Federated Identity on the Web Peter Yared Chief Technologist, Network Identity Sun Microsystems, Inc. Month, 2001.

Slides:



Advertisements
Similar presentations
Copyright © 2005 – Clickshare Service Corp. All rights reserved. Payment Aggregation & Affinity Management Clickshare for the Media Industry For more information.
Advertisements

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any.
The GSMA July 2014 Restricted - Confidential Information
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
© Copyright IBSP – IBSP Hong Kong Ltd Internet Business Service Provider.
Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Microsoft Passport Waldemar Swiercz.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Electronic Commerce Systems
Credit Card And Prepaid Process Edward M. Kwang President.
Send Money Instantly Save Money. Save Time..
PayPal as an Additional Payment Option How Merchants Can Benefit When They Accept PayPal on Their Site.
From Electronic to Digital. © 2014 MasterCard. Proprietary and Confidential. “FRIENDLY” SHOWROOMINGFULLY DIGITAL Mobile is a major shopping tool and growing.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.
Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.
Communications & Data Services The Evolution of Communications Cathy Avgiris EVP/GM May 10, 2012.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Copyright © 2002 Pearson Education, Inc. Slide 6-1.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
ITEC0722: Mobile Business and Implementation: Mobile Payment and Security Suronapee Phoomvuthisarn, Ph.D.
May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.
E-Commerce Systems Chapter 8
Secure Electronic Transaction (SET)
Identity Management Report By Jean Carreon and Marlon Gonzales.
Invitation to Computer Science 5th Edition
Chapter 10 Developing a Web-Based Online Shopping Application (I)
June 2009 Memory Reed Harris County High School What is E-Commerce? MKT-EM-2.
McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin Copyright © 2008 The McGraw-Hill Companies, Inc.
Session VI: the Role of New Technologies In Enhancing Access to the Payments Infrastructure Global Remittances: New Initiatives in M-banking The Citigroup-Vodafone.
Sharing Using Social Networks in a Composable Web of Things Presenter: Yong-Jin Jeong Korea University of Technology and Education.
Designing System for Internet Commerce 6. Functional Architecture Jinwon Lee.
Payment Gateways for e-Government services 24 May 2007
PostalOne! / FAST Data Exchange - Vision 02/15/05.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
9 - 1 Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved. Electronic Commerce Systems Chapter 9.
E-finance for SMEs in Brazil Antonio C. B. Oliveira Executive Director, Banco Itaú UNCTAD, Geneva, October 2001.
THE MOBILE CHANNEL IN FINANCIAL SERVICES TARIK HUSAIN BUSINESS DEVELOPMENT DIRECTOR ASIAN BANKER SUMMIT APRIL 2011.
Integrating Federated Identity and Web services in the RHIO Environment John Richardson Vice-Chair, Liberty Alliance eHealth SIG Intel Corporation Digital.
An XML based Security Assertion Markup Language
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
Internet technology & the Digital Firm
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Online Parking System.
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.
Chapter6: E-Commerce Web Sites HNDIT11062 – Web Development 1.
Open Standards for Network Identity Liberty Alliance Project Open Standards for Network Identity Will open standards increase eCommerce? Bill Smith Director,
9 - 1 Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved. Electronic Commerce Systems Chapter 9.
E-Commerce Systems Chapter 8 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
CHRIS LEEDOM. Why Use Textmaxx Pro? Optimized for Auto Dealership Environment – Convenient and Easy – drives customer experience – Open rates.
Banking in the United States. U.S. Banking System Overview  The Federal Reserve System is the central banking system of the United States.  Regulates.
OPS Requirements Specification and Analysis Dustin Larson Bryan Campbell Charles Sears.
HCS 212: Introduction to MIS
INTRODUCTION E-COMMERCE.
E-Commerce Systems Chapter 8
M-COMMERCE.
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Presented By: OWNER NAME
InfiNET Solutions 5/21/
Streamlining Processes Across Retail Banking Channels
Presentation transcript:

Federated Identity on the Web Peter Yared Chief Technologist, Network Identity Sun Microsystems, Inc. Month, 2001

Presenter Information--edit on Slide Master What is Identity? The set of attributes that describe profile(s) of an individual. Customer NameJohn Smith alias User Credit card number Social security number Drivers license Passport Retinal Scan DNA Entertainment preferences Notification preferences Employee Authorization Business Calendar Dinning preferences Affinity program Friends and associates Education History Medical History Financial Assets…

Presenter Information--edit on Slide Master Know thy Customer Without identity, you can’t have an enduring relationship with your customers Knowing your customers better than your competitors is a huge advantage

Presenter Information--edit on Slide Master Possible Solutions Financial Svcs Customer Community Online Community Telecommunications Community Travel Community Entertainment Community Retail Community Wireless Community Centralized ModelOpen, Federated Model

Presenter Information--edit on Slide Master Federated Identity Distributed data stays with “rightful” owner Multiple authenticators –Competition for consumer trust Delineation between authentication and authorization –Merchant retains control of transaction requirements –Gradient levels of authentication within network Consumer is in control of who can access information

Presenter Information--edit on Slide Master What is Liberty? A multi-industry business alliance Define and drive a widely accepted, interoperable standard for federated identity Provide a standard which will: –Simplify business partnerships on the internet –Simplify user's consumption of network services –Allow businesses and consumers to better manage their data

Presenter Information--edit on Slide Master Who is Liberty?

