Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federated Identity on the Web Peter Yared Chief Technologist, Network Identity Sun Microsystems, Inc. Month, 2001.

Published byBaldric Welch Modified over 9 years ago

Similar presentations

Presentation on theme: "Federated Identity on the Web Peter Yared Chief Technologist, Network Identity Sun Microsystems, Inc. Month, 2001."— Presentation transcript:

1 Federated Identity on the Web Peter Yared Chief Technologist, Network Identity Sun Microsystems, Inc. Month, 2001

2 Presenter Information--edit on Slide Master What is Identity? The set of attributes that describe profile(s) of an individual. Customer NameJohn Smith Email alias jsmith2@freemail.com User IDjs@eng.sun.com Credit card number Social security number Drivers license Passport Retinal Scan DNA Entertainment preferences Notification preferences Employee Authorization Business Calendar Dinning preferences Affinity program Friends and associates Education History Medical History Financial Assets…

3 Presenter Information--edit on Slide Master Know thy Customer Without identity, you can’t have an enduring relationship with your customers Knowing your customers better than your competitors is a huge advantage

4 Presenter Information--edit on Slide Master Possible Solutions Financial Svcs Customer Community Online Community Telecommunications Community Travel Community Entertainment Community Retail Community Wireless Community Centralized ModelOpen, Federated Model

5 Presenter Information--edit on Slide Master Federated Identity Distributed data stays with “rightful” owner Multiple authenticators –Competition for consumer trust Delineation between authentication and authorization –Merchant retains control of transaction requirements –Gradient levels of authentication within network Consumer is in control of who can access information

6 Presenter Information--edit on Slide Master What is Liberty? A multi-industry business alliance Define and drive a widely accepted, interoperable standard for federated identity Provide a standard which will: –Simplify business partnerships on the internet –Simplify user's consumption of network services –Allow businesses and consumers to better manage their data

7 Presenter Information--edit on Slide Master Who is Liberty?

8 Presenter Information--edit on Slide Master Liberty Organization Determines market requirements and use case focus for alliance. Drives positioning, promotion, branding, adoption and deployment GovernanceMarketingTechnologyPolicy Understands current standards, drives convergence, evolution of technology Delivers a spec. Understands policy/regulatory environment Defines mission/scope Drives execution timetable

9 Presenter Information--edit on Slide Master Pragmatic Approach Focus on interoperability Respect other identity systems will exist No exclusivity Sun is one of many founders with no unique privileges Measure of success is commercial deployment

10 Presenter Information--edit on Slide Master Evolution of Identity Networks Separate login for each site Separate login for each network Seamless login across networks

11 Presenter Information--edit on Slide Master Analogous to ATM Networks Separate card for each bank Separate card for each network Seamless access across networks

12 Presenter Information--edit on Slide Master SSO Architecture Cross-domain authentication Log in Be recognized Excite.com Pets.com

13 Presenter Information--edit on Slide Master SSO (1 of 2) Excite.com Pets.com 1. Service Provider uses HTTP redirect or Form Post to Identity Provider 2. User redirected to Identity Provider and logs in 3. Identity Provider processes login

14 Presenter Information--edit on Slide Master SSO (2 of 2) Excite.com Pets.com 5. Merchant receives HTTP redirect and parses nonce from URI 4. Identity Provider redirects to Service Provider with a nonce embedded in the URI 6. Service Provider opens PKI-ensured back channel to Identity Provider to query about user

15 Presenter Information--edit on Slide Master Federation/Account Linking Pets.com WebVan.com Users already have accounts at a variety of sites Excite.com Joe123 JoeS JoeSch

16 Presenter Information--edit on Slide Master Federation/Account Linking Pets.com WebVan.com Upon linking those accounts, the sites need to be able to have a frame of reference for the user Excite.com Joe123 JoeS JoeSch

17 Presenter Information--edit on Slide Master Federation/Account Linking Pets.com WebVan.com Excite.com Joe123 JoeS JoeSch JoeS@pets.com JoeSch@WebVan.com Joe123@Excite If account names are exchanged, sites can talk to each other about the user’s approval!

18 Presenter Information--edit on Slide Master Federation/Account Linking Pets.com WebVan.com Excite.com Joe123 JoeS JoeSch Instead, opaque handles resolvable only by the issuer should be exchanged <alias="mr3tTJ340ImN2ED" SecurityDomain=“Pets.com" Name="dTvIiRcMlpCqV6xX" /> <alias=“xyrVdS+xg0/pzSgx" SecurityDomain=“WebVan.com" Name="pfk9uzUN9JcWmk4RF" /> <alias="dTvIiRcMlpCqV6xX" SecurityDomain="excite.com" Name="mr3tTJ340ImN2ED" /> <alias="pfk9uzUN9JcWmk4RF" SecurityDomain="excite.com" Name="xyrVdS+xg0/pzSgx" />

19 Presenter Information--edit on Slide Master Web Services Interactions via SOAP/HTTP PKI-Ensured Service Types –Basic Identity Address, E-Mail, Phone Number –Wallet –Calendar –Portfolio –Address Book –Instant Message –Etc.

