Managing Cyber-Identity, Authorization and Trust (and their inter-relationships)
-
Upload
brittany-perez -
Category
Documents
-
view
16 -
download
0
description
Transcript of Managing Cyber-Identity, Authorization and Trust (and their inter-relationships)
Managing Cyber-Identity, Authorization and Trust(and their inter-relationships)
Prof. Ravi SandhuLaboratory for Information Security
TechnologyGeorge Mason University
2
Problem Drivers and Consequences
PROBLEM DRIVERS Uncertain threat: We always fight the last war Technological change: B2B integration, Pervasive (ubiquitous)
computing, Peer-to-peer, grid and utility computing, Intel’s LaGrande and Microsoft’s Longhorn, the next Intel, Microsoft, Cisco, …
Business change: Outsourcing/globalization, Cost/ROI, federated identity (relying party is NOT the identity provider), identity grades (identity vetting, authentication strength, purpose, privacy all vary)
CONSEQUENCES The 3-decade old problem of managing identity, authorization and
trust is rapidly becoming more difficult, challenging and essential Real progress requires radical shifts in our approach and
fundamental advances in basic research
3
Radical Shifts: get real
Focus on what needs to be done rather than how it is to be done real-word business requirements rather than
hypothetical academic scenarios the 80% problem rather than the 120% problem soft and informal rather than hard and formal constructing the policy rather than auditing the policy constructive safety via policy articulation and
evolution rather than post-facto algorithmic safety ordinary consumers as end-users and administrators
rather than techno-geeks or math-geeks
4
Radical Shifts: good enough beats perfect
EASY SECURE
COST
Security geeksReal-world users
System owner