Difference between revisions of "Verified Identity Claims"

From IIW
Jump to: navigation, search
 
(5 intermediate revisions by 3 users not shown)
Line 2: Line 2:
  
 
'''Session:''' Tuesday 3C
 
'''Session:''' Tuesday 3C
 +
 +
'''Conference:''' [http://iiw.idcommons.net/Iiw11 IIW-11] November 2-4, Mountain View, [http://iiw.idcommons.net/Notes_IIW11 Complete Notes Page]
  
 
'''Convener:''' Craig Wittenberg (Microsoft)
 
'''Convener:''' Craig Wittenberg (Microsoft)
Line 13: Line 15:
 
'''Participants:'''
 
'''Participants:'''
  
* Craig Wittenberg Microsoft
+
*Craig Wittenberg Microsoft
* Ariel Gordon Microsoft
+
*Ariel Gordon Microsoft
* Jan Unger
+
*Jan Unger
* Tim Cole KuppingerCole
+
*Tim Cole KuppingerCole
* Bret Tobey Assa Abloy
+
*Bret Tobey Assa Abloy
* John Fontana Ping Identity
+
*John Fontana Ping Identity
* Jon Webb Sony PlayStation network
+
*Jon Webb Sony PlayStation network
* Nishant Kaushix Oracle
+
*Nishant Kaushix Oracle
* Takeshi Kitagawa NTT Communications
+
*Takeshi Kitagawa NTT Communications
* Mark Horstmeier Kynetx
+
*Mark Horstmeier Kynetx
* Matt Tebo Proviti
+
*Matt Tebo Proviti
* Greg Turner Sierra Systems
+
*Greg Turner Sierra Systems
* Mike Min Booz
+
*Mike Min Booz
* Guibin Kony Google
+
*Guibin Kony Google
* Aravmdan Ranga PayPal
+
*Aravmdan Ranga PayPal
* Tom Leon AOL
+
*Tom Leon AOL
* Jim Fenton Cisco
+
*Jim Fenton Cisco
* Dale Olds Novell
+
*Dale Olds Novell
* Ben Goodman Novell
+
*Ben Goodman Novell
* Fady Semaan AOL
+
*Fady Semaan AOL
* Henrik Biering Peer Craft
+
*Henrik Biering Peer Craft
* Stuart Proffitt Novell
+
*Stuart Proffitt Novell
* Jeff Stollman Secure Identity
+
*Jeff Stollman Secure Identity
* Ambarsh Malpar CA
+
*Ambarsh Malpar CA
* Alex Ran Intuit
+
*Alex Ran Intuit
* Thomas Hardjono MIT Kerberos
+
*Thomas Hardjono MIT Kerberos
* Peter Capek Self
+
*Peter Capek Self
* Lloyd Burch Novell
+
*Lloyd Burch Novell
* Kimberly Little LexisNexis
+
*Kimberly Little LexisNexis
* Frank Travestino eBay
+
*Frank Travestino eBay
* Heather Ford UC Berkeley
+
*Heather Ford UC Berkeley
 +
 
  
 
'''Discussion notes:'''
 
'''Discussion notes:'''
 +
 +
[[File:U-Prove_technology_overview-Nov2010.pdf]]
  
 
Verified Identity Claims -- Technical introduction  
 
Verified Identity Claims -- Technical introduction  
Line 55: Line 60:
 
Craig presented a few scenarios, starting with Alice purchasing wine online and proving that she's over 21 and that she's a resident of WA state.  Other scenarios included leveraging a German eID to access citizen and private services.   
 
Craig presented a few scenarios, starting with Alice purchasing wine online and proving that she's over 21 and that she's a resident of WA state.  Other scenarios included leveraging a German eID to access citizen and private services.   
 
   
 
   
Many clarification Q&A followed on the technology and its benefits, including:
+
Many clarification Q&A followed on the technology and its benefits, including:
 
   
 
   
 
Q: Why not do back-end attribute exchange?  Why go through all this trouble for exchanging attributes?
 
