1 / 38

IIW 2007 Higgins in Seven Minutes May 16

IIW 2007 Higgins in Seven Minutes May 16. Paul Trevithick paul@socialphysics.org. Higgins. Higgins 1: a species of Tasmanian long-tailed mouse 2: an open source identity agent and interoperability framework being developed IBM, Novell, Oracle, CA, Parity….

brad
Download Presentation

IIW 2007 Higgins in Seven Minutes May 16

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IIW 2007Higgins in Seven MinutesMay 16 Paul Trevithick paul@socialphysics.org

  2. Higgins Higgins 1: a species of Tasmanian long-tailed mouse 2: an open source identity agent and interoperability framework being developed IBM, Novell, Oracle, CA, Parity…

  3. Privacy enhancing user-centric approach Maximal decentralization  maximal security & privacy • More (partial) identities in more shallower contexts • Use of local identifiers (pseudonyms) where possible Linking across contexts (“federation”) • Where possible use the user as the link between contexts • If links must be stored, manage them separately

  4. A consistent user experience across contexts (including eGoverment, healthcare, eCommerce) is the key to convenience and adoption.

  5. Users have many digital identities… • eCommerce (e.g. Amazon, eBay) • Social Networking (e.g. LinkedIn) • Book club • Family • eGovernment • Healthcare System • Corporate Directories • Professional networks • Dating networks Buddy Lists Websites Communities of Interest Enterprise Apps • Second Life • Croquet • WOW • SharePoint Email or IM Virtual Spaces You

  6. …each in its own context (“silo”) • eCommerce (e.g. Amazon, eBay) • Social Networking (e.g. LinkedIn) • Book club • Family • Professional networks • Dating networks • eGovernment • Healthcare System • Corporate Directories Buddy Lists Websites Communities of Interest Enterprise Apps Email or IM Virtual Spaces • Second Life • Croquet • WOW • SharePoint You

  7. eGovernment • Department of Motor Vehicles • Id: G304-98-4656 • DOB: 8/28/70 • Address: 123 Main St. Buena Vista, Colorado • Etc. • SSA • SSN: 304-98-4656 • Address: 123 Main St. Buena Vista, Colorado • Etc. • IRS • Years filed: 2006, 2005, 2004, 2003, … • Status: Single, 1 dependent • Address: 123 Main St. Buena Vista, Colorado • Last audited: <never> • Etc.

  8. A new metaphor to managing them all: i-cards

  9. Each partial identity is an i-card Managed (What the Dept of Motor Vehicles says about you)

  10. i-cards Managed Personal (What you say about you)

  11. i-cards Managed Personal (self-issued) Relationship (What you and Best Buy say about you right now)

  12. These i-cards are managed by an Identity Agent Something that works on behalf of the user (citizen, patient, consumer). Really.

  13. The identity agent can run here. (Microsoft CardSpace™ is the first example of an Identity Agent. It runs on your local machine)

  14. Or here.

  15. Or better yet, here. (Requires that the user install a browser extension) Personal Identity Agent Service

  16. Personal Identity Agent Service

  17. I-Card Selector User Interface Click on a card

  18. …you’re signed in. (No password required)

  19. The agent projects and protects identity attributes (identifiers, preferences, profiles, history, friends, colleagues, avatars, …) • For authentication • For personalization • Attributes can be blinded using PRIME/Idemix technology Personal Identity Agent Service

  20. The Identity Agent is powered by an interoperabilityframework

  21. 4 3 REI Employee 1 Personal Identity Agent Service Second Life 2 American Express Identity Providers

  22. Tokens: X509, Kerberos, SAML, Idemix Attribute Schemas: inetorg, eduPerson, … Protocols: CardSpace™/WS-Trust, Liberty/SAML, OpenID, Shibboleth, HTML scrape/fill REI Employee Personal Identity Agent Service Amex Data Access methods and formats: LDAP, SQL, RDF Second Life Identity Providers

  23. Interoperability framework Higgins Browser Extension Apps Identity Providers Relying Parties Apps and Services Common data model Higgins Framework Plug-ins Protocol Providers implement protocols for interacting with Relying Parties CardSpace OpenID RSS/Atom Shibboleth I-Card Providers implement identity protocols and card types CardSpace Managed (WS-Trust) CardSpace Personal Higgins Relationship Token Providers implement different kinds of security tokens SAML X509 Kerberos UN/PS Idemix IdAS Context Providers connect to different identity data sources JNDI / LDAP Enterprise Apps RDF OWL Active Directory Comms Clients

  24. Interoperability requires a common data model

  25. A common data model enables linking across heterogeneous contexts. (Federation) Each individual context might use a different identity system/technology!

  26. Contexts and Digital Subjects • Blahasdf sadf asdf sa • Asdfasdf sa • Fdsadf • Sadf • Asdfsadfsadfasd • Fasdf • sadfasdfsadfsadf • Digital Subjects are sets of attributes and links • Different contexts define different kinds of attributes

  27. Links between contexts This is you. Only you have access to this context Relationships (e.g. “knows”) Correlations Social Networks Social Security Administration Dept. of Motor Vehicles Family Second Life Other Digital Subjects

  28. Links enable • Single sign-on • Cross contextual claim presentation • Federation • Linking identities across contexts • Social networks • Links between friends and colleagues

  29. higgins is… “the Linux of identity” an open source identity agent and interoperability framework a kind of glue

  30. Higgins timeline 2003: Project starts 2004: Support from Harvard Berkman Center 2005: Project moves to the Eclipse Foundation 2006: IBM, Novell, CA, and Oracle 2007: Late summer 1.0 release date

  31. Resources • Higgins • http://www.eclipse.org/higgins • Interoperability • Interoperability In the New Digital Identity Infrastructure http://papers.ssrn.com/sol3/papers.cfm?abstract_id=962701 • Interoperability Space Wiki http://spwiki.editme.com/InteroperabilitySpace • Identity Lexicon http://idgang.idcommons.net/moin.cgi/Lexicon • Project Leads • Paul Trevithick Mary Ruddy • paul@socialphysics.orgmary@socialphysics.org

  32. higgins 1: a species of Tasmanian long-tailed mouse 2: an open source identity agent and interoperability framework 3: a kind of glue

More Related