the evolution of identity management february 18, 2005 © copyright 2004, credentica – all rights...
TRANSCRIPT
The Evolution of Identity Management
February 18, 2005
© Copyright 2004, Credentica – all rights reserved
Dr. Stefan Brands
2© Copyright 2004, Credentica
Part I
The evolution of conventional I&AM
3© Copyright 2004, Credentica
Set-up: Identity enrolment & provisioning
I:
I: a1, a2 , …
AS
IdSII
RP
I&AM set-up:• Enrollment in
Identity Server (IdS)• Provisioning in
Attribute Server (AS)
• Identity Token issuance
Next slides: • Access to Resource
Provider (RP)
4© Copyright 2004, Credentica
RP
Phase 0: Intra-enterprise I&AM (today)
I:
I: a1, a2 , …
AS
IdSyes/no
I
Security
Privacy
Other
5© Copyright 2004, Credentica
RP
Phase 1: Access by “extended” user (today)
I:
I: a1, a2 , …
AS
IdSyes/no
I
Security
Privacy
Other
• No access privacy
6© Copyright 2004, Credentica
Phase 2: Federated access (in progress …)
AS
RPIdS
RPRP
RP
RP
??
=
Security
Privacy
• RP can trace User
• IdS can trace User
• IdS can monitor RP• IdS cross-profiling
• Availability
• Insider fraud
• IdS & AS exposed
• Denial of service
Other
• RP–IdS/AS relation
7© Copyright 2004, Credentica
Phase 3: Federated I&AM (a la SAML)
AS
RPIdS
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RPRP
RP
RPRP
RP
Security
Privacy
• RP can trace User
• IdS can trace User• IdS can monitor RP• IdS cross-profiling• Privacy legislation
• Availability
• Insider fraud
• IdS & AS exposed• Denial of serviceOther
• RP–IdS/AS relation
8© Copyright 2004, Credentica
Phase 3: Federated I&AM (a la SAML)
AS
RPIdS
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RPRP
RP
RPRP
RP
Security
Privacy
• RP can trace User
• IdS can trace User• IdS can monitor RP• IdS cross-profiling• Privacy legislation
• Availability
• Insider fraud
• IdS & AS exposed• Denial of serviceOther
• RP–IdS/AS relation• Scalability
9© Copyright 2004, Credentica
Phase 4: Data sharing a la Liberty Alliance
AS
RPIdS
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RPRP
RP
RPRP
RP
• RP can trace User
• IdS can trace User• IdS can monitor RP• IdS cross-profiling• Privacy legislation
• Availability
• Insider fraud
• IdS & AS exposed• Denial of serviceOther
• RP–IdS/AS relation• Scalability
Privacy
Security
10© Copyright 2004, Credentica
Phase 5: Cross-federated I&AM (not yet …)
• RP can trace User
• IdS can trace User• IdS can monitor RP• IdS cross-profiling• Privacy legislation
• Availability
• Insider fraud
• IdS & AS exposed• Denial of serviceOther
• RP–IdS/AS relation• Scalability
Privacy
Security
11© Copyright 2004, Credentica
Phase 5: Cross-federated I&AM (not yet …)
IdP
Security
Privacy
• RP can trace User
• IdS can trace User• IdS can monitor RP• IdS cross-profiling• Privacy legislation
• Availability
• Insider fraud
• IdS & AS exposed• Denial of serviceOther
• RP–IdS/AS relation• Scalability
12© Copyright 2004, Credentica
Part II
Solution with Digital Credentials
13© Copyright 2004, Credentica
Digital Credentials
• The digital equivalent of real-world objects issued by “trusted” issuers:
• Driver licenses, passports, stamps, coupons, entitlements, cash, ballots, credit report data, health record entries, ….
• New “credentials” that have no real-world equivalent
• Unique security, privacy, and efficiency features• Independent “sliders” – pick according to application needs• Traditional digital certificate techniques do not work
– Inescapable systemic identification, security problems, inefficient– Note: Encryption only protects against content wiretapping
• Security is tied to the “attribute” data itself, so that the credential information can flow anywhere
• Accomplished through modern cryptographic techniques
14© Copyright 2004, Credentica
Life-cycle of a Digital Credential
Alice
American
23 y.o.
Married
Teacher
RA CA
Verifier3rd party
User
Alice
American
23 y.o.
Married
Teacher
Alice
American
23 y.o.
Married
TeacherRegistration Authority can prepare a DC
with some verified user attributes.
Can hide the attributes before passing the DC
to the CA.
CA can add some more
attributes and then certifies the
DC.
User knows all the attributes.
User can disclose a subset of the attributes to a
verifier.
Verifier can prove the transaction to a 3rd party. It can also hide some
disclosed attributes.
SD
15© Copyright 2004, Credentica
AliceSmith
Token-specific
information
Example: privacy-friendly CRL
Verifier
“Bob Barker”
“Dan Daniels”
“Hilary Heintz”
“Ed Edwards”
“Max Murray”
“Frank Foster”
“Charlie Colm”
“George Gosp”
BLACKLISTAlic
e
Token-specific
information
16© Copyright 2004, Credentica
Example: privacy-friendly blacklist
Verifier
“Bob Barker”
“Dan Daniels”
“Hilary Heintz”
“Ed Edwards”
“Frank Foster”
“Charlie Colm”
“George Gosp”
BLACKLISTAlic
e
Token-specific
information
“Alice Smith”Alice Smith
17© Copyright 2004, Credentica
Non-intrusive account linking
I:
I: a1, a2 , …
AS
IdSJohn D = Y j1, j2 , …
Doe, J = X d1, d2, …
RP
RPI
I
I
I
IXY
18© Copyright 2004, Credentica
Non-intrusive data sharing across accounts
I:
I: a1, a2 , …
AS
IdSJohn D = Y j1, j2, …
Doe, J = d1, d2, …
RP
RP
XY
j1, j2 , …j1 j2
j2
j1 j2
X
19© Copyright 2004, Credentica
Federated access control
I:
I: a1, a2 , …
AS
IdS
Doe, J = X d1, d2, …
RPJohn D = Y j1, j2, …
RP
RPRP
RPRP
j1 j2
z1 z2
v1 v2
X
yes/no
j1 j2 z1
z2
v1 v2
20© Copyright 2004, Credentica
Federated security services
I:
I: a1, a2 , …
AS
IdS
Doe, J = X d1, d2, …
RPJohn D = Y j1, j2, …
RP
RPRP
RPRP
IIIIII
IIIIII CRLCRLCRLCRLCRLCRL
Y
Y
X
ABUSE
CRL X = Y