1 / 10

PKI, IdM, & Federations

PKI, IdM, & Federations. Triumvirate for Security with Privacy David L. Wasley net@edu 2006 . Outline. Why PKI Why identity management Why identity federations Why am I saying this?. What’s the problem?.

mikaia
Download Presentation

PKI, IdM, & Federations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PKI, IdM, & Federations Triumvirate for Securitywith Privacy David L. Wasley net@edu 2006

  2. Outline • Why PKI • Why identity management • Why identity federations • Why am I saying this?

  3. What’s the problem? • We need to manage access to certain resources for our campus communities within & across organizations • We need to protect privacy • We need to do this with sufficient reliability • We need this to scale

  4. Why PKI • PKI supports reliable, trustworthy digital credentials • Issued by a trusted authority • Difficult to forge • Difficult to “share” if on a smart-chip device • Also supports • Document security, e.g. encryption • Document validation, e.g. digital signatures

  5. Why identity management • Appropriate access management can require different reliable information about individuals • What an organization needs to know about an individual is context specific • A rich set of information is hard to manage while maintaining policy and privacy

  6. Why identity federation • Separates the meaning of a credential from the identity associated with it • Allows authoritative source to assert up-to-date identity information about a user • Streamlines user experience across a wide variety of resources • Can protect privacy by releasing only what information is appropriate & allowed

  7. Triumvirate • Credential asserts binding between physical person and identity information • Identity Management ensures trustworthy information • Identity Federation supports privacy and appropriate access

  8. To Buy or Build PKI • Devil is in the details, e.g. - • Do you requiring broad distribution of a Trust Anchor? • Do you require flexibility and generality in your PKI? • Minimizing the need for inter-organization PKI trust can affect the build/buy choice • PKI “policy” is based on local business rules • Federation rules and, where needed, bilateral agreements define trust for IdP and SP

  9. What’s the real problem • We haven’t yet made it usable by the average person • We’ve insisted on a complex trust model • Slow adoption discourages vendors • and results in awkward workarounds • Some potential uses do not yet have complete standards

  10. What needs to be done • Every computer should be able to read any smart-chip device (at least of a given type) • Standards are needed (these are emerging) • Biometric PINs might be nice ... • Every O/S needs crypto API (this is happening) • User interfaces need much improvement • and users need better education and training • Functions need to be standardized • Federation technology needs to be used ...

More Related