE JAASJSSE Java Cryptography Architecture Java Cryptography Extensions Java Authentication and Authorization Service Java Secure Sockets Extensions
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Platform security... what's available in OSGI Support for Java features: signing, permissions, etc Strict classloading policies between bundles Bundle “private classes” Administrative services for permissions org.osgi.service.PermissionAdmin org.osgi.service.condpermadmin.ConditionalPermissionAdmin User registry for managing users and roles org.osgi.service.UserAdmin
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Platform security... what's available in Eclipse Signature checking during bundle provisioning NEW! Signature checking during bundle loading NEW! Certificate management UI NEW! Secure storage via preferences API NEW! JAAS enhancements - declarative wiring, events
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Platform security... what's coming next! Manageable Java2 permission infrastructure Code sanitation for doPrivileged User interface, policy management Expose certificate management facilities Public APIs for label providers, viewers, wizards, etc Trust model integration with OSGi, P2, ECF Deeper JAAS integration Potential: RCP Lifecycle integration, Jobs integration Identity management support with Higgins
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 How do you bring security and identity to people? The web of today isn’t people-centered
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 It’s silo-centered Site A Site B Site C Type type type, click, click, click. Clickety-clack, clickety-clack. Site B
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 There is a better way
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Automatic identity sharing Identity Selector The BIG IDEA for People Site A Site B Site C
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Automatic identity sharing Identity Selector The BIG IDEA for People Site A Site B Site C
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Automatic identity sharing Identity Selector The BIG IDEA for People Site A Site B Site C
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Then you’d have Higgins
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Higgins 1: a species of Tasmanian long-tailed mouse 2: an open source identity selector and interoperability framework being developed by IBM, Novell, Oracle, CA, Google, Parity…
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 A consistent user experience across contexts (including Financial Services, healthcare, eCommerce) is the key to convenience and adoption
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 i-cards Managed Personal (self-issued)
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 These i-cards are managed by an Identity Selector Something that works on behalf of the user (citizen, patient, consumer). Really.
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Click on a card
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 …you’re signed in. (No password required)
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 The Identity selector is powered by an interoperability framework
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Interoperability framework Higgins Framework Higgins Browser Extension Apps Identity Providers Apps and Services CardSpace Protocol Providers implement protocols for interacting with Relying Parties OpenID CardSpace Managed (WS-Trust) RSS/Atom I-Card Providers implement identity protocols and card types CardSpace Personal SAML X509 Higgins Relationship Kerberos JNDI / LDAP Enterprise Apps Token Providers implement different kinds of security tokens IdAS Context Providers connect to different identity data sources SAML UN/PS Idemix RDF OWL Active Directory Comms Clients Relying Parties Plug-ins Common data model
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Higgins 1.0 has just been released 7 Solutions now available Three Identity Selectors 2 Identity Providers (WS-Trust and SAML2) A Relying Parity Identity Attribute Service (interoperability framework) Coming in Higgins 1.1 Additional Identity Selectors More Identity Protocols…. More i-card types
Security & Identity | From present to future | © 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Legal information IBM and the IBM logo are trademarks or registered trademarks of IBM Corporation, in the United States, other countries or both. Java and all Java-based marks, among others, are trademarks or registered trademarks of Sun Microsystems in the United States, other countries or both. Eclipse and the Eclipse logo are trademarks of Eclipse Foundation, Inc. Other company, product and service names may be trademarks or service marks of others. THE INFORMATION DISCUSSED IN THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. WHILE EFFORTS WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION, IT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, AND IBM SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES ARISING OUT OF THE USE OF, OR OTHERWISE RELATED TO, SUCH INFORMATION. ANY INFORMATION CONCERNING IBM'S PRODUCT PLANS OR STRATEGY IS SUBJECT TO CHANGE BY IBM WITHOUT NOTICE.