July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted...

July 25, 2005 PEP Workshop, UM 2005 1

A Single Sign-On Identity Management System

Without a Trusted Third PartyBrian Richardson and Jim GreerBrian Richardson and Jim Greer

ARIES LabARIES Lab

Department of Computer ScienceDepartment of Computer Science

University of SaskatchewanUniversity of Saskatchewan


OverviewOverview

Purpose:Purpose: To create a personal information To create a personal information

management system for online management system for online businesses/consumersbusinesses/consumers

Why?Why? Help users manage their personal Help users manage their personal

information and be aware of who has itinformation and be aware of who has it Help businesses comply with some Help businesses comply with some

areas of privacy legislationareas of privacy legislation


MotivationMotivation

Legislation: Legislation: Canada’s Personal Information Protection and Canada’s Personal Information Protection and

Electronic Documents Act (PIPEDA)Electronic Documents Act (PIPEDA) Privacy Concerns: Privacy Concerns:

The increasing concerns of Internet users The increasing concerns of Internet users about what information online businesses about what information online businesses recordrecord

Tool Support: Tool Support: The lack of an available privacy tool that The lack of an available privacy tool that

allows for management of multiple identitiesallows for management of multiple identities


Privacy Tools and Privacy Tools and ResearchResearch

P3PP3P TRUSTeTRUSTe Privacy CriticsPrivacy Critics PISAPISA PPCSPPCS EPAEPA EPALEPAL

SAMLSAML FIMFIM PRIMEPRIME FIDISFIDIS Liberty AllianceLiberty Alliance MS .NET PassportMS .NET Passport MS InfocardsMS Infocards


Design GoalsDesign Goals

Goal: try to design a personal information Goal: try to design a personal information service, service, but with the following restrictions:but with the following restrictions: Does NOT:Does NOT:

use a third-party for management of personal information use a third-party for management of personal information require passing identity information between businessesrequire passing identity information between businesses

Does permit: Does permit: multiple identities from within a single user accountmultiple identities from within a single user account greater access for users managing their personal greater access for users managing their personal

informationinformation businesses to comply with disclosure rules defined by businesses to comply with disclosure rules defined by

PIPEDAPIPEDA


Identity Management Identity Management Architecture (IMA)Architecture (IMA)

The IMA system has two main components:The IMA system has two main components:

1.1. IMA Toolbar/Manager (Client): IMA Toolbar/Manager (Client): An application that attaches to the user’s An application that attaches to the user’s

web browser and handles the management web browser and handles the management of all user identities and web browsing of all user identities and web browsing history.history.

2.2. IMA Web Service (Business): IMA Web Service (Business): A web service that each participating A web service that each participating

business provides to allow users of the business provides to allow users of the IMA Manager to send and receive identity IMA Manager to send and receive identity information.information.


Architecture OverviewArchitecture Overview

IMA User

Machine with IMA Toolbar installed

IMA Manager

Application

IMA Participating Business

Database

Visits participating business’s web site

Browsing the Internet

Store identitiesand profiles

Communicate with businessthrough web service interface

Create/Update identities, view profile information, etc.


Key FeaturesKey Features

The three key features of the IMA system:The three key features of the IMA system: Provides for the creation and management Provides for the creation and management

of multiple discrete personal identities.of multiple discrete personal identities. Allows users to restrict the access that Allows users to restrict the access that

businesses have to identifying information.businesses have to identifying information. Provides users with the ability to request Provides users with the ability to request

from a business what personal information from a business what personal information is storedis stored


HypothesisHypothesis

The two key questions this research answers The two key questions this research answers are:are:

– Does the IMA System provide users with Does the IMA System provide users with more flexibility and control over the more flexibility and control over the management of their personal information management of their personal information than a third-party system does? than a third-party system does?

– Does the IMA System support business Does the IMA System support business compliance with current privacy compliance with current privacy legislation? legislation?


.NET Passport.NET PassportPassport

User

PassportBusiness

.NET Passport

Return user’s passport account

Provide user’s sign-in information

Sign-in using passport

Create a passport account


Liberty AllianceLiberty Alliance

User

Liberty AllianceBusiness

AProvides

user’saccount

Liberty AllianceBusiness

B

Requests user’s account

User creates an accountwith a business they trust

User logs in at business B which has a relationship with business A


IMAIMA

IMA User IMABusiness

Provides user with access to updateAnd review personal information

IMA client provides authentication info to business if an established relationship exists


Identity-to-Business Identity-to-Business AssociationsAssociations

IMAManager

IdentityAnonymous

IdentityPersonal

IdentityWork

Business A Business B Business C


Managed RelationshipsManaged Relationships

.NET Passport

Liberty Alliance

IMA

Passport

Liberty Alliance

IMA


ImplementationImplementation

IMA ToolbarIMA Toolbar IMA ManagerIMA Manager IMA Web ServiceIMA Web Service Example participating business web Example participating business web

sitesite XML DataXML Data


IMA ToolbarIMA Toolbar

Participation IconParticipation Icon Account logged inAccount logged in Identity listIdentity list ““Go” (associate Go” (associate

identity)identity) Eye logo, opens Eye logo, opens

the IMA Manager the IMA Manager applicationapplication


IMA ManagerIMA Manager


IMA Web ServiceIMA Web Service public bool Authenticate( … ) public bool Authenticate( … ) public void AddIdentity( … ) public void AddIdentity( … ) public Ima.Manage.Identity GetIdentity( .. ) public Ima.Manage.Identity GetIdentity( .. ) public void UpdateIdentity( … ) public void UpdateIdentity( … ) public void AddProfile( … )public void AddProfile( … ) public Ima.Manage.Profiles GetProfile( … ) public Ima.Manage.Profiles GetProfile( … ) public void UpdateProfile( … ) public void UpdateProfile( … ) public void AddHistoryItem( … )public void AddHistoryItem( … ) public void AddVisitor( … )public void AddVisitor( … )


