Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here William Barnhill Booz Allen Hamilton.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here William Barnhill Booz Allen Hamilton."— Presentation transcript:

1 Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here William Barnhill Booz Allen Hamilton

2 Agenda n What are the basics of Identity 2.0? n Where are we now? n Where are we going? n What does the future hold? n Questions and Comments?

3 What are the basics of Identity 2.0?

4 What identity is and isn’t n Dictionary.com on identity: l The collective aspect of the set of characteristics by which a thing is definitively recognizable or known n More precisely: l A digital representation of a set of claims made by one party about itself or another digital subject [Identity Gang] n Some say identity = reputation, others not n IMHO, reputation is just a possible set of claims n Note the above definition says ‘thing’ not person: l A corporation can and does have an identity l So does an online community l Less clear are things that cannot express free will: routers, etc. n Identity is not identification, that’s just one use

5 The Core Concept of Identity 2.0 n User-Centric Identity l User consent – n User always can allow or deny whether information about them is released or not (reactive consent management) l User control – n User has ability to policy-control all exchanges of identity information (proactive consent management) n User delegates decisions to identity agents controlled through policy l User-centered – n Pete Rowley describes this core subset of the previous two as ‘People in the protocol’ n User is actively involved in information disclosure policy decisions at run time

6 Identity In e-Business and e-Gov n Identity 2.0 drivers in e-Business and e-Gov l Spam: > 50% of blogs are spam blogs (splogs) l Growing risk of identity theft l Niche marketing requires greater identity l Regulation: e.g. China’s 18-digit ID numbers to combat gaming addiction in those under 18 n The Identity Meta-System l No single identity solution will work for everyone l Consistent user experience across different systems l Interoperability of identifiers, identity claims through encapsulating protocol...the IP of identity

7 Where are we now?

8 Identity standards in our hands n SAML 2.0 : OASIS n OpenId: OpenID.net n Liberty ID-WSF n CardSpace: Microsoft n Username/Password Source: Eve Maler, from http://www.xmlgrrl.com/blog/archives/2007/03/28/the-venn-of-identity/http://www.xmlgrrl.com/blog/archives/2007/03/28/the-venn-of-identity/

9 Where are the problems? n We are in the pre-IP world of Ethernet, Token Ring, etc (SAML, OpenID, i-names, WS-Trust, ID-WSF) n Publish your information once, relinquish control n SPAM cost $21.58 billion annually, according to the 2004 National Technology Readiness Survey n Identity fraud cost $56.6 billion in 2006 n Existing standards have not been used to solve the above problems n Each existing standard addresses different facets of identity from the perspective of different users n No single standard acts as the gem that holds the facets together n Thorny issues: l How do we represent claims in a way translatable to everyone? l How do we capture negotiation of what claims are needed?

10 Identity standards on the horizon n The identity meta-system l MS vision, implemented in InfoCard n Higgins l Novell’s vision for an identity meta-system, implemented in the Bandit project n OpenID l Community vision for very lightweight identity meta-system, implemented in Apache Heraldry project n i-names l Extensible Resource Identifiers (XRI) are exponentially more valuable for a lightweight identity system, implemented in XDI i- brokers n Many others, see http://wiki.idcommons.net/moin.cgi/IdentityLandscape http://wiki.idcommons.net/moin.cgi/IdentityLandscape

11 Where are we going?

12 Kim Cameron’s Laws of Identity n User Control and Consent: Identity systems must only reveal information identifying a user with the user's consent. n Minimal Disclosure for a Constrained Use: The identity system must disclose the least identifying information possible, as this is the most stable, long-term solution. n Justifiable Parties: Identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship. n Directed Identity: A universal identity system must support both "omni-directional" identifiers for use by public entities and "uni-directional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. n Pluralism of Operators and Technologies: A universal identity solution must utilize and enable the interoperation of multiple identity technologies run by multiple identity providers. n Human Integration: Identity systems must define the human user to be a component of the distributed system, integrated through unambiguous human- machine communication mechanisms offering protection against identity attacks. n Consistent Experience Across Contexts: The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies. Source: http://msdn2.microsoft.com/en-us/library/ms996422.aspx#identitymetasy_topic2http://msdn2.microsoft.com/en-us/library/ms996422.aspx#identitymetasy_topic2

13 Will they work in the enterprise? n Short answer: Yes n Inward facing answer: Yes, but… l Enterprise security and compliance requirements may force up front user consent within the enterprise l May limit operators and technologies allowed n Outward facing answer: Unqualified yes l Your customers, and quite possibly future laws, will require enterprises to protect the identity of their consumers l Enterprises will be required to protect their own identity to combat phishing and spam