Presenter Information--edit on Slide Master Liberty Organization Determines market requirements and use case focus for alliance. Drives positioning, promotion, branding, adoption and deployment GovernanceMarketingTechnologyPolicy Understands current standards, drives convergence, evolution of technology Delivers a spec. Understands policy/regulatory environment Defines mission/scope Drives execution timetable

Presenter Information--edit on Slide Master Pragmatic Approach Focus on interoperability Respect other identity systems will exist No exclusivity Sun is one of many founders with no unique privileges Measure of success is commercial deployment

Presenter Information--edit on Slide Master Evolution of Identity Networks Separate login for each site Separate login for each network Seamless login across networks

Presenter Information--edit on Slide Master Analogous to ATM Networks Separate card for each bank Separate card for each network Seamless access across networks

Presenter Information--edit on Slide Master SSO Architecture Cross-domain authentication Log in Be recognized Excite.com Pets.com

Presenter Information--edit on Slide Master SSO (1 of 2) Excite.com Pets.com 1. Service Provider uses HTTP redirect or Form Post to Identity Provider 2. User redirected to Identity Provider and logs in 3. Identity Provider processes login

Presenter Information--edit on Slide Master SSO (2 of 2) Excite.com Pets.com 5. Merchant receives HTTP redirect and parses nonce from URI 4. Identity Provider redirects to Service Provider with a nonce embedded in the URI 6. Service Provider opens PKI-ensured back channel to Identity Provider to query about user

Presenter Information--edit on Slide Master Federation/Account Linking Pets.com WebVan.com Users already have accounts at a variety of sites Excite.com Joe123 JoeS JoeSch

Presenter Information--edit on Slide Master Federation/Account Linking Pets.com WebVan.com Upon linking those accounts, the sites need to be able to have a frame of reference for the user Excite.com Joe123 JoeS JoeSch

Presenter Information--edit on Slide Master Federation/Account Linking Pets.com WebVan.com Excite.com Joe123 JoeS JoeSch If account names are exchanged, sites can talk to each other about the user’s approval!

Presenter Information--edit on Slide Master Federation/Account Linking Pets.com WebVan.com Excite.com Joe123 JoeS JoeSch Instead, opaque handles resolvable only by the issuer should be exchanged <alias="mr3tTJ340ImN2ED" SecurityDomain=“Pets.com" Name="dTvIiRcMlpCqV6xX" /> <alias=“xyrVdS+xg0/pzSgx" SecurityDomain=“WebVan.com" Name="pfk9uzUN9JcWmk4RF" /> <alias="dTvIiRcMlpCqV6xX" SecurityDomain="excite.com" Name="mr3tTJ340ImN2ED" /> <alias="pfk9uzUN9JcWmk4RF" SecurityDomain="excite.com" Name="xyrVdS+xg0/pzSgx" />

Presenter Information--edit on Slide Master Web Services Interactions via SOAP/HTTP PKI-Ensured Service Types –Basic Identity Address, , Phone Number –Wallet –Calendar –Portfolio –Address Book –Instant Message –Etc.

Presenter Information--edit on Slide Master Example SOAP Call SUNW

Presenter Information--edit on Slide Master Example SOAP Response 34.5

Presenter Information--edit on Slide Master Policy Enforcement User’s data is only released with the user’s consent and based on the user’s preferences and policies Excite.com Pets.com 1. Service provider requests user attributes from identity provider 3. User accepts or rejects exceptions to existing policies and preferences 2. Attributes released per user’s policies and preferences

Presenter Information--edit on Slide Master IDP Serving as Gateway Excite.com PacBell.com 3. Identity provider sends SMS message to mobile operator 1. User registers to “watch” an auction AuctionWatch.com 2. Service provider sends an SMS message to IDP 4. Mobile operator sends SMS message to user Sees message text

Presenter Information--edit on Slide Master IDP Serving as a Directory Excite.com PacBell.com 3. Service provider sends SMS message to mobile operator 1. User registers to “watch” an auction AuctionWatch.com 2. Service provider requests SMS ticket 4. Mobile operator sends SMS message to user Doesn’t see message text

Presenter Information--edit on Slide Master Basic Wallet Service Excite.com CyberCash.com 4. Service provider sends payment information to payment provider 1. User purchases items Pets.com 3. Payment and billing info sent to SP 2. User routed to identity provider to authorize transaction

Presenter Information--edit on Slide Master Wallet Service Excite.com CyberCash.com 4. Identity Provider sends payment information to Payment Provider 1. User purchases items Pets.com 3. Identity provider sends shipping info and authorization to service provider 2. User routed to identity provider to authorize transaction

Presenter Information--edit on Slide Master Ticket Wallet Service Excite.com CyberCash.com 4. Service provider sends payment ticket to payment provider 1. User purchases items Pets.com 3. Payment ticket and billing info sent to SP 2. User routed to identity provider to authorize transaction 5. Payment provider uses ticket to retrieve payment information from identity provider

Presenter Information--edit on Slide Master Java Platform Strategy J2EE –New Liberty JSR –Inclusion in Java Web Services Development Pack –Tracked for J2EE 1.5 J2SE –Liberty digital signing via Java WebStart J2ME –Liberty digital signing via MIDP JavaCard –Liberty certificates stored in JavaCard

Presenter Information--edit on Slide Master Summary Liberty is an open organization Specification due in a few months Account federation is key –A global unique ID is not workable Distributed services –Directory metaphor rather than gateway Touches all facets of Java –J2EE, J2SE, J2ME, JavaCard

Presenter Information--edit on Slide Master

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.