July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Slides:



Advertisements
Similar presentations
15 Maintaining a Web Site Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section.
Advertisements

Using the Self Service BMC Helpdesk
® Microsoft Office 2010 Browser and Basics.
SECAM Systems Product Presentation SECAM Systems © 2010.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Microsoft Passport Waldemar Swiercz.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation Mike Smorul, Joseph JaJa, Yang Wang, and Fritz McCall.
Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Software Development Unit 2 Databases What is a database? A collection of data organised in a manner that allows access, retrieval and use of that data.
Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.
Microsoft ® Official Course Module 9 Configuring Applications.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
15 Maintaining a Web Site Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section.
Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section 15.2 Identify guidelines.
AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.
Protecting Your Private Parts Tracy Ann Kosa. Protecting Your Private Parts TASK Meeting, 27 February 2008 Objectives  Terminology  Privacy & Security.
SEC303 Assessing and Managing Privacy in the Enterprise JC Cannon Privacy Strategist.
Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.
The Significance and Evolution of End User Privacy Julie Earp College of Management North Carolina State University WISE 2010 Sponsored by TRUST June 21-24,
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
How Can NRCS Clients Use the Conservation Client Gateway
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
Greater Toronto Hockey League The Implementation of PIPEDA and Amateur Sports – A Case Study.
ISpheresImage iSpheresImage Feature Overview and Progress Summary.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
ECI – electronic Commerce Infrastructure “ An application to the Shares Market ” Demetris Zeinalipour ( Melinos Kyriacou
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
XP Browser and Basics COM111 Introduction to Computer Applications.
E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.
PRIVACY, LAW & ETHICS MBA 563. Source: eMarketing eXcellence Chaffey et al. BH Overview: Establishing trust and confidence in the online world.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.
Collaborating with the UCSF Library Wiki UCSF Sharecase
The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.
The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection.
Protection of Personal Information Act An Analysis on the impact.
Blackboard Learn 9.1 Communicating with Students © 2010 Blackboard Inc. All rights reserved.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
How Can NRCS Clients Use the Conservation Client Gateway
StudentTranscripts Service Overview
Section 15.1 Section 15.2 Identify Webmastering tasks
StudentTranscripts Service Overview
StudentTranscripts Service Overview
StudentTranscripts Service Overview
StudentTranscripts Service Overview
StudentTranscripts Service Overview
StudentTranscripts Service Overview
Presentation transcript:

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab Department of Computer Science University of Saskatchewan

July 25, 2005 PEP Workshop, UM Overview Purpose: Purpose: To create a personal information management system for online businesses/consumers To create a personal information management system for online businesses/consumers Why? Why? Help users manage their personal information and be aware of who has it Help users manage their personal information and be aware of who has it Help businesses comply with some areas of privacy legislation Help businesses comply with some areas of privacy legislation

July 25, 2005 PEP Workshop, UM Motivation Legislation: Legislation: Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Concerns: Privacy Concerns: The increasing concerns of Internet users about what information online businesses record The increasing concerns of Internet users about what information online businesses record Tool Support: Tool Support: The lack of an available privacy tool that allows for management of multiple identities The lack of an available privacy tool that allows for management of multiple identities

July 25, 2005 PEP Workshop, UM Privacy Tools and Research P3P P3P TRUSTe TRUSTe Privacy Critics Privacy Critics PISA PISA PPCS PPCS EPA EPA EPAL EPAL SAML FIM PRIME FIDIS Liberty Alliance MS.NET Passport MS Infocards

July 25, 2005 PEP Workshop, UM Design Goals Goal: try to design a personal information service, but with the following restrictions: Does NOT: Does NOT: use a third-party for management of personal information use a third-party for management of personal information require passing identity information between businesses require passing identity information between businesses Does permit: Does permit: multiple identities from within a single user account multiple identities from within a single user account greater access for users managing their personal information greater access for users managing their personal information businesses to comply with disclosure rules defined by PIPEDA businesses to comply with disclosure rules defined by PIPEDA

July 25, 2005 PEP Workshop, UM Identity Management Architecture (IMA) The IMA system has two main components: 1. IMA Toolbar/Manager (Client): An application that attaches to the user’s web browser and handles the management of all user identities and web browsing history. An application that attaches to the user’s web browser and handles the management of all user identities and web browsing history. 2. IMA Web Service (Business): A web service that each participating business provides to allow users of the IMA Manager to send and receive identity information. A web service that each participating business provides to allow users of the IMA Manager to send and receive identity information.

July 25, 2005 PEP Workshop, UM Architecture Overview IMA User Machine with IMA Toolbar installed IMA Participating Business Visits participating business’s web site Browsing the Internet Store identities and profiles Communicate with business through web service interface Create/Update identities, view profile information, etc.

July 25, 2005 PEP Workshop, UM Key Features The three key features of the IMA system:  Provides for the creation and management of multiple discrete personal identities.  Allows users to restrict the access that businesses have to identifying information.  Provides users with the ability to request from a business what personal information is stored

July 25, 2005 PEP Workshop, UM Hypothesis The two key questions this research answers are: – Does the IMA System provide users with more flexibility and control over the management of their personal information than a third-party system does? – Does the IMA System support business compliance with current privacy legislation?

