The Identity Metasystem Caspar Bowden, Chief Privacy Advisor EMEA EMEA Technology Office on behalf...
-
date post
21-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of The Identity Metasystem Caspar Bowden, Chief Privacy Advisor EMEA EMEA Technology Office on behalf...
The Identity MetasystemThe Identity MetasystemCaspar Bowden, Chief Privacy Advisor EMEACaspar Bowden, Chief Privacy Advisor EMEAEMEA Technology Office EMEA Technology Office
on behalf of:on behalf of:Kim Cameron, Architect of Identity and AccessKim Cameron, Architect of Identity and AccessMicrosoft CorporationMicrosoft Corporation
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 22
Problem StatementProblem Statement
The Internet was built without a way to The Internet was built without a way to know who and what you are connecting toknow who and what you are connecting to
Everyone offering an internet service has had Everyone offering an internet service has had to come up with a workaroundto come up with a workaroundPatchwork of identity one-offsPatchwork of identity one-offsWe have inadvertently taught people to be We have inadvertently taught people to be phished and pharmedphished and pharmedNo fair blaming the user – no framework, no No fair blaming the user – no framework, no cues, no control cues, no control
We are “Missing the identity layer”We are “Missing the identity layer”Digital identity currently exists in a Digital identity currently exists in a world world without synergy without synergy because of identity silosbecause of identity silos
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 33
Criminalization of the Criminalization of the InternetInternet
Greater use and greater value attract Greater use and greater value attract professionalized international criminal fringeprofessionalized international criminal fringe
Understand ad hoc nature of identity patchworkUnderstand ad hoc nature of identity patchworkPhishing and Pharming (Phraud) at 1000% CAGRPhishing and Pharming (Phraud) at 1000% CAGRCombine with “stash attacks” reported as “identity Combine with “stash attacks” reported as “identity losses”…losses”…
Unwinding of acceptance where we should be Unwinding of acceptance where we should be seeing progress.seeing progress.
Opportunity of moving beyond “public-ation”Opportunity of moving beyond “public-ation”Need to intervene so web services can get out of the Need to intervene so web services can get out of the starting gatestarting gate
The ad hoc nature of internet identity The ad hoc nature of internet identity cannot withstand the growing assault of cannot withstand the growing assault of professionalized attackersprofessionalized attackers
We can predict a deepening public crisisWe can predict a deepening public crisis
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 44
What is a digital identity?What is a digital identity?
A set of A set of claimsclaims someone makes someone makes about meabout me
ClaimsClaims are are packaged as packaged as security tokenssecurity tokens
Many identities Many identities for many usesfor many uses
Useful to Useful to distinguish from distinguish from profilesprofiles
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 55
Identity is Matched to Identity is Matched to ContextContextIn ContextIn Context
Bank card at ATMBank card at ATM
Gov’t ID at border checkGov’t ID at border check
Coffee card at coffee Coffee card at coffee standstand
MSN Passport at HotMailMSN Passport at HotMail
Out of ContextOut of Context
Coffee card at border Coffee card at border checkcheck
Maybe Out of Context?Maybe Out of Context?
