Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Laws of Identity and Cardspace Charles Young Solidsoft.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The Laws of Identity and Cardspace Charles Young Solidsoft."— Presentation transcript:

1 The Laws of Identity and Cardspace Charles Young Solidsoft

2 Embodies Kim Cameron’s ‘Laws of Identity’ – Universal identity systems Supports the Identity Metasystem CardSpace

3 The Identity Meta-what??? The Identity Meta-system – A single identity ‘fabric’ supported by many different technologies – A system of systems – …so standards are important here!!

4 Yes, but what is an identity? It’s a list of claims about an entity – Entities….that’s me and you! – My name is Charles – I work for Solidsoft – My email address is…. …well, that would break laws 2 and 3

5 Law 1: User Control and Consent Only reveal information with the user’s consent – It’s their identity, after all

6 Law 2: Minimal disclosure for a defined use Disclose as little identifying information as possible Limit the use of identifying information as much as possible Helps build stable long-term solutions.

7 Law 3: Justifiable Parties Don’t disclose identifying information to a party that cannot ‘justify’ itself. – All parties must identify themselves – Establish trust relationships

8 Law 4: Directional Identity Omni-directional – Publicly broadcast your identity – ‘Look at me everyone! Here I am. It’s me.’ Uni-directional – Privately assert your identity – ‘Psst…It’s me. The password is ‘Cardspace’. Let me in.’ Identity systems must support both.

9 Law 5: Pluralism of operators and technologies If it’s Microsoft-only, its useless! …but seriously… – The Identity meta-system MUST NOT be bound to proprietary solutions and technologies – Different cultures – Different contexts

10 Law 6: Human Integration Humans are first-class components if the identity meta-system (duh) Unambiguous human-machine communication Machines don’t attack you – humans do.

11 Law 7: Consistent experience across contexts ‘Thingify’ your identities Consistency shines the spotlight on attackers

12 Cardspace Actors: Subjects

13 Cardspace Actors: Relying Parties

14 Cardspace Actors: Identity Providers

15 Reason over your identities Smart selection The Cardspace Identity Selector

16 The Cardspace Logon process

17 Contains self-asserted claims about me Stored locally Use instead of username/password SELF - ISSUED Information Card Types

18 Provided by banks, stores, government, clubs, etc. Claims stored at Identity Provider and sent only when card submitted MANAGED Information Card Types

19 Cards contain metadata only! Cardspace can handle any claims tokens – SAML tokens are most common Cardspace uses WS-* standards Cards and standards

20 Call to action Cardspace-enable your web sites – Relying parties Invest in Secure Token Server technology – Identity providers Spread the word.

Download ppt "The Laws of Identity and Cardspace Charles Young Solidsoft."

Similar presentations

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Advances in Digital Identity

Advances in Digital Identity
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
 Jan Alexander Program Manager Microsoft Corporation BB43.

 Jan Alexander Program Manager Microsoft Corporation BB43.
 Rich Randall Development Lead Microsoft Corporation BB44.

 Rich Randall Development Lead Microsoft Corporation BB44.
InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
EID Summer Summit 28 June 2005 EAP’s Sponsored and in Partnership with 7 Laws of Identity Kim Cameron Chief Architect of Identity and Access MS Corp, Redmond.

EID Summer Summit 28 June 2005 EAP’s Sponsored and in Partnership with 7 Laws of Identity Kim Cameron Chief Architect of Identity and Access MS Corp, Redmond.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
11 steve plank (“planky”) identity architect microsoft uk.

11 steve plank (“planky”) identity architect microsoft uk.
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Next Steps toward More Trustworthy Interfaces Burt Kaliski, RSA Laboratories 1 st Workshop on Trustworthy Interfaces for Passwords and Personal Information.

Next Steps toward More Trustworthy Interfaces Burt Kaliski, RSA Laboratories 1 st Workshop on Trustworthy Interfaces for Passwords and Personal Information.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft

SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd

.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd
Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here William Barnhill Booz Allen Hamilton.

Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here William Barnhill Booz Allen Hamilton.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”

Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”

Similar presentations

Ads by Google