Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.incommon.org A View into the Mi$t 1 RL "Bob" Morgan University of Washington Co-chair, InCommon Technical Advisory Committee.

Published byGarry Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.incommon.org A View into the Mi$t 1 RL "Bob" Morgan University of Washington Co-chair, InCommon Technical Advisory Committee."— Presentation transcript:

1 www.incommon.org A View into the Mi$t 1 RL "Bob" Morgan University of Washington Co-chair, InCommon Technical Advisory Committee

2 www.incommon.org The 2 Poles of Identity Accountability Expression

3 www.incommon.org Big Data: Whose Data?

4 www.incommon.org Consumer-scale Number of Google Apps domains: 2 million? Number of Facebook Connect RPs: 3 million? An inconvenient truth: the consumer web is supported by the aggregation, processing, and sale of the personal information of billions of people. Consumerization of web identity technology driven by consumer services industry

5 www.incommon.org NSTIC Vision and Strategy Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation. An Identity Ecosystem of solutions that are –privacy-enhancing and voluntary –secure and resilient –interoperable –cost-effective and easy to use Public/private partnership

6 www.incommon.org NSTIC Operations and Governance NSTIC Steering Group –promote creation, maintenance of Identity Ecosystem consistent with Strategy –privately-led, all stakeholders represented –promote standards adoption –accredit ecosystem components –bids out now for secretariat organizations –forming of Steering Group may involve some... politics –will it rule a realm that anyone is interested in?

7 www.incommon.org Open Identity Exchange - OIX Formed in 2009 as federation for consumer IdPs –participating in FICAM TFP certification Now supporting general Trust Framework development Representing industry in NSTIC deliberations Offering alternative views on ecosystem... Attribute Exchange Network WG –create trust framework for AX, policies and tech pilots –separate IdPs from Attribute Providers, via brokers –support monetizing providing of attributes, brokering

8 www.incommon.org A World of Web Services A WWW of browsers -> a world of software Every web/cloud-based company has "API" Design patterns emerge: REST, JSON, OAuth

9 www.incommon.org OAuth 2.0 Authorization or "valet key" protocol –eliminate "password anti-pattern": web sites asking for your password to act as you to get to your stuff –you ("resource owner") authorize something ("client") to access your stuff ("resources") somewhere ("server") –client can be web app, desktop/phone app, JS in browser –right-to-access represented as access token Right to access... what? –very easy for user to grant access to gmail inbox, say, to many sites/apps –limited scopes? who wants to have limits?

10 www.incommon.org OpenID Connect OpenID 1.0 (2006) promoted simple, web-based SSO –a little too simple, too geeky, too idealistic OpenID 2.0 (2008) better, more complex –widely deployed by consumer IdPs, not so many SPs, not very interoperable, generating proxy industry –large consumer IdPs became only IdPs... OpenID Connect (2012) –focus on simplicity for SPs; based on OAuth 2.0; supports data channel –finally FTW? supported by all the big (consumer) players still consumer-IdP focused: bilateral, no metadata (yet)

11 www.incommon.org Account Chooser OpenID Foundation project (formerly Google) –"An open standard and interface guidelines for the next generation of web sign in" –provide transition-from/coexistence-with local signon and federation; easy to deploy JavaScript –visual representation of accounts, handle multiple accounts per client machine; protocol-agnostic (OIDC, SAML, other) –similar to work in federated space: ULX, DiscoJuice –could support federated IdP discovery/search? Could... –best experience depends on centralized service...

12 www.incommon.org

13 UMA Kantara initiative project to support controlled sharing of personal info: person-self, person-other, person-org, in a fully multi-lateral way element (perhaps) of "personal data ecosystem" driven by many use cases –consumer sharing (e.g. photos, calendar) –health/financial personal data management –employer/employee data sharing profile, extension of OAuth2 open-source implementations; any deployments?

14 www.incommon.org

15 Brave New World? Web service access will happen... via OAuth –and be enabled in the context of existing federation; OAuth2 includes spec for SAML tokens –develop enterprise OAuth infrastructure services, OAuth support in federations, use in apps e.g. LMSes More use of, integration with consumer identities –HE already good at providing attributes... HE/VO support of "personal" data management –combine user and institutional control? –will involve consumer services, will still require community-based trust, standards (Net+, yes!)

Download ppt "Www.incommon.org A View into the Mi$t 1 RL "Bob" Morgan University of Washington Co-chair, InCommon Technical Advisory Committee."

Similar presentations

Connected Health Framework

Connected Health Framework
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.

This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.
1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev. 12-16-11)

1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.

18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.

UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor

Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation

Similar presentations

Ads by Google