Identity Management: Enterprise, E-Commerce and Government applications and their implications for p...
Download
1 / 33

Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b - PowerPoint PPT Presentation


  • 97 Views
  • Uploaded on

Identity Management: Enterprise, E-Commerce and Government applications and their implications for privacy. Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b 10 April 2003. Introduction. Future – Ubiquitous Computing Ginger Segue Identity Management

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b' - vilina


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Identity Management: Enterprise, E-Commerce and Government applications and their implications for privacy

Joe Pato, Principal Scientist

Trust, Security & Privacy

HP Labs

Guest Lecture - CPSC 155b

10 April 2003


Introduction
Introduction applications and their implications for privacy

  • Future – Ubiquitous Computing

    • Ginger Segue

  • Identity Management

    • What is Identity

    • Authentication

    • Enterprise / Internet / Government contexts

  • Privacy Considerations

(c) 2003 Hewlett-Packard


Identity management
Identity Management applications and their implications for privacy

Identity Management is:

  • the set of processes, tools and social contracts surrounding

    • the creation

    • maintenance

    • and termination of a digital identity

  • for people or, more generally, for systems and services

  • to enable secure access to an expanding set of systems and applications.

(c) 2003 Hewlett-Packard


Views of identity
Views of Identity applications and their implications for privacy

“The Aggregate Me”

CreditBureau

“My view of me”

Government view

Employer view of me

Foo.com view of me

(c) 2003 Hewlett-Packard


Some definitions

Courtesy of applications and their implications for privacy

Some Definitions

Who Goes There? Authentication Through the Lens of Privacy

  • Committee on Authentication Technologies and Their Privacy Implications

Computer Science and Telecommunications Board

The National Academies

Washington, D.C.

http://cstb.org/

(c) 2003 Hewlett-Packard


Individual
Individual applications and their implications for privacy

An individual is a person.

(c) 2003 Hewlett-Packard


Identifier
Identifier applications and their implications for privacy

“Lamont Cranston”

“Employee #512657”

An identifier identifies an individual.

(c) 2003 Hewlett-Packard


Attribute
Attribute applications and their implications for privacy

An Attribute describes a property associated with an individual

(c) 2003 Hewlett-Packard


Identity
Identity applications and their implications for privacy

“The Shadow”

?

“an identity of X” is the set of information about an individual X

associated with that individual in a particular identity system Y

(c) 2003 Hewlett-Packard


Identification
Identification applications and their implications for privacy

Identification is the process of using

claimed or observed attributes of an individual

to infer who the individual is

(c) 2003 Hewlett-Packard


Authenticator
Authenticator applications and their implications for privacy

An authenticator is evidence which is presented

to support authentication of a claim.

It increases confidence in the truth of the claim

(c) 2003 Hewlett-Packard


Authentication
Authentication applications and their implications for privacy

Authentication is the process of establishing confidence

in the truth of some claim

There are different types of authentication…

(c) 2003 Hewlett-Packard


Attribute authentication
Attribute Authentication applications and their implications for privacy

!

Attribute Authentication is the process of establishing

an understood level of confidence

that an attribute applies to a specific individual

(c) 2003 Hewlett-Packard


Individual authentication
Individual Authentication applications and their implications for privacy

“Lamont Cranston”

!

Individual Authentication is the process of

establishing an understood level of confidence that

an identifier refers to a specific individual

(c) 2003 Hewlett-Packard


Identity authentication
Identity Authentication applications and their implications for privacy

“The Shadow”

!

Identity Authentication is the process of establishing

an understood level of confidence

that an identifier refers to an identity

(c) 2003 Hewlett-Packard


Authorization
Authorization applications and their implications for privacy

Authorization is the process of deciding

what an individual ought to be allowed to do

(c) 2003 Hewlett-Packard


Internet vs enterprise
Internet vs. Enterprise applications and their implications for privacy

  • Organizational control of population

  • Ability to issue tokens

  • Ability to mandate desktop software

  • Direct vs. network access

  • Scale of population

  • Privacy Issues

(c) 2003 Hewlett-Packard


Government s unique role
Government’s Unique Role applications and their implications for privacy

  • Regulator, Issuer of identity documents, Relying Party

  • Unique Relationship with Citizens

    • Many transactions are mandatory

    • Agencies cannot choose their markets

    • Relationships can be cradle-to-grave

    • Individuals may have higher expectations for government

  • Provider of Services

    • A common identifier may be in tension with principles of Privacy Act

(c) 2003 Hewlett-Packard


Foundational documents pose risks
Foundational Documents Pose Risks applications and their implications for privacy

  • Many of these documents are very poor from a security perspective

    • Diverse issuers

    • No ongoing interest on part of issuer to ensure validity/reliability

  • Birth certificates are particularly poor

    • Should not be sole base identity document

(c) 2003 Hewlett-Packard


Identity management components

Consumable applications and their implications for privacy

Single Sign-On

Personalization

Access Management

Repository

Lifecycle

Provisioning

Longevity

Policy Control

Auditing

AuthenticationProvider

Foundation

Identity Management Components

(c) 2003 Hewlett-Packard


Authentication technologies
Authentication Technologies applications and their implications for privacy

