Your digital identity & how it works
-
Upload
specops-software -
Category
Technology
-
view
29 -
download
3
Transcript of Your digital identity & how it works
YOUR DIGITAL IDENTITY & HOW IT WORKS
• The Napoleonic identity card• The magnetic stripe • Smart cards
: IDENTITY... A HISTORY LESSON
Background
• Identity: set of attributes related to an entity (ISO/IEC 24760-1 )
• “Digital identity refers to the set of digital information—including user IDs, passwords, access control lists, public-key certificates, and voiceprint patterns—that is associated with a particular individual.” (Jim Kobielus)
: IDENTITY... NOW
Definition
• Subject = person • Attributes = Acquired
information about a subject– Assigned: Reflect relationship with other bodies,
e.g. email address– Accumulated: Developed over time, e.g.
language/currency preferences– Inherent: Inherent characteristics,
e.g. height, fingerprint
: IDENTITY... WHAT DOES IT LOOK LIKE?
What makes you, you?
• A different identity for each online activity, all with their own way of authenticating users
• Challenges managing and maintaining credentials
Identity sprawl
: IDENTITY... CHAOS?
• Fatigue • Reuse • Dictionary attacks–A method of breaking into system
by entering every word from a database of commonly used words, as a password
: IDENTITY... BAD HABITS
The password problem
• Social networks as the identity provider
• “Sign up with Facebook” “Sign up with Google”
: IDENTITY SIMPLIFICATION
The social login
• Federation = the means of linking a person's electronic identity and attributes, stored across (multiple) distinct identity management systems.
• Identity provider = Provides identity attributes for users looking to interact with others providers
• Service provider = Websites that host applications
Federation
• Claim = A statement that one subject makes about itself or another subject
• Security Token = A representation of a claim, signed by the issuer of the claim, providing proof of integrity
• Security Token Services = A claims provider implemented as a web service that issues security tokens
Claims Based Identity
• Simplicity – no longer dealing with a custom authentication
• Less credentials • Improved user experience
Benefits of Claims Based Identity