Participating BusinessParticipating Business


XML DataXML Data


EvaluationEvaluation

The IMA system was evaluated on The IMA system was evaluated on two criteria to show how it answers two criteria to show how it answers the research questions posed by the research questions posed by this thesis:this thesis:

1.1. Access to Personal InformationAccess to Personal Information

2.2. Privacy Legislation CompliancePrivacy Legislation Compliance


Access to Personal Access to Personal Information Comparison Information Comparison

CriteriaCriteria1.1. Ability to edit information Ability to edit information 2.2. Tracking of business to identity associations Tracking of business to identity associations 3.3. Viewing of information stored at a business Viewing of information stored at a business 4.4. Removing of information stored at a businessRemoving of information stored at a business5.5. The creation of multiple discrete identities The creation of multiple discrete identities 6.6. The ability to link an identity to a businessThe ability to link an identity to a business7.7. No reliance on third party storageNo reliance on third party storage8.8. Tracking of information provided to a business Tracking of information provided to a business 9.9. Automatically pushes out information updates Automatically pushes out information updates

to businesses that information has been used at to businesses that information has been used at


Access to Personal Access to Personal InformationInformation

Comparison ResultsComparison ResultsSummary of Information Access Comparison

0

1

2

3

4

5

6

7

8

9

10

.Net Passport Liberty Alliance Info-Cards IMA

Systems Reviewed

Information Access/Update/Management

Comparison Answers

No

Unknown

Yes


Privacy Legislation Privacy Legislation ComplianceCompliance

Comparison CriteriaComparison Criteria Based on PIPEDA and DPA Based on PIPEDA and DPA

principlesprinciples1.1. Consent must be obtainedConsent must be obtained

2.2. Limit collection of personal dataLimit collection of personal data

3.3. Limit use, disclosure, and retention Limit use, disclosure, and retention

4.4. Ensure the accuracy of information Ensure the accuracy of information

5.5. Give individuals access to their Give individuals access to their informationinformation


Privacy CompliancePrivacy ComplianceComparison SummaryComparison Summary

Summary of Privacy Legislation Compliance Comparison

0

1

2

3

4

5

6

.Net Passport Liberty Alliance Info-Cards IMA

Systems Reviewed

Business Responsibilities to Support Compliance

with PIPEDA

No

Partially

Yes


Benefits of the IMA Benefits of the IMA SystemSystem

For Internet Users:For Internet Users: More control over More control over

personal informationpersonal information Stay informed of what Stay informed of what

information has been information has been given to a businessgiven to a business

Ability to view, add, Ability to view, add, modify, and remove modify, and remove personal informationpersonal information

Update information for Update information for multiple businesses by multiple businesses by entering it onceentering it once

For Businesses:For Businesses: Improved compliance Improved compliance

with privacy legislationwith privacy legislation Identity information Identity information

managed and updated managed and updated by usersby users

More accurate contact More accurate contact information since users information since users can correct mistakescan correct mistakes

Improves business’s Improves business’s ability to personalize ability to personalize contentcontent


ChallengesChallenges Issues in the IMA system that will need to Issues in the IMA system that will need to

be addressed:be addressed: Security of informationSecurity of information Information stored on client machineInformation stored on client machine Account theftAccount theft

Posing as another user to retrieve their personal Posing as another user to retrieve their personal information from a businessinformation from a business

LeachingLeaching Businesses using the IMA web service to gather Businesses using the IMA web service to gather

identity information but not:identity information but not: making their participation publicmaking their participation public providing users with access to their profile providing users with access to their profile


ContributionsContributions Lack of reliance on third party for Lack of reliance on third party for

management of personal informationmanagement of personal information Use of multiple discrete identities all Use of multiple discrete identities all

managed from a single user accountmanaged from a single user account Identity-to-Business associations, Identity-to-Business associations,

managed for you by the IMA systemmanaged for you by the IMA system Disclosure, correction, and removal of Disclosure, correction, and removal of

personal information managed by userpersonal information managed by user Improved compliance for businesses with Improved compliance for businesses with

privacy legislation disclosure privacy legislation disclosure requirementsrequirements


Future WorkFuture Work

IMA system:IMA system: Address security issuesAddress security issues Account access from multiple locationsAccount access from multiple locations

Possible focus switch: Possible focus switch: look at how existing systems (i.e., look at how existing systems (i.e.,

Passport and Liberty Alliance) could be Passport and Liberty Alliance) could be adapted to support:adapted to support: Multiple identitiesMultiple identities Disclosure on demandDisclosure on demand

July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted...

Documents

Transcript of July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted...