DOCSLIB.ORG

Liberty Alliance Project

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Identity Management Liberty Alliance Project • Rise of electronic networks: • Need stronger or relevant (business related) use of Setting the Standard identity verification and authorization for Federated Network Identity • Company extranets • Online trading • Identity fraud (#1 consumer complaint): Privacy, Identity Management and Services • Worldwide monetary losses from identity theft were using Liberty technologies in Mobile approximately $8.75 billion in 2002, and are expected to triple to roughly $24 billion in 2003* Environment. • Importance of Identity Management crosses Timo Skyttä industries and sections: • It is required in any B2C, B2B or B2E transaction whether Nokia Mobile Software the entities are private businesses or governmental Strategic Architecture organizations 1 * Aberdeen research 2 Federated Identity & Identity What is the Liberty Alliance ? Management • Federation reflects how relationships are kept in • A business alliance, formed in Sept 2001 with the the real-world goal of establishing an open standard for federated identity management • Not all identity information is held in one place • Global membership consists of consumer-facing • No centralized single point of failure companies and technology vendors as well as policy and government organizations • Opportunity for any trusted business to become a trusted identity provider • The only open organization working to address the • More than single sign-on technology and business issues of federated identity management • It’s how personal information is authenticated, shared and managed 3 4 1 Some current challenges for Mobile Industry Nokia architecture - Identity Manager as the outermost (related to Identity Management) Personal Security & Privacy tool towards services Tightening privacy legislation in EU – use of MSISDN (phone number) as an identifier automatically attached to outgoing HTPP-requests Service User Interface Identity Manager User becomes questionable (browsing/messaging/Java Interface app’s) (invoked if needed) Number portability makes it difficult to associate a phone number to a Secure user certain provider of services – needs to invent a new reference authentication mechanism Services without All other services Identity Manager Many of the mechanisms used in Fixed internet, based on HTTP any need to invoke Identity redirect, cause too many round trips and delays in mobile environment know anything Manager at login, User Profile about the user, when using a form, Consumer awareness and concern over generic privacy and misuse i.e. NO login, Secure use of personal information is growing, need for a “trusted” environment installing/using an Authentication & storage NO on-line forms, ID mechanism or Authorizations A mass market phone doesn’t have full keyboard, and is not likel y to NO hidden ID when initiating a have one in the foreseeable future -> data entry difficulties -> service mechanisms transaction Privacy & Identity adoption problems NOR transactions User’s want personalized services to get quicker access to the content they want, mobile phone screen is small, can present only a limited amount of information – personalization is key, do not compromise Services user’s privacy unnecessarily when doing this To solve Identity Management, including personalized service access, do not create a mobile specific, but a mobile aware solution. This drives adoption both in Mobile and Fixed internet Make the life of user and service provider easy, but trusted and secure 5 6 Before Liberty Use Case After Liberty Use Case Timo has chosen to link his Timo must log-in to portal with three favorite sites an ID and password When Timo logs into the portal, After selecting a TV site he must the mobile operator log-in again automatically authenticates him Log-in’s like above can require 80+ Timo clicks on the TV and is clicks and more than 30 seconds of automatically signed-on time on a typical mobile phone Timo goes to his bookmarks keypad and instantly logs-on to his email Users often give up in frustration, limiting use of mobile data services 7 8 2 Thank You Additional material Questions ? 