Gov’t ID at ATMGov’t ID at ATM
SSN as Student IDSSN as Student ID
MSN Passport at eBayMSN Passport at eBay
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 66
The Laws of IdentityThe Laws of IdentityAn Industry DialogAn Industry Dialog
1.1. User control and consentUser control and consent
2.2. Minimal disclosure for a defined useMinimal disclosure for a defined use
3.3. Justifiable partiesJustifiable parties
4.4. Directional identityDirectional identity
5.5. Pluralism of operators and Pluralism of operators and
technologiestechnologies
6.6. Human integrationHuman integration
7.7. Consistent experience across Consistent experience across
contextscontexts
Join the discussion atJoin the discussion at www.identityblog.comwww.identityblog.com
DetailsDetails
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 77
The role of “The Laws”…The role of “The Laws”…
We must be able to We must be able to structure our structure our understandingunderstanding of digital identity of digital identity
We need a way to avoid returning to the We need a way to avoid returning to the Empty PageEmpty Page every time we talk about digital identityevery time we talk about digital identityWe need to inform peoples’ thinking by teasing apart We need to inform peoples’ thinking by teasing apart the factors and dynamics explaining the successes and the factors and dynamics explaining the successes and failures of identity systems since the 1970sfailures of identity systems since the 1970sWe need to develop hypotheses – resulting from We need to develop hypotheses – resulting from observation – that are testable and can be disprovedobservation – that are testable and can be disprovedThe Laws of Identity offer a “good way” to express this The Laws of Identity offer a “good way” to express this thoughtthoughtBeyond mere conversation, the Blogosphere offers us Beyond mere conversation, the Blogosphere offers us a a cruciblecrucible. The concept has been to employ this . The concept has been to employ this crucible to crucible to harden and deepen the laws.harden and deepen the laws.
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 88
1. User Control and 1. User Control and ConsentConsent
Digital identity systems must only reveal Digital identity systems must only reveal information identifying a user with the information identifying a user with the user’s consentuser’s consent
Relying parties can require authenticationRelying parties can require authentication
The user can choose to comply or “walk The user can choose to comply or “walk away”away”
The system should appeal by means of The system should appeal by means of convenience and simplicity and win the user’s convenience and simplicity and win the user’s trusttrust
Put the user in control of what identities are used Put the user in control of what identities are used and what information is releasedand what information is released
Protect against deception (destination and misuse)Protect against deception (destination and misuse)
Inform user of auditing implicationsInform user of auditing implications
Retain paradigm of consent across all contextsRetain paradigm of consent across all contexts
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 99
2. Minimal Disclosure for 2. Minimal Disclosure for Limited UseLimited Use
The solution that discloses the least The solution that discloses the least identifying information and best limits its identifying information and best limits its use is the most stable long term solutionuse is the most stable long term solution
Consider Information breaches to be Consider Information breaches to be inevitableinevitable
To mitigate risk, acquire and store information To mitigate risk, acquire and store information on a “need to know” and “need to retain” on a “need to know” and “need to retain” basisbasis
Less information implies less value implies Less information implies less value implies less attraction implies less riskless attraction implies less risk
““Least identifying information” includes Least identifying information” includes reduction of cross-context information reduction of cross-context information (universal identifiers)(universal identifiers)
Limiting information hoarding for unspecified Limiting information hoarding for unspecified futuresfutures
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 1010
3. Justifiable Parties3. Justifiable Parties
Digital identity systems must limit Digital identity systems must limit disclosure of identifying information to disclosure of identifying information to parties having a necessary and justifiable parties having a necessary and justifiable place in a given identity relationshipplace in a given identity relationship
Justification requirements apply both to the Justification requirements apply both to the subject and to the relying partysubject and to the relying party
Example of Microsoft’s experience with Example of Microsoft’s experience with PassportPassport
In what contexts will use of government In what contexts will use of government identities succeed and fail?identities succeed and fail?
