1 / 38

Identity Management: a Key e-Business Enabler

Identity Management: a Key e-Business Enabler. Marco Casassa Mont Pete Bramhall Mickey Gittler Joe Pato Owen Rees. Trust, Security and Privacy Hewlett-Packard Laboratories Bristol, UK. SSGRR 2002s. Outline. Background: Identity & Identity Management

cedmonds
Download Presentation

Identity Management: a Key e-Business Enabler

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Management: a Key e-Business Enabler Marco Casassa Mont Pete Bramhall Mickey Gittler Joe Pato Owen Rees Trust, Security and Privacy Hewlett-Packard Laboratories Bristol, UK SSGRR 2002s

  2. Outline • Background: Identity & Identity Management • Current and Future Trends • Important Issues • Our Research on Identity Management • Conclusions

  3. Identity Identity = Identifier Information & Profiles Digital Identity: effort to Recreate, Organise, Automate and Integrate these Aspects in the Electronic World

  4. Identity Management • Goals: • Assess, Certify an Manage Digital Identities & Profiles • Provide Mechanisms for Authentication • Provide Mechanisms for Authorization • Underpin Accountability in Transactions • Provide Customised Services to People • …

  5. Identity Management • Relevance in Multiple Contexts: • Personal • Social • E-Commerce • Enterprise, B2B • Government • …

  6. Heterogeneous Environment B2C E-Commerce 1 E-Commerce 2 Home P2P C2G B2B Home Office Driving Licence Service Tax Health B2G Enterprise 2 Enterprise 1 Government Services

  7. Identity Management Current Trends • Consumer and E-Commerce Space • Enterprise and B2B Space • Government Space

  8. Current Trends Consumer and E-Commerce Space

  9. Liberty Alliance Project SSO User Internet SSO Modules Browser E-Commerce Sites Authentication Identity Providers SSO Modules SSO Modules Exchange of Identity and Profile Information Trust Domain 1 Trust Domain 2 Trusted Third Parties, Trust Services, ...

  10. Current Trends Enterprise and B2B Space

  11. Current Trends Government Space - Privacy Concerns … - Possible Threats to Freedom …

  12. Identity Management Future Trends

  13. People’s Perspective: Views of Identity “The Aggregated me” Credit Rating Government view “Me me” Foo.com view of me Enterprise view of me

  14. Identity Management Issues

  15. Identity Management Issues

  16. Identity Management: Our Reference Model

  17. Identity Management Model Identity Tracing Identity Mapping Added-Value Tools and Solutions … Trust Domains Identity & Profile Certification Dynamic Information Update Longevity Management … Identity Management Lifecycle Privacy and Data Protection Policies Context Trust Services Federated Single-Sign-On Selective Disclosure Policy-driven Authorization … Identity Management Infrastructure Reliable Storage

  18. Identity Management: Our Past Research PASTELS project: - Trust Management for Identities and Profiles in Dynamic B2B Environments - Flexible and Dynamic Authorization at the Service Level

  19. Operation Operation Operation Operation Operation Operation Operation Dynamic B2B Environment Enterprise 1 Service Provider K Enterprise Web Service1 Enterprise 2 B-2-B Web Service2 Portal User x Web Service3 Internet Enterprise 3 Not Trusted Enterprise Z Trusted

  20. PASTELS Objectives • Understand PKI, Extendibility and its Usability at the • Business Level • Explore a Framework that makes use of Digital Credentials • as Mechanism to represent Identities and Profiles: • - End to End Credential Exchange • - Solutions for Client and Server Side • Trust Management and Monitoring • Integration of Digital Credentials with Authorization • at the Application and Service level

  21. PASTELS: Focus Areas Enterprise 2 Service Provider Enterprise 1 User Client Identity Certificate Server Identity Certificate Credential Management Credential Validation Portal Server Attribute Credentials Credential Usage Monitoring Services Browser Plug-in Client Attribute Credentials Authorization B2B Publishing Mechanism for Semantic of Credential Common Trusted Third Parties

