July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab Department of Computer Science University of Saskatchewan
July 25, 2005 PEP Workshop, UM Overview Purpose: Purpose: To create a personal information management system for online businesses/consumers To create a personal information management system for online businesses/consumers Why? Why? Help users manage their personal information and be aware of who has it Help users manage their personal information and be aware of who has it Help businesses comply with some areas of privacy legislation Help businesses comply with some areas of privacy legislation
July 25, 2005 PEP Workshop, UM Motivation Legislation: Legislation: Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Concerns: Privacy Concerns: The increasing concerns of Internet users about what information online businesses record The increasing concerns of Internet users about what information online businesses record Tool Support: Tool Support: The lack of an available privacy tool that allows for management of multiple identities The lack of an available privacy tool that allows for management of multiple identities
July 25, 2005 PEP Workshop, UM Privacy Tools and Research P3P P3P TRUSTe TRUSTe Privacy Critics Privacy Critics PISA PISA PPCS PPCS EPA EPA EPAL EPAL SAML FIM PRIME FIDIS Liberty Alliance MS.NET Passport MS Infocards
July 25, 2005 PEP Workshop, UM Design Goals Goal: try to design a personal information service, but with the following restrictions: Does NOT: Does NOT: use a third-party for management of personal information use a third-party for management of personal information require passing identity information between businesses require passing identity information between businesses Does permit: Does permit: multiple identities from within a single user account multiple identities from within a single user account greater access for users managing their personal information greater access for users managing their personal information businesses to comply with disclosure rules defined by PIPEDA businesses to comply with disclosure rules defined by PIPEDA
July 25, 2005 PEP Workshop, UM Identity Management Architecture (IMA) The IMA system has two main components: 1. IMA Toolbar/Manager (Client): An application that attaches to the user’s web browser and handles the management of all user identities and web browsing history. An application that attaches to the user’s web browser and handles the management of all user identities and web browsing history. 2. IMA Web Service (Business): A web service that each participating business provides to allow users of the IMA Manager to send and receive identity information. A web service that each participating business provides to allow users of the IMA Manager to send and receive identity information.
July 25, 2005 PEP Workshop, UM Architecture Overview IMA User Machine with IMA Toolbar installed IMA Participating Business Visits participating business’s web site Browsing the Internet Store identities and profiles Communicate with business through web service interface Create/Update identities, view profile information, etc.
July 25, 2005 PEP Workshop, UM Key Features The three key features of the IMA system: Provides for the creation and management of multiple discrete personal identities. Allows users to restrict the access that businesses have to identifying information. Provides users with the ability to request from a business what personal information is stored
July 25, 2005 PEP Workshop, UM Hypothesis The two key questions this research answers are: – Does the IMA System provide users with more flexibility and control over the management of their personal information than a third-party system does? – Does the IMA System support business compliance with current privacy legislation?
July 25, 2005 PEP Workshop, UM NET Passport Passport User Passport Business.NET Passport Return user’s passport account Provide user’s sign-in information Sign-in using passport Create a passport account
July 25, 2005 PEP Workshop, UM Liberty Alliance User Liberty Alliance Business A Provides user’s account Liberty Alliance Business B Requests user’s account User creates an account with a business they trust User logs in at business B which has a relationship with business A
July 25, 2005 PEP Workshop, UM IMA IMA User IMA Business Provides user with access to update And review personal information IMA client provides authentication info to business if an established relationship exists
July 25, 2005 PEP Workshop, UM Identity-to-Business Associations IMA Manager Identity Anonymous Identity Personal Identity Work Business ABusiness BBusiness C
July 25, 2005 PEP Workshop, UM Managed Relationships.NET Passport Liberty Alliance IMA Passport Liberty Alliance IMA
July 25, 2005 PEP Workshop, UM Implementation IMA Toolbar IMA Toolbar IMA Manager IMA Manager IMA Web Service IMA Web Service Example participating business web site Example participating business web site XML Data XML Data
