Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy UNSW and in Computer ANU.

Published byIsaac Farrell Modified over 11 years ago

Similar presentations

Presentation on theme: "Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy UNSW and in Computer ANU."— Presentation transcript:

1 Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and in Computer Science @ ANU http://www.rogerclarke.com/ID/IdModel-UT-091026 {.html,.ppt} http://www.rogerclarke.com/ID/IdModelGloss.html Identity, Privacy and Security Institute (IPSI), Uni Toronto 26 October 2009 Lessons from a Sufficiently Rich Model of (Id)entity, Authentication and Authorisation

2 Copyright 1987-2009 2 We Need a Specialist English-Language Dialect for Discourse on (Id)entity and Authentication AGENDA Preliminaries The Model The Basic Model Identity, Identifier Entity, Entifier Nym (Id)entification Processes Authentication, but of what? Authorisation Processes Applications of the Model

3 Copyright 1987-2009 3 Preliminaries Deep discourse in a domain needs a specialist dialect For this domain, sufficient richness involves c. 50 concepts, and relationships among them

4 Copyright 1987-2009 4 Preliminaries Deep discourse in a domain needs a specialist dialect For this domain, sufficient richness involves c. 50 concepts, and relationships among them 50 neologisms is too much, so let's use existing terms

5 Copyright 1987-2009 5 Preliminaries Deep discourse in a domain needs a specialist dialect For this domain, sufficient richness involves c. 50 concepts, and relationships among them 50 neologisms is too much, so let's use existing terms But existing terms carry a lot of baggage So each term: requires explicit definition must be related to other terms in the model

6 Copyright 1987-2009 6 Preliminaries Deep discourse in a domain needs a specialist dialect For this domain, sufficient richness involves c. 50 concepts, and relationships among them 50 neologisms is too much, so let's use existing terms But existing terms carry a lot of baggage So each term: requires explicit definition must be related to other terms in the model The meaning of each term in the new dialect may conflict with its (many?!) existing usages

7 Copyright 1987-2009 7 Names Codes Roles Identity and Identifier

8 Copyright 1987-2009 8 The Entity/ies underlying an Identity

9 Copyright 1987-2009 9 Entity and Entifier

10 Copyright 1987-2009 10 Nymity

11 Copyright 1987-2009 11 Nym One or more attributes of an Identity (represented in transactions and records as one or more data-items) sufficient to distinguish that Identity from other instances of its class but not sufficient to enable association with a specific Entity

12 Copyright 1987-2009 12 Nym One or more attributes of an Identity (represented in transactions and records as one or more data-items) sufficient to distinguish that Identity from other instances of its class but not sufficient to enable association with a specific Entity Pseudonym – association is not made, but possible Anonym – association is not possible

13 Copyright 1987-2009 13 Nymality is Normality aka ('also-known-as'), alias, avatar, character, nickname, nom de guerre, nom de plume, manifestation, moniker, personality, profile, pseudonym, pseudo-identifier, sobriquet, stage-name Cyberpace has adopted those and spawned more: account, avatar, handle, nick, persona,...

14 Copyright 1987-2009 14 Common Nymous Transactions Barter transactions Visits to Enquiry Counters in government agencies Telephone Enquiries Inspection of publications on library premises Access to Public Documents by electronic means, at a kiosk or over the Internet Cash Transactions, incl. the myriad daily payments for inexpensive goods and services, gambling, road-tolls Voting in secret ballots Treatment at discreet clinics, e.g. for sexually transmitted diseases

15 Copyright 1987-2009 15 Applications of Pseudonymity Epidemiological Research (HIV/AIDS) Financial Exchanges, including dealing in commodities, stocks, shares, derivatives, and foreign currencies Nominee Trading and Ownership Banking Secrecy, incl. Swiss / Austrian bank accounts Political Speech Artistic Speech Call Centres Counselling Phone-calls with CLI Internet Transactions 'Anonymous' re-mailers Chaumian eCash

16 Copyright 1987-2009 16 Financial Times, 19 Feb 2006 Interview with Bill Gates re MS Identity Metasystem Architecture and InfoCard... the thing that says the government says I'm over 18... You can prove who you are to a third party and then, in actual usage, they don't know who you are. A lot of the previous designs had the idea that if you authenticated, then you gave up privacy. There are lots of cases where you want to be authentic but not give up your privacy.