  22. PASTELS Architecture AA CA OCSP/CVSP Remote Enterprise Web Server Services P O R T A L Function Remote User’s Browser Function SSL Credential Issuer/Pusher Credentials Push and Pull Plug In Login Service Credential Content Mgmt Credential Validation Abstractor Credentials Session Manager Internet Policy Evaluation Request Policy Evaluation Request Authorization Request User Context Manager User Context Enterprise Credential Validation and Management Policies Object Pool Manager (Cache) Authorization Server Credentials Usage Monitoring Service Users’ profiles Users’ Roles Users’ Identity Credentials Users’ Attribute Credential Users’ Anonymous Credential - Service Model - Authorization Policies Repository

  23. PASTELS Lessons Learnt • Systems driven by Polices (at the Business, Trust and • Security levels) introduce Flexibility in coping with • Dynamic Enterprise Requirement. • Complexity of PKI in term of Trust Management: • CAs Hierarchies do not Scale and Introduce • Complexity during Credential Verification • Need to Simplify PKI at the User site: • Dealing with multiple Digital Credentials is Not Trivial • Dynamic Data is a Problem for Digital Credentials. • Overhead in Lifecycle Management and Communication.

  24. Identity Management: Our Current Research Areas • Work In Progress: • Active Digital Credentials • Accountable Management of Identities • Identity Management in Dynamic Mobile • Environment

  25. 1. Active Digital Credentials • Problems • Cope with Dynamic Identity and Profile Information • (financial, trust, rating, etc.) • Provision of Up-to-Date Certified Information • Complexity of Current Lifecycle Management • when dealing with Dynamic Information

  26. Active Digital Credentials Local Processing Attributes Bank Enterprise Government

  27. Active Digital Credentials

  28. Active Digital Credentials

  29. Active Digital Credentials Scenario 1

  30. Active Digital Credentials Scenario 2

  31. 2. Accountable Management of Identities • Problems • “Who Knows What about Me”? • How to Trace Disclosures of my Identities/Profiles? • How to Enforce Privacy when Disclosing • Personal/Business Identities and Profiles? • How to Prevent Abuses? • Context • Federated Identity Management (Liberty Alliance) • Dynamic B2B environment • Personal or Group Interactions with PDAs

  32. Accountable Management of Identities Transaction / Interaction User Identity Provider/Enterprise Negotiation of Privacy Policy 2 Identity/ Profile Disclosure 1 Policies Plug-in Tracing Identity Providers/ Enterprises Provision of Identity & Profile Data Notification/ Authorization Logging & Audit 3 Notifications/ Requests of Authorization Tracing, Fraud Detection, Forensic Analysis

  33. 3. Identity Management in Dynamic Mobile Environment • Problems • People are Sociable but also Paranoid … • Protection of Identity and Profile Information • contained in Mobile Devices and PDAs • Selective Disclosure of Information • Trust Measurement and Management • Context • Ad-hoc Group Interactions • Usage of Personal Appliances (PDAs, Mobiles, …)

  34. Personal Identity Assistant Work Home Pub

  35. Virtual Private Identity Networks • Personal Identity Assistant • Discover/Hide from other People • Selective Disclosure of Identity Information • Secure PDA • Tracing and Auditing Mechanisms Mall School Work Environment … Dynamic Groups of Interest

  36. Important Aspects • Importance of Security for Identity Management: at the • System, Application, Service and Communication levels • Need for Survivable Data Storages to Store Sensitive Identity • and Profile Data and related Logging/Auditing Information • Enforcement of Accountability: non-Repudiable Event Logging • and Auditing Mechanisms • Research Challenges in Open and Dynamic Contexts, involving • Dynamic Relationships and Interactions between People and • Organisations.

  37. Conclusions • Identity Management is about the Electronic Management • of Digital Identities and Profiles. • Added Value: Underpins Accountability. It enables Interactions • and Transactions in the Personal, Social, E-Commerce Business and • Government Context. • Simplification of Identity Management is Important • for Ubiquitous Computing. • Dilemmas: on one hand Identity Management helps to • Bridge Digital and Physical Worlds. On the Other • Hand it could be a Threat to Privacy and Freedom • It is not only a Technological Play. Legislation is Needed • to Mitigate Risks

More Related