9 10 Liberty Alliance Vision Defining Liberty Mission: To serve as the premier open Alliance for federated Liberty Alliance IS… Liberty Alliance IS NOT network identity management & services by ensuring IS a member community IS NOT a consumer-facing interoperability, supporting privacy and promoting delivering technical product or service adoption of its specifications, guidelines and best specifications, business and IS NOT developed and practices. privacy best practices supported by one company IS providing a venue for testing IS NOT based on a interoperability and identifying Goals: centralized model business requirements – Provide open standard and business guidelines for federated identity management spanning all network devices IS developing an open, – Provide open and secure standard for SSO with federated identity standard that decentralized authentication and open authorization can be built into other – Allow consumers/businesses to maintain personal companies’ branded products information more securely, and on their terms and services IS driving convergence of open standards 11 12 3 How does Liberty work ? Management Board • 16 founding sponsors • Responsible for overall governance, legal, finances, and operations • Final voting authority for specifications The Business Case Business Technology Services Public Policy Conformance Marketing Expert Expert Expert Group Expert Group Expert Group Group Group The Role of Federated Identity in Web Requirements • Privacy, security, Technical Service Technical req. and use cases and global public architecture marketing Licensing req. Services Responsible for policy issues & requirements Monitor Logo evangelism and • Technical Liaison to privacy specifications usage public relations groups and specifications Manage Business government Defines service Conformance templates and agencies guidelines interoperability testing program • Privacy guidelines & conformance for Core Accelerates and best practices programs specifications market creation for publication All members provide feedback on early drafts 13 14 The Problem Today • Companies need solutions – How to leverage new trends to generate revenue – How to lower lower costs – And still address customer worries about privacy & security “Federated Identity Management is a strategic capability that will solve real business problems” • Companies are spending billions of dollars on Web Service projects (figures vary by analyst) Burton Group, July 2003 – Very few enterprises have completed projects • Current barriers to wide-scale adoption – Lack of technical standards for managing identity – Lack of interoperability between products and services – Lack of a federated model – Lack of privacy and security best practices – Lack of business best practices 15 16 4 Identity problems exploding: Industries Ready for Federated Identity • Wireless – Number Portability Act – enabling customers to retain their mobile phone • No common method to approach identity number when changing carriers – Emerging privacy legislation makes use of phone number as an identifier • Fragmentation of customers identities across towards services quite difficult – Limited data entry capabilities (small screens, small keypads) different many different sources – Users want immediate access to personalized services • Growing privacy / regulatory pressures – Exploitation of data services and m-commerce • Finance • Increasing potential and risk of identity theft - State and national legislation driving need to protect privacy and identity - Increasing opportunity to drive new partnerships and initiatives dependent upon • Convergence of internet and mobile world identity initiatives • Desire to provide higher value-add services to • Healthcare – HIPAA legislation – organizations are responsible for ensuring identifiable customers information is protected while stored or in transit • Government – Increasing incentives for e-filing and online tax returns – Bush administration’s eAuthentication mandate (led by GSA) 17 18 Recent Accomplishments January 2002 – Liberty begins specification development July 2002 – Liberty releases Phase 1 specifications Liberty Progress & Momentum April 2003 – Liberty releases Phase 2 specification drafts; demonstrates interoperability among 20 products; donates Phase 1 specifications to OASIS (SAML) June 2003 – Liberty releases first business guidelines; releases Phase 1 Japanese specifications 19 20 5 Increasingly Diverse Involvement Liberty Alliance Members More than 150 member organizations globally • Growth in government, non-profit and education Driven by end-users, government orgs and vendors sector involvement Led by Technology, Business and Public Policy Expert Groups – GSA, DoD, Canada Post, Hong Kong Post, Royal Mail, TRUSTe, Universitat-Hamburg, U. of Chicago, ISTPA • Close relationships with other standards groups – OMA, OASIS, The Open Group, Internet2 • Increasing global involvement – 25% of members are headquartered in Europe/APAC 21 22 Liberty-enabled products & services Sample Download Statistics Communicator (available) NTT (TBD) SourceID enables Liberty federation and SSO and is a good Computer Associates (Q4*) NTT Software (available) indicator of Liberty interest. Download statistics below* DataKey (available) Oblix (2004) – More than 1,000 downloads in 100 days DigiGan (Q3*) PeopleSoft (available) – Majority of downloads are by global 1000
Recommended publications
  • Analysis of Windows Cardspace Identity Management System Thomas Hanrahan Regis University

