De-Confusion Big Picture

Tuesday Session 1 Space E

Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes

"De-confusing" Identity (5/18 session 1)

"On the Internet, nobody knows you're a dog" (IIW logo)
 * Anonymity is important
 * But people need the set of tools to be able to represent who they are (at varying levels of granularity/disclosure)

Communities in attendance -

Business
 * Enterprise Customer
 * Enterprise Identity Management Product
 * WebPortals (e.g. Google, Yahoo, MSN, LinkedIn)
 * Regular websites

Government
 * Europe, BC, DC

Standards Development Community
 * OASIS (InfoCards, SAML, XRI/XDI)
 * IETF and Internet Society (SMTP)
 * W3C (HTML)
 * ITU-T (phone) and ISO
 * "Floaters"
 * XMPP - Jabber
 * OpenID
 * Sysadmins
 * Web Developers
 * Etc. Etc. Etc.


 * Provisioning/issuing credentials for use of internal enterprise systems
 * e.g. username, password, auth token, etc.
 * SAML (Security Assertion Markup Language): Directory of employees with specific privileges
 * Authorization, or AuthZ (What you’re allowed to do)
 * Authentication, or AuthN (The identifier – the username you use, etc.)
 * Verification
 * Enrollment into system (new users)
 * Termination from system (ex-users)
 * SAML Federation
 * Business to Business sharing (e.g. American Airlines + Boeing)
 * Trusting each other's credentials
 * Doesn't scale well

OpenID = outsourcing username and password (same "username" or i-name)
 * Problem is phishing: Fake forms for OpenID providers
 * Therefore, OpenID is designed for low-security transactions

NASCAR problem: Addresses challenge of usability with OpenID (logos instead of having to remember your OpenID URL)

Info Cards OpenID + Information Cards = Open Identity Exchange
 * IDP issues card, or you make your own card
 * User selects cards
 * Open Source InfoCard Selector repository: Higgins Project
 * Send various attributes only, customize the amount of information sent

XRD is Discovery: A protocol for understanding and discovering services

We then went over a bunch of the organizations and how they relate to each other. See Kaliya’s flowchart slides for an overview.