Parties to a disclosure must provide a Parties to a disclosure must provide a statement about information usestatement about information use
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 1111
4. Directed Identity4. Directed Identity
A unifying identity metasystem must A unifying identity metasystem must support both “omni-directional” identifiers support both “omni-directional” identifiers for public entities and “unidirectional” for public entities and “unidirectional” identifiers for private entitiesidentifiers for private entities
Digital identity is always asserted with respect Digital identity is always asserted with respect to some other identity or set of identitiesto some other identity or set of identitiesPublic entities require well-known “beacons”Public entities require well-known “beacons”
Examples: web sites or public devicesExamples: web sites or public devices
Private entities (people) require the option to Private entities (people) require the option to not be a beaconnot be a beacon
Unidirectional identifiers used in combination with a Unidirectional identifiers used in combination with a single beacon: no correlation handlessingle beacon: no correlation handles
Example of Bluetooth and RFID – growing Example of Bluetooth and RFID – growing pushbackpushbackWireless was also mis-designed in light of this Wireless was also mis-designed in light of this lawlaw
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 1212
5. Pluralism of 5. Pluralism of Operators and TechnologiesOperators and Technologies
A unifying identity metasystem must A unifying identity metasystem must channel and enable the inter-working of channel and enable the inter-working of multiple identity technologies run by multiple identity technologies run by multiple identity providersmultiple identity providers
Characteristics that make a system ideal in one Characteristics that make a system ideal in one context disqualify it in anothercontext disqualify it in anotherExample of government versus employer Example of government versus employer versus individual as consumer and human versus individual as consumer and human beingbeingCraving for “segregation” of contextsCraving for “segregation” of contextsImportant new technologies currently emerging Important new technologies currently emerging – must not glue in a single technology or – must not glue in a single technology or require “fork-lift” upgraderequire “fork-lift” upgradeConvergence can occur, but only when there is Convergence can occur, but only when there is a platform (identity ecology) for that to happen a platform (identity ecology) for that to happen inin
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 1313
6. Human Integration6. Human Integration
A unifying identity metasystem must A unifying identity metasystem must define the human user as a component define the human user as a component integrated through protected and integrated through protected and unambiguous human-machine unambiguous human-machine communicationscommunications
We’ve done a good job of securing the first We’ve done a good job of securing the first 5,000 miles but allowed penetration of the last 5,000 miles but allowed penetration of the last 2 feet2 feetThe channel between the display and the brain The channel between the display and the brain is under attackis under attackNeed to move from thinking about a protocol to Need to move from thinking about a protocol to thinking about a ceremonythinking about a ceremonyExample of Channel 9 on United AirlinesExample of Channel 9 on United AirlinesHow to achieve highest levels of reliability in How to achieve highest levels of reliability in communication between user and rest of communication between user and rest of systemsystem
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 1414
7. Consistent Experience 7. Consistent Experience Across ContextsAcross Contexts
A unifying identity metasystem must provide a A unifying identity metasystem must provide a simple consistent experience while enabling simple consistent experience while enabling separation of contexts through multiple separation of contexts through multiple operators and technologiesoperators and technologies
Make identities “things” on the desktop so users can Make identities “things” on the desktop so users can see them, inspect details, add and deletesee them, inspect details, add and delete
What type of digital identity is acceptable in given What type of digital identity is acceptable in given context?context?
Properties of potential candidates specified by the relying Properties of potential candidates specified by the relying partyparty
User selects one and understands information associated User selects one and understands information associated with it.with it.
Single relying party may accept more than one type Single relying party may accept more than one type of identityof identity
Facilitate “Segregation Of Contexts”Facilitate “Segregation Of Contexts”
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 1515
The Laws Define a The Laws Define a MetasystemMetasystem
MeMeDevicesDevices
PCs, Mobile, PhonePCs, Mobile, Phone
BusinessesBusinesses
OrganizationsOrganizations
GovernmentsGovernments