    Analysis of Windows Cardspace Identity Management System Thomas Hanrahan Regis University

    Regis University ePublications at Regis University All Regis University Theses Spring 2011 Analysis of Windows Cardspace Identity Management System Thomas Hanrahan Regis University Follow this and additional works at: https://epublications.regis.edu/theses Part of the Computer Sciences Commons Recommended Citation Hanrahan, Thomas, "Analysis of Windows Cardspace Identity Management System" (2011). All Regis University Theses. 469. https://epublications.regis.edu/theses/469 This Thesis - Open Access is brought to you for free and open access by ePublications at Regis University. It has been accepted for inclusion in All Regis University Theses by an authorized administrator of ePublications at Regis University. For more information, please contact [email protected]. Regis University College for Professional Studies Graduate Programs Final Project/Thesis Disclaimer Use of the materials available in the Regis University Thesis Collection (“Collection”) is limited and restricted to those users who agree to comply with the following terms of use. Regis University reserves the right to deny access to the Collection to any person who violates these terms of use or who seeks to or does alter, avoid or supersede the functional conditions, restrictions and limitations of the Collection. The site may be used only for lawful purposes. The user is solely responsible for knowing and adhering to any and all applicable laws, rules, and regulations relating or pertaining to use of the Collection. All content in this Collection is owned by and subject to the exclusive control of Regis University and the authors of the materials. It is available only for research purposes and may not be used in violation of copyright laws or for unlawful purposes.
  • FIDIS D3.12 – FIM What's in for the End-User

    FIDIS D3.12 – FIM What's in for the End-User

    FIDIS Future of Identity in the Information Society Title: “D3.12: Federated Identity Management – what’s in it for the citizen/customer?” Author: WP3 Stefanie Poetzsch (TUD) Martin Meints (ICPP) Bart Priem, Ronald Leenes (TILT) Rani Husseiki (SIRRIX) Editors: Ronald Leenes (TILT) Reviewers: Seyit Ahmet Camtepe (TUB) Identifier: D3.12 Type: Deliverable Version: 1.0 Date: Wednesday, 10 June 2009 Status: Final Class: Public File: 20090506_fidis_D3.12 final 1.0.odt Summary This deliverable ventures into the federated identity management (FIM) landscape from the perspective of the individual end user. It provides an overview of features and requirements for FIMs and analyses four FIM frameworks (Liberty Aliance, Shibboleth, PRIME, and Microsoft Cardspace) on the basis of these user inspired requirements. Copyright © 2004-08 by the FIDIS consortium - EC Contract No. 507512 The FIDIS NoE receives research funding from the Community’s Sixth Framework Program Copyright Notice: This document may not be copied, reproduced, or modified in whole or in part for any purpose without written permission from the FIDIS Consortium. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. The circulation of this document is restricted to the staff of the FIDIS partner organisations and the European Commission. All information contained in this document is strictly confidential and may not be divulged to third parties without the express permission of the partners. All rights reserved. PLEASE NOTE: This document may change without notice – Updated versions of this document can be found at the FIDIS NoE website at www.fidis.net.
  • Achieving Privacy in a Federated Identity Management System

    Achieving Privacy in a Federated Identity Management System

    Achieving Privacy in a Federated Identity Management System Susan Landau1, Hubert Le Van Gong1, Robin Wilton2 {[email protected], [email protected], [email protected]} 1 Sun Microsystems 2 Future Identity Abstract. Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We examine privacy risks and fundamental privacy protections of federated identity-management systems. The protections include minimal disclosure and providing PII only on a “need-to-know” basis. We then look at the Liberty Alliance system and analyze previous privacy critiques of that system. We show how law and policy provide privacy protections in federated identity- management systems, and that privacy threats are best handled using a combination of technology and law/policy tools. Keywords: federated identity management, privacy, law, policy. 1 Introduction In solving one problem, federated identity management raises others. For in- stance, federated identity management can simplify a user’s experience through the use of single sign on (SSO) at multiple websites, thus enabling multiple ser- vices to be accessed as a unified whole and simplifying the complex process of managing user accounts after systems merge [16, pp. 16-17]. But by enabling the dynamic use of distributed identity information, federated identity manage- ment systems blur the divide between security domains, apparently creating a potential risk to privacy. We believe that separating the different contexts of a user’s identity through federation creates privacy in depth and can substantially enhance user privacy.
  • Security for Future Networks: a Prospective Study of Aais

