De-Confusion Big Picture
From IIW
Tuesday Session 1 Space E
Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes
"De-confusing" Identity (5/18 session 1)
"On the Internet, nobody knows you're a dog" (IIW logo)
- Anonymity is important
- But people need the set of tools to be able to represent who they are (at varying levels of granularity/disclosure)
Communities in attendance
Business
- Enterprise Customer
- Enterprise Identity Management Product
- WebPortals (e.g. Google, Yahoo, MSN, LinkedIn)
- Regular websites
Government
- Europe, BC, DC
Standards Development Community
- OASIS (InfoCards, SAML, XRI/XDI)
- IETF and Internet Society (SMTP)
- W3C (HTML)
- ITU-T (phone) and ISO
- "Floaters"
- XMPP - Jabber
- OpenID
- Sysadmins
- Web Developers
- Etc. Etc. Etc.
- Provisioning/issuing credentials for use of internal enterprise systems
- e.g. username, password, auth token, etc.
- SAML (Security Assertion Markup Language): Directory of employees with specific privileges
- Authorization, or AuthZ (What you’re allowed to do)
- Authentication, or AuthN (The identifier – the username you use, etc.)
- Verification
- Enrollment into system (new users)
- Termination from system (ex-users)
- SAML Federation
- Business to Business sharing (e.g. American Airlines + Boeing)
- Trusting each other's credentials
- Doesn't scale well
OpenID = outsourcing username and password (same "username" or i-name)
- Problem is phishing: Fake forms for OpenID providers
- Therefore, OpenID is designed for low-security transactions
NASCAR problem: Addresses challenge of usability with OpenID (logos instead of having to remember your OpenID URL)
Info Cards
- IDP issues card, or you make your own card
- User selects cards
- Open Source InfoCard Selector repository: Higgins Project
- Send various attributes only, customize the amount of information sent
OpenID + Information Cards = Open Identity Exchange
XRD is Discovery: A protocol for understanding and discovering services
We then went over a bunch of the organizations and how they relate to each other. See Kaliya’s flowchart slides for an overview.