Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to Information Card Barry Dorrans Charteris plc

Published byJoella Gordon Modified over 8 years ago

Similar presentations

Presentation on theme: "An Introduction to Information Card Barry Dorrans Charteris plc"— Presentation transcript:

1 An Introduction to Information Card Barry Dorrans Charteris plc http://idunno.org

2 Internet Authentication Patchwork of identity systems Criminalisation of the Internet Identity systems can be hard

3 Information Card is not Passport Published standard User controls what gets sent Anyone can issue information cards

4 The Laws of Identity User control and consent Minimal disclosure Justifiable parties Directed Identity

5 The Laws of Identity Pluralism of operators and technologies Human Integration Consistent Experience

6 What is “Information Card” Identity Provider Relying Party WSTrust, WSSecure, SAML

7 Types of Information Card Self Issued Managed

8 Self Issued Information Card Created by user “Phone book” information

9 Managed Information Card Issued by 3 rd Party Information held at source Can be protected further

10 Why “card”?

11 What is “CardSpace” http://cardspace.netfx3.com/ Windows CardSpace is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way.

12 What is “CardSpace” Identity Selector Client Software Vista, XP, Win2003 with.NET 3.0

13 CardSpace Security All communications are secured Information encrypted in memory Dual ACL protection

14 The typical login process Login to identity provider Token issued to client Token sent to service provider Token validated with identity provider Output sent to client

15 The Information Card process Service Provider Requests Identity CardSpace Identity Selector pops up Token is built by Identity Selector (with Identity Provider) Token sent to client Output sent to client

16 What about OpenID?

17 Identity Cards versus OpenID Identity CardOpenID Clientside promptHTML Form Common ExperienceExperience varies Simpler LoginRedirection / Site Bounce Requires SSLDoesn’t require SSL

18 What do I need to accept cards? SSL Certificate Object tag in HTML Processing Code server side (ASP.NET must have access to cert)

19 Why SSL? Used to identify relying party Tokens encrypted against it Revocation lists checked, hard to use self issued certs

20 Hello Information Card

21 SAML http://www.oasis-open.org/ Assertion based. CardSpace is a SAML 2.0 “Enhanced Client Proxy”.

22 The WS-Trust Conversation Query MEX EndPoint Build Asymmetric Keys Talk

23 WS-Secure Token is encrypted using WS-Security.NET 3.0 provides classes to Un-encrypt Convert to SAML claims

24 Understanding a token Shows the token has been encrypted with AES256 CBC Symmetric Algorithm Both originator and recipient share the key

25 WS-Secure Key Protection Shows the symmetric key is being conveyed via RSA- OAEP-MGF1P The sender has made up a transient key (AES) Encrypted that key with the recipient SSL public key.

26 Where’s the token 77Ybo3C32JckPMD+lxm9t7KKxfQjMT8ojczrDs0i HsxJ3Q6i3B04RAGrOivLfqMYzYP4lZXsM2lF8cUs aVOTY9KqsJjpOBwyk37n9tw7pV6E3SXkHtXx92xl 5AqmjPeBdDI/syrIjgE1bpbn5sX5PpNoOmAbYSV2... Wvl2o5ABIqvToMV1bp16Ns1ImSgxuB074kmAvAUx b/LXPXq1Gwcz2YtyaHMYSUvzzzYRuDH9qu0R6748 B/C1if4MeXHUqMPYaEQ+dhuzoVUMuy7/kQVP5ckb B0asMSqIiJp5B4vecBe/aGQo9AYNEwPv4xAB5cvr PBEG4TCFtSVyJkn2LcdwNzqmNqIewGMxawwUPgxe D2w== That’s the SAML token

27 Token Headers https://www.fabrikam.com/Demos/Reading/signin4.html

28 And finally … the claims Barry wL6Xi5Z5uXQnSu40mRbkpljc5uKvf02HyA SCo8uceNk=

29 Supported Claims Anonymous, Authentication, AuthorizationDecision, Country, DateOfBirth, Dns, Email, Gender, GivenName, Hash, HomePhone, Locality, MobilePhone, Name, NameIdentifier, OtherPhone, PostalCode, PPID, RSA, SID, SPN, StateOrProvince, StreetAddress, Surname, System, Thumbprint, Upn, URI, WebPage, X500DistinguishedName

30 Uniquely Identifying a card PPID for self issued cards Identity Provider Public Key & Unique claim for managed cards

31 Want to be an Identity Provider? EV SSL Security Token Service CRD delivery mechanism

32 Things to ponder Validate self issued cards How much do you trust an IP?

33 Tools Microsoft provide Client Side Kit ASP.NET Kit

34 Blogs Kim Cameron http://identityblog.com Vittorio Bertocci http://blogs.msdn.com/vbertocc Garrett Serack http://fearthecowboy.com

35 RP Code for ASP.NET ASP.NET Kit http://go.microsoft.com/fwlink/?LinkId=89183 User Control http://www.leastprivilege.com

36 RP Code for other languages Ruby http://www.codeplex.com/informationcardruby Java http://www.codeplex.com/informationcardjava

37 Identity Providers OpenID & Information Cards http://www.signon.com/ Live Labs Beta STS https://sts.labs.live.com/gettingstarted.aspx

38 Questions? “Now, with the debut of the Info­Card identity management system, Microsoft is leading a network-wide effort to address the issue. To those of us long skeptical of the technology giant's intentions, the plan seems too good to be true. Yet the solution is not only right, it could be the most important contribution to Internet security since cryptography.” Lawrence Lessig, Wired Magazine, March 2006.

Download ppt "An Introduction to Information Card Barry Dorrans Charteris plc"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.

Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)

6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Core Web Service Security Patterns

Core Web Service Security Patterns
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number 09-017 Norman F. Brickman, Roger.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation ARC204.

Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation ARC204.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
The Laws of Identity and Cardspace Charles Young Solidsoft.

The Laws of Identity and Cardspace Charles Young Solidsoft.
Information Card Interoperability Michael B. Jones – Microsoft October 2008.

Information Card Interoperability Michael B. Jones – Microsoft October 2008.
Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.

Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Similar presentations

Ads by Google