Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management: Enterprise, E-Commerce and Government applications and their implications for privacy Joe Pato, Principal Scientist Trust, Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity Management: Enterprise, E-Commerce and Government applications and their implications for privacy Joe Pato, Principal Scientist Trust, Security."— Presentation transcript:

1 Identity Management: Enterprise, E-Commerce and Government applications and their implications for privacy Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b 10 April 2003

2 page 210 April 2003 (c) 2003 Hewlett-Packard Introduction Future – Ubiquitous Computing – Ginger Segue Identity Management – What is Identity – Authentication – Enterprise / Internet / Government contexts Privacy Considerations

3 page 310 April 2003 (c) 2003 Hewlett-Packard Identity Management Identity Management is: – the set of processes, tools and social contracts surrounding the creation maintenance and termination of a digital identity – for people or, more generally, for systems and services – to enable secure access to an expanding set of systems and applications.

4 page 410 April 2003 (c) 2003 Hewlett-Packard Credit Bureau Foo.com view of me “The Aggregate Me” Employer view of me “My view of me” Government view Views of Identity

5 page 510 April 2003 (c) 2003 Hewlett-Packard Some Definitions Courtesy of Who Goes There? Authentication Through the Lens of Privacy Committee on Authentication Technologies and Their Privacy Implications Computer Science and Telecommunications Board The National Academies Washington, D.C. http://cstb.org/

6 page 610 April 2003 (c) 2003 Hewlett-Packard Individual An individual is a person.

7 page 710 April 2003 (c) 2003 Hewlett-Packard Identifier An identifier identifies an individual. “Lamont Cranston” “Employee #512657”

8 page 810 April 2003 (c) 2003 Hewlett-Packard Attribute An Attribute describes a property associated with an individual

9 page 910 April 2003 (c) 2003 Hewlett-Packard Identity “The Shadow” ? “an identity of X” is the set of information about an individual X associated with that individual in a particular identity system Y

10 page 1010 April 2003 (c) 2003 Hewlett-Packard Identification Identification is the process of using claimed or observed attributes of an individual to infer who the individual is

11 page 1110 April 2003 (c) 2003 Hewlett-Packard Authenticator An authenticator is evidence which is presented to support authentication of a claim. It increases confidence in the truth of the claim

12 page 1210 April 2003 (c) 2003 Hewlett-Packard Authentication Authentication is the process of establishing confidence in the truth of some claim There are different types of authentication…

13 page 1310 April 2003 (c) 2003 Hewlett-Packard Attribute Authentication Attribute Authentication is the process of establishing an understood level of confidence that an attribute applies to a specific individual !

14 page 1410 April 2003 (c) 2003 Hewlett-Packard Individual Authentication Individual Authentication is the process of establishing an understood level of confidence that an identifier refers to a specific individual “Lamont Cranston” !

15 page 1510 April 2003 (c) 2003 Hewlett-Packard Identity Authentication Identity Authentication is the process of establishing an understood level of confidence that an identifier refers to an identity “The Shadow” !

16 page 1610 April 2003 (c) 2003 Hewlett-Packard Authorization Authorization is the process of deciding what an individual ought to be allowed to do

17 page 1710 April 2003 (c) 2003 Hewlett-Packard Internet vs. Enterprise Organizational control of population Ability to issue tokens Ability to mandate desktop software Direct vs. network access Scale of population Privacy Issues

18 page 1810 April 2003 (c) 2003 Hewlett-Packard Government’s Unique Role Regulator, Issuer of identity documents, Relying Party Unique Relationship with Citizens – Many transactions are mandatory – Agencies cannot choose their markets – Relationships can be cradle-to-grave – Individuals may have higher expectations for government Provider of Services – A common identifier may be in tension with principles of Privacy Act

19 page 1910 April 2003 (c) 2003 Hewlett-Packard Foundational Documents Pose Risks Many of these documents are very poor from a security perspective – Diverse issuers – No ongoing interest on part of issuer to ensure validity/reliability Birth certificates are particularly poor – Should not be sole base identity document

20 page 2010 April 2003 (c) 2003 Hewlett-Packard Repository Single Sign-On PersonalizationAccess Management ProvisioningLongevity Policy Control Authentication Provider Auditing Foundation Lifecycle Consumable Identity Management Components

