Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building "One Size Fits All" Identity Systems Possible or Fantasy

Published bySimon Salzmann Modified over 5 years ago

Similar presentations

Presentation on theme: "Building "One Size Fits All" Identity Systems Possible or Fantasy"— Presentation transcript:

1 Building "One Size Fits All" Identity Systems Possible or Fantasy? Ronny Bjones Security Architect Microsoft Corporate

2 Is it realistic? Different requirements between businesses, consumers, governments, corporate users, etc Different risk profiles implying different measures to prove (mutual) identities Different cultural sensitivities when it comes to identities (e.g. eID) Yet another IDA system to which we have to adapt our applications! And what about all these different platforms?

3 Haven't we heard this before?
Passwords Ease of use(?) Silos, Security, Management Microsoft Passport SSO experience Non Federated, Still passwords, Silo, Privacy PKI Federated (but with hierarchy issues) Privacy, Complex + - + - + -

4 A new approach should… be based on a federated model providing an SSO experience have privacy protection build into the heart of the system increase the overall security on the Internet, scalable according to risk model be very easy to use by businesses and consumers easily be integrated into services and applications

5 Identity Providers Relying Parties Identity Metasystem User
D.O.L. Bank Gov. Employer Relying Parties Members Only Pet Site Store Sites Other Sites Club Site User Medical Card Store Card Insurance Card Employee Bank Card DOL Card Personal Card JunkCard Identity Selector Token Name Account Status WS* WEB*

6 Strong Identity and Access is Complicated
For developers For users

7 What is Windows CardSpace?
Identity Selector for Windows Digital identities represented by cards When user selects a card Get security token from Identity Provider Give it to the Relying Party after user consent User is in control Security Token Service User Experience

8 Wallet Metaphor A set of claims someone makes about me
Claims are packaged as security tokens Many identities for many uses

9 Framework for Interoperability
TCP/IP of Identities Defined on open standards – WS* Extended by CardSpace’s definition of CLAIMS CardSpace is security token agnostic SAML, Kerberos, X.509, custom Identity Providers can bridge different identity technologies Multiprotocol Federation Interoperability Demonstration Burton Group – Gerry Gebel - November 1th 2005

10 Resources http://www.identityblog.com/
Laws of Identity Identity Metasytem Zermatt Netfx3

11 Conclusions Identity layer on the Internet should:
Incorporate privacy, security, usability by design Interoperability, interoperability, interoperability, … Make live easy for developers and not raise the bar

Download ppt "Building "One Size Fits All" Identity Systems Possible or Fantasy"

Similar presentations

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Advances in Digital Identity

Advances in Digital Identity
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
 Jan Alexander Program Manager Microsoft Corporation BB43.

 Jan Alexander Program Manager Microsoft Corporation BB43.
A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.

A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.
InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
Xavier Verhaeghe Vice President Oracle Security Solutions

Xavier Verhaeghe Vice President Oracle Security Solutions
2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?

2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?
Implementing and Administering AD FS

Implementing and Administering AD FS
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft

SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd

.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number 09-017 Norman F. Brickman, Roger.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
The Laws of Identity and Cardspace Charles Young Solidsoft.

The Laws of Identity and Cardspace Charles Young Solidsoft.
Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.

Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.

Similar presentations

Ads by Google