the laws of identity and cardspace
Download
Skip this Video
Download Presentation
The Laws of Identity and Cardspace

Loading in 2 Seconds...

play fullscreen
1 / 20

The Laws of Identity and Cardspace - PowerPoint PPT Presentation


  • 110 Views
  • Uploaded on

The Laws of Identity and Cardspace. Charles Young Solidsoft. CardSpace. Embodies Kim Cameron’s ‘Laws of Identity ’ Universal identity systems Supports the Identity Metasystem. The Identity Meta-what???. The Identity Meta-system

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' The Laws of Identity and Cardspace' - melvyn


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2

CardSpace

  • Embodies Kim Cameron’s ‘Laws of Identity’
    • Universal identity systems
  • Supports the Identity Metasystem
slide3

The Identity Meta-what???

  • The Identity Meta-system
    • A single identity ‘fabric’ supported by many different technologies
    • A system of systems
    • …so standards are important here!!
slide4

Yes, but what is an identity?

  • It’s a list of claims about an entity
    • Entities….that’s me and you!
    • My name is Charles
    • I work for Solidsoft
    • My email address is….
      • …well, that would break laws 2 and 3
slide5

Law 1: User Control and Consent

  • Only reveal information with the user’s consent
    • It’s their identity, after all
slide6

Law 2: Minimal disclosure for a defined use

  • Disclose as little identifying information as possible
  • Limit the use of identifying information as much as possible
  • Helps build stable long-term solutions.
slide7

Law 3: Justifiable Parties

  • Don’t disclose identifying information to a party that cannot ‘justify’ itself.
    • All parties must identify themselves
    • Establish trust relationships
slide8

Law 4: Directional Identity

  • Omni-directional
    • Publicly broadcast your identity
    • ‘Look at me everyone! Here I am. It’s me.’
  • Uni-directional
    • Privately assert your identity
    • ‘Psst…It’s me. The password is ‘Cardspace’. Let me in.’
  • Identity systems must support both.
slide9

Law 5: Pluralism of operators and technologies

  • If it’s Microsoft-only, its useless!
  • …but seriously…
    • The Identity meta-system MUST NOT be bound to proprietary solutions and technologies
    • Different cultures
    • Different contexts
slide10

Law 6: Human Integration

  • Humans are first-class components if the identity meta-system (duh)
  • Unambiguous human-machine communication
  • Machines don’t attack you – humans do.
slide11

Law 7: Consistent experience across contexts

  • ‘Thingify’ your identities
  • Consistency shines the spotlight on attackers
slide12

CardspaceActors: Subjects

Subjects

Individuals and other entities about whom claims are made

slide13

CardspaceActors: Relying Parties

Relying Parties

Require identities

Subjects

Individuals and other entities about whom claims are made

slide14

CardspaceActors: Identity Providers

Identity Providers

Issue identities

Relying Parties

Require identities

Subjects

Individuals and other entities about whom claims are made

slide15

The Cardspace Identity Selector

  • Reason over your identities
  • Smart selection
slide16

TheCardspace Logon process

Service Provider Requests Identity

CardSpace Identity Selector pops up

Token is built by Identity Selector(with Identity Provider)

Token sent to client

Output sent to client

slide17

SELF - ISSUED

Information Card Types

Contains self-asserted claims about me

Stored locally

Use instead of username/password

slide18

MANAGED

Information Card Types

Provided by banks, stores, government, clubs, etc.

Claims stored at Identity Provider and sent only when card submitted

slide19

Cards and standards

  • Cards contain metadata only!
  • Cardspace can handle any claims tokens
    • SAML tokens are most common
  • Cardspace uses WS-* standards
slide20

Call to action

  • Cardspace-enable your web sites
    • Relying parties
  • Invest in Secure Token Server technology
    • Identity providers
  • Spread the word.
ad