20 Presenter Information--edit on Slide Master Example SOAP Call SUNW

21 Presenter Information--edit on Slide Master Example SOAP Response 34.5

22 Presenter Information--edit on Slide Master Policy Enforcement User’s data is only released with the user’s consent and based on the user’s preferences and policies Excite.com Pets.com 1. Service provider requests user attributes from identity provider 3. User accepts or rejects exceptions to existing policies and preferences 2. Attributes released per user’s policies and preferences

23 Presenter Information--edit on Slide Master IDP Serving as Gateway Excite.com PacBell.com 3. Identity provider sends SMS message to mobile operator 1. User registers to “watch” an auction AuctionWatch.com 2. Service provider sends an SMS message to IDP 4. Mobile operator sends SMS message to user Sees message text

24 Presenter Information--edit on Slide Master IDP Serving as a Directory Excite.com PacBell.com 3. Service provider sends SMS message to mobile operator 1. User registers to “watch” an auction AuctionWatch.com 2. Service provider requests SMS ticket 4. Mobile operator sends SMS message to user Doesn’t see message text

25 Presenter Information--edit on Slide Master Basic Wallet Service Excite.com CyberCash.com 4. Service provider sends payment information to payment provider 1. User purchases items Pets.com 3. Payment and billing info sent to SP 2. User routed to identity provider to authorize transaction

26 Presenter Information--edit on Slide Master Wallet Service Excite.com CyberCash.com 4. Identity Provider sends payment information to Payment Provider 1. User purchases items Pets.com 3. Identity provider sends shipping info and authorization to service provider 2. User routed to identity provider to authorize transaction

27 Presenter Information--edit on Slide Master Ticket Wallet Service Excite.com CyberCash.com 4. Service provider sends payment ticket to payment provider 1. User purchases items Pets.com 3. Payment ticket and billing info sent to SP 2. User routed to identity provider to authorize transaction 5. Payment provider uses ticket to retrieve payment information from identity provider

28 Presenter Information--edit on Slide Master Java Platform Strategy J2EE –New Liberty JSR –Inclusion in Java Web Services Development Pack –Tracked for J2EE 1.5 J2SE –Liberty digital signing via Java WebStart J2ME –Liberty digital signing via MIDP JavaCard –Liberty certificates stored in JavaCard

29 Presenter Information--edit on Slide Master Summary Liberty is an open organization Specification due in a few months Account federation is key –A global unique ID is not workable Distributed services –Directory metaphor rather than gateway Touches all facets of Java –J2EE, J2SE, J2ME, JavaCard

30 Presenter Information--edit on Slide Master

Download ppt "Federated Identity on the Web Peter Yared Chief Technologist, Network Identity Sun Microsystems, Inc. Month, 2001."

Similar presentations

Copyright © 2005 – Clickshare Service Corp. All rights reserved. Payment Aggregation & Affinity Management Clickshare for the Media Industry For more information.

Copyright © 2005 – Clickshare Service Corp. All rights reserved. Payment Aggregation & Affinity Management Clickshare for the Media Industry For more information.
Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any.

1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any.
The GSMA July 2014 Restricted - Confidential Information

The GSMA July 2014 Restricted - Confidential Information
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
© Copyright IBSP – IBSP Hong Kong Ltd 2010 www.ibsp.net Internet Business Service Provider.

© Copyright IBSP – IBSP Hong Kong Ltd Internet Business Service Provider.
Network Identity Kai Kang 27 th October 2004. Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.

Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Microsoft Passport www.passport.com Waldemar Swiercz.

Microsoft Passport Waldemar Swiercz.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Electronic Commerce Systems

Electronic Commerce Systems
Credit Card And Prepaid Process Edward M. Kwang President.

Credit Card And Prepaid Process Edward M. Kwang President.
Send Money Instantly Save Money. Save Time..

Send Money Instantly Save Money. Save Time..
PayPal as an Additional Payment Option How Merchants Can Benefit When They Accept PayPal on Their Site.

PayPal as an Additional Payment Option How Merchants Can Benefit When They Accept PayPal on Their Site.
From Electronic to Digital. © 2014 MasterCard. Proprietary and Confidential. “FRIENDLY” SHOWROOMINGFULLY DIGITAL Mobile is a major shopping tool and growing.

From Electronic to Digital. © 2014 MasterCard. Proprietary and Confidential. “FRIENDLY” SHOWROOMINGFULLY DIGITAL Mobile is a major shopping tool and growing.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.

EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.
Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.

Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.
Communications & Data Services The Evolution of Communications Cathy Avgiris EVP/GM May 10, 2012.

Communications & Data Services The Evolution of Communications Cathy Avgiris EVP/GM May 10, 2012.

Similar presentations

Ads by Google