140 likes | 252 Views
everybody. Privacy & Identity and Name-Address separation. Dagstuhl workshop on Naming and Addressing, March 2-4, 2009 Klaas Wierenga, klaas@wierenga.net. Outline. Questions Assumptions Different aspects of identity Examples of identity issues in other domains Answers. Questions.
E N D
everybody Privacy & Identity and Name-Address separation Dagstuhl workshop on Naming and Addressing, March 2-4, 2009 Klaas Wierenga, klaas@wierenga.net
Outline • Questions • Assumptions • Different aspects of identity • Examples of identity issues in other domains • Answers
Questions • (1) are there identity issues that make name/address separation difficult? • (2) are there implications for identity due to name/address separation? • (3) does name/address separation offer new opportunities wrt identity?
Assumptions • The Internet will be a mobile Internet • billions of devices • users and devices roaming • users and devices often outside their own home network
What will potentially break? • Everything that uses IP-addresses as the basis of authorization decisions • ACL's • IP-based access control • Network Endpoint Assessment • RIAA • …… • Which is a good thing….?
What's (in) a name? • Access to the network • connect to a (visited) network • Finding the correspondent node • domain names, SIP URI's, etc. • Session control • initial authentication • associating address with session • re-authentication when address changes • Multi-path coordination
Where does the endpoint identifier sit? • IP-layer? • Shim layer? • Session layer? • All of the above? • How about all those other names? • User name • MAC-address • Session-identifier • … • What is the scope of a name?
Name-Address mappings • Multiple addresses per host (name)? • Use all possible <source, destination> pairs? • How about cost? • How about state? • How about link liveness? • Who is authoritative for the mapping? • How often does the mapping change? • How to inform correspondent nodes • session continuity • How to inform rendez-vouz server, HA etc. • Who can observe those mappings? • Spoofing mappings?
Name-Name mappings • How do the different names relate to each other? • Who maintains the mappings? • Who has access to the mappings • How often do they change?
Roaming • How does the principal authenticate to the visited network? • How are the user credentials protected? • How is the trust between principal and home network created? • How is the trust between home and visited network created?
Identities: anonymous@university-b.nl MAC-address: 00:50:60:03:c1:c9 IP-address: 192.87.109.1 pete@university-b.nl Pete Thomson Pete Thomson’s laptop Mappings: Many! Not everybody should be able to observe all let alone update them But needed for troubleshooting, dealing with abuse etc. Privacy preserving Trust Between user and home organisation Between organisations Not between user and visted organisation Identity Based network access: eduroam Supplicant Authenticator (AP or switch) RADIUS server University A RADIUS server University B User DB User DB Guest pete@university_b.nl SURFnet signalling data Source: SURFnet Central .nl RADIUS Proxy server 802.1X/EAP + RADIUS
Privacy preserving through the use of opaque handles Resource owner doesn’t know identity of user Resource owner can ask for extra attributes Handle per service provider Identity based application access: Shibboleth Source: SWITCH
Mapping and privacy • How persistent are the identifiers? • Permanent • Per correspondent node • Per session? • How easy can they be tied to a person? • anonymity, pseudonymity • How anonymous is pseudonymous? • How many subjects potentially have the same attributes? • How often is a pseudonym used • How easy is it to tie a location to a user? • Can the mappings be spoofed?
Answers • (1) are there identity issues that make name/address separation difficult? • Legacy services • Privacy • Accountability • (2) are there implications for identity due to name/address separation? • Name persistency • (3) does name/address separation offer new opportunities wrt identity? • Identity based networking (point of attachment is just one of the attributes) • Variable persistency