17 Copyright 1987-2009 17

18 Copyright 1987-2009 18 (Id)entification Identification The process of associating data with a particular Identity. Achieved by acquiring an Identifier for the Identity

19 Copyright 1987-2009 19 (Id)entification Identification The process of associating data with a particular Identity Achieved by acquiring an Identifier for the Identity Entification The process of associating data with a particular Entity. Achieved by acquiring an Entifier for the Entity

20 Copyright 1987-2009 20 (Id)entification Identification The process of associating data with a particular Identity Achieved by acquiring an Identifier for the Identity Entification The process of associating data with a particular Entity Achieved by acquiring an Entifier for the Entity Token A recording medium for an (Id)entifier Identity Silo A restricted-purpose Identity, and associated Identifier(s)

21 Copyright 1987-2009 21 Authentication of Assertions Authentication: A process that establishes a level of confidence in an Assertion Assertion: a proposition..... of some kind... made by some party

22 Copyright 1987-2009 22 Authentication of Assertions Authentication: A process that establishes a level of confidence in an Assertion Assertion: a proposition..... of some kind... made by some party Authenticator: evidence relating to an Assertion Credential: a physical or digital Authenticator EOI: an Authenticator for Identity Assertions

23 Copyright 1987-2009 23 Categories of Assertions Relevant to eBusiness About Real-World Facts About Data Quality (accuracy, timeliness,...) About Value About Location About Documents About Attributes About Principal-Agent Relationships About Identities About Entities

24 Copyright 1987-2009 24 Value Assertion Value is transferred to/from an (Id)entity or Nym This bones been aged in loam for three months

25 Copyright 1987-2009 25 A Defining Aphorism of Cyberspace The New Yorker 5 July 1993

26 Copyright 1987-2009 26 Value Assertion Value is transferred to/from an (Id)entity or Nym This bones been aged in loam for three months Authentication of Value Assertions For Goods Inspect them Get them put into Escrow, for release by the Agent only when all conditions have been fulfilled For Cash Release the Goods only: For Cash On Delivery After Clearing the Cheque Against a Credit-Card Authorisation After a Debit-Card Transaction

27 Copyright 1987-2009 27 Attribute Assertion An Identity or Nym has a particular Attribute: Age / DoB before or after some Threshhold Disability, Health Condition, War Service Professional, Trade (or Dog) Qualification Authentication of Attribute Assertions ID-Card and DoB (may or may not record ID) Bearer Credential (ticket, disabled-driver sticker) Attribute Certificates (with or without ID)

28 Copyright 1987-2009 28 Which Assertions Matter? Utilise Risk Assessment techniques to determine: Which Assertions? What level/strength of Authentication?

29 Copyright 1987-2009 29 Australian Government e-Authentication Framework (AGAF) http://www.finance.gov.au/e-government/security-and-authentication/authentication-framework.html Decide what statements need to be authenticated Use risk assessment techniques in order to decide on the level of assurance needed From among the alternative e-authentication mechanisms, select an appropriate approach Assess the impact on public policy concerns such as privacy and social equity Implement Evaluate

30 Copyright 1987-2009 30 eVoting Assertions That Need Authenticating 1.Thats me on the Electoral Register (smell this!) 2.Your vote was recorded, as follows...... by disclosing to the voter the details of the vote that was recorded; but in such a way that: the voter can use it as evidence of malfunction if the voter chooses to do so; and a person other than the voter can only know what the vote was if the voter discloses it 3.Your vote was counted

31 Copyright 1987-2009 31 Authorisation

32 Copyright 1987-2009 32 Authorisation

33 Copyright 1987-2009 33 Authorisation: Access Control

34 Copyright 1987-2009 34 Applications of the Model Goods Packaging Animals Vehicles Devices Software Organisations Humans

35 Copyright 1987-2009 35 Applications to Humans and Proxies for Humans Goods Packaging Animals Vehicles Devices Software Organisations Humans Personal Goods Pets Personal Vehicles Personal Devices Reg-Codes, IP-Addresses Organisational Roles Biometrics, Embedded Chips