ApplicationsApplicationsExisting & NewExisting & New
TechnologiesTechnologiesX.509, SAML, KerberosX.509, SAML, Kerberos
IndividualsIndividualsWork & ConsumerWork & Consumer
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 1616
Metasystem PlayersMetasystem Players
Relying PartiesRelying PartiesRequire identitiesRequire identities
SubjectsSubjectsIndividuals and other Individuals and other entities about whom entities about whom
claims are madeclaims are made
Identity Identity ProvidersProviders
Issue identitiesIssue identities
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 1717
Identity MetasystemIdentity Metasystem
Consistent way to use multiple identity Consistent way to use multiple identity systemssystems
Remove friction without requiring everyone Remove friction without requiring everyone agree on one identity technology for agree on one identity technology for everythingeverything
Leverage current successesLeverage current successes
Enable us to move from past to futureEnable us to move from past to future
Four key characteristicsFour key characteristicsNegotiationNegotiation
Encapsulating protocolEncapsulating protocol
Claims transformationClaims transformation
Consistent user experienceConsistent user experience
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 1818
NegotiationNegotiation
Enable relying party, subject, and Enable relying party, subject, and identity provider to negotiateidentity provider to negotiate
Which claims are requiredWhich claims are required
Who can make themWho can make them
What type of technology is acceptableWhat type of technology is acceptable
Under what conditions claims will be Under what conditions claims will be issuedissued
How parties prove who they areHow parties prove who they are
How information will be usedHow information will be used
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 1919
Encapsulating ProtocolEncapsulating Protocol
Technology-agnostic way to Technology-agnostic way to exchange policies and claims exchange policies and claims between Identity Provider and between Identity Provider and Relying PartyRelying Party
Content and meaning of what is Content and meaning of what is exchanged determined by exchanged determined by participants, not metasystemparticipants, not metasystem
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 2020
Claims TransformationClaims Transformation
Trusted way to change one set of claims Trusted way to change one set of claims into anotherinto another
Specialized server + policy and trust Specialized server + policy and trust framework for translating foreign claims to framework for translating foreign claims to locally relevant claimslocally relevant claims
Bridge organizational and technical Bridge organizational and technical boundariesboundaries
Transform semanticsTransform semantics““Microsoft Employee” -> “Book Purchase OK”Microsoft Employee” -> “Book Purchase OK”
Transform formatsTransform formatsX.509, SAML1.0, SAML 2.0, SXIP, LID, etcX.509, SAML1.0, SAML 2.0, SXIP, LID, etc
Provides interoperability needed today Provides interoperability needed today plus flexibility required for future plus flexibility required for future evolutionevolution
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 2121
Consistent User Consistent User ExperienceExperience
Single experience across multiple Single experience across multiple systemssystems
Two-way authenticationTwo-way authentication
Uniform logon and registration Uniform logon and registration experienceexperience
User consent to disclosure of claimsUser consent to disclosure of claims
Policies exposed and accessible to userPolicies exposed and accessible to user
Reduced cognitive load on userReduced cognitive load on userMake identity experience “real” and Make identity experience “real” and tangible instead of ad-hoctangible instead of ad-hoc
Predictable - better informed decision Predictable - better informed decision makingmaking
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 2222
What plugs in to the What plugs in to the Identity Metasystem?Identity Metasystem?
SmartcardsSmartcards Self-issued Self-issued
identitiesidentities Corporate Corporate
identitiesidentities Gov’t identitiesGov’t identities Passport identitiesPassport identities Liberty identitiesLiberty identities Client applicationsClient applications Operating Operating
SystemsSystems
GovernmentsGovernments OrganizationsOrganizations CompaniesCompanies IndividualsIndividuals Mobile phonesMobile phones ComputersComputers Hard ID tokensHard ID tokens Online servicesOnline services
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 2323
Benefits of ParticipatingBenefits of Participating
Bet on the “playing field”, not some Bet on the “playing field”, not some particular solutionparticular solution
Increased reachIncreased reachClaims transformer enables new Claims transformer enables new relationshipsrelationships
Increased flexibilityIncreased flexibilityPolicy, claims transformation “knobs Policy, claims transformation “knobs and levers” enable wide variety of and levers” enable wide variety of relationshipsrelationships
Easy to add support for new technologyEasy to add support for new technology
