© 2008 by Parity; made available under the EPL v1.0 Identity Management Authorization and User Profiles: Higgins1.0 and Beyond Paul Trevithick,

Slides:



Advertisements
Similar presentations
The Higgins Data Model Higgins : a species of Tasmanian long-tailed mouse Copyright© Parity Communications, Inc. Made available under EPL v1.0.
Advertisements

Copyright 2008, Parity Communications, Inc. licensed under EPL 1.0 Paul Trevithick, SocialPhysics.org Mary.
Identity Network Ideals – Heterogeneity & Co-existence
Higgins 1.1 Data Models Higgins : a species of Tasmanian long-tailed mouse. 14 September 2007; revised 24 January 2010.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
CH-4 Ontologies, Querying and Data Integration. Introduction to RDF(S) RDF stands for Resource Description Framework. RDF is a standard for describing.
UDDI v3.0 (Universal Description, Discovery and Integration)
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Database Systems: Design, Implementation, and Management Tenth Edition
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Implementing and Administering AD FS
WSO2 Identity Server Road Map
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
By: Ansuya Chauhan.
Higgins 1: A species of Tasmanian long-tailed mouse 2: An open source identity framework being developed at the Eclipse Foundation.
© 2009 by Mary Ruddy, Manfred Duchrow, Frank Gerhardt, Jochen Hiller, Gunnar Wagenknecht; made available under the EPL v1.0 | Identity Management.
Active Directory: Final Solution to Enterprise System Integration
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Higgins 1.1 Architecture Diagrams
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation ARC204.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
Understanding Active Directory
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Copyright © 2004, Epok, Inc. Extensible Resource Identifiers (XRIs) XDI Face to Face 28 April 2004.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Who are you? From Directories and Identity Silos to Ubiquitous User-Centric Identity Mike Jones, Microsoft and Dale Olds, Novell.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Deploying Trust Policies on the Semantic Web Brian Matthews and Theo Dimitrakos.
Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Eclipse Trust Framework (ETF) Creation Review SocialPhysics April 6, 2005.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Justin Smith
Linked-data and the Internet of Things Payam Barnaghi Centre for Communication Systems Research University of Surrey March 2012.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.
Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.
© 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Security & Identity : From present to future Matt Flaherty, IBM Mary Ruddy, Meristic.
Windows CardSpace Martin Parry Developer Evangelist Microsoft
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
OASIS Webinar, May 6, 2008 Gabe Wachob, XRI TC Co-Chair Drummond Reed, XRI TC Co-Chair XRI and XRDS: Key Building Blocks of the Internet Identity Layer.
Access Policy - Federation March 23, 2016
Azure Active Directory - Business 2 Consumer
Introduction to Windows Azure AppFabric
Federation made simple
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Windows Azure AppFabric
Introduction to Authentication Authentication සදහා හැදින්වීම
Office 365 Identity Management
LOD reference architecture
Developing for Windows Azure
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Caleb Baker Sr. Program Manager
Building "One Size Fits All" Identity Systems Possible or Fantasy
07 | Introduction to Authentication
Data and Applications Security Developments and Directions
Presentation transcript:

© 2008 by Parity; made available under the EPL v1.0 Identity Management Authorization and User Profiles: Higgins1.0 and Beyond Paul Trevithick, Mary Ruddy,

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Outline What is Higgins?– 20 minute introduction Demo of a Higgins Identity Selector Solution – 10 min Higgins Global Graph Drill Down – 60 min Higgins community – 5 min Higgins adoption – 5 min Higgins 1.0 – 10 min Higgins Futures – 10 min

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 The web of today isn’t people-centered

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 It’s silo-centered People go from site to site setting up accounts and pouring in stuff about themselves Everything the site learns is from people’s fingers – clicks of the keyboard or mouse Its tedious for the user – she’s constantly repeating herself, typing in forms Type type type, click, click, click. Clickety-clack, clickety-clack.

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 The vision of user-centric Identity Management

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 User-centric Identity Management What if you could register at a site without typing data into forms and having to remember passwords? “Identity Selector”

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 User-centric Identity Management What if you could register at a site without typing data into forms and having to remember passwords? And what if you could manage all of your identities as a set of visual “information cards” in one place Identity Selector

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Higgins 1: a species of Tasmanian long-tailed mouse 2: an open source identity selector and interoperability framework being developed by IBM, Novell, Oracle, CA, Google, Parity…

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Goals: 1 of 5 Provide a consistent user experience based on card icons for the management and release of identity data This is needed in order to have a trusted mechanism for authentication and other interactions that is less vulnerable to phishing and other attacks and that works for a wide variety of users and systems See Higgins 1.0 “Identity Selector”

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Goals: 2 of 5 Empower users with more convenience and control over personal information distributed across external information silos. Provide a single point of control over multiple identities, preferences and relationships See Higgins 1.0 “Identity Selector”

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Goals: 3 of 5 Provide an API and data model for the virtual integration and federation of identity and security information from a wide variety of sources See Higgins 1.0 “Identity Attribute Service”

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Goals: 4 of 5 Provide plug-in adapters to enable existing data sources including directories, communications systems, collaboration systems and databases each using differing protocols and schemas to be integrated into the framework See Higgins 1.0 “Identity Attribute Service” “Context Provider” plugins

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Goals: 5 of 5 Provide a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries It organizes relationships into a set of distinct social contexts within which a person expresses different personas and roles See Higgins 1.0 “Higgins Global Graph” data model

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 The Three Layers of Solutions

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 “Identity Selector” App Solution

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Information Card (aka I-Card) User Metaphor Managed Personal (self-issued)

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 I-Cards are managed by an Identity Selector application

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Click on a card Identity Selector User Interface (Higgins is interoperable with Microsoft CardSpace™shown here)

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 …just click and you’re registered and/or signed in! (No more “per site” passwords)

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 The Identity Selector apps are powered by an interoperability framework

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Interoperability Framework Higgins Framework Higgins Browser Extension Apps Identity Providers Apps and Services CardSpace Protocol Providers implement protocols for interacting with Relying Parties OpenID CardSpace Managed (WS-Trust) RSS/Atom I-Card Providers implement identity protocols and card types CardSpac e Personal SAMLX509 Higgins Relationship Kerberos JNDI / LDAP Enterprise Apps Token Providers implement different kinds of security tokens IdAS Context Providers connect to different identity data sources SAML UN/PSIdemix RDF OWL Active Directory Comms Clients Relying Parties Plug-ins Common data model

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Identity Selector Solutions Firefox-embedded Selector Solution  For Firefox on Windows, Linux, and OSX (Requires hosted I- Card Service Component) GTK / Cocoa Selector Solution – C++  For Firefox on Linux, FreeBSD and OSX RCP Selector Solution  For Eclipse RCP Application

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 The Three Layers of Solutions

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Identity Web Services Solutions Identity Providers (IdPs) STS IdP WS-Trust Identity Provider (webapp and web service) SAML2 IdP SAML2 Identity Provider (webapp and web service) Relying Parity (RP) Example Website Extensible Protocol RP Website I-Card enabled Relying Party site (webapp)

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 The Three Layers of Solutions

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Higgins Global Graph Provides a foundation for achieving data portability, interoperability and unification for identity, profile, preference and social relationship data about people, things or concepts Identity information related to identification, authentication, etc. It also includes attributes such as preferences, interests, and associated objects like events and things, wishlists. It includes relational attributes representing friends and other kinds of associations with other people, organizations, etc. An important kind of relation, called a correlation, models a link between different representations of the same person in different contexts (systems)

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Higgins Global Graph Implementation Identity Attribute Service + Context Providers (plugins) Implements the Higgins Global Graph Can be extended using Context Providers that connect the IdAS to various systems or data stores.

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Higgins Identity Selector Demonstration

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Higgins Global Graph Data Model

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Requirements for Interoperability Three things are required to achieve identity and social data interoperability: 1.A common data model (including a common schema description language) 2.An API and/or service abstraction 3.Schema mapping transforms or a common schema #1 is addressed by the Higgins Global Graph model #2 can be addressed using the Higgins Identity Attribute Service (aka IdAS) #3 is considered out of scope

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Contexts and ContextId Data Range URIs A Context is a data container/source Each Context is identified by a URI  Specifically, a ContextId Data Range URI Examples of Contexts:  Facebook social network  LDAP directory  PeopleSoft database  Mobile phone network A Context

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Contexts contain Nodes Nodes are representations of entities (e.g. real world people, groups, organizations, objects, etc.) Each Node is identified by a URI  Specifically, a NodeId Data Range URI R&D Dept. A Node representing your manager A Node representing you Context

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Nodes have zero or more Attributes Each attribute has an attribute type (URI) Each attribute one or more values These values may be simple (e.g. a string) or complex (e.g. a postal address, 3D avatar mesh, calendar event, etc.) Node Each attribute has one or more values Attributes of a Node Bobactivities: plays-golf-every Value = “Wednesday” Value = “Saturday” Abstract Concept Example