36 Copyright 1987-2009 36 A Sample Personal Device – The Mobile Phone Entifier for the Product – model-name, model-number

37 Copyright 1987-2009 37 A Sample Personal Device – The Mobile Phone Entifier for the Product – model-name, model-number Entifier for the Handset – Serial-Number of the device Mobile Equipment Identity (IMEI) – GSM / UMTS Electronic Serial Number (ESN) or Mobile Equipment Identifier (MEID) – CDMA

38 Copyright 1987-2009 38 A Sample Personal Device – The Mobile Phone Entifier for the Product – model-name, model-number Entifier for the Handset – Serial-Number of the device Mobile Equipment Identity (IMEI) – GSM / UMTS Electronic Serial Number (ESN) or Mobile Equipment Identifier (MEID) – CDMA Identifier for the Persona – Serial-Number of a chip, the International Mobile Subscriber Identity (IMSI) Subscriber Identity Module (SIM) – GSM / UMTS Removable User Identity Module (R-UIM) or CDMA Subscriber Identity Module (CSIM) – CDMA Universal Subscriber Identity Module (USIM) – 3G

39 Copyright 1987-2009 39 A Sample Personal Device – The Mobile Phone Entifier for the Product – model-name, model-number Entifier for the Handset – Serial-Number of the device Mobile Equipment Identity (IMEI) – GSM / UMTS Electronic Serial Number (ESN) or Mobile Equipment Identifier (MEID) – CDMA Identifier for the Persona – Serial-Number of a chip, the International Mobile Subscriber Identity (IMSI) Subscriber Identity Module (SIM) – GSM / UMTS Removable User Identity Module (R-UIM) or CDMA Subscriber Identity Module (CSIM) – CDMA Universal Subscriber Identity Module (USIM) – 3G Proxy-(Id)entifier – MAC Address / NICId, or IP-Address

40 Copyright 1987-2009 40 Human Identification Identification Generally The process of associating data with a particular Identity Achieved by acquiring an Identifier for the Identity Human Identification in Particular Acquisition of a Human Identifier (Commonly a Name or a Code) High-Reliability Lookup in a Database (1-with-many comparison, a single confident result)

41 Copyright 1987-2009 41 Human Identity Authentication What the Person Knows e.g. mothers maiden name, Password, PIN What the Person Has (Credentials) e.g. a Token, such as an ID-Card, a Ticket e.g. a Digital Token such as a Digital Signature consistent with the Public Key attested to by a Digital Certificate

42 Copyright 1987-2009 42 Human Identity Authentication What the Person Knows e.g. mothers maiden name, Password, PIN What the Person Has (Credentials) e.g. a Token, such as an ID-Card, a Ticket e.g. a Digital Token such as a Digital Signature consistent with the Public Key attested to by a Digital Certificate Human Entity Authentication What the Person Does (Dynamic Biometrics) What the Person Is (Static Biometrics) What the Person Is Now (Imposed Biometrics)

43 Copyright 1987-2009 43 The Biometric Process

44 Copyright 1987-2009 44 Human Entification Acquisition of a Human Entifier High-Reliability Lookup in a Database (1-with-many comparison, a single confident result) Formation of an Entity Assertion ('This is the person who has a specific biometric') Acquisition of a Human Entifier High-Reliability Comparison with a Prior Measure (1-with-1 comparison, a confident Yes or No) Human Entity Authentication

45 Copyright 1987-2009 45 Some Mythologies of the 'Identity Management' Industry That the assertions that need to be authenticated are assertions of identity (cf. fact, value, attribute, agency and location) That individuals only have one identity That identity and entity are the same thing That biometric identification: works is inevitable doesnt threaten freedoms will help much will help at all in counter-terrorism

46 Copyright 1987-2009 46 C2K Policy Imperatives Maximise the use of anonymous transactions (tx) Where anonymity is not an effective option, maximise the use of pseudonymous tx Resist, and reverse, conversion of nymous to identified tx Preclude identified transactions except where functionally necessary, or meaningful, informed consent exists Enable multiple identities for multiple roles Enable the authentication of pseudonyms Provide legal, organisational and technical protections for the link between a pseudonym and the person behind it Resist, and reverse, multiple usage of identifiers Resist, and reverse, the correlation of identifiers

