Steve Plank Identity Architect Connectivity Naming IP DNS Identity no consistency taught users type usernames amp passwords web page what is identity attributes givenName sn preferredName ID: 385946
Download Presentation The PPT/PDF document "Advances in Digital Identity" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Advances in Digital Identity
Steve Plank
Identity
ArchitectSlide2
Connectivity
Naming
IP
DNS
Identity
no consistencySlide3
taught users
type
usernames &
passwords
web pageSlide4
what is identity?Slide5
attributes:
givenName
sn
preferredName
planky
dateOfBirth
170685!over18 true
over21 true
over65 falseimage
steve
plankSlide6
self asserted
verifiable
what claims i make
about myself
what claims another party
makes about meSlide7
elvis presley
only 1 of them is real
probablySlide8
trust
make these
claimsSlide9
SECURITY TOKEN
steve
plank
over 18
over 21
under 65
imageSlide10
security token service
give it something
SECURITY TOKEN
Steve
Plank
Over 18
Over 21
Under 65
image
DIFFERENT
SECURITY
TOKEN
Username
Password
Biometric
Signature
Certificate
“Secret”Slide11
identity metasystemSlide12
participants
relying party (website)
identity provider
subjectSlide13
WS-*
security
token
service
SAML
WS-*
SAML
security
token
service
WS-*
x509
identity
provider
x509
identity
provider
subject
relying party
relying party
identity selectorSlide14
identity selectorSlide15
human integration
consistent experience across contextsSlide16Slide17
contains claims about my identity that I assert
not corroborated
stored locally
signed and encrypted to prevent replay attacks
provided by banks, stores, government, clubs, etc
locally stored cards contain metadata only!
data stored by identity provider and obtained only when card submitted
cards
self-issued
managedSlide18
object tag
login with self issued card
relying party (website)
user
loginSlide19
select self issued card
relying party (website)
user
PlankySlide20
create token from card
relying party (website)
Planky
FN: Steve
LN: Plank
Email:
splank
CO: UK
userSlide21
sign, encrypt & send token
relying party (website)
Planky
userSlide22
object tag
login with managed card
relying party (website)
user
login
identity providerSlide23
select managed card
relying party (website)
user
Woodgrove
Bank
identity providerSlide24
Woodgrove
Bank
request security token
relying party (website)
identity provider
user
authN:
X509, kerb, SC, U/pwd
…Slide25
Woodgrove
Bank
request security token response
relying party (website)
identity provider
user
sign, encrypt
sendSlide26
<
body
>
<
form
id
="form1"
method
="post"
action
="login.aspx">
<
div
>
<
button
type
="submit">
Click here to sign in with your Information Card
</
button
>
<
object
type
="application/x-
informationcard
"
name
="
xmlToken
">
<
param
name
="
tokenType
"
value
="urn:oasis:names:tc:SAML:1.0:assertion"
/>
<
param
name
="issuer
value
="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self"
/>
<
param
name
="
requiredClaims
"
value
="
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/
privatepersonalidentifier
/>
</
object
>
</
div
>
</
frm
>
</
body
>Slide27
relying party (website)
token
decrypter
claims
extractor
first name
last name
email
phone
user database
123
456
789
456
xmlToken
(signed &
encrypted)
xmlToken
(plaintext)
ppid
index into DBSlide28
demoSlide29
Built into Windows Vista
Available for Windows XP & Windows Server 2003
Betas & CTPs available from:
http://msdn.microsoft.com/windowsvista/getthebeta
RTM 2nd half 2006
More Information & Samples at
http:/cardspace.netfx3.com
Q2
Q3
Q1
2006
Q2
Q4
Q1
2005
Q3
Q4
B1
B2
V1
RTM
CTP
RCx
roadmapSlide30
review
identity layer
phishing, phraud
human integrationconsistent experience across contexts
iprpuseridentity selector
Presentation style mercilessly stolen off Lawrence Lessig, BBC News 24 and Dick Hardt