Download presentation
Presentation is loading. Please wait.
Published byLeo Lamb Modified over 9 years ago
1
Identity-based Service Interaction Mohammad M. R. Chowdhury Ph.D. candidate UniK-University Graduate Center / University of Oslo SWACOM meeting, Stavanger, June 8, 2007 SWACOM: WP2
2
About Me? Education: Ph.D candidate, UniK/Oslo University, July 06 - present MSc., Telecommunication Eng. Helsinki University of Technology, 2004 BSc., EEE, Bangladesh University of Eng. & Tech., 2002 Work Experience: Ph.D. candidate, UniK, (July 06 - present) Deputy Superintendent Eng., Radio Planning GrameenPhone/Telenor, Bangladesh Leturer, AIUB, Bangladesh RA & TA, University of Vaasa, Finland Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
3
Contents Identity: Real world to digital world Related works Role-based identity Integrated identity mechanism for service access Controling corporate and social identities in communities Semantic Identity (SemID) Conclusion Future works Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
4
In philosophy, identity 1 is whatever makes an entity definable and recognizable, in terms of possessing a set of qualities or characteristics.philosophy Identity 1 is an umbrella term used throughout the social sciences for an individual's comprehension of him or herself as a discrete, separate entity.social sciences Digital identity 1 also has another common usage as the digital representation of a set of claims made by one digital subject about itself or another digital subject.digitaldigital subject An online identity 1 is a social identity that network users establish in online communities.social identity online communities As more more services are accessible in digital world, digital identities and their management will play a vital role in secure service access and privacy ….. Source: 1 Wikipedia Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
5
Identity: Real world to digital world Real world Identities Digital world identities Identity Digital world Passwords everywhere Gartner says (annual IT security summit 2005) 80% of organizations will reach a password breaking point by 2007. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
6
Our objectives How to represent user’s identity (role-based identity) and where to store user’s identity (SIM card + secure identity space in the network) Integrated identity mechanism to interact with both remote and proximity services Community-aware identity management in corporate and social environment (through semantic web technology) Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
7
Related works ”The Laws of Identity” – By Kim Cameron ”……. laws define a unifying identity metasystem that can offer the Internet, the identity layer it needs ” Windows Cardspace – ”……..uses variety of virtual cards, each retrieving security token from Identity providers (that issued cards) for authentication and identification to services.” SXIP – ”…….User stores identity data to Homesite (issued by SXIP). Website (SXIP membersite) consumes identity data by sending SXIP requests for user data from Homesite. Homesite authenticate and identity users.” Liberty Alliance Project – ”……. to establish open standards, guidelines and best practices for federated identity management. It allows consumers and users of Internet-based services and e- commerce applications to authenticate and sign-on to a network or domain once from any device and then visit or take part in services from multiple Web sites. ” Smart card vendors – Gemalto, NXP ”…….. Developed high capacity SIM card for Identity provision, storing certificates, rights etc.” Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
8
SXIP, Cardspace provide identity movement over the Internet only Cardspace requires user’s PC/terminal always (to use installed cards) No integrated approach for remote and proximity service access What are the alternatives for numerous physical identities (cards) user currently carrying? No notion of community-aware identity management and privacy assurance Related works (cont.) Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
9
We propose ’Role-based Identity’ Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
10
Human roles Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
11
Role-based Identity My digital identity –My personal identities (PID): Identify ourselves in our very personal interactions, e.g. access financial services –My corporate identities (CID): Identify ourselves in our corporate/professional interactions, e.g. access work premises, office LAN/VPN –My social identities (SID): Identify ourselves in our society/ community/ interpersonal interactions, e.g. access to address books, calendar, my community, friends, interests, preferences Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
13
Security infrastructure IdentityExampleRealisationLocationSequiry Req. PIDBank Home admittance certificate + key home entry key SIM High CIDOffice admittance Temp. visit admittance Temp. entry keyNetworkMedium SIDPreferences Attributes Community relations foaf OWL Network Low Medium ESIM (Extended SIM card): SIM card might have two modules - Module 1: low sec. + medium sec. - Module 2: high sec. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
14
