De-Confusing: High Level Overview

From IIW
Jump to: navigation, search

Session: Day – Number - Space Location Tuesday – Session 1 - E

Convener: Kaliya Hamlin

Notes-taker(s): Aaron Bronzan

A. Tags for the session - technology discussed/ideas considered:

Overview of Identity, Standards Organizations, Acronyms


B. Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

"De-confusing" Identity (5/18 session 1)


"On the Internet, nobody knows you're a dog" (IIW logo) - Anonymity is important - But people need the set of tools to be able to represent who they are (at varying levels of granularity/disclosure)

Communities in attendance


- Business - Enterprise Customer - Enterprise Identity Management Product - WebPortals (e.g. Google, Yahoo, MSN, LinkedIn) - Regular websites - Government - Europe, BC, DC - Standards Development Community - OASIS (InfoCards, SAML, XRI/XDI) - IETF and Internet Society (SMTP) - W3C (HTML) - ITU-T (phone) and ISO - "Floaters" - XMPP - Jabber - OpenID - Sysadmins - Web Developers - Etc. Etc. Etc.

- Enterprise identity management: Where it all sort of started - Provisioning/issuing credentials for use of internal enterprise systems - e.g. username, password, auth token, etc. - SAML (Security Assertion Markup Language): Directory of employees with specific privileges - Authorization, or AuthZ (What you’re allowed to do) - Authentication, or AuthN (The identifier – the username you use, etc.) - Verification - Enrollment into system (new users) - Termination from system (ex-users)

- SAML Federation

  	- Business to Business sharing (e.g. American Airlines + Boeing)
  	- Trusting each other's credentials
  	- Doesn't scale well

OpenID = outsourcing username and password (same "username" or i-name) - Problem is phishing: Fake forms for OpenID providers - Therefore, OpenID is designed for low-security transactions

NASCAR problem: Addresses challenge of usability with OpenID (logos instead of having to remember your OpenID URL)

Info Cards - IDP issues card, or you make your own card - User selects cards - Open Source InfoCard Selector repository: Higgins Project - Send various attributes only, customize the amount of information sent

OpenID + Information Cards = Open Identity Exchange

XRD is Discovery: A protocol for understanding and discovering services

We then went over a bunch of the organizations and how they relate to each other. See Kaliya’s flowchart slides for an overview.