21 page 2110 April 2003 (c) 2003 Hewlett-Packard Authentication Technologies Passwords Tokens Smartcards Biometrics PKI Kerberos

22 page 2210 April 2003 (c) 2003 Hewlett-Packard Federated Identity: Liberty Alliance XML, SAML, XML-DSIG, WAP, HTML, WSS, WSDL, SOAP, SSL/TLS Liberty Identity Federation Framework (ID-FF) Liberty Identity Services Interface Specifications (ID-SIS) Liberty Identity Web Services Framework (ID-WSF)

23 page 2310 April 2003 (c) 2003 Hewlett-Packard Privacy Numerous philosophical approaches Four types discussed here – Information privacy – Bodily integrity – Decisional privacy – Communications privacy

24 page 2410 April 2003 (c) 2003 Hewlett-Packard General Privacy Implications Authentication can implicate privacy – the broader the scope, the greater the potential privacy impact Using a small number of identifiers across systems facilitates linkage, affects privacy Incentives to protect privacy are needed Minimize linkage and secondary use

25 page 2510 April 2003 (c) 2003 Hewlett-Packard Multiple Stages at which Privacy is Affected Authentication, generally Choice of Attribute Selection of Identifier Selection of Identity The Act of Authentication These are just in the design stage, before transactional data collection, linkage, secondary use issues, etc. Chapter 7’s toolkit describes each of these in detail

26 page 2610 April 2003 (c) 2003 Hewlett-Packard 1. Authentication’s Implications Separate from Technology: The act of authentication affects privacy, regardless of the technology used Requires some revelation and confirmation of personal information – Establishing an identifier or attribute – Potential transactional records – Possible exposure of information to parties not involved in authentication

27 page 2710 April 2003 (c) 2003 Hewlett-Packard 2. Attribute Choice Affects Privacy Informational privacy – Distinctive vs. more general – Minimize disclosure – Ensure data quality – Avoid widely-used attributes Decisional – If sensitive, may impinge willingness Bodily integrity – If requires physical collection, may be invasive Communications – If attribute reveals address, phone, network

28 page 2810 April 2003 (c) 2003 Hewlett-Packard 3. Identifier Selection Affects Privacy Informational privacy – Identifier itself may be revealing – Will link to the individual Decisional – Fewer effects if random or if allows for pseudonymous participation Bodily integrity – Minimal effects Communications – Problem if identifier is address or number (telephone, IP address, etc.)

29 page 2910 April 2003 (c) 2003 Hewlett-Packard 4. Identity Selection Affects Privacy Three possibilities – Identifier is only information available to the system – Identifier is not linked to information outside of the system – Identifier may be linked to outside records Tracking transactional information poses risk to decisional privacy All issues related to identifier choice remain relevant here

30 page 3010 April 2003 (c) 2003 Hewlett-Packard 5. Act of Authentication Affects Privacy Authentication usually accomplished by observing the user or requiring support of the claim Informational – If records are kept Decisional – Intrusiveness and visibility may affect Bodily Integrity – If close contact is required Communications – If communication systems use is required

31 page 3110 April 2003 (c) 2003 Hewlett-Packard Additional Issues When is authentication really necessary? Secondary use of identifiers – Without original system limits in mind, usage can become highly inappropriate – This can lead to privacy and security problems, compromise original mission, and generate additional costs Explicit recognition of the appropriateness of multiple identities for individuals Usability – Design systems with human limits in mind! – Employ user-centered design methods Identity theft as a side effect of authentication system design choices

32 page 3210 April 2003 (c) 2003 Hewlett-Packard As for Nationwide Identity Systems… Driver’s licenses are a nationwide identity system The challenges are enormous – Inappropriate linkages and secondary use likely without restrictions Biometrics databases and samples would need strong protection Any new proposals should be subject to analysis here and in IDs—Not That Easy

33 page 3310 April 2003 (c) 2003 Hewlett-Packard Questions ??? Follow-up: Joe Pato HP Labs One Cambridge Center – 11’th Floor Cambridge, MA 02142 joe.pato@hp.com

Download ppt "Identity Management: Enterprise, E-Commerce and Government applications and their implications for privacy Joe Pato, Principal Scientist Trust, Security."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
Department of Labor HSPD-12

Department of Labor HSPD-12
UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.

UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Similar presentations

Ads by Google