1. A Role-Based Approach to Federated Identity Ravi Sandhu * Chief Scientist NSD Security www.nsdsecurity.com Ravi Sandhu * Chief Scientist NSD Security www.nsdsecurity.com * Also Professor of Information Security and Assurance George Mason University

2. Federated Identity Cross organization Maintain authentication and authorization profile and provide single-sign-on across multiple applications Focuses on “letting the good guys in”

3. Role-Based Management Roles Consumer s Identity Managemen t Roles Authorization profiles are managed in terms of roles Administration is delegated in terms of identity management roles

4. Securing Identity Profiles Authentication and authorization profiles are the organization’s most sensitive data Managing these securely is an organization’s most important security objective

5. What is Security Catastrophic failure is far worse than occasional failure Good enough security —Is all we can achieve —Tolerates occasional failure —Does not tolerate catastrophic failure

6. Security is Only One Objective Integrated, identity management infrastructure Ease of UseSecurity Total Cost of Ownership

7. Security Appliances Dedicated (but COTS) hardware Hardened OS Managed by restricted protocols (no root access) Highly available, scalable and secure Secure Identity Appliance TM

8. Authentication Ladder Weak Password Systems, Catastrophic Dictionary attacks Zero Footprint Hardened Password Roaming PKI No change for users No change for issuer No password file (PKI hardened) Password Usability PKI Security Password plus USB token or variant Secure Identity Appliance TM Two-factor (with optional PKI)

9. 2-Key RSA vs. 3-Key RSA Old PKI Keys: a)Alice Public = e b)Alice Private = d c)Alice Cert = C Signing: a) S = Sign (M,d) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? Practical PKI Keys: a)Alice Public = e b)Alice password = d1 c)Alice Cert = C d)Alice appliance key = d2 Signing: a)Alice logs on to appliance using strong authentication and creates secure channel b)Spartial = Sign(M,d2) c)S = Sign(Spartial,d1) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? Difference #1: Alice has short convenient password Difference #2: Alice has to interact with appliance to sign.

10. Single Sign On Cookie-based —Zero footprint on client —Lightweight footprint on servers Certificate-based —Lightweight footprint on client —Zero or lightweight footprint on servers

11. SSO and Authentication Authentication —Single factor —Two factor factor Single sign on —Cookie based —Certificate based

12. Security Identity Appliance Roles Appliance management roles Consumer management roles Consumer roles

13. Appliance Management Roles Supermanager —Not your usual root user Security manager System manager Supermanager Security manager System manager Can-create but Cannot do

14. Consumer Management Roles Consumer management roles manage consumer roles Built in roles —Super-csr —Create-csr —Modify-csr —Read-only-csr

15. Consumer Management Roles Super-csr Create-csrRead-only-csrModify-csr Consumer Can-create but Cannot do

16. Consumer Management Roles Consumer1 Create- csr1 Read-only- csr1 Modify- csr1 Read-only- csr2 Modify- csr2 useriduser personal profileorg1 rolesorg2 roles…..

17. Identity Management Processes Provisioning —Enrollment —Registration —Revocation Rights Management —Role and attribute assignment by Identity Management roles —Role revocation by Identity Management roles Consumer self-administration —Password change —Password reset —Profile update (such as address, phone number, etc.) —Revocation

18. OneHealthPort Trading Partner1 Trading Partner2 Trading Partner-k Relying Party1 Relying Party2 Relying Party-n

19. The technology behind OneHealthPort Secure Identity Appliance TM