Book of Proceedings www.internetidentityworkshop.com Compiled by HEIDI NOBANTU SAUL, LISA HORWITCH AND EMMA GROSS Notes in this book can also be found online at http://iiw.idcommons.net/IIW_18_Notes May 6 -8, 2014 Computer History Museum Mountain View, CA IIW founded by Kaliya Hamlin, Phil Windley and Doc Searls Co-produced by Kaliya Hamlin, Phil Windley and Heidi Nobantu Saul Contents About IIW ʹ the Internet Identity Workshop ................................................................................... 3 Agenda Creation ............................................................................................................................... 4 IIW 18 Session Topics ....................................................................................................................... 5 Tuesday May 7.................................................................................................................................. 9 Respect Network Launch .............................................................................................................. 9 /ŶĚŝĞŽdž͗>Ğƚ͛ƐƌŝŶŐŽƵƌĂƚĂ,ŽŵĞ͊ ........................................................................................ 9 Improving the Mobile Federation Sign-In Experience ............................................................... 13 Phishing Blend Authentication & Authorization ........................................................................ 15 JOSE Can you see: technical overview of JWT and its JOSE underpinnings, which are poised to be the next generation identity token, and a look at using one open source implementation 16 ME Depot: Serving Billions ........................................................................................................ 16 Intentions vs Identity .................................................................................................................. 18 IoT: Internet of Things Unintended & Unexpected Consequences ........................................... 19 Customer Support for Personal Data Stores .............................................................................. 20 An Introduction to the INDIEWEB .............................................................................................. 21 ͞^/D͟EĞdžƚ^ƚĞƉƐʹ Planning Ahead: x Domain ID Management ........................................... 26 New OAuth2-WG: Multi-Party Federation! ............................................................................... 27 Open ID Connect Interop Testing Details ................................................................................... 28 Engaging End Users: How Do We Get Consumers to Participate in Identity Discussion? ......... 29 Ethical Data Handling: What is it? What are the obstacles? What is success?......................... 30 Platform Deep-Dive of QREDO ʹ /ͻWZ/sͻhd, ....................................................................... 30 How to Join the IndieWeb .......................................................................................................... 32 ^ŝůŝĐŽŶsĂůůĞLJ͞Ƶůƚure ŽĨzŽƵƚŚ͗͟džƉĞƌŝĞŶĐĞƐ͖>ĞƐƐŽŶƐΘĨĨĞĐƚƐ͖WƌĞĚŝĐŽƚƌƐΘ^ƚĞƉƐ ............ 34 Digital Traits for Strong Authentication ..................................................................................... 34 Open ID Connect: Session Management / Logout Discussion (Part 1 & Part 2) ....................... 35 Identify Theft: How do we preserve & protect identity (medical, financial, social) in era of big data ʹ ǁŚĞƌĞĂůŐŽƌŝƚŚŵƐƚŽĚĞƚĞĐƚĨƌĂƵĚͬƐƵƌǀĞŝůůĂŶĐĞĂƌĞŶ͛ƚǁŽƌŬŝŶŐ͘ .................................... 37 ĂŶ͛ƚĞǀŝů͊ ............................................................................................................................... 38 NSTIC: Update from NIST & Roundtable .................................................................................... 39 Fuse Architecture Picos & Connected Cars ................................................................................ 43 IndieAuth: Turn Your Personal Domain Into An OAuth Provider .............................................. 43 IIW 18 Page 1 Personal Sovereign Design ......................................................................................................... 46 Doxing as Vigilante Justice ......................................................................................................... 48 Respect Network & XDI .............................................................................................................. 48 Aging & Caregivers & Post Death Identity Management IoT Assisted Living ............................ 52 Wednesday May 8 .......................................................................................................................... 54 OAuth Security: Proof of Possession ......................................................................................... 54 ͞tĞƌĞdŚĞ>ĂƐƚ'ĞŶĞƌĂƚŝŽŶŽĨ&ƌĞĞWĞŽƉůĞ͟ .......................................................................... 56 VRM Adoptions Case Study: MYDEX cic (How we tell it; where we are; what Mydex looks like including: peek at UK IDAP) ........................................................................................................ 59 HTTPSY: Leave the Certificate Authority Behind. ...................................................................... 61 Data Inequality / Income Inequality ........................................................................................... 62 Channel Binding for Open ID Connect ....................................................................................... 64 Ad-hoc UMA Interop Testing Session ......................................................................................... 67 Mozilla Listens to IIW ................................................................................................................. 68 Real Estate Use Cases: Problems, Solutions, Opportunities ...................................................... 71 Shopping for an Identity Providers: What do I need to know before I put my identity in your provider? .................................................................................................................................... 74 Self ID: What technical problems or incentives do we need to make hosting your own IDP really a viable thing? .................................................................................................................. 75 Mobile Connect: What would you as an Rp/IoP attribute broker want from the carriers? ...... 78 Clarify & Learn About: Web Payments & Identity ..................................................................... 79 New Book: Extreme Relevancy .................................................................................................. 80 /ŽdĂŶĚKƉĞŶ^ƚĂŶĚĂƌĚƐ;KƵƚŚϮ͕hD͙Ϳ ................................................................................ 81 Timbl on UI offered by WebID: Getting WC3 People to come to IIW19 ................................... 83 OAuth SASL (OAuth for Non-Web Apps, ep.IMAP) .................................................................... 83 Be Ready for the Authpocalypse: Lightweight/Dynamic Client Registration for ImAP/SASL ... 86 10 Things you can do with a Freedom Box ................................................................................ 88 OIDC & SAML2: Dealing w/the case when the intended audience is not the relying party ...... 90 Lost Dog! Usercentric ID Management ..................................................................................... 91 Thursday May 9 .............................................................................................................................. 93 >Ğƚ͛ƐƌĞĂƚĞ^ŽŵĞWĞƌƚŝŶĞŶƚƌƚΕdŚĂƚ^ƉĞĂŬƐƚŽKƵr Condition & Brainstorming Ideas About Topics for Books for Children and Management ʹ (like SCADA & ME) ..................................... 93 Open Reputation Framework ..................................................................................................... 94 DNSSEC 101 (Intro: How it works? My War Stories!) ................................................................ 95 ACE: Authentication & Authorization for Constrained Environments ...................................... 95 The Maker Economy & Identity ................................................................................................. 96 What It Takes to Get a Customer-Centric Startup to Win Funding? ........................................ 100 Kitties are Fluffy! ...................................................................................................................... 101 Startups Pitching to VC Panel ................................................................................................... 102 Thank You to All the Fabulous Notes-takers! ............................................................................... 107 //ttŽŵĞŶ͛ƐtĞĚŶĞƐĚĂLJƌĞĂŬĨĂƐƚ ............................................................................................ 108 Demo Hour ................................................................................................................................... 109 //tys///ηϭϴWŚŽƚŽ͛ƐďLJŽĐ^ĞĂƌůƐ ............................................................................................. 112 IIW 18 Page 2 ABout IIW ² the Internet Identity Workshop The Internet Identity Workshop (IIW) was founded in the fall of 2005 by Phil Windley, Doc Searls and Kaliya Hamlin. IIW is a working group of Identity Commons. It has been a leading space of innovation and collaboration amongst the diverse