    Security for Future Networks: a Prospective Study of Aais

    Security for Future Networks : a Prospective Study of AAIs Hassane Aissaoui, Pascal Urien, Guy Pujolle, Fraga Joni da Silva, Böger Davi da Silva To cite this version: Hassane Aissaoui, Pascal Urien, Guy Pujolle, Fraga Joni da Silva, Böger Davi da Silva. Security for Future Networks : a Prospective Study of AAIs. IJNS, 2013, pp.CIT2013 Submission 6. hal-00841301 HAL Id: hal-00841301 https://hal.archives-ouvertes.fr/hal-00841301 Submitted on 4 Oct 2013 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Security for Future Networks : a Prospective Study of AAIs Hassane AISSAOUI MEHREZ, Pascal URIEN Guy PUJOLLE TELECOM-ParisTech : LTCI CNRS Laboratory CNRS, LIP6/UPMC Laboratory, IMT / TELECOM-ParisTech University Pierre and Marie Curie Paris VI 46, rue Barrault F 75634 Paris France 4 Place Jussieu, 75005 Paris, France Joni da Silva Fraga, Davi da Silva Böger Universidade Federal de Santa Catarina, Centro Tecnológico, Departamento de Engenharia Elétrica. LCMI/DAS/CTC - UFSC, C.P. : 476 88040-900 - Florianopolis, SC Brasil E-mails: {hassane.aissaoui, pascal.urien}@telecom-paristech.fr, [email protected], [email protected]. In Section 5 final considerations about the benefits Abstract: provided both to users and service providers, when identity The future Internet will rely heavily on virtualization and and User-Centric models are used in identity management, cloud networking.
  • Oracle Identity Management 11G

    Oracle Identity Management 11G

    An Oracle White Paper July 2010 Oracle Identity Management 11g Oracle White Paper—Oracle Identity Management 11g Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Oracle White Paper—Oracle Identity Management 11g Introduction to Oracle Fusion Middleware 11g.................................... 1 Purpose and Scope......................................................................... 2 Oracle Identity Management Overview............................................... 4 Oracle Identity Management Business Benefits ............................. 4 Introducing Oracle Identity Management 11g ..................................... 6 Service-Oriented Security ............................................................... 6 Oracle Identity Managementʼs Key Services .................................. 7 Oracle Identity Management Components........................................ 12 Platform Security Services ............................................................ 12 Directory Services ......................................................................... 23 Access Management .................................................................... 29
  • Liberty Alliance Project

    Liberty Alliance Project

    Liberty Alliance Project Setting the Standard for Federated Network Identity Timo Skytt‰ Nokia Mobile Software Strategic Architecture 1 Todayís Agenda ※Liberty Alliance Background ※The Business Case for Federated Identity ※Liberty Momentum & Progress ※Federated Identity: Not Just A Technology Issue ※Architecture & Circle of Trust 1 Liberty Alliance Vision Mission: To serve as the premier open Alliance for federated network identity management & services by ensuring interoperability, supporting privacy and promoting adoption of its specifications, guidelines and best practices. Goals: ñ Provide open standard and business guidelines for federated identity management spanning all network devices ñ Provide open and secure standard for SSO with decentralized authentication and open authorization ñ Allow consumers/businesses to maintain personal information more securely, and on their terms 1 What is the Liberty Alliance ? • A business alliance, formed in Sept 2001 with the goal of establishing an open standard for federated identity management • Global membership consists of consumer-facing companies and technology vendors as well as policy and government organizations • The only open organization working to address the technology and business issues of federated identity management 1 Who is the Liberty Alliance today? Over 150 for-profit, not-for-profit and government organizations, representing a billion customers, are currently Alliance members The following represent Libertyís Board Members and Sponsors 1 How does Liberty work ? Management Board ï 16 founding sponsors ï Responsible for overall governance, legal, finances, and operations ï Final voting authority for specifications Business Technology Services Public Policy Conformance Marketing Expert Expert Expert Group Expert Group Expert Group Group Group Requirements ï Privacy, security, Technical Service Technical req.