Matt flaherty ibm mary ruddy meristic
This presentation is the property of its rightful owner.
Sponsored Links
1 / 24

Security & Identity : From present to future PowerPoint PPT Presentation


  • 53 Views
  • Uploaded on
  • Presentation posted in: General

Matt Flaherty, IBM Mary Ruddy, Meristic. Security & Identity : From present to future. Agenda. Securing the platform... security features in 3.4 Platform security... what's coming next Beyond the platform.. Higgins identity framework 1.0 Higgins identity framework... what's coming next.

Download Presentation

Security & Identity : From present to future

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Matt flaherty ibm mary ruddy meristic

Matt Flaherty, IBM

Mary Ruddy, Meristic

Security & Identity : From present to future


Agenda

Agenda

Securing the platform... security features in 3.4

Platform security... what's coming next

Beyond the platform.. Higgins identity framework 1.0

Higgins identity framework... what's coming next


Platform security what s available and where

Platform security... what's available and where

The platform security goal:

Protect the operating system, application code and user’s data from each other and from malicious code packaged as bundles

Security features to attain this span the software stack

Eclipse Platform

OSGi Service Platform

Java Runtime Environment


Platform security what s available in the jre

Platform security... what's available in the JRE

Java Runtime Environment

JCA

JCE

JAAS

JSSE

  • Java Cryptography Architecture

  • Java Cryptography Extensions

  • Java Authentication and Authorization Service

  • Java Secure Sockets Extensions


Platform security what s available in osgi

Platform security... what's available in OSGI

Support for Java features: signing, permissions, etc

Strict classloading policies between bundles

Bundle “private classes”

Administrative services for permissions

org.osgi.service.PermissionAdmin

org.osgi.service.condpermadmin.ConditionalPermissionAdmin

User registry for managing users and roles

org.osgi.service.UserAdmin


Platform security what s available in eclipse

Platform security... what's available in Eclipse

Signature checking during bundle provisioning

NEW! Signature checking during bundle loading

NEW! Certificate management UI

NEW! Secure storage via preferences API

NEW! JAAS enhancements - declarative wiring, events


Platform security what s coming next

Platform security... what's coming next!

Manageable Java2 permission infrastructure

Code sanitation for doPrivileged

User interface, policy management

Expose certificate management facilities

Public APIs for label providers, viewers, wizards, etc

Trust model integration with OSGi, P2, ECF

Deeper JAAS integration

Potential: RCP Lifecycle integration, Jobs integration

Identity management support with Higgins


Security identity from present to future

How do you bring security and identity to people?

The web of today isn’t people-centered


It s silo centered

It’s silo-centered

Site B

Site A

Site B

Site C

Type type type, click, click, click. Clickety-clack, clickety-clack.


Security identity from present to future

There is a better way


Automatic identity sharing

Automatic identity sharing

Site A

Site B

Site C

The BIG IDEA for People

Identity Selector


Automatic identity sharing1

Automatic identity sharing

Site A

Site B

Site C

The BIG IDEA for People

Identity Selector


Automatic identity sharing2

Automatic identity sharing

Site A

Site B

Site C

The BIG IDEA for People

Identity Selector


Security identity from present to future

Then you’d have Higgins


Higgins

Higgins

Higgins

1: a species of Tasmanian long-tailed mouse

2: an open source identity selector and interoperability framework being developed by IBM, Novell, Oracle, CA, Google, Parity…


Security identity from present to future

A consistent user experience across contexts (including Financial Services, healthcare, eCommerce) is the key to convenience and adoption


I cards

i-cards

Managed

Personal(self-issued)‏


These i cards are managed by an identity selector

These i-cards are managed by anIdentity Selector

Something that works on behalf of the user (citizen, patient, consumer). Really.


Security identity from present to future

Click on a card


You re signed in

…you’re signed in.

(No password required)‏


The identity selector is powered by an interoperability framework

The Identity selector is powered by an interoperability framework


Interoperability framework

Interoperability framework

Higgins Browser Extension

Apps

Identity Providers

Relying Parties

Apps andServices

Commondata model

Higgins Framework

Plug-ins

Protocol Providers implement protocols for interacting with Relying Parties

CardSpace

OpenID

RSS/Atom

SAML

I-Card Providers implement identity protocols and card types

CardSpace Managed (WS-Trust)‏

CardSpace Personal

Higgins Relationship

Token Providers implement different kinds of security tokens

SAML

X509

Kerberos

UN/PS

Idemix

IdAS Context Providers connect to different identity data sources

JNDI / LDAP

Enterprise Apps

RDF OWL

Active Directory

Comms Clients


Higgins 1 0 has just been released

Higgins 1.0 has just been released

7 Solutions now available

Three Identity Selectors

2 Identity Providers (WS-Trust and SAML2)‏

A Relying Parity

Identity Attribute Service (interoperability framework)‏

Coming in Higgins 1.1

Additional Identity Selectors

More Identity Protocols….

More i-card types


Legal information

Legal information

IBM and the IBM logo are trademarks or registered trademarks of IBM Corporation, in the United States, other countries or both.

Java and all Java-based marks, among others, are trademarks or registered trademarks of Sun Microsystems in the United States, other countries or both.

Eclipse and the Eclipse logo are trademarks of Eclipse Foundation, Inc.

Other company, product and service names may be trademarks or service marks of others.

THE INFORMATION DISCUSSED IN THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. WHILE EFFORTS WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION, IT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, AND IBM SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES ARISING OUT OF THE USE OF, OR OTHERWISE RELATED TO, SUCH INFORMATION. ANY INFORMATION CONCERNING IBM'S PRODUCT PLANS OR STRATEGY IS SUBJECT TO CHANGE BY IBM WITHOUT NOTICE.


  • Login