Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advances in Digital Identity Steve Plank Identity Architect.

Similar presentations


Presentation on theme: "Advances in Digital Identity Steve Plank Identity Architect."— Presentation transcript:

1 Advances in Digital Identity Steve Plank Identity Architect

2 Connectivity Naming IP DNS Identity no consistency

3 taught users type usernames & passwords web page

4 what is identity?

5 attributes:givenNamesn preferredNameplanky dateOfBirth170685! over18true over21true over65false imagesteveplank

6 self asserted verifiable what claims i make about myself what claims another party makes about me

7 elvis presley only 1 of them is real probably

8 trust make these claims claims

9 SECURITY TOKEN steve plank over 18 over 21 under 65 image

10 security token service give it something SECURITY TOKEN Steve Plank Over 18 Over 21 Under 65 image DIFFERENT SECURITY TOKEN Username Password Biometric Signature Certificate Secret

11 identity metasystem

12 participants relying party (website) identity provider subject

13 WS-* security token service SAML WS-* SAML security token service WS-* x509identityprovider identityprovider subject relying party identity selector

14 identity selector

15 human integration consistent experience across contexts

16

17 contains claims about my identity that I assert not corroborated stored locally signed and encrypted to prevent replay attacks provided by banks, stores, government, clubs, etc locally stored cards contain metadata only! data stored by identity provider and obtained only when card submitted cards self-issuedmanaged

18 object tag login with self issued card relying party (website) user login

19 select self issued card relying party (website) user Planky

20 create token from card relying party (website) Planky FN: Steve LN: Plank Email: splank CO: UK user

21 sign, encrypt & send token relying party (website) Planky user

22 object tag login with managed card relying party (website) user login identity provider

23 select managed card relying party (website) user Woodgrove Bank identity provider

24 Woodgrove Bank request security token relying party (website) identity provider user authN: X509, kerb, SC, U/pwd …

25 Woodgrove Bank request security token response relying party (website) identity provider user sign, encrypt send

26 Click here to sign in with your Information Card { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/1503187/5/slides/slide_25.jpg", "name": "Click here to sign in with your Information Card ", "description": "Click here to sign in with your Information Card ", "width": "800" }

27 relying party (website) token decrypter claims extractor first name last name email phone user database 123 456 789 456 xmlToken (signed & encrypted) xmlToken (plaintext) ppid index into DB

28 demo

29 Built into Windows Vista Available for Windows XP & Windows Server 2003 Betas & CTPs available from: http://msdn.microsoft.com/windowsvista/getthebeta http://msdn.microsoft.com/windowsvista/getthebeta RTM 2nd half 2006 More Information & Samples at http:/cardspace.netfx3.comhttp:/cardspace.netfx3.com Q2Q3Q1 2006 Q2Q4Q1 2005 Q3Q4 B1B2 V1 RTM CTPRCx roadmap

30 review identity layer phishing, phraud human integration consistent experience across contexts ip rp user identity selector Presentation style mercilessly stolen off Lawrence Lessig, BBC News 24 and Dick Hardt


Download ppt "Advances in Digital Identity Steve Plank Identity Architect."

Similar presentations


Ads by Google