1 / 53

Identity Management Authorization and User Profiles: Higgins1.0 and Beyond

Paul Trevithick, paul@socialphysics.org Mary Ruddy, mary@socialphysics.org. Identity Management Authorization and User Profiles: Higgins1.0 and Beyond. Outline. What is Higgins?– 20 minute introduction Demo of a Higgins Identity Selector Solution – 10 min

theodoreg
Download Presentation

Identity Management Authorization and User Profiles: Higgins1.0 and Beyond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Paul Trevithick, paul@socialphysics.org Mary Ruddy, mary@socialphysics.org Identity Management Authorization and User Profiles: Higgins1.0 and Beyond

  2. Outline • What is Higgins?– 20 minute introduction • Demo of a Higgins Identity Selector Solution – 10 min • Higgins Global Graph Drill Down – 60 min • Higgins community – 5 min • Higgins adoption – 5 min • Higgins 1.0 – 10 min • Higgins Futures – 10 min

  3. The web of today isn’t people-centered

  4. It’s silo-centered • People go from site to site setting up accounts and pouring in stuff about themselves • Everything the site learns is from people’s fingers – clicks of the keyboard or mouse • Its tedious for the user – she’s constantly repeating herself, typing in forms Site B Site A Site C Type type type, click, click, click. Clickety-clack, clickety-clack.

  5. The vision of user-centric Identity Management

  6. User-centric Identity Management • What if you could register at a site without typing data into forms and having to remember passwords? “Identity Selector”

  7. User-centric Identity Management • What if you could register at a site without typing data into forms and having to remember passwords? • And what if you could manage all of your identities as a set of visual “information cards” in one place Site A Site B Site C Identity Selector

  8. Higgins Higgins 1: a species of Tasmanian long-tailed mouse 2: an open source identity selector and interoperability framework being developed by IBM, Novell, Oracle, CA, Google, Parity…

  9. Goals: 1 of 5 • Provide a consistent user experience based on card icons for the management and release of identity data • This is needed in order to have a trusted mechanism for authentication and other interactions that is less vulnerable to phishing and other attacks and that works for a wide variety of users and systems • See Higgins 1.0 “Identity Selector”

  10. Goals: 2 of 5 • Empower users with more convenience and control over personal information distributed across external information silos. • Provide a single point of control over multiple identities, preferences and relationships • See Higgins 1.0 “Identity Selector”

  11. Goals: 3 of 5 • Provide an API and data model for the virtual integration and federation of identity and security information from a wide variety of sources • See Higgins 1.0 “Identity Attribute Service”

  12. Goals: 4 of 5 • Provide plug-in adapters to enable existing data sources including directories, communications systems, collaboration systems and databases each using differing protocols and schemas to be integrated into the framework • See Higgins 1.0 “Identity Attribute Service” “Context Provider” plugins

  13. Goals: 5 of 5 • Provide a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries • It organizes relationships into a set of distinct social contexts within which a person expresses different personas and roles • See Higgins 1.0 “Higgins Global Graph” data model

  14. The Three Layers of Solutions

  15. “Identity Selector” App Solution

  16. Information Card (aka I-Card) User Metaphor Managed Personal(self-issued)

  17. I-Cards are managed by an Identity Selector application

  18. Click on a card Identity Selector User Interface(Higgins is interoperable with Microsoft CardSpace™shown here)

  19. …just click and you’re registered and/or signed in!(No more “per site” passwords)

  20. The Identity Selector apps are powered by an interoperability framework

  21. Interoperability Framework Higgins Browser Extension Apps Identity Providers Relying Parties Apps andServices Commondata model Higgins Framework Plug-ins Protocol Providers implement protocols for interacting with Relying Parties CardSpace OpenID RSS/Atom SAML I-Card Providers implement identity protocols and card types CardSpace Managed (WS-Trust) CardSpace Personal Higgins Relationship Token Providers implement different kinds of security tokens SAML X509 Kerberos UN/PS Idemix IdAS Context Providers connect to different identity data sources JNDI / LDAP Enterprise Apps RDF OWL Active Directory Comms Clients

  22. Identity Selector Solutions • Firefox-embedded Selector Solution • For Firefox on Windows, Linux, and OSX (Requires hosted I-Card Service Component) • GTK / Cocoa Selector Solution – C++ • For Firefox on Linux, FreeBSD and OSX • RCP Selector Solution • For Eclipse RCP Application

  23. The Three Layers of Solutions

  24. Identity Web Services Solutions Identity Providers (IdPs) • STS IdP WS-Trust Identity Provider (webapp and web service) • SAML2 IdP SAML2 Identity Provider (webapp and web service) Relying Parity (RP) Example Website • Extensible Protocol RP Website I-Card enabled Relying Party site (webapp)

  25. The Three Layers of Solutions

  26. Higgins Global Graph • Provides a foundation for achieving data portability, interoperability and unification for identity, profile, preference and social relationship data about people, things or concepts • Identity information related to identification, authentication, etc. • It also includes attributes such as preferences, interests, and associated objects like events and things, wishlists. • It includes relational attributes representing friends and other kinds of associations with other people, organizations, etc. • An important kind of relation, called a correlation, models a link between different representations of the same person in different contexts (systems)

  27. Higgins Global Graph Implementation • Identity Attribute Service + Context Providers (plugins) • Implements the Higgins Global Graph • Can be extended using Context Providers that connect the IdAS to various systems or data stores.

