slide1
Download
Skip this Video
Download Presentation
Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b

Loading in 2 Seconds...

play fullscreen
1 / 33

Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b - PowerPoint PPT Presentation


  • 97 Views
  • Uploaded on

Identity Management: Enterprise, E-Commerce and Government applications and their implications for privacy. Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b 10 April 2003. Introduction. Future – Ubiquitous Computing Ginger Segue Identity Management

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b' - vilina


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Identity Management: Enterprise, E-Commerce and Government applications and their implications for privacy

Joe Pato, Principal Scientist

Trust, Security & Privacy

HP Labs

Guest Lecture - CPSC 155b

10 April 2003

introduction
Introduction
  • Future – Ubiquitous Computing
    • Ginger Segue
  • Identity Management
    • What is Identity
    • Authentication
    • Enterprise / Internet / Government contexts
  • Privacy Considerations

(c) 2003 Hewlett-Packard

identity management
Identity Management

Identity Management is:

  • the set of processes, tools and social contracts surrounding
    • the creation
    • maintenance
    • and termination of a digital identity
  • for people or, more generally, for systems and services
  • to enable secure access to an expanding set of systems and applications.

(c) 2003 Hewlett-Packard

views of identity
Views of Identity

“The Aggregate Me”

CreditBureau

“My view of me”

Government view

Employer view of me

Foo.com view of me

(c) 2003 Hewlett-Packard

some definitions
Courtesy of Some Definitions

Who Goes There? Authentication Through the Lens of Privacy

  • Committee on Authentication Technologies and Their Privacy Implications

Computer Science and Telecommunications Board

The National Academies

Washington, D.C.

http://cstb.org/

(c) 2003 Hewlett-Packard

individual
Individual

An individual is a person.

(c) 2003 Hewlett-Packard

identifier
Identifier

“Lamont Cranston”

“Employee #512657”

An identifier identifies an individual.

(c) 2003 Hewlett-Packard

attribute
Attribute

An Attribute describes a property associated with an individual

(c) 2003 Hewlett-Packard

identity
Identity

“The Shadow”

?

“an identity of X” is the set of information about an individual X

associated with that individual in a particular identity system Y

(c) 2003 Hewlett-Packard

identification
Identification

Identification is the process of using

claimed or observed attributes of an individual

to infer who the individual is

(c) 2003 Hewlett-Packard

authenticator
Authenticator

An authenticator is evidence which is presented

to support authentication of a claim.

It increases confidence in the truth of the claim

(c) 2003 Hewlett-Packard

authentication
Authentication

Authentication is the process of establishing confidence

in the truth of some claim

There are different types of authentication…

(c) 2003 Hewlett-Packard

attribute authentication
Attribute Authentication

!

Attribute Authentication is the process of establishing

an understood level of confidence

that an attribute applies to a specific individual

(c) 2003 Hewlett-Packard

individual authentication
Individual Authentication

“Lamont Cranston”

!

Individual Authentication is the process of

establishing an understood level of confidence that

an identifier refers to a specific individual

(c) 2003 Hewlett-Packard

identity authentication
Identity Authentication

“The Shadow”

!

Identity Authentication is the process of establishing

an understood level of confidence

that an identifier refers to an identity

(c) 2003 Hewlett-Packard

authorization
Authorization

Authorization is the process of deciding

what an individual ought to be allowed to do

(c) 2003 Hewlett-Packard

internet vs enterprise
Internet vs. Enterprise
  • Organizational control of population
  • Ability to issue tokens
  • Ability to mandate desktop software
  • Direct vs. network access
  • Scale of population
  • Privacy Issues

(c) 2003 Hewlett-Packard

government s unique role
Government’s Unique Role
  • Regulator, Issuer of identity documents, Relying Party
  • Unique Relationship with Citizens
    • Many transactions are mandatory
    • Agencies cannot choose their markets
    • Relationships can be cradle-to-grave
    • Individuals may have higher expectations for government
  • Provider of Services
    • A common identifier may be in tension with principles of Privacy Act

(c) 2003 Hewlett-Packard

foundational documents pose risks
Foundational Documents Pose Risks
  • Many of these documents are very poor from a security perspective
    • Diverse issuers
    • No ongoing interest on part of issuer to ensure validity/reliability
  • Birth certificates are particularly poor
    • Should not be sole base identity document

(c) 2003 Hewlett-Packard

identity management components

Consumable

Single Sign-On

Personalization

Access Management

Repository

Lifecycle

Provisioning

Longevity

Policy Control

Auditing

AuthenticationProvider

Foundation

Identity Management Components

(c) 2003 Hewlett-Packard

authentication technologies
Authentication Technologies
  • Passwords
  • Tokens
  • Smartcards
  • Biometrics
  • PKI
  • Kerberos