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Attribute values and Data Ranges All simple attribute values have a base datatype that is one of the XML Schema types (e.g. string, integer, boolean, anyURI, etc.) They may also have syntax constraint facets (e.g. length, pattern, minInclusive) as defined by XML Schema Two Data Ranges are pre-defined:  NodeId Data Range – a URI that identifies a Node  ContextId Data Range – URI that identifies a Context

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Attribute Statements An Attribute Statement An instance of a node-attribute-value triple is called an attribute Statement Statements may have attributes Abstract Concept Example Attributes about the Statement blue eye-color Bob asserted-by Massachusetts Department of Motor Vehicles valid-until Aug 17 th 2010

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 The NodeId Attribute Almost all Nodes have a special NodeId attribute whose value is a NodeId Data Range that uniquely identifies the Node within its containing Context Node NodeId attribute The value of the NodeId attribute identifies the Node itself

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 The Node Relation Attribute A Node Relation attribute creates a link between two Nodes Node The value of a Node Relation attribute is a URI that uniquely identifies some other node Node Relation attribute Abstract Concept Bobfoaf:knows Value: Alice Example Alice

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 The Node Correlation Attribute A Node Correlation attribute creates a link between two Nodes and implies that both nodes are representations of the same underlying Entity (e.g. person or thing) Node The value of a Node Correlation attribute is a URI that uniquely identifies another node representing the same Entity Node Corelation attribute Abstract Concept Bobhiggins:correlation Value: “Robert Smith” Example Robert Smith

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you) Simplified Rendering of Relations Bobcorrelation Value: “Alice”Alice Bob Alice Dotted line implies relation

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you) Simplified Rendering of Correlations Bobcorrelation Value: “Robert Smith”Robert Smith Bob Robert Smith Solid line implies correlation

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Relation and Correlation examples Context AYahoo*group-22 Node Relation In this example you have two accounts/profiles in Context A and you are also member of the Yahoo Group. You know another member of the Yahoo Group. // // 333 Identifies the Context Identifies Node 4668 within it NodeId Data Range (URI) Node Correlations A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you)

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Friends List example e.g. Facebook The Attribute Statement: “You know Drummond” Drummond A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you)

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Social Network example Facebook Reciprocated (confirmed) link A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you)

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 A Cross-Context example FacebookSecond Life Dept of Motor Vehicles Social Security Administration Other Nodes You “Meta” Context You A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you)

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Contexts Relations and Correlations Contexts can have both Context Relations and Context Correlations that are analogs to Node Relations and Node Correlations respectively A Context Relation is a “related” Context A Context Correlation is another Context that is a representation of the same underlying set of Entities (e.g. the same underlying organizational department)

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Enterprise Directory example Enterprise directory Context with two sub-Contexts You R&D Dept. XYZ Corporation Marketing Dept. Contexts can have relationships with other Contexts. These are called Context Relations. Your Manager

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Higgins Global Graph Specifications

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Key: Higgins Ontology Language (HOWL) Ontology (Schema) RDFS / OWL Higgins XRDS Service Endpoints Identifiers Cool URIs OpenID XDI Higgins Context Descriptors WS- Addressing [Planned] XRI Discovery XRI v10 W3COASISDe facto Higgins Global Graph: Implementation Specifications Higgins Identifiers

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Context Ontologies Contexts describe their ontologies using RDF/OWL Contexts base their ontologies on higgins.owl (aka HOWL) Contexts are otherwise free to define their own data schemas/ontologies For example, a Context could define a Person, that has eyeColor and phoneNumber attributes:  Person would sub-class higgins:Node  eyeColor would specialize higgins:attribute

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Higgins Community Includes

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Higgins Adoption – Open Source Communities This section lists open source solutions developed external to the Higgins project, but based on Higgins Components Novell Bandit “DigitalMe” Identity Selector Novell Bandit STS/IdP  Higgins-based STS/IdP service Eclipse ALF Project Other Eclipse projects (Aperi and Cosmos) are considering using Higgins

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Higgins Adoption – Commercial Serena Novell IBM Oracle CA Sxip

Higgins Tutorial | © 2008 by Parity; made available under the EPL v1.0 Higgins 1.0 – Packaged as 7 Solutions 3 Identity Selector Application 2 Identity Provider Web Services 1 Relying Party Web Service 1 Identity Interoperability Framework (Identity Attribute Service) Opportunity to answer questions about Higgins