Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Identity on the Internet

Published byΔωρός Βιτάλης Modified over 5 years ago

Similar presentations

Presentation on theme: "An Identity on the Internet"— Presentation transcript:

1 An Identity on the Internet
Steve Plank Identity Architect Microsoft UK

2 topics phishing, phraud identity layer Identity metasystem 7 laws
human integration consistent experience across contexts Identity metasystem ip rp user identity selector

3 **************** web server www.identitytheft.com
under the control of somebody else **************** bad person’s database

4 Application Error: IIS Custom Solution Credentials database
FormsAuthentication.SetLoginCookie() Custom Solution Application Error: Cross-domain cookie. A cookie has been received from a security domain other than the one to which this web server is a member. This is a potential security breach. Please consult the application or web server administrator. Custom Solution

5 Identity no consistency DNS Naming Connectivity IP

6 User control and consent
Minimal disclosure for a defined use Justifiable parties Directional identity Pluralism of operators and technologies Human integration Consistent experience across contexts

7 Human integration Consistent experience across contexts Planky’s Card Card Collection

8 Locally installed software: not under somebody else’s control
Identity Provider First name Last name Steve Plank ...... Bob Smith Locally installed software: not under somebody else’s control Identity Selector 1:1 relationship between cards and identity providers Subject

9 Intentionally left blank
First name Last name Steve Plank ...... Bob Smith Identity Provider digital signature Metadata: URI of the Identity Provider Claims you can get from the IP givenname: lastname: user-id: etc: Intentionally left blank

10 Identity Provider cryptographic binding between the card and the IP digital signature

11 OR There will be many Identity Providers each running its
own technology stack OR Pluralism of operators and technologies Human integration Consistent experience across contexts

12 Web Site Web Service HTML WS-* WS-* Identity Metasystem WS-* HTML
Identity Provider Relying Party Web Site Web Service <sp:IssuedToken ...> ... <sp:RequestSecurityTokenTemplate> <wst:Claims wst:Dialect=” <ic:Claim URI=” URI=” URI=” URI=” </wst:Claims> </sp:RequestSecurityTokenTemplate> </sp:IssuedToken> HTML WS-* WS-* Identity Metasystem Microsoft Identity MetaSystem <object type="application/x-informationcard" name="_xmlToken"> <param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion" /> <param name="requiredClaims" value=" /> </object> WS-* HTML Subject

13 Identity Selector’s Built-in Identity Provider
Relying Party Identity Selector’s Built-in Identity Provider 2 degrees of store protection: System Key Password Key Identity Metasystem Personal Cards: fixed schema Subject

14 what claims another party makes about me
personal cards what claims i make about myself fixed schema (protect the users from themselves!) managed cards what claims another party makes about me flexible schema

15 elvis presley only 1 of them is real probably

16 SECURITY TOKEN SAML Token XrML License X.509 Certificate
Kerberos ticket . ...others Steve Plank Over 18 Over 21 Under 65 image

17 security token service
give it something SECURITY TOKEN Steve Plank Over 18 Over 21 Under 65 image DIFFERENT SECURITY TOKEN Username Password Biometric Signature Certificate

18 [ ] [ ] e s click login button get policy authenticate RST policy:
identity provider relying party e [ ] [ ] s click login button get policy authenticate RST RSTR policy: authn reqs token types ... policy: uri of ip required claims optional claims token type identity.provider.com requires username and password to validate this request. Enter the information below subject

19 [ ] [ ] identity provider relying party token decryption
[ ] [ ] token decryption *givenname: Steve *surname: Plank * address: *privatepersonalidentitifer: planky123 Do you want to send this card to: ip.sisa.com ip.sisa.com token authentication real token display token subject

20 topics phishing, phraud identity layer Identity metasystem 7 laws
human integration consistent experience across contexts Identity metasystem ip rp user identity selector

Download ppt "An Identity on the Internet"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.
Advances in Digital Identity

Advances in Digital Identity
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
 Jan Alexander Program Manager Microsoft Corporation BB43.

 Jan Alexander Program Manager Microsoft Corporation BB43.
InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?

2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
11 steve plank (“planky”) identity architect microsoft uk.

11 steve plank (“planky”) identity architect microsoft uk.
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.

10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
The Laws of Identity and Cardspace Charles Young Solidsoft.

The Laws of Identity and Cardspace Charles Young Solidsoft.
Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.

Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
An Introduction to Information Card Barry Dorrans Charteris plc

An Introduction to Information Card Barry Dorrans Charteris plc
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
Phishing Rising to the challenge Amy Marasco Microsoft.

Phishing Rising to the challenge Amy Marasco Microsoft.

Similar presentations

Ads by Google