July 25, 2005 PEP Workshop, UM NET Passport Passport User Passport Business.NET Passport Return user’s passport account Provide user’s sign-in information Sign-in using passport Create a passport account

July 25, 2005 PEP Workshop, UM Liberty Alliance User Liberty Alliance Business A Provides user’s account Liberty Alliance Business B Requests user’s account User creates an account with a business they trust User logs in at business B which has a relationship with business A

July 25, 2005 PEP Workshop, UM IMA IMA User IMA Business Provides user with access to update And review personal information IMA client provides authentication info to business if an established relationship exists

July 25, 2005 PEP Workshop, UM Identity-to-Business Associations IMA Manager Identity Anonymous Identity Personal Identity Work Business ABusiness BBusiness C

July 25, 2005 PEP Workshop, UM Managed Relationships.NET Passport Liberty Alliance IMA Passport Liberty Alliance IMA

July 25, 2005 PEP Workshop, UM Implementation IMA Toolbar IMA Toolbar IMA Manager IMA Manager IMA Web Service IMA Web Service Example participating business web site Example participating business web site XML Data XML Data

July 25, 2005 PEP Workshop, UM IMA Toolbar Participation Icon Participation Icon Account logged in Account logged in Identity list Identity list “Go” (associate identity) “Go” (associate identity) Eye logo, opens the IMA Manager application Eye logo, opens the IMA Manager application

July 25, 2005 PEP Workshop, UM IMA Manager

July 25, 2005 PEP Workshop, UM IMA Web Service public bool Authenticate( … ) public bool Authenticate( … ) public void AddIdentity( … ) public void AddIdentity( … ) public Ima.Manage.Identity GetIdentity(.. ) public Ima.Manage.Identity GetIdentity(.. ) public void UpdateIdentity( … ) public void UpdateIdentity( … )  public void AddProfile( … )  public Ima.Manage.Profiles GetProfile( … )  public void UpdateProfile( … )  public void AddHistoryItem( … )  public void AddVisitor( … )

July 25, 2005 PEP Workshop, UM Participating Business

July 25, 2005 PEP Workshop, UM XML Data

July 25, 2005 PEP Workshop, UM Evaluation The IMA system was evaluated on two criteria to show how it answers the research questions posed by this thesis: The IMA system was evaluated on two criteria to show how it answers the research questions posed by this thesis: 1. Access to Personal Information 2. Privacy Legislation Compliance

July 25, 2005 PEP Workshop, UM Access to Personal Information Comparison Criteria 1. Ability to edit information 2. Tracking of business to identity associations 3. Viewing of information stored at a business 4. Removing of information stored at a business 5. The creation of multiple discrete identities 6. The ability to link an identity to a business 7. No reliance on third party storage 8. Tracking of information provided to a business 9. Automatically pushes out information updates to businesses that information has been used at

July 25, 2005 PEP Workshop, UM Access to Personal Information Comparison Results

July 25, 2005 PEP Workshop, UM Privacy Legislation Compliance Comparison Criteria Based on PIPEDA and DPA principles Based on PIPEDA and DPA principles 1. Consent must be obtained 2. Limit collection of personal data 3. Limit use, disclosure, and retention 4. Ensure the accuracy of information 5. Give individuals access to their information

July 25, 2005 PEP Workshop, UM Privacy Compliance Comparison Summary

July 25, 2005 PEP Workshop, UM Benefits of the IMA System For Internet Users: For Internet Users: More control over personal information More control over personal information Stay informed of what information has been given to a business Stay informed of what information has been given to a business Ability to view, add, modify, and remove personal information Ability to view, add, modify, and remove personal information Update information for multiple businesses by entering it once Update information for multiple businesses by entering it once For Businesses: Improved compliance with privacy legislation Identity information managed and updated by users More accurate contact information since users can correct mistakes Improves business’s ability to personalize content

July 25, 2005 PEP Workshop, UM Challenges Issues in the IMA system that will need to be addressed: Issues in the IMA system that will need to be addressed: Security of information Security of information Information stored on client machine Information stored on client machine Account theft Account theft Posing as another user to retrieve their personal information from a business Posing as another user to retrieve their personal information from a business Leaching Leaching Businesses using the IMA web service to gather identity information but not: Businesses using the IMA web service to gather identity information but not: making their participation public making their participation public providing users with access to their profile providing users with access to their profile

July 25, 2005 PEP Workshop, UM Contributions Lack of reliance on third party for management of personal information Lack of reliance on third party for management of personal information Use of multiple discrete identities all managed from a single user account Use of multiple discrete identities all managed from a single user account Identity-to-Business associations, managed for you by the IMA system Identity-to-Business associations, managed for you by the IMA system Disclosure, correction, and removal of personal information managed by user Disclosure, correction, and removal of personal information managed by user Improved compliance for businesses with privacy legislation disclosure requirements Improved compliance for businesses with privacy legislation disclosure requirements

July 25, 2005 PEP Workshop, UM Future Work IMA system: IMA system: Address security issues Address security issues Account access from multiple locations Account access from multiple locations Possible focus switch: Possible focus switch: look at how existing systems (i.e., Passport and Liberty Alliance) could be adapted to support: look at how existing systems (i.e., Passport and Liberty Alliance) could be adapted to support: Multiple identities Multiple identities Disclosure on demand Disclosure on demand

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.