  28. Higgins Identity Selector Demonstration

  29. Higgins Global Graph Data Model

  30. Requirements for Interoperability • Three things are required to achieve identity and social data interoperability: • A common data model (including a common schema description language) • An API and/or service abstraction • Schema mapping transforms or a common schema • #1 is addressed by the Higgins Global Graph model • #2 can be addressed using the Higgins Identity Attribute Service (aka IdAS) • #3 is considered out of scope

  31. Contexts and ContextId Data Range URIs • A Context is a data container/source • Each Context is identified by a URI • Specifically, a ContextId Data Range URI • Examples of Contexts: • Facebook social network • LDAP directory • PeopleSoft database • Mobile phone network A Context

  32. Contexts contain Nodes • Nodes are representations of entities (e.g. real world people, groups, organizations, objects, etc.) • Each Node is identified by a URI • Specifically, a NodeId Data Range URI Context A Node representing your manager R&D Dept. A Node representing you

  33. Nodes have zero or more Attributes • Each attribute has an attribute type (URI) • Each attribute one or more values • These values may be simple (e.g. a string) or complex (e.g. a postal address, 3D avatar mesh, calendar event, etc.) Attributes of a Node Node Abstract Concept Each attribute has one or more values Bob activities: plays-golf-every Example Value = “Saturday” Value = “Wednesday”

  34. Attribute values and Data Ranges • All simple attribute values have a base datatype that is one of the XML Schema types (e.g. string, integer, boolean, anyURI, etc.) • They may also have syntax constraint facets (e.g. length, pattern, minInclusive) as defined by XML Schema • Two Data Ranges are pre-defined: • NodeId Data Range – a URI that identifies a Node • ContextId Data Range – URI that identifies a Context

  35. Attribute Statements • An instance of a node-attribute-value triple is called an attribute Statement • Statements may have attributes An Attribute Statement Abstract Concept Attributes about the Statement Bob eye-color blue Example asserted-by Massachusetts Department of Motor Vehicles valid-until Aug 17th 2010

  36. The NodeId Attribute • Almost all Nodes have a special NodeId attribute whose value is a NodeId Data Range that uniquely identifies the Node within its containing Context Node NodeId attribute The value of the NodeId attribute identifies the Node itself

  37. The Node Relation Attribute • A Node Relation attribute creates a link between two Nodes Node Node Relation attribute The value of a Node Relation attribute is a URI that uniquely identifies some other node Abstract Concept Bob foaf:knows Example Value: Alice Alice

  38. The NodeCorrelation Attribute • A Node Correlation attribute creates a link between two Nodesandimplies that both nodes are representations of the same underlying Entity (e.g. person or thing) Node Node Corelation attribute The value of a Node Correlation attribute is a URI that uniquely identifies another node representing the same Entity Abstract Concept Bob higgins:correlation Example Value: “Robert Smith” Robert Smith

  39. A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you) Simplified Rendering of Relations Bob correlation Value: “Alice” Alice Dotted line implies relation Alice Bob

  40. A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you) Simplified Rendering of Correlations Bob correlation Value: “Robert Smith” Robert Smith Solid line implies correlation Robert Smith Bob

  41. A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you) Relation and Correlation examples In this example you have two accounts/profiles in Context A and you are also member of the Yahoo Group. You know another member of the Yahoo Group. NodeId Data Range (URI) Identifies the Context Identifies Node 4668 within it Node Correlations @yahoo*group22 // 4668 333 4668 Context A Yahoo*group-22 @yahoo*group22 // 333 Node Relation

  42. A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you) The Attribute Statement: “You know Drummond” Friends List example Drummond e.g. Facebook

  43. A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you) Social Network example Reciprocated (confirmed) link Facebook

  44. A Node representing entity #1 (e.g. you) A Node representing an entity other than entity #1 (e.g. someone other than you) A Cross-Context example You “Meta” Context You You Dept of Motor Vehicles Social Security Administration Facebook Second Life Other Nodes

  45. Contexts Relations and Correlations • Contexts can have both Context Relations and Context Correlations that are analogs to Node Relations and Node Correlations respectively • A Context Relation is a “related” Context • A Context Correlation is another Context that is a representation of the same underlying set of Entities (e.g. the same underlying organizational department)

  46. Enterprise Directory example Enterprise directory Context with two sub-Contexts XYZ Corporation Contexts can have relationships with other Contexts. These are called Context Relations. R&D Dept. Marketing Dept. You Your Manager

  47. Higgins Global Graph Specifications

  48. Higgins Global Graph:ImplementationSpecifications Identifiers Ontology (Schema) Discovery Higgins Identifiers Higgins XRDS Service Endpoints Higgins Context Descriptors [Planned] Higgins Ontology Language (HOWL) OpenID Cool URIs XRI XRI XDI WS-Addressing RDFS / OWL Key: W3C OASIS De facto v10

  49. Context Ontologies • Contexts describe their ontologies using RDF/OWL • Contexts base their ontologies on higgins.owl (aka HOWL) • Contexts are otherwise free to define their own data schemas/ontologies • For example, a Context could define a Person, that has eyeColor and phoneNumber attributes: • Person would sub-class higgins:Node • eyeColor would specialize higgins:attribute

  50. Higgins Community Includes

More Related