14 Identity Meta-system Requirements n For adoption… l Open in all senses of the word…a communal barn-raising l Simply complex…Simple at its core, with the capability of handling complexity by adding plug-ins of some form n Microsoft’s Kim Cameron states 5 key pieces: l A way to represent identities using claims l A means for identity providers, relying parties, and subjects to negotiate l An encapsulating protocol to obtain claims and requirements l A means to bridge technology and organizational boundaries using claims transformation l A consistent user experience across multiple contexts, technologies, and operators

15 Convergence in the Identity space n URL-based vs Card-based vs Token-based n Convergence between URL-based and Card- based identity n Convergence starting to happen between URL based and token based identity n Towards full convergence and a true identity meta-system l URL-based identity => Resource identifier-based l XRI-based identity => a possible full convergence l The i-broker concept

16 Identity Standards Adoption n Adoption is happening right now n The grassroots/Web 2.0 adoption vector l URL-based identity: OpenID, YADIS n The Enterprise adoption vector l Token+Card-based identity (WS-Trust, CardSpace)

17 What does the future hold?

18 Identity 2.0 Services are a Blue Ocean n Blue Ocean vs a Red Ocean n Characteristics of a Blue ocean market l Pioneering vs. Competitive, breeds cooperation l Creating or redefining demand l Key to sustainable success n Many service offering possibilities, few providers n Current providers are more co-operative, incl. Microsoft n So…Identity 2.0 Services is a blue ocean

19 What the future may hold n An Identity Meta-System (IMS) standard that specifies core IMS requirements and possible profiles n Multiple flavors of an Identity Meta-System (InfoCard, Bandit, XDI I-Brokers) that implement that standard n Standards for reputation representation and interchange, leading to reputation as a real value currency

20 What you can do n Help raise the barn! l Join two Open Source projects n Why two? l Because you’ll be looking at the problem from different perspectives, and because we need more people as bridges n Join or form OASIS Identity-related technical committees n Talk to your enterprise leadership: l How user-centric is their identity? l Do they have documented Identity Management policies and procedures? l If not, help them write them, or out-source it (in the interests of full disclosure, Booz Allen has an IdM group)

21 Summary n User-centric identity will be crucial as software- as-service, knowledge management, and social software become widespread in the enterprise n Adopting the right emerging identity standard for your enterprise will have significant ROI n Identity 2.0 brings several new market opportunities, most of them tied to Open Source n We’re still at the stage where an Identity Management (IdM) consultant needs to know many standards, but convergence is happening.

22 Questions and Comments?

Download ppt "Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here William Barnhill Booz Allen Hamilton."

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
UDDI v3.0 (Universal Description, Discovery and Integration)

UDDI v3.0 (Universal Description, Discovery and Integration)
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)

Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Next Steps toward More Trustworthy Interfaces Burt Kaliski, RSA Laboratories 1 st Workshop on Trustworthy Interfaces for Passwords and Personal Information.

Next Steps toward More Trustworthy Interfaces Burt Kaliski, RSA Laboratories 1 st Workshop on Trustworthy Interfaces for Passwords and Personal Information.
Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.

Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
Identity: Setting the Larger Context, Achieving the Right Outcomes Copyright © 2006, 9112-1772 Quebec Inc. 7th Annual Privacy and Security Workshop & 15th.

Identity: Setting the Larger Context, Achieving the Right Outcomes Copyright © 2006, Quebec Inc. 7th Annual Privacy and Security Workshop & 15th.
Evolution of Identity Management May 15, 2008 For: CIPS Security Special Interest Group Presented by: Mike Waddingham, PMP President, Code Technology Corp.

Evolution of Identity Management May 15, 2008 For: CIPS Security Special Interest Group Presented by: Mike Waddingham, PMP President, Code Technology Corp.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
International Telecommunication Union An Emerging Global Convergence on Identity Management Tony Rutkowski mailto: Vice President,

International Telecommunication Union An Emerging Global Convergence on Identity Management Tony Rutkowski mailto: Vice President,
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
The Laws of Identity and Cardspace Charles Young Solidsoft.

The Laws of Identity and Cardspace Charles Young Solidsoft.
The Identity Metasystem Caspar Bowden, Chief Privacy Advisor EMEA EMEA Technology Office on behalf of: Kim Cameron, Architect of Identity and Access Microsoft.

The Identity Metasystem Caspar Bowden, Chief Privacy Advisor EMEA EMEA Technology Office on behalf of: Kim Cameron, Architect of Identity and Access Microsoft.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Design Choices Underlying the Identity Metasystem Proposal Kim Cameron and Mike Jones Microsoft.

Design Choices Underlying the Identity Metasystem Proposal Kim Cameron and Mike Jones Microsoft.

Similar presentations

Ads by Google