1 / 24

Security & Identity : From present to future

Explore the current security features in the platform and discover what's coming next in terms of platform security and identity management. Learn about the Higgins identity framework and how it brings security and identity to people. Find out how automatic identity sharing and the use of identity selectors can revolutionize the web experience. Discover the solutions and protocols available in the Higgins 1.0 release and get a glimpse of what's to come in Higgins 1.1.

dfink
Download Presentation

Security & Identity : From present to future

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Matt Flaherty, IBM Mary Ruddy, Meristic Security & Identity : From present to future

  2. Agenda Securing the platform... security features in 3.4 Platform security... what's coming next Beyond the platform.. Higgins identity framework 1.0 Higgins identity framework... what's coming next

  3. Platform security... what's available and where The platform security goal: Protect the operating system, application code and user’s data from each other and from malicious code packaged as bundles Security features to attain this span the software stack Eclipse Platform OSGi Service Platform Java Runtime Environment

  4. Platform security... what's available in the JRE Java Runtime Environment JCA JCE JAAS JSSE • Java Cryptography Architecture • Java Cryptography Extensions • Java Authentication and Authorization Service • Java Secure Sockets Extensions

  5. Platform security... what's available in OSGI Support for Java features: signing, permissions, etc Strict classloading policies between bundles Bundle “private classes” Administrative services for permissions org.osgi.service.PermissionAdmin org.osgi.service.condpermadmin.ConditionalPermissionAdmin User registry for managing users and roles org.osgi.service.UserAdmin

  6. Platform security... what's available in Eclipse Signature checking during bundle provisioning NEW! Signature checking during bundle loading NEW! Certificate management UI NEW! Secure storage via preferences API NEW! JAAS enhancements - declarative wiring, events

  7. Platform security... what's coming next! Manageable Java2 permission infrastructure Code sanitation for doPrivileged User interface, policy management Expose certificate management facilities Public APIs for label providers, viewers, wizards, etc Trust model integration with OSGi, P2, ECF Deeper JAAS integration Potential: RCP Lifecycle integration, Jobs integration Identity management support with Higgins

  8. How do you bring security and identity to people? The web of today isn’t people-centered

  9. It’s silo-centered Site B Site A Site B Site C Type type type, click, click, click. Clickety-clack, clickety-clack.

  10. There is a better way

  11. Automatic identity sharing Site A Site B Site C The BIG IDEA for People Identity Selector

  12. Automatic identity sharing Site A Site B Site C The BIG IDEA for People Identity Selector

  13. Automatic identity sharing Site A Site B Site C The BIG IDEA for People Identity Selector

  14. Then you’d have Higgins

  15. Higgins Higgins 1: a species of Tasmanian long-tailed mouse 2: an open source identity selector and interoperability framework being developed by IBM, Novell, Oracle, CA, Google, Parity…

  16. A consistent user experience across contexts (including Financial Services, healthcare, eCommerce) is the key to convenience and adoption

  17. i-cards Managed Personal(self-issued)‏

  18. These i-cards are managed by anIdentity Selector Something that works on behalf of the user (citizen, patient, consumer). Really.

  19. Click on a card

  20. …you’re signed in. (No password required)‏

  21. The Identity selector is powered by an interoperability framework

  22. Interoperability framework Higgins Browser Extension Apps Identity Providers Relying Parties Apps andServices Commondata model Higgins Framework Plug-ins Protocol Providers implement protocols for interacting with Relying Parties CardSpace OpenID RSS/Atom SAML I-Card Providers implement identity protocols and card types CardSpace Managed (WS-Trust)‏ CardSpace Personal Higgins Relationship Token Providers implement different kinds of security tokens SAML X509 Kerberos UN/PS Idemix IdAS Context Providers connect to different identity data sources JNDI / LDAP Enterprise Apps RDF OWL Active Directory Comms Clients

  23. Higgins 1.0 has just been released 7 Solutions now available Three Identity Selectors 2 Identity Providers (WS-Trust and SAML2)‏ A Relying Parity Identity Attribute Service (interoperability framework)‏ Coming in Higgins 1.1 Additional Identity Selectors More Identity Protocols…. More i-card types

  24. Legal information IBM and the IBM logo are trademarks or registered trademarks of IBM Corporation, in the United States, other countries or both. Java and all Java-based marks, among others, are trademarks or registered trademarks of Sun Microsystems in the United States, other countries or both. Eclipse and the Eclipse logo are trademarks of Eclipse Foundation, Inc. Other company, product and service names may be trademarks or service marks of others. THE INFORMATION DISCUSSED IN THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. WHILE EFFORTS WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION, IT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, AND IBM SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES ARISING OUT OF THE USE OF, OR OTHERWISE RELATED TO, SUCH INFORMATION. ANY INFORMATION CONCERNING IBM'S PRODUCT PLANS OR STRATEGY IS SUBJECT TO CHANGE BY IBM WITHOUT NOTICE.

More Related