47 Copyright 1987-2009 47 Design Factors using Chip-Cards Privacy-Sensitive and Cost-Effective 'Electronic Signature Cards' rather than 'Id Cards' No central storage of biometrics Two-way device authentication Attribute / Eligibility Authentication as the norm, identity auth'n as fallback, entity auth'n as rarity Nymous transactions unless (id)entity is justified Multiple Single-Purpose Ids, not multi-purpose ids Multi-Function Chips with secure zone-separation Role-Ids as the norm, Person-Ids as the exception

48 Copyright 1987-2009 48 Design Factors Using Biometrics Privacy-Sensitive and Cost-Effective Technologies and Products A Privacy Strategy Privacy-Protective Architecture Open Information Independent Testing using Published Guidelines Publication of Test Results Application Design Features No Central Storage Reference Measures only on Each Person's Own Device No Storage of Test-Measures No Transmission of Test-Measures Devices Closed and Secure, with Design Standards and Certification Two-Way Device Authentication Application Design Processes Consultation with the Affected Public from project commencement onwards Explicit Public Justification for privacy-invasive features PIAs conducted openly, and published Metricated pilot schemes Laws, to require compliance with the above Laws, to preclude: Retention of biometric data Secondary use of biometric data Application of biometrics absent strong and clear justification Manufacture, import, installation, use of non-compliant biometric devices Creation, maintenance, use of a database of biometrics

49 Copyright 1987-2009 49 We Need a Specialist English-Language Dialect for Discourse on (Id)entity and Authentication AGENDA Preliminaries The Model The Basic Model Identity, Identifier Entity, Entifier Nym (Id)entification Processes Authentication, but of what? Authorisation Processes Applications of the Model

50 Copyright 1987-2009 50 Defined Terms in the Model entity, identity, anonymity, pseudonymity, nymity, attributes record, data item, digital persona, data silo (id)entifier, (id)entification, token, nym, anonym, pseudonym, identity silo, multi-purpose / general-purpose identifier authentication, authentication strength, assertion, assertion categories, authenticator, credential, (id)entity authentication, evidence of (id)entity, (id)entity credential authorisation/permission/privilege, user, loginid/userid/username, account, access control, registration, pre-authentication, enrolment, single sign-on, simplified sign-on, identity management

51 Copyright 1987-2009 51 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and in Computer Science @ ANU http://www.rogerclarke.com/ID/IdModel-UT-091026 {.html,.ppt} http://www.rogerclarke.com/ID/IdModelGloss.html Identity, Privacy and Security Institute (IPSI), Uni Toronto 26 October 2009 Lessons from a Sufficiently Rich Model of (Id)entity, Authentication and Authorisation

Download ppt "Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy UNSW and in Computer ANU."

Similar presentations

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Scenario: EOT/EOT-R/COT Resident admitted March 10th Admitted for PT and OT following knee replacement for patient with CHF, COPD, shortness of breath.

Scenario: EOT/EOT-R/COT Resident admitted March 10th Admitted for PT and OT following knee replacement for patient with CHF, COPD, shortness of breath.
Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy UNSW and at the ANU and the Uni. of.

Copyright Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy UNSW and at the ANU and the Uni. of.
AP STUDY SESSION 2.

AP STUDY SESSION 2.
1

1
Copyright 1988-2006 1 Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU

Copyright Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU
Copyright 2005 1 Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Uni. of Hong Kong, A.N.U. & U.N.S.W.

Copyright Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Uni. of Hong Kong, A.N.U. & U.N.S.W.
Copyright 2005 1 Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU

Copyright Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU
Chapter 7 System Models.

Chapter 7 System Models.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
Processes and Operating Systems

Processes and Operating Systems
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
David Burdett May 11, 2004 Package Binding for WS CDL.

David Burdett May 11, 2004 Package Binding for WS CDL.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination. Introduction to the Business.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination. Introduction to the Business.
Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.

Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.
Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.

Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.
Welcome PC-ACE Pro32 Training

Welcome PC-ACE Pro32 Training
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt BlendsDigraphsShort.

1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt BlendsDigraphsShort.
1 Chapter 12 File Management Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

1 Chapter 12 File Management Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Similar presentations

Ads by Google