Simple, safe user experienceSimple, safe user experience
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 2424
An Identity Metasystem An Identity Metasystem ArchitectureArchitecture
Microsoft worked with industry to Microsoft worked with industry to develop protocols that enable an develop protocols that enable an identity metasystem: WS-* Web identity metasystem: WS-* Web ServicesServices
Encapsulating protocol and claims Encapsulating protocol and claims transformation: WS-Trusttransformation: WS-Trust
Negotiation: WS-MetadataExchange Negotiation: WS-MetadataExchange and WS-SecurityPolicyand WS-SecurityPolicy
Only technology we know of Only technology we know of specifically designed to satisfy specifically designed to satisfy requirements of an identity requirements of an identity metasystemmetasystem
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 2525
WS-Trust, WS-MetadataExchange
WS-* Metasystem WS-* Metasystem ArchitectureArchitecture
SecurityTokenServer
Kerberos
WS-SecurityPolicy
SAML
SecurityTokenServer
WS-SecurityPolicy
…
ID ProviderID Provider
X.509
ID ProviderID Provider
SubjectSubject
Relying PartyRelying Party Relying PartyRelying Party
Identity Selector
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 2626
Microsoft’s Microsoft’s ImplementationImplementation
““InfoCard” identity selectorInfoCard” identity selectorComponent of WinFX, usable by any applicationComponent of WinFX, usable by any applicationHardened against tampering, spoofingHardened against tampering, spoofing
““InfoCard” simple identity providerInfoCard” simple identity providerSelf-issued identity for individuals running on PCsSelf-issued identity for individuals running on PCsUses strong public key-based authentication – user Uses strong public key-based authentication – user does not disclose passwords to relying partiesdoes not disclose passwords to relying parties
Active Directory managed identity providerActive Directory managed identity providerPlug Active Directory users into the metasystemPlug Active Directory users into the metasystemFull set of policy controls to manage use of simple Full set of policy controls to manage use of simple identities and Active Directory identitiesidentities and Active Directory identities
Windows Communications Foundation (“Indigo”) Windows Communications Foundation (“Indigo”) for building distributed applications and for building distributed applications and implementing relying party servicesimplementing relying party services
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 2727
Microsoft’s Microsoft’s ImplementationImplementation
Data stored for each card in card Data stored for each card in card collectioncollection
Name, logo, names of claims available (not Name, logo, names of claims available (not values)values)
Address of identity provider, required Address of identity provider, required credentialcredential
Data stored in simple identity providerData stored in simple identity providerName, address, email, telephone, age, genderName, address, email, telephone, age, gender
User must opt-inUser must opt-in
InfoCard data not visible to applicationsInfoCard data not visible to applicationsStored in files encrypted under system keyStored in files encrypted under system key
User interface runs on separate desktopUser interface runs on separate desktop
Managed identity provider may store Managed identity provider may store information needed to generate claimsinformation needed to generate claims
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 2828
Microsoft’s Microsoft’s ImplementationImplementation
Fully interoperable via published Fully interoperable via published protocolsprotocols
With other identity selector With other identity selector implementationsimplementations
With other relying party With other relying party implementationsimplementations
With other identity provider With other identity provider implementationsimplementations
Detailed implementation guide Detailed implementation guide availableavailable
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 2929
SummarySummary
Laws of Identity define an identity Laws of Identity define an identity metasystemmetasystemWS-* makes possible an identity WS-* makes possible an identity metasystem using widely-accepted metasystem using widely-accepted published protocolspublished protocolsMicrosoft implementing full support for an Microsoft implementing full support for an open identity metasystem in Windowsopen identity metasystem in Windows
Identity metasystem has potential to Identity metasystem has potential to remove friction, accelerate growth of remove friction, accelerate growth of connectivityconnectivityLet the identity big bang begin!Let the identity big bang begin!
Copyright 2005 Microsoft CorporationCopyright 2005 Microsoft Corporation 3030
For More InformationFor More Information
Two whitepapers on MSDN:Two whitepapers on MSDN:Microsoft’s Vision for an Identity Microsoft’s Vision for an Identity MetasystemMetasystem
The Laws of IdentityThe Laws of Identity
Links to both from:Links to both from:http://msdn.microsoft.com/webservices/understanding/advancedwebservices/
© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.