(c) 2003 Hewlett-Packard

federated identity liberty alliance
Federated Identity: Liberty Alliance

XML, SAML, XML-DSIG, WAP, HTML,

WSS, WSDL, SOAP, SSL/TLS

Liberty Identity Federation Framework (ID-FF)

Liberty Identity Services Interface Specifications(ID-SIS)

Liberty Identity Web Services Framework(ID-WSF)

(c) 2003 Hewlett-Packard

privacy
Privacy
  • Numerous philosophical approaches
  • Four types discussed here
    • Information privacy
    • Bodily integrity
    • Decisional privacy
    • Communications privacy

(c) 2003 Hewlett-Packard

general privacy implications
General Privacy Implications
  • Authentication can implicate privacy – the broader the scope, the greater the potential privacy impact
  • Using a small number of identifiers across systems facilitates linkage, affects privacy
  • Incentives to protect privacy are needed
  • Minimize linkage and secondary use

(c) 2003 Hewlett-Packard

multiple stages at which privacy is affected
Multiple Stages at which Privacy is Affected
  • Authentication, generally
  • Choice of Attribute
  • Selection of Identifier
  • Selection of Identity
  • The Act of Authentication
  • These are just in the design stage, before transactional data collection, linkage, secondary use issues, etc.
  • Chapter 7’s toolkit describes each of these in detail

(c) 2003 Hewlett-Packard

1 authentication s implications separate from technology
1. Authentication’s Implications Separate from Technology:
  • The act of authentication affects privacy, regardless of the technology used
  • Requires some revelation and confirmation of personal information
    • Establishing an identifier or attribute
    • Potential transactional records
    • Possible exposure of information to parties not involved in authentication

(c) 2003 Hewlett-Packard

2 attribute choice affects privacy
2. Attribute Choice Affects Privacy
  • Informational privacy
    • Distinctive vs. more general
    • Minimize disclosure
    • Ensure data quality
    • Avoid widely-used attributes
  • Decisional – If sensitive, may impinge willingness
  • Bodily integrity – If requires physical collection, may be invasive
  • Communications – If attribute reveals address, phone, network

(c) 2003 Hewlett-Packard

3 identifier selection affects privacy
3. Identifier Selection Affects Privacy
  • Informational privacy
    • Identifier itself may be revealing
    • Will link to the individual
  • Decisional – Fewer effects if random or if allows for pseudonymous participation
  • Bodily integrity – Minimal effects
  • Communications – Problem if identifier is address or number (telephone, IP address, etc.)

(c) 2003 Hewlett-Packard

4 identity selection affects privacy
4. Identity Selection Affects Privacy
  • Three possibilities
    • Identifier is only information available to the system
    • Identifier is not linked to information outside of the system
    • Identifier may be linked to outside records
  • Tracking transactional information poses risk to decisional privacy
  • All issues related to identifier choice remain relevant here

(c) 2003 Hewlett-Packard

5 act of authentication affects privacy
5. Act of Authentication Affects Privacy
  • Authentication usually accomplished by observing the user or requiring support of the claim
  • Informational – If records are kept
  • Decisional – Intrusiveness and visibility may affect
  • Bodily Integrity – If close contact is required
  • Communications – If communication systems use is required

(c) 2003 Hewlett-Packard

additional issues
Additional Issues
  • When is authentication really necessary?
  • Secondary use of identifiers
    • Without original system limits in mind, usage can become highly inappropriate
    • This can lead to privacy and security problems, compromise original mission, and generate additional costs
  • Explicit recognition of the appropriateness of multiple identities for individuals
  • Usability
    • Design systems with human limits in mind!
    • Employ user-centered design methods
  • Identity theft as a side effect of authentication system design choices

(c) 2003 Hewlett-Packard

as for nationwide identity systems
As for Nationwide Identity Systems…
  • Driver’s licenses are a nationwide identity system
  • The challenges are enormous
    • Inappropriate linkages and secondary use likely without restrictions
  • Biometrics databases and samples would need strong protection
  • Any new proposals should be subject to analysis here and in IDs—Not That Easy

(c) 2003 Hewlett-Packard

questions
Questions

???

Follow-up:

Joe Pato

HP Labs

One Cambridge Center – 11’th Floor

Cambridge, MA 02142

[email protected]

(c) 2003 Hewlett-Packard

ad