Q: Why not do back-end attribute exchange?  Why go through all this trouble for exchanging attributes?
Line 65: Line 70:
 
A: If there are no client side bits, there is effectively a “broker” in the cloud that manages the user’s private keys.  Microsoft and its partners are investigating different ways to build the u-prove verified claims agent that mitigates those issues.
 
A: If there are no client side bits, there is effectively a “broker” in the cloud that manages the user’s private keys.  Microsoft and its partners are investigating different ways to build the u-prove verified claims agent that mitigates those issues.
  
''There is a Powerpoint deck associated with this note: U-Prove technology overview-Nov2010.pptx''
+
 
 +
 
 +
''there is a powerpoint deck associated with this session: U-Prove technology overview-Nov2010.pptx''

Latest revision as of 14:27, 7 February 2011

Issue/Topic: VERIFIED IDENTITY CLAIMS – An introduction to U-Prove privacy-enhancing technology

Session: Tuesday 3C

Conference: IIW-11 November 2-4, Mountain View, Complete Notes Page

Convener: Craig Wittenberg (Microsoft)

Notes-taker(s): Ariel Gordon (Microsoft)

Tags: Verified Claims; Identity Attributes; Privacy; Privacy Enhancing Technology; Cryptography; user-centric technology: user control.


Participants:

  • Craig Wittenberg Microsoft
  • Ariel Gordon Microsoft
  • Jan Unger
  • Tim Cole KuppingerCole
  • Bret Tobey Assa Abloy
  • John Fontana Ping Identity
  • Jon Webb Sony PlayStation network
  • Nishant Kaushix Oracle
  • Takeshi Kitagawa NTT Communications
  • Mark Horstmeier Kynetx
  • Matt Tebo Proviti
  • Greg Turner Sierra Systems
  • Mike Min Booz
  • Guibin Kony Google
  • Aravmdan Ranga PayPal
  • Tom Leon AOL
  • Jim Fenton Cisco
  • Dale Olds Novell
  • Ben Goodman Novell
  • Fady Semaan AOL
  • Henrik Biering Peer Craft
  • Stuart Proffitt Novell
  • Jeff Stollman Secure Identity
  • Ambarsh Malpar CA
  • Alex Ran Intuit
  • Thomas Hardjono MIT Kerberos
  • Peter Capek Self
  • Lloyd Burch Novell
  • Kimberly Little LexisNexis
  • Frank Travestino eBay
  • Heather Ford UC Berkeley


Discussion notes:

File:U-Prove technology overview-Nov2010.pdf

Verified Identity Claims -- Technical introduction Craig Wittenberg presented the U-Prove technology U-Prove well respected in academia. Originally created by Credentica; purchased by Microsoft two years ago; incubated as part of the Verified Claims Team .

Similar characteristics as X.509 certificate but with much better privacy characteristics.

Craig presented a few scenarios, starting with Alice purchasing wine online and proving that she's over 21 and that she's a resident of WA state. Other scenarios included leveraging a German eID to access citizen and private services.

Many clarification Q&A followed on the technology and its benefits, including:

Q: Why not do back-end attribute exchange? Why go through all this trouble for exchanging attributes?

A: There are scenarios with privacy requirements such as un-traceability. If you take the case where Governments issue identity claims, there are requirements for the government not to be able to trace where the user is using his proof of age (for example). Depending on the geography, the privacy requirements may come from the government itself or from Privacy Groups.

Q: If there is a Cloud Service that stores and releases information, does it effectively create a secondary IdP?

A: If there are no client side bits, there is effectively a “broker” in the cloud that manages the user’s private keys. Microsoft and its partners are investigating different ways to build the u-prove verified claims agent that mitigates those issues.


there is a powerpoint deck associated with this session: U-Prove technology overview-Nov2010.pptx