1 / 20

The Laws of Identity and Cardspace

The Laws of Identity and Cardspace. Charles Young Solidsoft. CardSpace. Embodies Kim Cameron’s ‘Laws of Identity ’ Universal identity systems Supports the Identity Metasystem. The Identity Meta-what???. The Identity Meta-system

melvyn
Download Presentation

The Laws of Identity and Cardspace

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Laws of Identity and Cardspace Charles Young Solidsoft

  2. CardSpace • Embodies Kim Cameron’s ‘Laws of Identity’ • Universal identity systems • Supports the Identity Metasystem

  3. The Identity Meta-what??? • The Identity Meta-system • A single identity ‘fabric’ supported by many different technologies • A system of systems • …so standards are important here!!

  4. Yes, but what is an identity? • It’s a list of claims about an entity • Entities….that’s me and you! • My name is Charles • I work for Solidsoft • My email address is…. • …well, that would break laws 2 and 3

  5. Law 1: User Control and Consent • Only reveal information with the user’s consent • It’s their identity, after all

  6. Law 2: Minimal disclosure for a defined use • Disclose as little identifying information as possible • Limit the use of identifying information as much as possible • Helps build stable long-term solutions.

  7. Law 3: Justifiable Parties • Don’t disclose identifying information to a party that cannot ‘justify’ itself. • All parties must identify themselves • Establish trust relationships

  8. Law 4: Directional Identity • Omni-directional • Publicly broadcast your identity • ‘Look at me everyone! Here I am. It’s me.’ • Uni-directional • Privately assert your identity • ‘Psst…It’s me. The password is ‘Cardspace’. Let me in.’ • Identity systems must support both.

  9. Law 5: Pluralism of operators and technologies • If it’s Microsoft-only, its useless! • …but seriously… • The Identity meta-system MUST NOT be bound to proprietary solutions and technologies • Different cultures • Different contexts

  10. Law 6: Human Integration • Humans are first-class components if the identity meta-system (duh) • Unambiguous human-machine communication • Machines don’t attack you – humans do.

  11. Law 7: Consistent experience across contexts • ‘Thingify’ your identities • Consistency shines the spotlight on attackers

  12. CardspaceActors: Subjects Subjects Individuals and other entities about whom claims are made

  13. CardspaceActors: Relying Parties Relying Parties Require identities Subjects Individuals and other entities about whom claims are made

  14. CardspaceActors: Identity Providers Identity Providers Issue identities Relying Parties Require identities Subjects Individuals and other entities about whom claims are made

  15. The Cardspace Identity Selector • Reason over your identities • Smart selection

  16. TheCardspace Logon process Service Provider Requests Identity CardSpace Identity Selector pops up Token is built by Identity Selector(with Identity Provider) Token sent to client Output sent to client

  17. SELF - ISSUED Information Card Types Contains self-asserted claims about me Stored locally Use instead of username/password

  18. MANAGED Information Card Types Provided by banks, stores, government, clubs, etc. Claims stored at Identity Provider and sent only when card submitted

  19. Cards and standards • Cards contain metadata only! • Cardspace can handle any claims tokens • SAML tokens are most common • Cardspace uses WS-* standards

  20. Call to action • Cardspace-enable your web sites • Relying parties • Invest in Secure Token Server technology • Identity providers • Spread the word.

More Related