Digital Identity in Perspective - World Wide Web Consortium · Copyright © 2011 Boeing. All rights...
Transcript of Digital Identity in Perspective - World Wide Web Consortium · Copyright © 2011 Boeing. All rights...
EOT_IT_Sub_Template.ppt | 1/4/2007 | 1 BOEING is a trademark of Boeing Management Company. Copyright © 2011 Boeing. All rights reserved.
Digital Identity in Perspective
John Tolbert May 2011
Engineering, Operations & Technology | Information Technology Information Security
History
• Users • Groups • ACLs • RBAC • ABAC • PBAC • PABAC • RAdAC
EOT_IT_Sub_Template.ppt | 2 Copyright © 2011 Boeing. All rights reserved.
Engineering, Operations & Technology | Information Technology Information Security
The machinery of identity
• LDAP directories • Web access management systems • Identity federation • Public key infrastructure • SmartCards
EOT_IT_Sub_Template.ppt | 3 Copyright © 2011 Boeing. All rights reserved.
Engineering, Operations & Technology | Information Technology Information Security
Different communities, different identities
• Education • Enterprise • Government & defense • Health care • Finance • Retail • Social media
EOT_IT_Sub_Template.ppt | 4 Copyright © 2011 Boeing. All rights reserved.
Engineering, Operations & Technology | Information Technology Information Security
Digital identity: not an end-in-itself
EOT_IT_Sub_Template.ppt | 5 Copyright © 2011 Boeing. All rights reserved.
Engineering, Operations & Technology | Information Technology Information Security
Issues
• Identity providers? • Standards support & interoperability
• SAML • OpenID • oAUTH
• Movement of emphasis from identity to access control, audit, and privacy
• Data protection • Platform assurance
EOT_IT_Sub_Template.ppt | 6 Copyright © 2011 Boeing. All rights reserved.
Engineering, Operations & Technology | Information Technology Information Security
Data Protection
We must find innovative ways to protect data within all levels of electronic systems:
1. Inventory data 2. Categorize data 3. Tag/mark data with meaningful
metadata 4. Cryptographically bind metadata
to data objects 5. Allow administrators to grant
permissions to individual data elements, based on user/device/application identities as well as resource metadata, actions, and environmental factors.
EOT_IT_Sub_Template.ppt | 7 Copyright © 2011 Boeing. All rights reserved.
Engineering, Operations & Technology | Information Technology Information Security
The Road Ahead
EOT_IT_Sub_Template.ppt | 8 Copyright © 2011 Boeing. All rights reserved.
Engineering, Operations & Technology | Information Technology Information Security
The Road Ahead
• The “role” of identity • Balanced with access control, privacy, etc. • Platform assurance • Encourage work of Trusted Computing Group
• Extend existing standards and profiles
• SAML • XACML • OpenID, oAUTH
• Interoperability of identity concepts, products, and protocols, across multiple platforms and multiple sectors: Kantara Initiative
EOT_IT_Sub_Template.ppt | 9 Copyright © 2011 Boeing. All rights reserved.
EOT_IT_Sub_Template.ppt | 10 Copyright © 2011 Boeing. All rights reserved.