Realisation: Nice to know: SIM card Need to Know: SIM + PIN/Password Have to know: SIM + PIN + PKI, OTP Nice to know: Access to network + Access to network identity space + Access SIDs Need to know: Access CIDs Have to know: Access PIDs Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
15
Integrated Identity Mechanism for Service Access Fig. Generic architecture of integrated identity mechanism. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
16
Technology out there to control and manage user’s personal identities to interact services Example: e-identification through SIM card (activating BankID in SIM card through SIM+PKI) –BankID in Norway, Sweden Then what about controling corporate and social identities (preferences, attributes etc.) in community/group environment to access service or resources? Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
17
Motivation Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
18
Expectation Mushfiq, Josef members of Communication group of UniK, can access each other’s conf. papers but cant access the pictures, only family members can see these ---- Access resources based on relationships (corporate identity), partition data, add privacy Mushfiq knows Manav. So, Manav can see which group Mushfiq belongs to. But cant see the other members of the group (As Manav is not a member of Communication group). ----- add privacy Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
20
Can Maria see the photos taken by Frank? Because Maria is mother of Paul, Frank is father of Anna and Paul, Anna both are members if class 2 of Sogn school. --- Access resources based on relationships (corporate identity) We propose Semantic Web Technology to take care of these expectations. Expectation Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
21
Why Semantic Web? Current Web – only to present knowledge/web content to humans Semantic Web (SW) – Next generation of contemporary web in which content of web is expressed in a form that can be understood, interpreted and used by computers, software agents to find, share and information more easily. The semantic web comprises the standards and tools of XML, XML Schema, RDF, RDF Schema and OWL. We propose SemID (Semantic Identity) where OWL, Web Ontology Language is used to formalize and define the proposed identity management domain. OWL is chosen because it facilitates greater machine interpretability of Web content than that supported by XML, RDF, and RDF Schema (RDF-S) by providing additional vocabulary along with a formal semantics. Ontology with foaf is public so cannot support privacy requirements. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
22
SemID Is proposed to provide role-based access control and privacy assurance service in project oriented corporate working environment. Access control and privacy goals are achieved through the formal definitions of policies and rules using OWL DL (a sub-language of OWL). USE CASE: Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
23
Screen shots of SemID ontology We model the ontology of the use USE CASE scenario using protégé-OWL ontology editor platform. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
24
Identity has Group (hasGroup). Identity has Visibility (hasVisibility). Identity has Role (hasRole). Role has Policy (hasPolicy). Role has visibility of Group (hasVisibilityOfGroup). Policy has Rule (hasRule). Rule has Subject (hasSubject). Rule has Resource (hasResource). Rule has Action (hasAction). Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
25
A Policy (P) represents the privilege reserved for each role in a community and expressed through a set of Rules (R1, R2, … Rn). Therefore Policy P = {R1, R2, ….Rn} Essentially a Rule (R) is a function that takes an access request as input and results an action (permit, deny or not applicable). The Rule is composed of the Subject (S), Resource (R) and Action (A) In this ontology Subject refers to the Identity (CID), Resource refers to project resource (Deliverables, documents etc.). This is how Rule takes care of access control service hasVisibility and hasVisibilityOfGroup property take care of privacy assurance For further details log into www.semid.orgwww.semid.org Now a software (enterprise content management) can be developed based on the proposed ontology. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
26
SreenShots of the Software
27
Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
28
Conclusion Role-based identity is proposed. Distributed in nature (SIM + Network) PIDs in SIM, CIDs in SIM+Network, SIDs in Network. Identity-based service access is proposed using mobile infrastructure to meet low to high security requirements. Mobile phone as identity handler. Semantic Web can take care of the control of CIDs and SIDs in community environment. SemID is proposed in project oriented corporate environment to deal with access control and privacy requirements. Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
29
Future works Extend the current SemID further to add some more roles (like supervisors etc etc.) Concepts similar to SemID can be extended to currently open social community domain to add privacy (LinkedIn and Facebook are open to all registered users!!) To invoke identity management ontologies from mobile environment to access services Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
30
Thank You ? comments or suggestions Mohammad M. R. Chowdhury, SWACOM meeting, Stavanger June 08, 2007
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.