OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

Slides:

Advertisements

Similar presentations

OpenID & Information Card Profiles for ICAM John Bradley

Advertisements

Advances in Digital Identity

Service Bus Service Bus Access Control.

AUTHENTICATION AND KEY DISTRIBUTION

Chapter 14 – Authentication Applications

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Web Service Security CS409 Application Services Even Semester 2007.

Lecture 23 Internet Authentication Applications

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

By: Ansuya Chauhan.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

Core Web Service Security Patterns

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Using Digital Credentials On The World-Wide Web M. Winslett.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.

Single Sign-on Writ Large. What is OpenID?  Open, Decentralized single sign on standard  Allows users to use a single digital identity across multiple.

INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 16 Prof. Crista Lopes.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

Leveraging UICC with Open Mobile API for Secure Applications and Services Ran Zhou.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Web Services Security. Introduction Developing standards for Web Services security – XML Key Management Specification (XKMS) – XML Signature – XML Encryption.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

1 Boundary Control Chapter Materi: Boundary controls:  Cryptographic controls  Access controls  Personal identification numbers  Digital signatures.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

An XML based Security Assertion Markup Language

Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Fall 2006CS 395: Computer Security1 Key Management.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

ESRIN, 15 December 2009 Slide 1 Web Service Security in HMA-T HMA-T Final Presentation 14 December 2009 S. Gianfranceschi, Intecs.

Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.

Secure Single Sign-On Across Security Domains

Web Services Security.

Pooja programmer,cse department

A few recent days in the news…

Presentation transcript:

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008

Introduction Identity happens in silos Closed and complex Identity 1.0

Introduction Identity 2.0 is a way for users to have one identity that can be used in multiple places on the web. Must Be: Simple Scalable Flexible Identity 2.0

Technologies OpenID Windows CardSpace

OpenID OpenID is a decentralized single sign on service. Managed by the OpenID Foundation General Principles: simple, modular, free, and further extensible Provides the verification of a users identity from an identity provider to a relying party

OpenID What is an OpenID? URI/XRI identifier that is used to find the OpenID Identity Provider for a user An example identifier is:

OpenID Yadis Capability Document

OpenID Authentication user initiates authentication by supplying and identifier to a relying party relying party performs discovery and determines the endpoint URL to request authentication from relying party and identity provider establish a shared secret through the use of the Diffie-Hellman key exchange, and signs all of the following messages with this key relying party requests authentication for the user identity provide determines whether the end user is authorized to perform OpenID authentication and wishes to do so the identity provider returns either an assertion that authentication is approved or has failed relying party verifies the information received from the provider by checking the return URL, verifying the discovered information, checking a nonce, and verifying the signature using the established shared key

OpenID Strengths: Decentralized and Portable Easily Controlled and Managed by User Lightweight Weaknesses: Phishing Windows Only

Windows CardSpace Identity Metasystem Information Cards Goals: A way to represent identities using claims A means for identity providers, relying parties, and subjects to negotiate An encapsulating protocol to obtain claims and requirements A means to bridge technology and organizational boundaries using claims transformation A consistent user experience across multiple contexts, technologies, and operators

CardSpace Strengths: Consistent User Interface Security – uses SAML Weaknesses: Portability Security – physical Windows Only

Conclusions OpenID is the next step in managing digital identity OpenID is better than other solutions since it is decentralized, free, and open standard, and is gaining momentum in the online community OpenID helps breaks the boundaries between web applications

Questions?