  • Passwords

  • Tokens

  • Smartcards

  • Biometrics

  • PKI

  • Kerberos

(c) 2003 Hewlett-Packard


Federated identity liberty alliance
Federated Identity: Liberty Alliance applications and their implications for privacy

XML, SAML, XML-DSIG, WAP, HTML,

WSS, WSDL, SOAP, SSL/TLS

Liberty Identity Federation Framework (ID-FF)

Liberty Identity Services Interface Specifications(ID-SIS)

Liberty Identity Web Services Framework(ID-WSF)

(c) 2003 Hewlett-Packard


Privacy
Privacy applications and their implications for privacy

  • Numerous philosophical approaches

  • Four types discussed here

    • Information privacy

    • Bodily integrity

    • Decisional privacy

    • Communications privacy

(c) 2003 Hewlett-Packard


General privacy implications
General Privacy Implications applications and their implications for privacy

  • Authentication can implicate privacy – the broader the scope, the greater the potential privacy impact

  • Using a small number of identifiers across systems facilitates linkage, affects privacy

  • Incentives to protect privacy are needed

  • Minimize linkage and secondary use

(c) 2003 Hewlett-Packard


Multiple stages at which privacy is affected
Multiple Stages at which Privacy is Affected applications and their implications for privacy

  • Authentication, generally

  • Choice of Attribute

  • Selection of Identifier

  • Selection of Identity

  • The Act of Authentication

  • These are just in the design stage, before transactional data collection, linkage, secondary use issues, etc.

  • Chapter 7’s toolkit describes each of these in detail

(c) 2003 Hewlett-Packard


1 authentication s implications separate from technology
1. Authentication’s Implications Separate from Technology:

  • The act of authentication affects privacy, regardless of the technology used

  • Requires some revelation and confirmation of personal information

    • Establishing an identifier or attribute

    • Potential transactional records

    • Possible exposure of information to parties not involved in authentication

(c) 2003 Hewlett-Packard


2 attribute choice affects privacy
2. Attribute Choice Affects Privacy Technology:

  • Informational privacy

    • Distinctive vs. more general

    • Minimize disclosure

    • Ensure data quality

    • Avoid widely-used attributes

  • Decisional – If sensitive, may impinge willingness

  • Bodily integrity – If requires physical collection, may be invasive

  • Communications – If attribute reveals address, phone, network

(c) 2003 Hewlett-Packard


3 identifier selection affects privacy
3. Identifier Selection Affects Privacy Technology:

  • Informational privacy

    • Identifier itself may be revealing

    • Will link to the individual

  • Decisional – Fewer effects if random or if allows for pseudonymous participation

  • Bodily integrity – Minimal effects

  • Communications – Problem if identifier is address or number (telephone, IP address, etc.)

(c) 2003 Hewlett-Packard


4 identity selection affects privacy
4. Identity Selection Affects Privacy Technology:

  • Three possibilities

    • Identifier is only information available to the system

    • Identifier is not linked to information outside of the system

    • Identifier may be linked to outside records

  • Tracking transactional information poses risk to decisional privacy

  • All issues related to identifier choice remain relevant here

(c) 2003 Hewlett-Packard


5 act of authentication affects privacy
5. Act of Authentication Affects Privacy Technology:

  • Authentication usually accomplished by observing the user or requiring support of the claim

  • Informational – If records are kept

  • Decisional – Intrusiveness and visibility may affect

  • Bodily Integrity – If close contact is required

  • Communications – If communication systems use is required

(c) 2003 Hewlett-Packard


Additional issues
Additional Issues Technology:

  • When is authentication really necessary?

  • Secondary use of identifiers

    • Without original system limits in mind, usage can become highly inappropriate

    • This can lead to privacy and security problems, compromise original mission, and generate additional costs

  • Explicit recognition of the appropriateness of multiple identities for individuals

  • Usability

    • Design systems with human limits in mind!

    • Employ user-centered design methods

  • Identity theft as a side effect of authentication system design choices

(c) 2003 Hewlett-Packard


As for nationwide identity systems
As for Nationwide Identity Systems… Technology:

  • Driver’s licenses are a nationwide identity system

  • The challenges are enormous

    • Inappropriate linkages and secondary use likely without restrictions

  • Biometrics databases and samples would need strong protection

  • Any new proposals should be subject to analysis here and in IDs—Not That Easy

(c) 2003 Hewlett-Packard


Questions
Questions Technology:

???

Follow-up:

Joe Pato

HP Labs

One Cambridge Center – 11’th Floor

Cambridge, MA 02142

[email protected]

(c) 2003 Hewlett-Packard


ad