July 25, 2005 PEP Workshop, UM IMA Toolbar Participation Icon Participation Icon Account logged in Account logged in Identity list Identity list “Go” (associate identity) “Go” (associate identity) Eye logo, opens the IMA Manager application Eye logo, opens the IMA Manager application
July 25, 2005 PEP Workshop, UM IMA Manager
July 25, 2005 PEP Workshop, UM IMA Web Service public bool Authenticate( … ) public bool Authenticate( … ) public void AddIdentity( … ) public void AddIdentity( … ) public Ima.Manage.Identity GetIdentity(.. ) public Ima.Manage.Identity GetIdentity(.. ) public void UpdateIdentity( … ) public void UpdateIdentity( … ) public void AddProfile( … ) public Ima.Manage.Profiles GetProfile( … ) public void UpdateProfile( … ) public void AddHistoryItem( … ) public void AddVisitor( … )
July 25, 2005 PEP Workshop, UM Participating Business
July 25, 2005 PEP Workshop, UM XML Data
July 25, 2005 PEP Workshop, UM Evaluation The IMA system was evaluated on two criteria to show how it answers the research questions posed by this thesis: The IMA system was evaluated on two criteria to show how it answers the research questions posed by this thesis: 1. Access to Personal Information 2. Privacy Legislation Compliance
July 25, 2005 PEP Workshop, UM Access to Personal Information Comparison Criteria 1. Ability to edit information 2. Tracking of business to identity associations 3. Viewing of information stored at a business 4. Removing of information stored at a business 5. The creation of multiple discrete identities 6. The ability to link an identity to a business 7. No reliance on third party storage 8. Tracking of information provided to a business 9. Automatically pushes out information updates to businesses that information has been used at
July 25, 2005 PEP Workshop, UM Access to Personal Information Comparison Results
July 25, 2005 PEP Workshop, UM Privacy Legislation Compliance Comparison Criteria Based on PIPEDA and DPA principles Based on PIPEDA and DPA principles 1. Consent must be obtained 2. Limit collection of personal data 3. Limit use, disclosure, and retention 4. Ensure the accuracy of information 5. Give individuals access to their information
July 25, 2005 PEP Workshop, UM Privacy Compliance Comparison Summary
July 25, 2005 PEP Workshop, UM Benefits of the IMA System For Internet Users: For Internet Users: More control over personal information More control over personal information Stay informed of what information has been given to a business Stay informed of what information has been given to a business Ability to view, add, modify, and remove personal information Ability to view, add, modify, and remove personal information Update information for multiple businesses by entering it once Update information for multiple businesses by entering it once For Businesses: Improved compliance with privacy legislation Identity information managed and updated by users More accurate contact information since users can correct mistakes Improves business’s ability to personalize content
July 25, 2005 PEP Workshop, UM Challenges Issues in the IMA system that will need to be addressed: Issues in the IMA system that will need to be addressed: Security of information Security of information Information stored on client machine Information stored on client machine Account theft Account theft Posing as another user to retrieve their personal information from a business Posing as another user to retrieve their personal information from a business Leaching Leaching Businesses using the IMA web service to gather identity information but not: Businesses using the IMA web service to gather identity information but not: making their participation public making their participation public providing users with access to their profile providing users with access to their profile
July 25, 2005 PEP Workshop, UM Contributions Lack of reliance on third party for management of personal information Lack of reliance on third party for management of personal information Use of multiple discrete identities all managed from a single user account Use of multiple discrete identities all managed from a single user account Identity-to-Business associations, managed for you by the IMA system Identity-to-Business associations, managed for you by the IMA system Disclosure, correction, and removal of personal information managed by user Disclosure, correction, and removal of personal information managed by user Improved compliance for businesses with privacy legislation disclosure requirements Improved compliance for businesses with privacy legislation disclosure requirements
July 25, 2005 PEP Workshop, UM Future Work IMA system: IMA system: Address security issues Address security issues Account access from multiple locations Account access from multiple locations Possible focus switch: Possible focus switch: look at how existing systems (i.e., Passport and Liberty Alliance) could be adapted to support: look at how existing systems (i.e., Passport and Liberty Alliance) could be adapted to support: Multiple identities Multiple identities Disclosure on demand Disclosure on demand